Five Questions with an OG, Ekta Singh-Bushell: Audit, Risk, and Compliance
MissionOG is fortunate to be supported by a deep network of experienced operators and entrepreneurs. This entry is part of a blog series where we share perspectives from “OGs” – original innovators from specific market segments and/or business disciplines.
As a life-long transformation advocate, Ekta enjoys working at the intersection of data, digital, finance and talent to help accelerate growth companies through greater tech enablement. She serves as a board member and Chair/CEO advisor to global companies, both public and private equity-backed, on their value creation journeys. Ekta was formerly COO, Executive Office at the Federal Reserve Bank of New York, interim CEO for a digital analytics startup, and a senior global partner at EY. She has worked across multiple verticals in over 60 countries with a specific focus on digital transformation and customer experience, reducing risk, improving compliance and driving operational efficiencies.
HOW HAS TECHNOLOGY EVOLVED TO PROVIDE GREATER OVERSIGHT OF COMPANIES?
The traditional nerve center for oversight of companies used to be the office of the CFO and COO. These offices were the natural focus of many boards and especially that of the Audit, Risk and Compliance Committee (ARCC).
Over the last two decades, the rapid evolution of technology, specifically with digital transformation, has meant a greater technology enablement of business processes in the offices of the CFO and COO. Digital has become a “suitcase” word, encompassing the use of data, analytics, automation, edge computing, Software-as-a-Service (SaaS), customer experience and digital interactions. Today, it is much easier to provide greater, deeper and more real-time insights (and the accompanying unfortunate information exhaust) that enable better and more fulsome oversight of companies.
More fundamentally, as technology and digitization have evolved, they have transformed the Board’s role from oversight to providing insight and foresight based on real data. The addition of critical new nerve centers such as the offices of the Chief Analytics Officer/Chief Digital Officer/Chief Product Officer and the Chief Innovation Officer, have added far more science to boardroom oversight and dialogue.
In my experiences as Chair of the Audit Committee and Lead Independent Director, there are three areas that digital transformation has had the greatest functional impact from an audit, risk management and board oversight standpoint:
- Compliance and Risk Management: Both external and internal audit teams are leveraging robotic process automation, data lakes and platforms to enable more continuous and real-time monitoring of events, risks and insights. Through better visibility, everyone can better understand the ‘what could go wrongs’ and thereby be more proactive, comprehensive and responsive. I have witnessed massive improvements in efficiency and effectiveness of audit and internal controls over financial reporting.
- Operations: Similarly, edge computing, cloud infrastructure and SaaS applications have allowed both the CFO and COO offices to go deeper, be more self-reliant and leverage data for better insights. The increased understanding has expanded well beyond operational metrics to insights regarding talent- utilization, efficiency, and ultimately satisfaction.
- Brand and Reputation: Trust (and safety) with all stakeholders. The responsibilities of boards of directors continue to evolve, particularly given the events of recent years. Boards play a critical role in overseeing trust as a corporate asset, so supporting technology is evolving to proactively measure and prioritize trust, and its effect on business performance.
WHAT WAS KEY FOR YOU TO TRANSFORM YOUR FOCUS FROM BUSINESS LEADER TO ACTIVE DIRECTOR FOR GROWTH AND PUBLIC COMPANIES?
I’m truly fortunate to be an active director for growth and public companies, especially founder-led companies. It is one of my most satisfying roles and the pinnacle of the second chapter of my professional career.
Transitioning from being an operational and hands-on business leader meant going from being “the expert,” fully responsible, owning and managing large global teams and Profit and Loss (P&Ls), to taking on the role of a trusted advisor. Key to this change is repackaging three decades (and continuing) of hard lessons learned and relevant insights to challenge leadership and motivate the right actions. The keys to being a good coach in the corporate environment take on even greater meaning in a boardroom, as you have a fraction of the time compared to when you lead a business.
Success in my role is becoming a “Rosetta Stone” – listening, advising, translating and sitting at the intersection of those who own the company’s growth transformation, risk management, and stakeholder management.
TO KEEP UP WITH EVOLVING RISK ISSUES, DO BOARDS NEED TO CHANGE THEIR APPROACH OR STRUCTURE TO PROVIDE GREATER GOVERNANCE?
Yes. In my experience, the best boards are laser focused on strategy, providing not just oversight, but insights and foresight. To excel at the latter two objectives in the last eighteen months has meant a change in approach. Success today requires a more nuanced approach with more frequent check-ins with management. Frequent topics include more dynamic decision-making, challenging and figuring out ways for organizations to become more resilient, and planning on how to emerge out of the pandemic. Combining those needs with the continuing global discontinuities and the operational risk issues with the increasingly volatile cyber threat landscape, boards need to implement a new approach and new structure. Some of my high-growth boards have formalized the set-up of value creation and strategy committees, technology/cyber committees and gone deeper into Environmental, Social, and Governance (ESG) or crisis management.
More fundamentally, the phenotype of U.S. corporate boardrooms has transformed with the addition of more diversity, especially race, age and gender, which has also led to changes in structure and approach.
HOW HAVE AUDIT COMMITTEES FOR BOTH PRIVATE AND PUBLIC COMPANIES PROGRESSED TO ADDRESS RISK AROUND FRAUD, ETHICS, AND CONFLICTS OF INTEREST?
Over the decades, audit committees have developed a robust playbook of actions that companies need to have in place to address risk around fraud, ethics, and conflicts of interest. We are now living in the Trust Age. This is a time where (mis)information is omnipresent, perceptions reign supreme, and digital security and data privacy are constantly threatened. The safeguarding of trust and safety of stakeholders has become non-negotiable.
Whistleblower hotlines and internal code of conduct training have to be augmented with sophisticated, third-party run systems that include a set of both proactive preventative controls and detect controls to provide 24/7/365 real-time monitoring and flag industry-specific risk alerts. Table stakes for audit committees, especially for those of us relying on global ecommerce and supply chains, now include anonymous reporting, triage, incident response, forensic investigations and legal investigations. These initiatives are supported through sophisticated Artificial Intelligence (AI) and Machine Learning (ML) software and a network of global service providers with experts on the ground in different countries and regulatory jurisdictions. Heads of compliance can quickly scan the global regulatory landscape changes that impact their unique business operations and through advanced vendor risk monitoring and politically exposed person (PEP) lists as part of the legal contracting process.
IN THE WAKE OF SOLARWINDS AND GREATER SUPPLY CHAIN SCRUTINY, WHAT BEST PRACTICES ARE YOU SEEING IMPLEMENTED AT FORWARD-THINKING COMPANIES?
Here is a quick list of best practices that we have been implementing across my companies:
- Leveraging independent cyber scoring to enable real-time monitoring of supply chain risks
- A detailed and proactive crisis management framework including retainers with third-party experts for cyber-recovery and forensics and ransom (especially Bitcoin) negotiations
- Going beyond the traditional reliance on a brand and communications firm and building up core competencies in-house
Forward thinking companies and boards are challenging themselves to ensure that at least one board member is or has been a cyber/info security practitioner. This way someone on the board team works closely with the chief information security officer (CISO) and is bringing the latest developments in this very dynamic, high-risk and high-reward area.
Secondly, cyber risk poses both an opportunity and a threat. To use a sports analogy, companies need to assess whether they go on the offensive or stay defensive. Offense is demonstrating positive resilience versus only focusing on protection and being reactionary. Forward thinking companies are setting up a separate technology and innovation committee or sub-committee to focus on how cyber can be a strategic and competitive differentiator.