Table of Contents
1. Foreword
3
2. Introduction
4
3.
5
Framework: House of Governance
4. Fundamentals: • SMART Concept • SMART Toolkit • SMART Governance Map
7 10 17
5. Innovation: • Business Model Audit • SMART Ecosystem
20 25
6. Workspace
29
1
2
Foreword
Game-changing innovation and technology disruptions, startups in various nooks and corners of cafés and incubators and the various mega-acquisitions of startup tech companies, all add to the excitement and optimism in the air. What many did not see of these successful companies are the hard work, resolve and discipline poured in by the founders in creating a conducive environment, attracting the right talents and establishing a governance structure as the foundation for the companies to achieve their corporate objectives. What is even less apparent is the anxiety and dread that companies in their respective established fields and business models are experiencing due to these innovations and technology disruptions. As professionals armed with insights and knowledge of business strategies gained from our diverse experience in serving clients of wide ranging industries, we see great alignment of interests between ourselves and the business community. On one hand our belief and core expertise in risks and governance will help companies either build and/or strengthen their governance structure to grow to the next level. On the other hand, our same expertise could be used to help companies critically assess their business models in light of these exciting and challenging times. Our own profession is not spared of innovation and technology disruptions. Taking a leaf from our advice to our clients, we have embarked on numerous innovation and technology initiatives on our own. The Deloitte Dashboard & Reporting is our latest mobile application designed to provide our clients with an intuitive and easily accessible report experience to enhance more timely and accurate decision making. This mobile application marks the first step of our SMART Ecosystem where technology is harnessed for its algorithm and connectivity for greater effectiveness and efficiencies. I hope this Blue Book of Governance, including the SMART Toolkit, the Business Model Audit and the introduction of our Deloitte Dashboard & Reporting mobile application will go a long way in our effort to continuously deliver value to the business community. Dr Janson Yap Regional Managing Partner, Deloitte Risk Advisory SEA Asia Pacific Innovation Leader, Deloitte SEA
3
Introduction
The Singapore SMART Nation Vision is aimed at, among others, to improve the lives of its citizens and empowering the people and businesses with technology. This Vision is aptly timed as technology is increasingly pervasive in all aspects of all lives. The essence of SMART is anchored in connectivity and the ability to make sense of data towards contribution in forming of solutions. At the same time, in order to realize the SMART Nation Vision, good governance, infrastructure and capabilities were recognized as fundamental building blocks. At Deloitte Risk Advisory, we are cognizant on the strategic importance of the SMART Nation agenda to the nation as well as the business community at large. Our SMART Governance initiative is to harness technology, riding on our fundamental professional expertise, to deliver values to our clients in a world where businesses are continuously disrupted by innovations, chiefly with technology or via restructured business models. Governance and risks are two sides of the same coin and remain a cornerstone for businesses seeking growth as well as exploring innovations. This Blue Book of Governance aims to provide users with a guide to be Risk & Governance SMART while introducing the innovative Business Model Audit. We are also unveiling the SMART Ecosystem which is our technology take in connectivity and the ability in making sense of data to deliver value to our clients. The key takeaways from this Blue Book of Governance: Addressing fundamentals with our SMART concept of Sensing, Mitigating, Accepting & Acknowledging, Remodeling and Transform
Proposition in innovating business models with Business Model Audit
Introduction to SMART Ecosystem 4
Framework: House of Governance The House of Governance provides an overarching framework on the important components required and serves as a guide to implementing the SMART Governance initiative.
5
Board of Directors Management HOUSE OF GOVERNANCE Operations
Trust
Assurance
Confidence
Digital
Performance
Analytics Continuous Monitoring Policies & Procedures Culture People
6
Sensing
Mitigating
Acknowledge & Adapt
Remodeling
Transforming
Fundamentals: SMART Concept
7
Blue Book of Governance: SMART Business Guide SENSING
Foresight to be forefront Principle
Sensing white space and changing the game especially in the increasingly volatile and technological disruptive business world
MITIGATE
Defense is the best offense Principle
8
Mitigating risks which will impact core values of business such as quality, brand & reputation and regulatory compliance
ACKNOWLEDGE AND ADAPT
Fortune favors the ready and resilient Principle
Acknowledging possibilities of uncontrollable scenarios with limited options to react. Plan and/or build the ability and readiness to weather such storms.
REMODEL
Strategy before technology Principle
Critically assess existing business model and strategize a winning and refreshed business model not only to thrive but also to survive.
TRANSFORM
Change or be changed Principle
Transform by executing the refreshed strategic plan and/or business model with talent and technology.
9
Fundamentals: SMART Toolkit
10
The SMART Toolkit comprises of 5 models based on the SMART principles to guide users on possible steps which could be undertaken in implementing SMART.
11
Fundamentals: SMART Toolkit – Sensing SENSING
Steps
Question?
Activities
Examples of Technology/ Technique
Frequency 12
1. Setting Objectives
2. Analyzing Business Landscape
3. Identifying and Profiling Risks
4. Prioritizing Risks and Identifying Key Risk Indicators
What do I want to achieve?
What are the factors affecting my business?
What is preventing me from achieving my objectives?
What are the risks I want to deal with first?
• Aligning Corporate Vision and Mission Statement • Considering long and short term performance targets
• Gathering information • Assessing macro environment • Assessing micro environment
• Identifying risk areas from business landscape analysis • Constructing potential risk events • Identifying responsible/ functions/ parties
• Selecting suitable risk ranking tools • Identifying key risk indicators
Business Model Audit
• PESTLE Analysis • SWOT Analysis • Market Intelligence Platforms • Business Model Audit
• Cause and effect diagrams • Systems or process flow charts • Expert judgement
• Impact and Likelihood analysis • Web-based risk assessment tools
• Point of inception of business/projects • To revisit as and when required
Continuous
• Periodic • As and when there are significant changes
Periodic
Fundamentals: SMART Toolkit – Mitigate MITIGATE
Steps
Question?
Activities
Examples of Technology/ Technique
Frequency
1. Setting Risk Appetite
2. Designing Processes
3. Implementing Processes
4. Reviewing and Re-designing Processes
What is the maximum risk I can tolerate?
What can I do to reduce the risk to acceptable level?
What should I do to ensure effective implementation?
What can I do to resolve roadblocks and issues?
• Identifying quantitative and qualitative factors • Setting thresholds for upper limit, upper trigger, lower limit and lower trigger
• Selecting controls via costbenefit analysis • Designing appropriate processes with controls embedded
• Selecting appropriate control owners for accountability • Gathering feedbacks and updates on roadblocks encountered
• Identifying root causes for roadblocks encountered • Assessing alternative solutions or risk treatments
• Risk management tools • Risk appetite calculator
• Risk and Control Matrices • System and process flowcharts
• Open communication channels • Trainings and professional guidance
System and process flowcharts
• Point of inception of business/ projects • To revisit as and when required
Periodic
Periodic
• Periodic • As and when there are significant changes
13
Fundamentals: SMART Toolkit – Acknowledge & Adapt ACKNOWLEDGE AND ADAPT
1. Assessing Residual Risk
Steps
Question?
Activities
Examples of Technology/ Technique
Frequency 14
2. Relooking at Capabilities to Manage Risk
3. Exploiting Opportunities
What are my remaining risk events that could not be mitigated?
What else can I do to further reduce the risks?
What are the opportunities that I can capitalize on?
• Listing down unmitigated risk events • Evaluating residual risk exposure • Re-ranking of residual risks
• Assessing internal resources and brainstorming of controls for residual risks • Re-designing processes to embed feasible controls
• Deciding which opportunities to pursue • Mapping external responses and follow up actions • Testing market
• Impact and Likelihood analysis • Web based risk assessment tools
• Cause and effect diagrams • Systems or process flow charts • Expert judgement
Market/consumer surveys
Periodic
Periodic
Periodic
Fundamentals: SMART Toolkit – Remodel REMODEL
Steps
1. Assessing Available Resources
2. Choosing Appropriate Risk Responses
3. Structuring the Organization
4. Setting Time Based Performance Targets
Question?
What options and resources do I have now that can be utilized?
Which responses provide the most desired outcome and what is the costs?
What form of organizational structure will work best?
What are the key indicators to measure results?
Activities
Charting out available options and resources
• Scan and identify possible response • Assess costs and benefits
• Establishing organizational structure and business functions • Setting reporting hierarchy
Setting measurable goals and tismeline that are aligned to objectives
Examples of Technology/ Technique
Business Model Audit
• Cost Benefit Analysis • Business Model Audit
• • • •
• Performance Management Systems • Balanced Scorecard Approach
Frequency
Point of inception of business/projects
Periodic
Decision matrix T-Chart Multivoting Pareto Analysis
As needed
Periodic 15
Fundamentals: SMART Toolkit – Transform TRANSFORM
Steps
1. Allocating Resources
2. Dealing with Shortfalls
3. Engaging Stakeholders
What resources should be applied in which areas?
What can be done to fulfill resource shortages?
• Forecasting and budgeting requirements by units • Prioritizing critical units/ functions
• Identifying and winning • Engaging business partners support of stakeholders • Sourcing for additional funding • Establishing communication • Attracting investors channels to manage doubts • Providing support and training
• Comparing forecast against actual • Identifying root causes for major differences
Examples of Technology/ Technique
• Resource Management and Planning Software Professional • Forecasting and Budgeting Services
• Start-up Launch Platforms • Angel Networks • Process Automation
• Lewin’s Change Management Model • Kotter’s 8-Steps Change Model
• Performance Management Systems • Balanced Scorecard Approach
Frequency
Periodic
Periodic
Periodic
Periodic
Question?
Activities
16
What can be done to strengthen the motivation to transform?
4. Analyzing Performance
What is done right and what else can I improve on?
This SMART Governance Map charts out the possible risks and solutions for businesses in navigating the transformed business landscape.
17
Governance Internal Enviroment Risk Management override of controls Possible Mitigating Action Independent assurance on controls design and effectiveness Risk Lack of skillset diversity and industrial knowledge amongst board members Possible Mitigating Action Robust and structured board admission and assessment program Risk Weak governance and ethics culture Possible Mitigating Action Setting the tone at the top Risk Ineffective strategy Possible Mitigating Actions 1. Robust framework for strategy setting and implementation 2. Effective sensing of business and market landscape as well as relevant trends Risk Loss of key management members Possible Mitigating Actions 1. Succession planning 2. Job rotation Risk Unclear lines of authority Possible Mitigating Action Approved authorisation matrix covering major aspects of company’s decision making requirements
Risk Unreported wrongdoings Possible Mitigating Action Set up anonymous whistleblowing channel and procedure to follow up with reports by independent parties
18
Risk Conflicting duties assigned to employees Possible Mitigating Action Periodic review to segregate doer and checker as well as not allocating excessive responsibilities to any single individual (ability to act without supervision or detection)
Regulatory Compliance
Operations Budgeting and Planning
Risk Non compliance to relevant industry specific rules and regulations Possible Mitigating Actions 1. Established mechanism to detect and inform on upcoming regulatory requirements 2. Periodic compliance reviews 3. Control self assessments to detect compliance lapse
Risk Inaccurate business estimates and forecasts Possible Mitigating Actions 1. Estimates supported by justified basis and/or trends 2. Established accountability
Risk Ineffective tax planning Possible Mitigating Action Engage qualified tax professionals (recruitment or outsource)
Risk Ineffective innovation Possible Mitigating Actions 1. Employ relevant talent 2. Inculcate innovation culture 3. Reform/Establish R&D function
Risk Business transaction with sanctioned third parties (customers/vendors) Possible Mitigating Action Due diligence and background checks before transactions
Legal Risk Unfavorable terms and conditions of agreements Possible Mitigating Action 1. Vetting of contracts by qualified professionals 2. Established legal template for regular transactions
Product/service design and quality
Reputation Risk Low brand value Possible Mitigating Actions 1. Marketing efforts to build strong and emotional links with customers 2. Undergo rebranding exercise Risk Frequent service lapses / product fault Possible Mitigating Actions 1. Established consumer feedback channel 2. Effective service recovery / product recall process 3. Robust and end-to-end quality management process 4. Inculcate quality first culture
Crossing borders Risk Cultural misalignment Possible Mitigating Actions 1. Market analysis to identify cultural habits and business procedures 2. Identify relevant strategy to mitigate challenges
Supply chain Risk Non-performing vendors Possible Mitigating Actions 1. Periodic project management meeting to monitor status 2. Key performance indicators formulated and stated in agreement Risk Shortage of raw materials Possible Mitigating Actions 1. Long term contract with supplier to ensure adequate supply of raw materials 2. Established contingency plans (such as back-up suppliers etc)
Risk Supply chain breakdown Possible Mitigating Action Business Continuity Plans Risk Slow to react to change Possible Mitigating Action Continuous business landscape and acapabilities analysis to allow for more lead time to react to change
Operations Finance Risk Insufficient cashflow/funding Possible Mitigating Actions 1. Review and improve cashflow management 2. Strategise for external funding Risk Premature wear and tear of capital assets Possible Mitigating Actions 1. Preventive maintenance program 2. Monitor asset conditions periodically Risk Incompetent finance personnel Possible Mitigating Actions 1. Established talent identification and assessment process 2. Regular trainings for new financial regulations Risk Inappropriate financial treatment applied Possible Mitigating Action
Hiring competent and experienced financial personnels Risk Late submission/reporting of financial information to stakeholders Possible Mitigating Actions
1. Established timeline and components required to meet timeline (including contingencies) leading to deadline 2. Established checklist for financial closing process
Market Conditions Risk Foreign exchange and interest rate fluctuations Possible Mitigating Action Hedging strategy and program Risk High variety of product substitutes Possible Mitigating Actions 1. Collaborations with complementing products to offer better product value to customer 2. Increase customer switching costs Risk High trade barriers affecting overseas expansion of business Possible Mitigating Actions 1. Market analysis prior to entering a new market 2. Collaboration with local companies Risk Low consumer buying power Possible Mitigating Actions Product modifcation or bundling to lower costs Risk High market saturation Possible Mitigating Actions 1. Differentiate product 2. Explore new market segments Risk Unaware of latest updates and changes Possible Mitigating Actions 1. Subscribe to relevant agencies newsletter 2. Keep up to date with newspaper and news broadcast
Talent Risk Inability to attract talent Possible Mitigating Actions 1. Attractive and holistic compensation & benefits package 2. Recruitment drives at top university Risk Insufficient talent pool Possible Mitigating Actions 1. Hiring foreign talent 2. Automation to reduce manpower requirement Risk Poor resources planning Possible Mitigating Actions 1. Manpower outsourcing to meet unpredictable requirements 2. Identify source of uncertainties and eliminate controllable variables 3. Automation to reduce manpower requirement Risk Poor workforce diversity Possible Mitigating Action Comprehensive assessment of required talents Risk Lack of communication and training for employees Possible Mitigating Action Comprehensive training plans with effectiveness monitoring mechanism Risk Employee grievances not followed up Possible Mitigating Actions 1. Periodic employee feedback sessions with senior management 2. Anonymous whistleblowing channel Risk Unreasonable performance expectations Possible Mitigating Actions 1. Benchmarking performance measures 2. Periodic assessment to align expectations to external factors Risk Ineffective compensation plans Possible Mitigating Action Pegging compensation plans to measurable performance indicators
Technology Risk Employees’ resistance to changes Possible Mitigating Action Adequate communication, training and change management program for employees Risk Cyber Extortion Possible Mitigating Action Periodic data backup to server and physical storage device Risk Data security breaches Possible Mitigating Action Engaged professional and expert solutions in managing and constantly assessing as well as monitoring threats not needed Risk Cyber Espionage Possible Mitigating Actions 1. Restrict access to confidential information on a “need to” basis 2. Separate the network with the intellectual property from the corporate network and only allow access to that network to individuals who need to have access 3. Monitor for unexpected behavior Risk Weak access control management Possible Mitigating Actions 1. Benchmark access management procedures to industry best standards 2. Alignment of access controls to assigned roles and responsibilities Risk System specifications does not cater to organisation needs Possible Mitigating Actions 1. Agile development methodology 2. End user testing prior to migration of system to live production data
19
Innovation: The Business Model Audit
20
The Business Model Audit: Unlocking the Value of Innovation
Is your business model resilient against disruptions?
21
Case Studies
Innovations taking centre stage
Business Model Innovations which disrupted industries
Industries prime for Disruptive Innovations
Xiaomi
Spotify
Retail in Crisis
Spotify rides on a highly successful Freemium model with a large free user base, low marginal cost per subscriber, and leverages on consumer streaming data to offer high level customisations.
The omnipresence of e-commerce today will continue to push brick and mortar retailers to reinvent themselves in order to survive the paradigm shift.
Grab
The Healthcare Boom
The increased saturation in Taxi booking apps in Asia will cause a shift from street hailers to e-hailers in the near future. Grab harnesses this revolution by focusing on their customers’ greatest concern – to ride safe and reliably, spurring long term sustainability for the business.
A hike in the demand for healthcare has placed increased pressures on healthcare providers to offer greater volume and customisation of services, whilst being faced with resource constraints. Greater information access by consumers have also balanced the patient-doctor power seesaw, as information asymmetry fades.
The heart of Xiaomi’s innovation strategy is the company’s process of quickly turning consumer feedback to their advantage. The company’s “Design as you Build” concept allows for them to produce new and improved batches of phones weekly.
Tesla Tesla has not only redefined the way cars are fuelled, it has redefined the promises that car manufacturers make to their customers through its infinite mile guarantee. The company also adopts a direct business to consumer model, by choosing to sell their cars via company owned stores. 22
Traditional Innovation vs Business Model Innovation Aspect
Traditional Innovation
Business Model Innovation
Who is responsible?
R&D Department
CEO and the Board
Team
Pre-determined, full time
As-needed basis, fluid and flexible
Resources Needed
Large catch-all R&D Budget
Small budgets for experimentation and prototyping
Focus
Inward looking, engineering knowledge
Outward-looking, knowledge of business model innovations in other industries, startups
23
The 2 Types of Inefficiencies (Risks)
$
24
INFORMATION INEFFICIENCY (RISK)
ALIGNMENT INEFFICIENCY (RISK)
Decisions are often based on incomplete information because they are made before information is available.
Decisions are often made on the basis of selfinterest rather than based on what best serves the value chain.
Example: Fast Fashion
Example: Uber and Surge Pricing
The Business Model Audit Framework
Map out and resolve your current business model
Identify the risks and opportunities stemming from multiple facets
Understand the decision patterns, prioritize and formulate your key decisions
Craft your new decision plan and implementation roadmap by changing risk-return tradeoff
Phase 1
Execute your plan and conduct regular business reviews
Phase 2
The Business Model Audit Framework is a collaboration between Deloitte Risk Advisory and Prof. Serguei Netessine, professor of Global Technology and Innovation at INSEAD. Companies which have benefited from the BMA include Procter & Gamble, RedMart, Rolls Royce, Keppel, and co author of ‘The Risk-driven Business Model’, Harvard Business Press 2014. Combining the real-life, practical and research rich capabilities of both Deloitte Risk Advisory and Prof Serguei, participants can look forward to unlocking the value of innovation in this week-long program.
25
26
Innovation: Execute your plan and conduct regular business model audits
27
The SMART Ecosystem User Input
1
Data
Server
Platform
Ground Assessments
Platform
On-site auditors will input all data into their devices manually.
The Deloitte Dashboard & Reporting Application is easily accessible on multiple devices, where visual and interactive illustrations such as heat-map are generated.
Sensemaking Algorithms
Here, you can also obtain recommended and executable solutions that will aid you in decision making.
Mobile Device 28
2
Mobile Device
29
“
In this increasingly competitive and fast-paced world fuelled by innovation and technology, businesses need to constantly be on their toes in sensing disruptions and opportunities, challenging status quo and actively re-strategize and re-model themselves. - Lex Lee
30
”
Workspace A workspace designed to cater to those who harness mobile technology working alongside manual notetaking.
31
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see www.deloitte.com/sg/about for a more detailed description of DTTL and its member firms. Deloitte provides audit, consulting, financial advisory, risk management, tax and related services to public and private clients spanning multiple industries. With a globally connected network of member firms in more than 150 countries, Deloitte brings world-class capabilities and high-quality service to clients, delivering the insights they need to address their most complex business challenges. Deloitte’s more than 225,000 professionals are committed to making an impact that matters. Deloitte serves 4 out of 5 Fortune Global 500® companies. About Deloitte Southeast Asia Deloitte Southeast Asia Ltd – a member firm of Deloitte Touche Tohmatsu Limited comprising Deloitte practices operating in Brunei, Cambodia, Guam, Indonesia, Lao PDR, Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam – was established to deliver measurable value to the particular demands of increasingly intra-regional and fast growing companies and enterprises. Comprising 270 partners and over 7,300 professionals in 25 office locations, the subsidiaries and affiliates of Deloitte Southeast Asia Ltd combine their technical expertise and deep industry knowledge to deliver consistent high quality services to companies in the region. All services are provided through the individual country practices, their subsidiaries and affiliates which are separate and independent legal entities. All services are provided through the individual country practices, their subsidiaries and affiliates which are separate and independent legal entities. About Deloitte Singapore In Singapore, services are provided by Deloitte & Touche LLP and its subsidiaries and affiliates. Disclaimer for external communications
This communication contains general information only, and none of Deloitte Touche Tohmatsu Limited, its member firms, or their related entities (collectively, the “Deloitte network”) is, by means of this communication, rendering professional advice or services. No entity in the Deloitte network shall be responsible for any loss whatsoever sustained by any person who relies on this communication. The information in this book may not be published, excerpted, or otherwise distributed in print or broadcast without express consent of Deloitte. © 2016 Deloitte Southeast Asia Ltd
