Skip to main content
Perspective:
Perspective
13 May 2022
4 minute read

Meeting the increasing challenges to control environments

A guide for technology, media, and telecom companies

The technology, media, and telecom (TMT) sector includes companies of various sizes, across different geographies, and with distinct business models. Yet all TMT companies devote significant resources to collecting, monitoring, and analyzing data.

For example, TMT companies generally house vast amounts of data on customer behaviors, usage, locations, preferences, movement, and relationships and use it to drive strategies, business models, service offerings, and pricing. Knowing this, customers need to be able to trust TMT companies to respect the value and privacy of their data.

This can impose a duty of care and certain costs on a company; however, this presents an opportunity to build customer trust through robust controls. That trust and those controls can, in turn, provide marketplace advantage over companies that fail its customers in that regard.  This is just one example of the gains to be realized through superior controls.

Deloitte has conceptualized the Future of Controls to help companies to address the risks and opportunities that come with digitalization. The Future of Controls clearly applies to TMT companies, whether their business models depend on messaging, content sharing, or communication services, user-generated content, subscriber plans, or some combination of these activities.

This article frames key issues concerning controls at TMT companies, in the context of the Future of Controls.

A range of companies—and risks

Each company within TMT faces specific challenges and risks. For example:

Any company that deploys—or helps other companies to deploy—Internet of Things (IoT) technology in products needs to address specific IoT risks and create controls that address those risks. IoT capabilities collect and transmit data, in consumer or industrial settings, and present an expanding threat surface.

Content streaming companies and others that rely on subscription models can create value by analyzing customer data related to content consumption, pricing preferences, and lifetime value. Also, media companies face unique risks related to social trends, changing technologies, and intellectual property (IP).

Widespread adoption of 5G will strongly impact telcos, which need to address security issues around network architecture, operations and services, and regulations and standards, among others. Also, the numerous cells needed to facilitate 5G will present new environmental risks and potential overcrowding of the radio spectrum.

All TMT companies require a control environment that can continually accommodate the need to address new risks and opportunities, as well as new regulatory requirements.

Shifting the perspective on controls

TMT companies tend to prioritize innovation and growth, often leading them to view controls as mainly fulfilling regulatory compliance demands. However, this view limits the value of controls, which can in turn limit the resources that management invests in controls.

While regulatory compliance is a critical factor in controls, it should not be their main driver. The main driver should be the risks the company faces in creating value and the ways in which management aims to address those risks. Companies that can be more efficient and effective in addressing risks will realize competitive and cost advantages. They will also be able to achieve regulatory compliance across geographies, accommodate new regulatory demands, and stay ahead of evolving risks.

Regulators tend to look backward and focus on known risks. This has encouraged control environments that tend to be backward looking. Companies benefit when they create controls geared not only to risk events that have occurred, but also to those that may occur. This generates foresight as well as hindsight. It also enables controls that support the business strategy, improve performance, and comfort stakeholders.

In addition, well-designed controls can enhance transparency into processes and performance. Real-time data analytics, key performance indicators, and early warnings of changes in stakeholder sentiment or emerging competitors can position the company to address not only risks, but also opportunities.

Dialing up controls

The following steps can assist TMT companies in improving their control environments:

 In the widely accepted three lines of defense model of risk management, the business owns and manages risk (first line), risk management functions provide support (second line), and internal audit provides assurance (third line). When the three lines of defense are aligned toward common goals, strategy, and vision, they enhance the development, implementation, and performance of controls—and corporate governance.

Use regulatory compliance as a starting point rather than an end point. Regulators tend to respond to, rather than anticipate, risks; therefore, they may lag the evolution of business models, technologies, and stakeholder concerns. Also, regulatory approaches evolve in different ways, while risks evolve regardless of regulatory priorities.

Harmonize, rationalize, and, to the extent possible, automate controls—despite legacy systems. Many TMT companies, including relatively young ones, depend on legacy systems that would be costly to replace. Those systems should not deter controls modernization. Technologies such as data masking can intercept data traffic and assure privacy without changes to original code. Automated tools can integrate siloed identity, data management, and privacy technologies to accommodate consumer data-handling preferences while enhancing business performance.

TMT companies are increasingly global, and their customers are increasingly mobile. Yet regulatory regimes vary widely across jurisdictions. TMT services should protect customer data and achieve compliance through control frameworks that generate efficiencies across jurisdictions. While convergence of regulatory regimes might be ideal, it may not occur soon—if ever. Meanwhile, developments such as the EU’s General Data Privacy Regulation (GDPR) may be the wave of the future in that it applies to companies serving any European citizen, whether or not the company or the citizen is within the European Union.

Controls should be consistent with a culture of innovation and growth. This means creating a positive culture and embedding controls in the processes and tools that people in the business use to do their jobs. That will enable the business to address evolving threats, such as new supply chain or competitive risks. Culture and controls need to work in concert rather than at odds. When they are at odds, culture will usually prevail and undermine controls and, possibly, the organization itself.

Leading TMT into the Future of Controls

A shift in the perspective on controls must come from the top. Senior TMT leaders and board members may need to actively broaden that perspective within the organization, and then commit resources to upgrading the control framework and environment.

Given rapidly developing risks and opportunities, technologies such as 5G, and ongoing social and behavioral change, the time to get started is now.

Recommended for you

Climate Change Defines the Next Normal

In the six months since the World Health Organization declared COVID-19 a pandemic, the issues of climate change, sustainability and resilience have moved to the top of many boardroom agendas (if they weren’t there already).
Perspective
5 minute read
Blog

Building Trust in Financial Services through Digital Identity Management

There has always been a need for strong identity and access management capabilities in the financial services industry, for obvious reasons
Perspective
4 minute read
Blog