insights for executives5 Why digital governance mattersIn a digital world, new approaches to governance are vital for minimizing risks and maximizing performance

Of special interest to Chief operating officerChief information officer

Robert Smith is the COO of ABC Insurance Company, which recently launched its latest pay-as-you-drive insurance offering, powered by a range of digital technologies. The market has responded positively, and several thousand users have signed up, sharing various data points about their driving habits in exchange for a variable fee – and get a jump on the firm’s upstart rivals. But then disaster strikes: ABC’s main data center is hacked, with thousands of user records, including usage and payment histories, stolen.

This scenario – familiar to many firms in recent years – is not just a reputational and customer service problem for ABC but is set to become a much more material regulatory concern. In March

2014, the European Parliament voted to move the European Union’s new data protection regime one step closer to reality. If adopted, the proposed Data Protection Directive will impose fines of up to €100 million, or up to 5% of a firm’s annual worldwide turnover, for data breaches like this.

In the absence of a dedicated digital leader, it’s up to Robert to orchestrate ABC’s response. He has to direct IT to shut down security gaps, work with customer services to deal with client concerns, and reassure the CEO and regulators that adequate controls are in place. At the same time, he has to make sure that the business is flexible enough to tap the potential that the digital era holds, rather than stifling innovation internally.

2 | 5: insights for executives

What’s the issue?The digital era has opened up wholly new opportunities to reinvent business models and transform customer interactions. This holds both great potential and significant risks at all levels of the business. But most organizations have yet to articulate a comprehensive, digital enterprise strategy or appoint a focused digital leader, such as a chief digital officer.

This isn’t necessarily a failure of oversight: setting out a digital strategy – and an approach to digital governance – is tough. As yet, there are no best practices, only scattered examples. And each business will need to prioritize its approach based on its unique market dynamics – and relative digital maturity.

For those operating in regulated markets, the need for digital governance is more urgent. But digital requires consideration by nearly every organization, not least due to the pervasive use of digital content, channels and tools, with social networks and the ability to share built into every app and device. It’s simply a matter of when, not if, an organization will have to deal with an employee inadvertently tweeting or posting sensitive information.

Improve the business Protect the business

Gain new sources of revenue

Grow operational effectiveness

Transform propositions

New business models and propositions

Try to confront disruptive start-ups

Work to compete against mega-vendors in new markets

Create disintermediation plan

Democratize and level the playing field Barriers to entry Unseat dominant incumbent

Improve trust and credibility Transparency Avoid having company secrets exposed, paying regulatory fines, rising reputational risk and breaking the law

Market direct to consumers, offer omnichannel experience and access new markets New channels and routes to market Deal with out-of-date channel mix

Engage the consumer and create intrinsic loyalty Smart customers Sell to consumers with extrinsic loyalty

Exceed expectations with addictive loyalty through gamification Increased expectations Meet expectations

Drive decision-making with data Data and information Prevent information overload, data integration nightmares and data breaches

Create networked scale and reach new markets

Break down bordersGlobalization and ability to scale Consider localization, supply complexity and hidden triggers

Work cross-border

Comply and optimize tax and regulationRegulation and tax changes Begin to comply and optimize

Leverage grid computing power, people and finance Access to resources Access grid computing power, people and finance

Gain flexibility by reinventing jobs and ways of working New ways of working Prevent rogue IT usage and redundancy of skills and roles

Take advantage of new innovation and change Constant change and innovation Stop playing constant catch-up with disruptive change

Digitization creates …

35: insights for executives |

How does it affect you?There are several reasons why yesterday’s approach to governance may no longer serve in a digital age. First, the legacy mindset of governance as a control mechanism doesn’t work when information flows are fluid. Second, digital governance overly rooted in mitigation will limit organizations from the potential upsides. Various new realities need to be factored in:

• Digital is pervasive. The use of digital content, channels and tools has led to exponential growth in new market segments, business models and ways to engage employees and customers. Companies need to find ways to adapt in how they differentiate and develop products, rethink customer engagement and communication, and handle employee interaction.

• Employees are now broadcasters and publishers. Thanks to social networks, every employee can freely and easily broadcast to the world. Training and communication can help, but firms need to find smart ways to adapt to this reality – and tap its potential.

• Decision-making happens at the speed of digital. Governance is traditionally about establishing a set of “rules and processes,” providing structure and guiding decision-making in a large-scale organization. But in a digital economy, decision-making approaches are changing and processes need to be adjusted accordingly.

• It’s not just a content problem. Companies must be mindful that digital governance is not only about content and who has rights to contribute, edit or distribute that content. They must also consider how and where it is consumed and the potential for it to go viral.

Why now?As digital becomes increasingly core to most businesses, several specific pressures are pushing digital governance up the corporate agenda.

1. New regulatory requirements demand action. Governments are racing to catch up with the speed at which the digital world is moving, leading

to a plethora of new and emerging laws on tax, privacy, data handling and more, with steep fines for failure to comply. 1

2. Growing cybersecurity risks need to be urgently addressed. Businesses today have to assume that attacks will occur at some point, and plan

accordingly. Added to this, regulators in the US and elsewhere are putting pressure on firms to admit to such breaches publicly. 2

3. Perceived digital weaknesses can do irreparable damage to brand reputation. Consumers are becoming increasingly aware that when they

bring companies their business, they must also hand over their data. Firms that show themselves as untrustworthy data custodians will face a major loss of brand equity.

1 “Q&A on EU data protection reform,” European Parliament, www.europarl.europa.eu/news/en/news-room/content/20130502BKG07917/html/QA-on-EU-data-protection-reform, 22 October 2013.2 Under cyber attack: Global Information Security Survey, EY, 2013.

4 | 5: insights for executives

What’s the fix?Organizations grappling with the issue of digital governance may want to consider the following steps. COOs are often at the heart of driving such change:

1. Set out an appropriate operating model

The first challenge lies in organizing the business for digital – designing an underlying operating model that is fit for purpose and defines ownership and governance for digital. In some cases, a single centralized digital team and governance model may work best; in others, a more tailored and distributed approach may be better.

2. Seek to change rules, processes and behaviors

Governance in the digital era is not chiefly through rules, but through a combination of rules, processes, values, monitoring and listening, and the explicit development of infrastructure and services to support and shape how digital helps create value for the business.

3. Plan for “shadow IT,” not just traditional IT

In ensuring appropriate governance, organizations need to plan for the IT spending that happens outside of the official IT budget. Cloud computing and software-as-a-service offerings make this increasingly common, and it will continue to rise. New governance structure must recognize that this technology exists instead of ignoring it and determine how to best govern it. Digital leaders should be supporting the development of digital capabilities within business units, instead of trying to control or prevent it.

55: insights for executives |

What’s the bottom line?Operating in a digital world presents seemingly unlimited opportunity, where even a teenager can acquire millions of followers – and a revenue stream – by producing content from his or her bedroom. Of course, it also raises new risks, from cybersecurity threats through to compliance failures and organizational silos. And as companies have raced ahead in experimenting with digital, governance controls have lagged.

Now, as legislators and regulators work to introduce new rules on issues ranging from privacy to tax, and as awareness of both digital opportunities and risk grows, businesses can no longer afford to ignore digital governance.

COOs have a direct responsibility here, thanks to their broad oversight across the business and their ability to define a viable operating model and then implement it. A comprehensive digital governance model requires investment, but the benefits reach far beyond merely managing compliance: digital leaders will reap cost and efficiency gains, as well as reputational and competitive advantage.

6 | 5: insights for executives

Want to learn more?

For related thought leadership, visit ey.com/5.

The answers in this issue are supplied by:

Mark BrownExecutive Director, Cyber Security & Resilience Assurance, UK&I Advisory Ernst & Young LLP (UK)+44 20 7951 7519 mbrown1@uk.ey.com

Paul ChabotSenior Manager, IT TransformationErnst & Young LLP+1 415 894 8931 paul.chabot@ey.com

Laurence BuchananPartner, EMEIA AdvisoryErnst & Young LLP (UK)+44 778 619 0044 lbuchanan@uk.ey.com

Keith B. StrierPrincipal, Advisory Innovation & Digital StrategyErnst & Young LLP+1 949 437 0998keith.strier@ey.com

75: insights for executives |

We want to hear from you!Please let us know if there are subjects you would like 5: insights for executives to cover.

You can contact us at: fiveseries.team@ey.com

This issue was created in collaboration with the COO program. Visit ey.com/coo.

EY | Assurance | Tax | Transactions | Advisory

About EYEY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com.

About EY’s Advisory Services Improving business performance while managing risk is an increasingly complex business challenge. Whether your focus is on broad business transformation or, more specifically, on achieving growth or optimizing or protecting your business, having the right advisors on your side can make all the difference. Our 30,000 advisory professionals form one of the broadest global advisory networks of any professional organization, delivering seasoned multidisciplinary teams that work with our clients to deliver a powerful and exceptional client service. We use proven, integrated methodologies to help you solve your most challenging business problems, deliver a strong performance in complex market conditions and build sustainable stakeholder confidence for the longer term. We understand that you need services that are adapted to your industry issues, so we bring our broad sector experience and deep subject matter knowledge to bear in a proactive and objective way. Above all, we are committed to measuring the gains and identifying where your strategy and change initiatives are delivering the value your business needs.

© 2014 EYGM Limited. All Rights Reserved.

EYG No. AU2554ED 0115

This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax, or other professional advice. Please refer to your advisors for specific advice.

ey.com/5