Historically, private equity has been less regulated than other parts of the investment world. However, during the last few years, sweeping financial regulation in the U.S. and reform in Europe have brought a new level of regulatory supervision of the industry. After years of operating “under the radar,” the industry is undergoing a transition to being more regulated. As a result compliance processes are evolving, with a wide range in operational maturity among firms. Furthermore, increasing investor demands are changing the nature of fund operations, revenue models and investor relations. In addition, the competition for portfolio company investments has increased, resulting in the need to refine the investment process and broaden a firm’s geographic reach in search of opportunities. In light of these significant and swift changes to the environment, KPMG wanted to identify how Internal Audit can assist organizations in adapting and evolving. We spoke with chief audit executives at private equity firms, listened to internal audit executives at our share forums, and gained insights from KPMG’s professionals who work with private equity firms. The result is our “Top 10 in 2015” – key risks that private equity firms should consider as they evaluate their strategies and make their investments and ways Internal Audit can help.
Top 10 Considerations for Private Equity Firms
Top 10 Considerations for Private Equity Firms
1. Cyber Security
Drivers:
Avoiding costly consequences of data breaches such as investigations, legal fines, coverage of customer losses, remediation efforts, loss of executive and mid-level time and focus, and potential loss of customers and business
Averting reputational damage to the organization, especially with regard to breaches that could involve investor or portfolio company data
Preventing loss of strategic, financial and other privileged company information
In today’s world of constant connectivity, cyber security is a key focus point for many private equity firms. Cyber security frequently appears on the top of many board agendas, and data security breaches are now headline news. Several factors have driven the increased attention paid to cyber security issues, including changes in the threat landscape, rapid changes in technology, and increased focus of the SEC’s Office of Compliance Inspections and Examinations (OCIE) on cyber security, social change, and corporate change. Additionally, the capabilities and techniques used by hackers are continuously growing and evolving, especially with regards to targeting specific information or individuals. New methods are constantly being developed by increasingly sophisticated and well-funded hackers who can target companies not only through networks directly but also through connections with key suppliers and technology partners. Lapses in security can have disastrous impacts on an organization’s reputation and bottom line. It is critical that private equity firms remain vigilant and up to date regarding various recent guidance.
How Internal Audit Can Help:
Perform a top-down risk assessment around the company’s cyber security process using industry standards as a guide, and provide recommendations for process improvements
Review existing processes to help ensure they consider the threats posed in the constantly evolving environment
Assess implementation of revised technology security models, such as multilayered defenses, enhanced detection methods, and encryption of data leaving the network
Assess third party security providers used by technology companies to evaluate the extent to which they are addressing the most current risks completely and sufficiently.
2. Valuation
Drivers:
Regulatory scrutiny pertaining to valuation policies and procedures
Increasing investor demands to understand the valuation process
Achieving greater investor confidence through disclosure of valuation practices
Increasing consistency of valuations policies and processes internally across geographies, business units and asset classes
Averting reputational damage to the organization arising from flawed or heavily scrutinized valuations
Valuation is at the heart of the private equity business and is a key focus point for many private equity firms. Private equity funds invest in less liquid assets and hence have specific characteristics that make valuation challenging. Several factors – including subjectivity, lack of definitive rules, inputs subject to varying degrees of reliability, the potential for conflicts of interest in the valuation process, and increasingly complicated investment structures – have focused attention on valuation issues in the industry.
How Internal Audit Can Help:
Perform a top-down risk assessment around the company’s valuation process using industry leading practices as a guide, and provide recommendations for process improvements
Conduct valuation audits that focus on compliance with industry standards and effectiveness of internal valuation controls, including reviewing the processes and controls over data that is self-reported by portfolio companies
Review overall key valuation process areas and control environment and assisting with creating and/or updating existing documentation in these areas
Review the process by which third party vendors, including external valuation firms, are identified, as well as due diligence, selection, and on-boarding processes and controls for selected vendors.
Source: KPMG
