Skip to main content

Meeting the increasing challenges to control environments

A guide for technology, media and telecom companies

The technology, media and telecom (TMT) sector includes companies of various sizes, across different geographies and with distinct business models. Yet all TMT companies devote significant resources to collecting, monitoring and analysing data.

For example, TMT companies generally house vast amounts of data on customer behaviours, usage, locations, preferences, movement, and relationships and use it to drive strategies, business models, service offerings and pricing. Knowing this, customers need to be able to trust TMT companies to respect the value and privacy of their data.

This can impose a duty of care and certain costs on a company; however, this presents an opportunity to build customer trust through robust controls. That trust and those controls can, in turn, provide marketplace advantage over companies that fail its customers in that regard.  This is just one example of the gains to be realised through superior controls.

Deloitte has conceptualised the Future of Controls to help companies to address the risks and opportunities that come with digitalisation. The Future of Controls clearly applies to TMT companies, whether their business models depend on messaging, content sharing, or communication services, user-generated content, subscriber plans, or some combination of these activities.

This article frames key issues concerning controls at TMT companies, in the context of the Future of Controls.

A range of companies—and risks

Each company within TMT faces specific challenges and risks. For example:

  • Technology companies:  Any company that deploys—or helps other companies to deploy—Internet of Things (IoT) technology in products needs to address specific IoT risks and create controls that address those risks. IoT capabilities collect and transmit data, in consumer or industrial settings and present an expanding threat surface.
  • Media companies:  Content streaming companies and others that rely on subscription models can create value by analysing customer data related to content consumption, pricing preferences and lifetime value. Also, media companies face unique risks related to social trends, changing technologies and intellectual property (IP).
  • Telecommunications companies:  Widespread adoption of 5G will strongly impact telcos, which need to address security issues around network architecture, operations and services, and regulations and standards, among others. Also, the numerous cells needed to facilitate 5G will present new environmental risks and potential overcrowding of the radio spectrum.

All TMT companies require a control environment that can continually accommodate the need to address new risks and opportunities, as well as new regulatory requirements.

Shifting the perspective on controls

TMT companies tend to prioritise innovation and growth, often leading them to view controls as mainly fulfilling regulatory compliance demands. However, this view limits the value of controls, which can in turn limit the resources that management invests in controls.

While regulatory compliance is a critical factor in controls, it should not be their main driver. The main driver should be the risks the company faces in creating value and the ways in which management aims to address those risks. Companies that can be more efficient and effective in addressing risks will realise competitive and cost advantages. They will also be able to achieve regulatory compliance across geographies, accommodate new regulatory demands and stay ahead of evolving risks.

Regulators tend to look backward and focus on known risks. This has encouraged control environments that tend to be backward looking. Companies benefit when they create controls geared not only to risk events that have occurred, but also to those that may occur. This generates foresight as well as hindsight. It also enables controls that support the business strategy, improve performance and comfort stakeholders.

In addition, well-designed controls can enhance transparency into processes and performance. Real-time data analytics, key performance indicators and early warnings of changes in stakeholder sentiment or emerging competitors can position the company to address not only risks, but also opportunities.

Dialling up controls

The following steps can assist TMT companies in improving their control environments:

  • Align the three lines of defence. In the widely accepted three lines of defence model of risk management, the business owns and manages risk (first line), risk management functions provide support (second line) and internal audit provides assurance (third line). When the three lines of defence are aligned toward common goals, strategy and vision, they enhance the development, implementation and performance of controls—and corporate governance.
  • Comply, then elevate. Use regulatory compliance as a starting point rather than an end point. Regulators tend to respond to, rather than anticipate, risks; therefore, they may lag the evolution of business models, technologies and stakeholder concerns. Also, regulatory approaches evolve in different ways, while risks evolve regardless of regulatory priorities.
  • Accommodate legacy systems. Harmonise, rationalise and, to the extent possible, automate controls—despite legacy systems. Many TMT companies, including relatively young ones, depend on legacy systems that would be costly to replace. Those systems should not deter controls modernisation. Technologies such as data masking can intercept data traffic and assure privacy without changes to original code. Automated tools can integrate siloed identity, data management and privacy technologies to accommodate consumer data-handling preferences while enhancing business performance.
  • Be global, act local. TMT companies are increasingly global and their customers are increasingly mobile. Yet regulatory regimes vary widely across jurisdictions. TMT services should protect customer data and achieve compliance through control frameworks that generate efficiencies across jurisdictions. While convergence of regulatory regimes might be ideal, it may not occur soon—if ever. Meanwhile, developments such as the EU’s General Data Privacy Regulation (GDPR) may be the wave of the future in that it applies to companies serving any European citizen, whether or not the company or the citizen is within the European Union.
  • Focus on culture, not just controls. Controls should be consistent with a culture of innovation and growth. This means creating a positive culture and embedding controls in the processes and tools that people in the business use to do their jobs. That will enable the business to address evolving threats, such as new supply chain or competitive risks. Culture and controls need to work in concert rather than at odds. When they are at odds, culture will usually prevail and undermine controls and, possibly, the organisation itself.

Leading TMT into the Future of Controls

A shift in the perspective on controls must come from the top. Senior TMT leaders and board members may need to actively broaden that perspective within the organisation and then commit resources to upgrading the control framework and environment.

Given rapidly developing risks and opportunities, technologies such as 5G, and ongoing social and behavioural change, the time to get started is now.




Return to the Responsible Business home page to discover more insights from our leaders.

Recommended for you