Managing Compliance Risk: How To Protect Your Firm Against The Professional Services Sector’s Biggest Threat

Posted by Chris Duddridge on October 29, 2018

Managing compliance risk

Twitter Tweet it: 'Managing compliance risk: how to protect your firm against the professional services sector’s biggest threat'

Managing compliance risk is a tricky business. Most firms are aware of the financial and reputational risks of mismanaging data or failing to keep up with new laws. And yet faced with a deluge of new regulations, even those with the best intentions can find themselves on the wrong side of the law.

Such concerns are heightened when it comes to the professional services sector. For one thing, providers are charged with advising their clients about compliance so have a particular duty to remain compliant themselves. For another, they hold swathes of confidential information, both commercial and personal: high-value information that can cause havoc if it falls into the wrong hands.

Perhaps not surprisingly, our survey finds that 91% of CEOs do not think their firm is prepared for regulatory risk, while more than a third say compliance is a top improvement priority. So what can be done?


Managing Compliance Risk

Access 2018 industry insights



Strengthening Your Defences

Regulatory Risk

Firms must start by strengthening their processes and defences, but in a more challenging regulatory environment it’s no simple task. Take the EU’s General Data Protection Regulation (GDPR) rolled out in May 2018, which offers better protections for citizens’ data across the bloc. The legislation will increase fines for data breaches to up to €20m, or 4 percent of a firm’s annual global turnover—whichever is higher. Firms will have to publicise an attack within 72 hours of it happening, making it much harder to keep an embarrassing hack quiet.

To defend themselves, professional services companies must have a crisis plan in place and have invested in cyber-security insurance. New technologies such as “pseudonymization” and encryption will also bolster up their defences.

They must think about the structure of their organisations, too. Many of today’s operators employ thousands of people around the world, but ensuring differing rules and processes are followed from country to country, subsidiary to subsidiary, can be tough. A typical enterprise-sized global professional services firm can have between 10 and 15 variations of revenue recognition to manage—a huge undertaking that makes unintended errors almost inevitable.

As our report sets out, to tackle this, businesses should first devise a detailed compliance strategy and back it up with an enterprise resource planning (ERP) system designed to manage project-based businesses. This way they can ensure that processes are being followed correctly by all staff globally.


'professional services companies must have a crisis plan in place and have invested in cyber-security insurance'



More importantly, compliance can be monitored at the highest levels and progress reported back to senior leaders. Lower tiers of management should also be empowered to embed a compliance culture right across the firm – at every level and in every department. Some 81% of decision makers say human error is the risk they are most unprepared for, so strong employee engagement driven from the top is vital.

As out report shows, compliance is a threat but it can be tamed. Firms that take a holistic, systems-based approach stand the best chance of avoiding danger.


Managing Compliance Risk

Access the 2018 Deltek industry insights and guidance

Download Your Copy