August 25, 2016 | Michael Janeiro
How many retail locations and how stretched is your geographic footprint? A half dozen locations in a metropolitan area? Thirty stores in a specific region of the U.S.? Hundreds of outlets across the country?
Do you also, like most retail companies, enable customers to shop online? Do you have mobile apps that enhance the customer experience?
Consider the totality of your physical and digital presence. With each location, website, computer terminal, server, data center, cash register, etc., you have increased your company’s exposure to:
• City, county, and state regulations on building codes, employment laws, and consumer protection.
• Multiple entry points for hackers and potential data thieves.
• A more complex supply chain that at any point can be the catalyst for business disruption, product liability, and non-compliance with standards and guidelines such as conflict mineral sourcing.
• An employee base that causes any number of incidents, disruptions, and legal issues.
• A network of third parties that extend your infrastructure beyond much of your control and increases the chances of disruption, IT security risks and non-compliance with increasing regulations.
Creating, administering and enforcing policies throughout your company, as well as managing the relationships among your various stakeholders, is the role of corporate governance.
Whether you realize it or not, you have a corporate governance program. How effective and how visible it is across your expanding retail organization may be an entirely different matter.
One of the challenges faced in most retail organizations is the need to expand geographically and/or digitally to increase sales in an ever-competitive environment.
At the same time, any expansion increases the aforementioned risks and regulations, necessitating greater governance. Without it, your retail enterprise, regardless of its size, lacks consistent processes, policies, procedures, and technology requirements.
Consider the common governance challenges facing expanding retailers:
• Increasing compliance with regulations and standards ranging from Payment Card Industry Data Security Standards to conflict minerals reporting.
• Collecting and correlating data for regulatory compliance.
• Developing policies in timely response to changes in laws or to specific incidents that occur.
• Timely review and update of policies, communicating new and changing policies across the organization and ensuring all stakeholders understand and acknowledge governance policies.
• Maintaining visibility into corporate governance objectives and results, especially to key stakeholders such as shareholders, directors, and executives.
• Identifying, prioritizing, and addressing multiple risks throughout the enterprise, including compliance risk, IT security risk, operational risk, vendor risk, business continuity risk, and audit risk.
• Maintaining an IT asset list to know how they are potentially impacted when certain threats and vulnerabilities arise.
• Communicating incidents that occur at a single location up to the corporate parent and then across the enterprise. If not, smaller issues can become much larger ones over time.
• Prioritizing incidents among billions of data points received. How do you know which ones to address and which ones are irrelevant to your organization before spending the resources to investigate?
• The onslaught of data breaches that have hit retailers large and small. Although many consumers have accepted the risk of security breaches as a trade-off for convenience, one recent survey found that 39 percent of shoppers spend less at retailers that have experienced a security breach than they did before the breach occurred. Another 34 percent of shoppers don’t shop online due to fear of security breaches.
The increasing risk and governance challenges posed by physical and digital expansion necessitate an enterprise approach to corporate governance. Introducing other types of activities into their business model can create new complexities and risks, which call for a broader approach to governance.
Managing corporate governance on an enterprise level, however, can be an arduous task, often requiring multiple employees dedicating long hours at extensive cost.
Therefore, retailers need an efficient, effective and automated solution to help their business processes and their security requirements work together to deliver improved efficiencies while strengthening their overall governance program.
The right automated solution can enable retailers to enforce policies and procedures, establish best practices, mitigate and manage risks, and comply with regulatory standards and requirements.