Inside EY: invest, build or partner?

For a business renowned for risk management, EY is executing on the promise of technology on their own terms.

James Henderson Jul 17th 2018 A-A+
EY.jpg

Change is always a good thing, so the saying goes.

In a market obsessed by transformation, and driven by disruption, the change-or-die attitude infiltrating businesses today appears stronger than ever.

But amid a rising tide of industry opinion, those stepping back from the rat-race to observe the market from afar are finding success.

Because change for change’s sake is at times dangerous, on occasions difficult and usually downright delusional.

And EY is taking a stance. Refusing to run down dead-ends in the pursuit of perceived transformation, rather staying true to core capabilities in a bid to capitalise on the advancements of technology.

“We’re making decisions based around invest, build or partner,” observed Lynn Kraus, managing partner of Oceania Advisory, EY. “This is the philosophy we have. If it complements our core skills then we will look to either invest or build in that capability.

“But if not, and there is a party in the market providing that skill-set already, then we would look to form an alliance with that company in some capacity.”

In leveraging more than 20 years’ experience in both corporate and consulting environments - spanning US and Australian markers - Kraus is responsible for managing and leading EY’s advisory practice, specialising across risk, cyber security, digital solutions, data analytics, strategy and performance improvement.

“Clients come to EY because we are an organisation that has a brand associated with quality,” added Kraus, who first joined the firm in 2004. “That has come from a long time of understanding business and business processes.

“To be successful we believe we need to stick with that and we don’t feel an obligation to go outside of our core capability.”

Despite acknowledging that the consultancy giant essentially plays “across the board” in terms of technology, Kraus said data, analytics and digital constitute the beating heart of the business.

These key technologies, blending established and emerging capabilities, operate within the framework of cyber security, recognised as a key component of the EY armoury.

“This hasn’t been a flick of a switch overnight,” Kraus added. “Technology has always been there in some capacity within EY, but clearly during the past three or four years, this has seen a significant shift.

“Our core, especially in the context of management consulting, is about understanding business transformation and you cannot do that in today’s world without a true understanding of technology. Everything is underpinned by digital.”

To offer end-to-end business transformation solutions, no consulting firm can ignore technology.

And while Kraus was quick to confirm that EY has never neglected such a market, the experienced consultant acknowledged that previously, those skills were not readily available.

“Now we have a balanced approach and if required, work through alliance partners,” Kraus explained. “We don’t hold the view that we have to build everything ourselves.

“But previously we didn’t have the strength of those relationships that are required to build trust with our clients.”

Risk

From a bird’s eye view, EY is a beast of an organisation.

Spearheaded globally by CEO, Mark Weinberger, the organisation houses approximately 247,570 employees, providing advice and guidance from over 700 offices across more than 150 countries, with worldwide revenues in excess of US$31.4 billion.

Closer to home, Tony Johnson runs the billion-dollar Oceania operation, overseeing six locations in Australia, spanning Adelaide, Brisbane, Canberra, Melbourne, Perth, Sydney, in addition to offices in Auckland, Christchurch and Wellington.

In operating as a global market leader, and forming a quarter of the Big Four, EY is renowned for expertise across assurance, tax, transaction and advisory services.

“One of the core components of what EY stands for, and has a history of and reputation for, is risk,” Kraus added.

For Kraus, risk comes in multiple forms with varying degrees of severity, severity that is only heightened in a world now dominated by digital technologies.

“When you extend risk to the world of data, we have alignment in the market,” Kraus said. “Cyber identity and protection of data fit with the EY brand that we have developed over decades, specifically around risk.”

With businesses today now digital by default, and design, organisations of all sizes are becoming more vulnerable to risk, as cyber attacks across the world explode at a devastating pace.

The World Economic Forum now rates a large-scale breach of cyber security as one of the five most serious risks facing the world today.

And the scale of the threat is expanding drastically: by 2021, the global cost of cyber security breaches will reach US$6 trillion by some estimates, double the total for 2015, according to Cybercrime Report 2017.

Specific to Australia, recent EY research uncovered an alarming lack of activity in response to the recently introduced data breach notification laws, with 25 per cent of local corporates simply unprepared.

“If you think of the multi-million dollar fines associated with each breach then this is concerning,” Kraus observed. “For a long time, we’ve seen business leaders understanding the issue of security, but not necessarily feeling the impact themselves or recognising that they will be impacted.

Read more on the next page...

Page Break

“Our conversations with clients centre around the belief that a breach will happen, it’s just a case of when and where. Therefore, it’s about how quickly a business detects and responds to those threats.”

Ultimately, organisations that fail to devote the resources necessary for adequate cyber security will find it very difficult to manage the risks they face.

Yet as Kraus acknowledged, technology investment is failing to match the increased levels of risk emerging across the Australian market.

“There’s still a little head in the sand mentality on occasions in terms of understanding the frequency and severity of what can happen,” Kraus said. “The only approach we can take is to continue to educate our clients on this constant change impacting the market.

“If you think about where EY is playing and the transformation around technology, cyber has to be crucial to any strategy going forward.

“More importantly, because no architecture is fool proof, do businesses have the right monitoring in place? Do businesses know when an attack happened? Do businesses know how to respond?”

Central to solving such problems is PathScan, an EY offering delivered as a managed service for customers.

From a technology perspective, the solution is a network anomaly-detection tool that searches for deviations from normal patterns of communication that might be indicative of an intrusion.

Up until mid-2015, PathScan was exclusively used in the government sector, but is now available to private companies.

“We’ve rolled out this capability within financial services, which helps alert us when there is a trend that is different to the norm,” Kraus said.

Strategy

Central to the security strategy of EY has been increased mergers and acquisition (M&A) activity in the local market, evident through the buyout of Open Windows in June 2017.Headquartered in Melbourne, Open Windows is a leading identity and access management (IAM) provider, designed to strengthen the firm’s cyber security advisory capabilities.

“We have key criteria when acquiring businesses, which focuses on whether the deal will help us grow in the areas that are our core skills,” Kraus said. “Within the data analytics and digital spaces, we will absolutely continue to examine M&A opportunities.

“We use data to solve business problems and provide a data driven approach to customers. Nothing is off the table but the key centres around how an acquisition would extend our core capabilities in the areas we are strong at.”

Upon closing the Open Windows acquisition, EY acquired more than 45 professionals with expertise across IAM, creating full service capabilities in the process.

“With every acquisition, there is a different timeframe for integration,” Kraus confirmed. “Open Windows has a significant client base already so will continue to deliver to existing clients.

“But at the same time, we are bringing them into the client base of EY and merging those skill-sets into our own offerings. Every business is paced on the deal rationale and Open Windows has an exciting book of business already, which means it’s a constant balancing act.

“We don’t want to interrupt what they already have going on but we also need to start thinking about how we combine capabilities to add extra value to our clients.”

In housing a responsibility to develop the data, digital and cyber strategies of EY, Kraus is forever reverting to the three key pillars of future growth for the professional services firm - invest, build or partner.

“Technology is now more prevalent in every job that we undertake for our clients,” acknowledged Kraus, who also oversees the company’s advisory and professional services capabilities.

“Whether it’s a customer experience journey, or back office finance functions, every part of the business has a technology overlay. It’s a fast-paced part of our business and our aim is to infuse technology and digital to create a more sustainable platform going forward.”

For example, Kraus said EY is not looking to become a software developer, creating a need to strike strategic partnerships both locally and globally.

“We have plenty of options on the table which allows us to provide clients with choice,” Kraus explained. “We have relationships with all key players in the market which means we can offer a broad array of solutions, rather than just pushing the product that we build and own.

“We have the ability to be flexible but if a client already knows the solution that they want, that’s probably not a space for us to play in.”

In the context of technology, EY wants a seat at the table, advising from the outset rather than merely following end-user orders.

“We want to be part of helping clients on that journey and starting way back with the problem they are trying to solve,” Kraus added. “Technology might be the answer but if the client has already made up their mind and just requires an implementation, that’s not a core competency of our business.

“Moving with the times is key because there’s no such thing as business transformation without technology. But we’re not in the game of inventing technology for technology sake.”

Citing SAP as an example, Kraus said EY holds deep expertise internally yet still partners with a software provider, representing a significant mind shift of a titan of the industry.

“That’s a real change in business strategy,” she said. “There used to be a philosophy that you had to solve all problems and issues within the four walls of the firm.

“But the reality is that in the world today, partnering is key to ensure you can provide the best capabilities to the client.”

And for EY, this also extends to the firm’s global footprint, with local projects in Australia and New Zealand (A/NZ) carried out by internal specialists based in Malaysia.

“It’s about finding who’s got the best talent and while we are absolutely invested in our in-house talent, we recognise the importance of partnering on specific projects to provide the right solution for clients,” Kraus added.