+ All Categories
Home > Documents > 32449234 Enterprise Risk May 2010

32449234 Enterprise Risk May 2010

Date post: 15-Sep-2014
Category:
Upload: samersamersamer
View: 52 times
Download: 0 times
Share this document with a friend
Popular Tags:
44
Transcript
Page 1: 32449234 Enterprise Risk May 2010
Page 2: 32449234 Enterprise Risk May 2010
Page 3: 32449234 Enterprise Risk May 2010

HOT SEAT

4 Technology: enabler and accelerator

GENERAL INSURANCE

6 High performance in fi nancial services

8 Broker's Corner: Evaluating and

prioritising risk

SHORT TERM

12 Specialised risks: Kidnap and ransom

14 Mining focus: Environmental guarantees

LONG TERM 16 Reti rement reform: Uncertain seas ahead

EMPLOYEE BENEFITS

18 Healthcare: Nati onal Health Insurance

I N S I D E MAY 10

Co

ve

r co

nce

pt

an

d d

esig

n:

Fré

rick D

an

ton

RISK MANAGEMENT

19 RM Soluti ons: Spreadsheets vs systems

20 Business Conti nuity: Reducing BCM spending with care

22 Politi cal risk: Politi cs and ERM

24 Legal and Compliance: Companies Act

26 Recording mobile conversati ons

27 Specialised risk management disciplines: Sustainability

risk management

28 IT Risks: Informati on security

30 Escrow: Safeguarding business conti nuity

32 Volati lity risks: Perilous ti mes demand careful ERM

34 Product Recall: The best of recollecti on

CORPORATE GOVERNANCE

36 The role of the company secretary

REGULARS & EXECUTIVE SECTION

3 Editor's Note

38 Market news

39 Must-read books

40 Good golfi ng: Fairway bunker shots

Page 4: 32449234 Enterprise Risk May 2010

The beat goes onThe 2010 Soccer World Cup will offer many challenges for the operations management profession. But what happens when it is all over? Supply Chain and Operations Management professionals must maintain a steady, reliable beat as we continue to move African industry forward to ensure our sustainable footprint.

25 - 28 July 2010 Sun City

The SAPICS Annual Conference is the Leading Event in Africa for Supply Chain and Operations

Management Professionals.

32nd Annual Conference & Exhibition

T 011 023 6707, F 086 575 2979 or [email protected]. www.sapics.org.za

With the participation of: Principal sponsor:

Silver sponsor: Gold sponsor:

Platinum sponsors:

Page 5: 32449234 Enterprise Risk May 2010

3

Anticipating ash clouds

EDITOR’S NOTE

CEOs, CFOs and other executives, chief risk offi cers and risk managers, as well as directors and offi cers need to be at the top of their game at all times to anticipate and manage, rather than merely react to, the growing number of unexpected and unfore-seen risks that seem to be the defi ning char-acteristic of today’s world.

The global impact of the eruption of the Ey-jafjallajokull volcano in Iceland, and the re-sulting ash cloud over Europe which led to a six-day fl ight ban, has again highlighted the reality that it is not possible to plan for every eventuality. This makes proactive risk man-agement and well-designed business continu-ity plans, incorporating comprehensive insur-ance cover, an absolute imperative in today’s dynamic globalised economy.

The volcano has not shown any sign of activity in 300 years, but the magnitude of its impact on industries around the world can only be described as a global crisis. Accord-ing to the International Air Transport Asso-ciation (IATA), the grounding of European fl ights cost airlines $1.7 billion (R12.6 billion) in lost sales alone. But it is not only the air-line industry that has been affected. Losses have been incurred by businesses around the globe, most notably those involved in perish-able exports.

While air travel has resumed, the full im-pact of the crisis will only unfold over the next few weeks, as businesses across the globe recover and count the costs. Don’t miss the June edition of Enterprise Risk in which we will take an in-depth look at the business, risk management and insurance implications of the ash cloud disruption.

Even in the midst of a global crisis such as this, risk managers need to keep their eye on a myriad of other potential risks.

Local political tensions have grown sig-nifi cantly as the ANC Youth League leader continues to create media sensation, and the murder of Eugene Terre’blanche stirs up old

fears. Headlines about land reforms and na-tionalisation have caused wide-spread jitters.

Government’s focus on consumer protection and reform poses signifi cant risks to every company and every industry. And given this focus on consumer protection, the recall of millions of vehicles across the globe by well-established vehicle manufacturers such as Toyota, Honda, Nissan and General Motors, will place the manufacturing industry under scrutiny. Unfortunately, there is less govern-ment attention on the issue of security, which is remains a major and growing risk. Just a few weeks ago, a South African cameraman en route to cover soccer matches in Nigeria was kidnapped, followed by the kidnapping of a Zimbabwean businessman in Sandton.

In this edition of Enterprise Risk, we touch on all these many diverse developments and bring you the insights and opinions of some of the leading experts in the respective indus-try sectors. We also look at some remarkable risk management solutions available to risk managers as they face a mammoth task of identifying and managing the complex, in-terlinked and growing number of risks in the modern business world, often with shrinking budgets.

As the CQS team points out in our Hot Seat feature, simply knowing where to start when identifying the most critical risks among so many possibilities and potentialities is half the battle won. The other half can be man-aged surprisingly easily with the right cus-tomisable systems, and a risk management partner that understands your business.

Editor

ENTERPRISE

ENTERPRISE RISK May 10

PUBLISHER Elizabeth Shorten

EDITOR Debbie Besseling

ASSISTANT EDITOR Monique Terrazas

CREATIVE DIRECTOR Frédérick Danton

CONTRIBUTORS Johann Maree, Vanessa Payne, Terry

Booysen, Heinrich Degener, Rowan Burger, Avi Eyal, Ansophie

Strydom, Brad Beira, Wouter Scholtz, Kgabo Badimo, Mike

Durek, Patrick Bracher, Joel Wolpert, Martin Whitcher

CHIEF SUB-EDITOR Milton Webber

MARKETING MANAGER Jackie Slavin

PRODUCTION MANAGER Felicity Moon

PRODUCTION ASSISTANT Constance de Sousa

FINANCIAL MANAGER Andrew Lobban (ACIS, FCIBM)

ADMINISTRATION Tonya Hebenton

SUBSCRIPTION SALES Cindy Cloete

DISTRIBUTION COORDINATOR Asha Pursotham

PRINTERS United Litho Johannesburg

ADVERTISING SALES

Stacey Glad Tel: +27 (0)11 233 2643

Cell: +27 (0)83 567 0073

Fax: +27 (0)11 234 7274/5

E-mail: [email protected]

ANNUAL SUBSCRIPTION: R300.00

[email protected]

ISSN 1993-8217

© Copyright. All rights reserved.

All articles in Enterprise Risk are copyright protected and may not

be reproduced either in whole or in part without the prior written

permission of the publisher. The views of contributors do not

necessarily reflect those of Enterprise Risk or the publisher.

PUBLISHER MEDIA 4, 5th Avenue, Rivonia, 2191

• PO Box 92026, Norwood 2117 Tel: +27 (0)11 233 2600

• Fax: +27 (0)11 234 7274/5

E-mail: [email protected] www.3smedia.co.za

STRATEGIC PARTNER C G FGG

RESEARCH INSTITUTE(PTY) LTD

THE GROWING NUMBER OF UNEXPECTED AND UNFORESEEN RISKS SEEM TO BE THE DEFINING CHARACTERISTIC OF TODAY’S WORLD

Page 6: 32449234 Enterprise Risk May 2010

Enterprise Risk speaks to Katharine

Janisch and Jason Timm from CQS

Technology Holdings about the

challenges facing risk managers today

and some of the streamlined and effi cient

solutions available.

HOT SEAT

444

ENTERPRISE RISK May 10

CQS TECHNOLOGY

Technology:Technology: enabler and acceleratorenabler and

“Risk management in South Africa has developed rapidly over the last few years, evolving from a focus on risk fi nancing and transfer via insur-ance, to a new focus on governance, risk and compli-ance as espoused in King III and the new Companies Act,” explains Katharine Janisch, general manager at CQS.

“Common business sense, as well as King III has ensured that risk management is now something all companies must pay attention to. It is no longer a ‘nice-to-have’ or a concept reserved for fi nancial serv-ices companies or JSE-listed companies.”

Janisch adds that CQS has noticed an increase in the number of companies trying to establish a risk

management function, particularly in the light of the economic condi-tions, the aftermath of the fi nancial crisis, and the implementation of legislation and regula-tion such as the Compa-nies Act and King III.

RESPONDING TO THE CHALLENGESThe main problem, it seems, is not that com-panies are unwilling to implement risk manage-ment. It is simply that

they do not know where to start. The CQS team says that in their experience, companies generally respond in one of three ways: 1. Assign responsibility to a group executive to im-

plement a risk management strategy. The executive will often try to outsource this responsibility.

2. Appoint a person to implement a risk manage-ment strategy.

3. Attempt to incorporate risk management into the internal audit function, negating their independence.

“In all three cases, there is still no resolution of the main problem – the group executive, the newly ap-pointed risk manager or the internal audit department doesn’t know where or how to start. The company may even acquire state-of-the-art technology, but still the problem remains: Where to start?” explains Janisch.

START AT THE BEGINNING… CQS realised that knowing where to start is the number one challenge companies face in implementing risk management and set out to create a solution.

“Those tasked with implementing risk management often feel overwhelmed by the term, which is not always well understood and often feared as the un-known,” comments Jason Timm, Methodware product manager at CQS. “People fail to realise that risk man-agement is something everyone does to some extent every day. It is, in fact, a formalisation of common sense practices, a manifestation of what line manage-ment does in any case."

“The most logical and easiest place to start when implementing a risk management strategy is to start by listing the risks that are pertinent to the company, considering the industry it operates in,” says Janisch. “Once you have a list of risks, you can begin map-ping which ones apply to the company and its opera-tions, and to what extent. The risks that are relevant must then be controlled. This is the next challenge: Access to a list of risk controls associated with every risk identifi ed, so the most appropriate can be selected, given the context.

“Realising that these two crucial fi rst steps present a major obstacle to implementing risk management in most companies, CQS decided to provide our clients

with a ‘kick start’ to the process by cre-ating the CQS Risk and Control libraries. These contain extensive lists of both the possible risks a company in a specifi c in-dustry face, as well as the relevant con-trols for each risk.”

Once a company has identifi ed the

“GOVERNANCE, RISK AND COMPLIANCE MATURITY IMPLIES THAT RISK MANAGEMENT, INTERNAL AUDIT AND THE BUSINESS REMAIN INDEPENDENT, AND YET WORK TOGETHER FOR THE BEST INTEREST OF THE COMPANY” KATHARINE JANISCH, GENERAL MANAGER AT CQS

Page 7: 32449234 Enterprise Risk May 2010

HOT SEAT

5

ENTERPRISE RISK May 10

Technology: enabler and accelerator acceleratorpossible risks and the potential controls as-sociated with these risks, the risk manage-ment strategy is 75% complete, and what remains is refi ning and monitoring the on-going risk management efforts. In essence then, CQS offers more than a software sys-tem, it provides a solution to the most com-mon obstacles to implementing risk manage-ment, as well as the ability to monitor risk management efforts across diverse depart-ments and divisions, in the simplest and most effi cient way.

THE UPSIDE OF RISKTimm notes that many risk managers also fail to appreciate the fact that risk manage-ment is not only about avoiding risks, but also about identifying opportunities. “Iden-tifying and monitoring risks reveal oppor-tunities. For example, if an investment of R100 000 in fraud prevention measures can reduce fraudulent activities costing a company R8 million a year by half, it rep-resents a signifi cant opportunity to improve performance.

“Other opportunities include controlling costs or identifying areas where customers or key staff members are being lost to competi-tors because the risks are not managed. If the company does not know the risk, the risk can-not be managed, nor can the opportunities be identifi ed.”

BRIDGING THE GAP BETWEEN RM AND IA“Risk management is not a new concept globally. However, the focus used to be on reactive management of risks via the in-ternal audit function, which merely re-ported on risks and losses that had occurred and the effectiveness or lack of controls,” explains Janisch.

“The modern risk management function is proactive, with the objective of preventing risks from occurring and where this is not possible, minimising the impact. Risks are identifi ed before they occur and controls are implemented to prevent, mitigate and trans-fer the risk. There is no need for a loss to occur before it is managed.”

Janisch notes that in South Africa, there

seems to be a peculiar adversarial relation-ship between the internal audit and risk management functions. “In the US and Aus-tralasia, there is a much closer working re-lationship between these functions, which actually depend on each other to achieve success. Internal audit should take its lead from risk management in terms of which risks are most crucial, since there is no point in auditing the management of risks that are non-critical or irrelevant to the business. This realisation is driving the new concept of risk-based internal auditing.

“Governance, risk and compliance matu-rity implies that risk management, internal audit and the business remain independ-ent, and yet work together for the best in-terest of the company. Instead of operating in silos, they are integrated via technology that provides a single integrated view using one database, with the necessary authori-ties, checks and balances to ensure integrity and independence.

“If there is a gap between the risk manage-ment and internal audit functions, such as is created when different systems are used, many vital risk issues could slip through the cracks,” warns Janisch. “The CQS Meth-odware solution allows internal audit and risk management to use the same informa-tion, with no manual intervention to ensure data integrity.”

In addition, Methodware reports consoli-date information, drawn across depart-ments and line man-agers, in a simplifi ed MS Word format and presents this in a manner that adds real value to the ex-ecutives and board members, allowing them to monitor progress and track trends. Such reports add far more value

than spreadsheets that are neat and colour-coded, but do not refl ect the complex and dynamic nature of risk management in to-day’s world.

TECHNOLOGY AS AN ENABLER While technology is undoubtedly an ena-bler in business, it is often paradoxically perceived as a barrier. This is mainly due to people’s fear of the unknown and their re-sistance to change – even to a more effi cient and benefi cial new software system.

The CQS solution was to use familiar tech-nology – Microsoft Word – in their Method-ware software. “We believe that if a system is easy to use, it will be used. But this is not the only success factor,” explains Timm. “Cus-tomisation is crucial to ensure that the staff experience the system as their own. As such, our Methodware software system is com-pletely customisable.

“It does take our business experts signifi -cant time and effort to extract the relevant information from the various line managers and staff members, and to formalise this into a customised software solution. However, it is important to make sure that people are part of facilitation, so it becomes ‘their’ system. When staff members see their contributions and the language they use every day in the system, it creates ownership and excitement. This is when technology becomes an enabler and accelerator.”

“RISK MANAGEMENT IS NOT ONLY ABOUT AVOIDING RISKS, BUT ALSO ABOUT IDENTIFYING OPPORTUNITIES”JASON TIMM,

METHODWARE PRODUCT MANAGER AT CQS.

Page 8: 32449234 Enterprise Risk May 2010

6

COVER STORYCOVER STORYYYGENERAL INSURANCE ENTERPRISE RISK May 10

A recent Accenture survey on global risk points to the kind of changes

necessary to avoid future meltdowns.

HIGH PERFORMANCE IN FINANCIAL SERVICES

RM shortcomings contributing to

Risk executives surveyed at 74 bank-ing, capital markets and insurance fi rms revealed that many fi nancial services companies have gen-erally managed risk merely as a compliance issue, meaning they neglected to:• include risk in objective-setting and performance

management• measure, much less manage, enterprise-

wide risk• align risk strategy with business strategy.

NARROW VIEWBecause fi rms were measuring risk in silos, to-tal enterprise risk exposure was not transparent. Therefore senior management could not see how credit, liquidity, market and other risks were in-teracting and potentially compounding exposures throughout the institution. Even when risks were clearly visible and risk managers raised red fl ags, organisational models made it all too easy to ignore the warning signals. Risk operating models often failed to defi ne clear risk management responsibili-ties both at a corporate level and within the busi-ness units.

Collaboration was unclear, risk strategy not aligned to overall business strategy and risk man-agement not deeply embedded into performance management, objective setting, decision-making

or incentives. Indeed, the survey revealed that risk managers spend only about 20% of their time ad-vising business units – almost 60% was spent on data management and compliance.

Too frequently, the long-embedded organisa-tional cultures actually encouraged the behaviour that would ultimately destroy so many of them. Compensation practices often rewarded short-term revenues without considering the longer-term risks traders were taking.

SELECTED KEY FINDINGSFor fi nancial services companies, the key fi ndings of the survey are: • Risk management capabilities are not currently

equal to today’s challenges. Signifi cant changes are required with respect to an integrated ap-proach to risk management.

• Risk management is inadequately aligned with business strategy and poorly integrated into busi-ness operations. Alignment to business strategy, integration with fi rm culture and collaboration with business units are the three biggest chal-lenges faced by fi nancial services fi rms.

• The integration of risk management and perform-ance management is limited. The risk function is important in strategic decision-making but is less involved in objective setting, incentives and per-

formance management. The costs of risk man-

agement increased sig-nifi cantly over the last three years as expected regulatory actions add to the pressures on ex-isting risk capabilities. For 73% of respondents, the cost of risk manage-ment is up by more than 10% and for 43% of re-spondents it has risen by more than 25%.

In addition to regula-tion, increased business complexity, poor data quality, fragmented in-ternal processes and IT

DIAGRAM 1 The cost of risk management has risen in recent years due to multiple factors

Page 9: 32449234 Enterprise Risk May 2010

GENERAL INSURANCEENTERPRISE RISK May 10

7

the global fi nancial crisis systems, along with an increased number of ad-hoc information requests, are the main cost drivers. These factors are also key contributors to the rising cost of risk for more than 30% of fi nancial services respondents.

Financial services fi rms are investing to improve their risk management capabilities. More than two-thirds of respondents either have increased or are planning to increase investments in risk man-agement. The key challenges are seen in creating the right processes, systems and culture to em-bed risk management within and across the busi-ness while instilling a culture of risk awareness throughout the organisation. Firms will need to rethink collaboration between corporate and busi-ness units, especially in such areas as enterprise-wide risk awareness and strategic alignment of risk appetite.

Optimism still exists about the ability of strong risk management to drive performance. Besides compliance, 58% of respondents expect a major im-pact from risk management on profi t sustainability and growth.

FROM SURVIVAL TO VALUE-ORIENTED RMDramatic deterioration of market value, liquidity and continuing capital pressures call for immediate changes in business and risk strategy. In the short term, fi rms need to ensure survival by properly managing liquidity and strengthening their capital positions.

Beyond the short-term survival mode, fi nancial services fi rms need to establish a holistic and stra-tegic risk management approach to rebuild trust and increase business value. Firms must also focus on measuring liquidity, counterparty exposure and cross-product behaviour.

It is vital to assess counterparty exposure and credit risk concentration. Firms cannot continue to rely only on external rating agencies. Instead, fi rms should calculate their own internal ratings, based on market-derived ratings from spreads, derivatives and equities.

Among the most important changes necessary: The management of risk must become part of the performance management process. It must become a factor in strategic decisions. Short-term incentives should not encourage too much risk or the wrong kind of risk at the wrong time. Financial services companies must align risk management with busi-ness strategy and integrate risk into every related process and the organisational culture. To be suc-cessful, the effort demands a closer collaboration

between risk management and business units, cou-pled with a renewed emphasis on winning the war for talent and resources.

A dedicated risk transformation programme can help fi nancial services fi rms deal with increasing complexity, optimise risk/reward and transform the risk function into a value-adding partner.

RISK MANAGEMENT TRANSFORMATIONWhile fi nancial institutions need to take decisive short-term risk mitigation actions, they also must renew confi dence by creating a transformed, fully integrated risk management approach. This requires scrutinising and redefi ning the business model and synching business strategy with risk strategy.

When it comes to risk transformation, one size does not fi t all. Yet, consistency is a fundamen-tal component of a healthy risk culture overall. Every role within the risk operating model has risk management responsibility that must be re-fl ected in activities, behaviours and incentives. The organisational structure, culture and behav-iour must all align directly with risk appetite. Per-formance measurement and reward policies should reinforce these.

Only 27% of respondents have an integrated risk-and-fi nance IT architecture. Robust fi nancial risk architecture should follow logical layers and lever-age common inputs, shared analytics and fl exible reporting.

Meanwhile, sound process risk architecture in-tegrates operational risk, risk control self-assess-ments, compliance and audit functions. Firms need integrated IT capabilities and infrastructure to sup-port and drive the transformation of their risk mod-el and ensure its effectiveness.

The fi nancial services executives surveyed are keenly aware of the potential business value in-tegrated risk management capabilities can create. Besides the reduction in cost of capital, most com-panies expect such integration to affect competitive advantage positively and profi table growth sustain-ability.

But to get these benefi ts, fi nancial services companies must move beyond more reactive risk compliance-driven activities to value creation. Ac-centure believes by linking and balancing risk and performance management to aid decision-making and increase shareholder returns, an organisation can improve its performance and position for eco-nomic recovery.

Ultimately, effective risk management is about achieving and sustaining high performance.

About the authorHeinrich Degener is the senior executive fi nancial services – capital markets at Accenture SA.

THE RIGHT RM APPROACH CAN ENABLE COMPANIES TO• Achieve the right balance

between performance and risk.

• Treat risk as a competitive differentiator to manage the business better, deliver sustainable shareholder returns and reduce the cost of risk management.

• Integrate risk management practices and procedures throughout the enterprise to safeguard the achievement of targets while protecting against downside risks.

• Instill a culture of risk consciousness to improve bottom lines and reputations and use incentives to align individual behavior with organisational goals.

• Rely on a trusted partner for insightful strategic thinking, implementation at scale and outsourcing capabilities.

Page 10: 32449234 Enterprise Risk May 2010

COVER STORYCOVER STORYYYGENERAL INSURANCE ENTERPRISE RISK May 10

8

In a financial advisory business, re-sources should be allocated to those functions that have the highest risk. The risk evaluation, aimed at identifying the inher-ent risk of performing various business functions, will directly affect the nature, timing and extent of the resources allocated.

The two primary questions to consider when eval-uating the risk inherent in a business function are:• What is the probability that things can go wrong?

(The probability of one event.)• What is the cost if what

can go wrong does go wrong? (The exposure of one event.)

Risk is evaluated by an-swering the above ques-tions for various risk factors and assessing the probability of failure and the impact of expo-sure for each risk factor. Risk is the probability times the exposure.

POTENTIAL EXPOSURESAll the risk factors in fi gure 1 cause potential exposures. The potential exposures include, but are not limited to:• fi nancial loss• legal and regulatory

violations/censorship• negative customer

impact• loss of business opportunities• public embarrassment• ineffi ciencies in the business process. The evaluation should NOT consider the effective-ness of the current internal control environment. The evaluation should focus on the risks and ex-posures inherent to the function being evaluated. However, while performing the risk evaluation, the fi nancial adviser should consider what controls are needed in order to minimise, if not eliminate, the risks and exposures.

The purpose of evaluating risk in a fi nancial advisory business is to

identify the inherent risk of performing various business functions.

BY JOHANN MAREE, MYRIAD PLANNING SOLUTIONS

BROKERS' CORNER

Evaluating and prioritising risk

FIGURE 1: RISK FACTORS INHERENT IN BUSINESS

• Access risk• Business disruption risk• Credit risk• Customer service risk• Data integrity risk• Financial misstatement

risk• Legal and regulatory

risk• Fraud risk• Business process risk• Physical harm risk

APPLICATION IN PRACTICEEach of the risks must be evaluated using a proba-bility and exposure tool. The objective of analysing each of these risks is to determine whether or not extra controls are warranted to reduce risk levels in the advisory business further.

OVERALL RISK PROFILEThe results from each individual assessment should be collated to give an overall risk profi le for the advisory business. The end result is to arrive at a

prioritised list of risks which can be fl agged for treatment by the fi nancial adviser.

The evaluation of risk will enable priorities to be established that equate to an appropriate level of risk. This will allow fi nancial advisers to decide what an appropriate action for treating each risk will be.

TABLE 1 An example of a risk-evaluation method(Describe type of risk here) Probability Exposure

Insert brief description of what is meant by access risk, business disruption risk or legal and regulat-ory risk

High High

Medium Medium

Low Low

N/A N/A

DON'T MISS THE NEXT ARTICLE in our Brokers' Corner series which will look at how the prioritised risk may be treated.

Overall rating Probability Exposure Overall risk

Based on the evaluation of: • What can go wrong? (Probability);

and • What is the cost if what can go

wrong, does go wrong? (The exposure).

High High High

Evaluate the overall magnitude of the risk in the area/function.

Medium Medium Medium

Evaluate the probability and exposure, and then combine the two for an estimate of overall risk of business mission failure.

Low Low Low

TABLE 2 Risk rating

About the authorJohann Maree is the co-founder of both the Institute of Practice Management and Myriad Planning Solutions, which develops rules-based integrated business solutions for fi nancial advisers.

Page 11: 32449234 Enterprise Risk May 2010
Page 12: 32449234 Enterprise Risk May 2010
Page 13: 32449234 Enterprise Risk May 2010
Page 14: 32449234 Enterprise Risk May 2010

12

South Africa has one of the highest kidnap and ransom incident rates in

Africa, and as the World Cup draws near, the risk increases exponentially.

SPECIALISED RISKS

Kidnap and ransom

groups, high crime rates, large disparities be-tween the affl uent and the poor, topped by governments which are notorious for either ineffi cient or corrupt practices.”

“There’s a misguided perception that kid-napping is limited to third world or South American countries, but increasingly kid-napping and ransom have become part of the South African scenario as well. In fact, South Africa has one of the highest number of such incidents in Africa,” says Alan Taylor, General Manager Risk Services at Glenrand M.I.B. “Unfortunately, the South Africa en-vironment, with its perceived low levels of law enforcement, is conducive to kidnapping professionals. Something of a kidnapping ‘culture’ is already well entrenched in the country, albeit mostly without the associated extortion part.”

INCIDENCE INCREASINGAccurate fi gures for kidnapping are sketchy, simply because many victims prefer to stay anonymous.

“According to experts, kidnapping for ran-som is on the rise in an increasingly glo-balised market,” says Booysen. “As the gap continues to widen between the haves and have-nots, we can most certainly expect to see more kidnapping cases of high-net worth executives being reported.”

Alexander Forbes Risk Services concurs, adding that “The number of kidnap events

In March, South African M-Net Su-perSport sound engineer Nick Greyling was kidnapped in Nigeria along with Nigerian commentator Bowie Attamah. Later in the month, right here in Johannesburg, fi ve peo-ple were arrested for allegedly kidnapping a Zimbabwean man, demanding a R50 000 ransom and a car for his release.

These two events are but a recent drop in a dark sea of local and global kidnapping incidents, which are increasing at an alarm-ing rate. But they provide insight into a grim reality: Kidnapping is a risk South African corporates ignore at their peril.

HOT SPOTSAlthough executive or high-net worth kid-napping is known to be a common occur-rence in countries such as Iraq, Mexico, Pa-kistan, Venezuela, Brazil and the Philippines, countries such as South Africa, the DRC and Tanzania are quickly becoming the new dan-ger zones. And it is not only the wealthy that are being targeted.

According to Alexander Forbes Risk Serv-ices, South Africa is ranked as one of the world’s top ten countries for kidnap and ran-som incidents.

“As the operations of sophisticated inter-nationally-based kidnap syndicates expand into more vulnerable countries such as South Africa - now considered a medium to high risk kidnapping country - the risks attached to an individual being kidnapped increases,” says Terry Booysen, CEO of CGF Research Institute.

“There are many reasons for this phenom-enon, however the most common reasons which increase the risk of a corporate execu-tive being kidnapped may be linked to coun-tries which have a history of political and social instability, the presence of extremist

COVER STORYCOVER STORYYY ENTERPRISE RISK May 10SHORT TERM

has reached record levels and appears to be increasing.”

TARGETS “Typically the targets for kidnappings and ransom are high-net worth individuals, their families, their staff, employees travelling overseas, companies with high profi les, those that handle large amounts of cash or work with sensitive information, even sportsmen and women, many of whom enjoy enormous incomes,” says Taylor.

However, corporate kidnappings, involving the kidnapping of a company’s staff, partic-ularly executives, followed by ever greater ransom demands from the relevant company for their return, are a lucrative business for sophisticated, advanced syndicates, which in some cases involve as many as 20 people.

“Most particularly, those criminals who specialise in kidnapping of executives for ransom have become a nightmare for em-ployers, especially for those employees who travel to kidnapping hotspot countries,” comments Booysen.

Taylor adds that “Kidnap patterns in Africa show that expats from international compa-nies and the personnel of international aid organisations are likely victims.”

SOPHISTICATED PERPETRATORS Alexander Forbes Risk Services says that kidnapping is a highly evolved billion-rand

business. “Some k i d n a p p i n g s are short-term

TABLE 1 Reported Cases South African Police Service statistics show that 2 535 kidnappings were reported in 2008/2009, with the vast majority conducted in Gauteng

“THE RISK OF KIDNAPPING IS NO LONGER LIMITED TO TRAVELLING THE WORLD’S HOT SPOTS. IT’S ON YOUR DOORSTEP” ALEXANDER FORBES RISK SERVICES

PROVINCE 2003/04 2004/05 2005/06 2006/07 2007/08 2008/09Eastern Cape 349 273 202 108 93 88Free State 83 61 67 65 66 93Gauteng 1,062 921 850 944 947 1,058KwaZulu-Natal 693 714 680 696 716 686Limpopo 82 112 91 103 83 91Mpumalanga 149 137 115 115 107 164North West 104 78 74 96 96 157Northern Cape 32 32 25 17 27 29Western Cape 450 290 216 201 188 169RSA 3.004 2,618 2,320 2,345 2,323 2,535

Page 15: 32449234 Enterprise Risk May 2010

ENTERPRISE RISK May 10 SHORT TERM

13

‘opportunistic’ incidents where the kidnap-pers are seeking a quick payoff. Other kid-nappings will involve careful planning, observation of the victim, military style executions and months of negotiation. Kid-nappings are increasingly connected to re-lated crimes such as hijacking, extortion and hold-ups.”

Glenrand M.I.B. adds that while the ‘petty’ kidnappings still continue, the quantum of high profi le, high ransom incidents in South Africa is clearly on the increase. “There is concern that the likes of Nigerian syndicates, East Europeans, Asian and the more sophis-ticated South African operators are coming to the fore.”

Booysen notes that the price tags attached to high-net worth executives runs into mil-lions and the perpetrators have become quite brazen about their business. “The perpetrators involved in this type of kidnapping know what they are doing, and they also know

the high stakes involved. The planning of a kidnap for ransom will often span weeks or months as every detail of the target is meticu-lously surveyed and calculated with military precision. Anything from high tech surveil-lance equipment, recording devices and cell phones are used to execute the crime.

“Of course, the more valuable the ‘prize’, the greater the reward. In this vein, corpo-rate executives have become ‘fair game’ to professional kidnappers, who understand not only the intimate detail of their target, but also their worth to organisations ei-ther materially, fi nancially or their strategic

importance to the success of the organisa-tion by which they are employed.”

UNDERSTANDING THE RAMIFICATIONSBooysen explains that a kidnapping incident can have devastating impacts on the health

of the victim, as well as the victim’s family and business associates. “There can also be dire implications on the business and its mo-rale, not least the severe interruptions in the operations and its fi nancial impacts. Clearly when a kidnap incident occurs, particularly if it is drawn out for a long period of time, huge strain is placed on the business, giving the hostage takers greater power to extort higher ransoms and more demands.”

MANAGING THE RISK CGF Research Institute, in one of their lat-est Governance, Risk and Compliance (GRC) reports, entitled Corporate Kidnapping: Pro-tecting Key Offi cers, recommends that busi-ness and their executives seriously consider their pre-emptive measures to safeguard their key employees.

“Kidnapping methods deployed may range from high surveillances of the victim to snatching victims at ATMs. These types of in-cidences will most often occur when the vic-

tim is in transit. Employees should be trained to manage and survive a kidnapping ordeal. Moreover, employees should know what type of action the company will take to secure their release, including the fact that it could take months to free them. The risks associ-ated with rescue are high, given the fact that in some countries there are poorly trained law enforcement offi cers and rescue attempts could result in the death of the victim. Nego-tiations should always be entrusted to security consultants and insurance professionals hired to handle the situation,” advises Booysen.

“Fortunately, employers are realising the

critical importance of providing their key executives with kidnap and ransom (K&R) insurance cover, particularly for those execu-tives who travel and deal in high risk kidnap-ping countries.”

ASSESSING THE RISK: 3 key questions • Who are high risk individuals• Where are the greatest risks and when are they

likely to happen• Who is likely to commit the kidnapping Source: Cre8, division of Alexander Forbes

K&R INSURANCE According to Assurex International, the world’s largest privately held commercial insurance brokerage group, executives who have K&R insurance in place are four times more likely to survive a kidnapping ordeal than those without.

Specifi c policy details will differ depend-ing on the underwriter, but in general the cover includes:• Access to a specialist crisis management

company for assistance and advice • Reimbursement for any ransom paid • Loss of ransom money in transit • Expenses, including rewards and fees • Psychiatric, medical and dental care costs • Legal advice • Payment of the salary of a detained or kid-

napped person • Payment of the salary for the temporary

replacement • Interest on loans • Legal liability• Consultation fees for employee training • Payment of the salary for the tempo-

rary replacement of the kidnapped or detained person

• Interest on loans • Legal liability• Consultation fees for training in the latest

prevention and avoidance techniques.

“CORPORATE EXECUTIVES HAVE BECOME ‘FAIR GAME’ TO PROFESSIONAL KIDNAPPERS” TERRY BOOYSEN, CEO, CGF RESEARCH INSTITUTE

“SOMETHING OF A KIDNAPPING ‘CULTURE’ IS ALREADY WELL ENTRENCHED IN SOUTH AFRICA” ALAN TAYLOR, GENERAL MANAGER RISK SERVICES, GLENRAND M.I.B.

Page 16: 32449234 Enterprise Risk May 2010

14

Despite a cautious recovery following the recent global economic down-turn, increased regulatory focus is forcing some mining companies to fi nd innovative ways to economise and deal with operational constraints and project delays. “This is par-ticularly evident in the mid-tier mining sec-tor. The regulatory focus centres on health and safety issues and environmental issues, particularly the remediation of environmental damage,” says Lizelle Prosch, environmental services consulting manager at Marsh.

THE LEGAL REQUIREMENT South African law requires mines to make fi nancial provision for ongoing environ-mental rehabilitation and the environmental costs associated with mine closure, creating one of the biggest challenges facing mining companies today.

Requirements for making fi nancial provi-sion for the remediation of environmental damage as well as for the issuing of a clo-sure certifi cate are included in the Mineral and Petroleum Resources Development Act 28 of 2002 (MPRDA). These include the re-quirement that fi nancial provision must be in place before approval of the environmen-tal management plan or programme by the minister of minerals and energy.

The DME’s recent suspension of environmental guarantees issued by

insurance companies as a means of meeting rehabilitation obligations

has created challenges for many mining companies.

MINING INDUSTRY FOCUS

Environmental guarantees

“THERE IS A LEVEL OF UNCERTAINTY IMPACTING THE UNFOLDING OF THE CLOSURE AND REHABILITATION LIABILITY” NICKY HOLTZHAUSEN, HEAD: CORPORATE CUSTOMISATION, OLD MUTUAL

CALCULATING THE COST “Currently, closure costing for mine reha-bilitation is based on the Department of Minerals and Energy’s (DME) prescribed Master Rates with the application of CPIX,” explains Natasha Wally, risk solutions advi-sor at Marsh. “A shortcoming of this costing method is the failure to provide for contin-ued monitoring and maintenance after fi nal mine closure has been achieved. In terms of the MPRDA, an annual revision of the closure costing is required; however, this is poorly enforced and seldom completed by the mining companies. Through the use of an insurance-based costing provision, an-nual policy review procedures may impose a more comprehensive analysis of the require-ments for fi nancial provisions. This elimi-nates the risk of a shortfall at the end of life of the mine.”

Mines are also not always clear about the balance between the use of premature closure guarantees, ongoing rehabilitation and the contributions needed to fund fi nal closure. “The fi nal closure liability is determined by the extent and type of mining and is some-times impacted by unexpected geological in-cidences,” says Nicky Holtzhausen, head of Old Mutual’s corporate customisation unit. “It is also affected by infl ation. As a result, there is a level of uncertainty impacting the unfolding of the closure and rehabilitation liability.”

In a recent Mining Indaba paper entitled Optimisation of Asset and Contribution Strategies for Mine Closure and Environ-mental Rehabilitation, Old Mutual, working in collaboration with environmental engi-neers, found the following:

While some mines want to defer rehabili-tation expenditure, ongoing rehabilitation can make good fi nancial sense because it

helps to limit growth in the closure liability. Because of the returns that can be earned on trust fund assets, regular contributions help reduce the present value of total costs in-curred over the mine’s life.

The traditional guideline contribution for-mula is widely used to determine contribu-tions. This formula takes into account his-torical returns earned on assets, but does not anticipate future returns.

Moderate investment in higher yielding asset classes, such as equities, can reduce the average present value of expected total costs, because higher returns ultimately re-duce the amount of contributions needed.

Regular reviews are necessary to adjust the company’s strategy as time passes.

Environmental engineering and fi nancial models provide valuable insights into get-ting the most out of asset and contribution strategies.

MAKING PROVISION Wally explains that in terms of Regulation 53, promulgated under the MPRDA, allow-ance is made for four methods of fi nancial provision for environmental rehabilitation:• cash deposit into an account specifi ed by

the director-general• an approved contribution to a trust fund

as required in terms of section 10(1)(cH) of the Income Tax Act

• a fi nancial guarantee from a registered South African bank or any other bank or fi nancial institution approved by the di-rector-general

• any other method as determined by the director-general.

The cash method involves the deposit of funds with the DME. The investment income accrues to the DME, and this option is rarely favoured.

Trust funds are commonly used, particularly by well-es-tablished mining companies. The contributions to such a trust are tax deductible and

COVER STORYCOVER STORYYY ENTERPRISE RISK May 10SHORT TERM

Page 17: 32449234 Enterprise Risk May 2010

the build-up of funds in the trust is tax exempt. However, the trust structure may be infl exible and few junior mining companies have the fi nancial re-sources to create rehabilitation trusts. Guarantees is-sued by banks or insurance companies have proven to be an attractive option for mining companies. However, bank guarantees may tie up the mining company’s facilities.

“In addition, the decline in the availability of credit and liquidity has forced mining companies to rely more heavily on their credit lines,” says Prosch. “This cre-ates a domino effect on a mining companies risk and insurance profi les.”

THE INSURANCE OPTIONThe insurance guarantee option provided an alterna-tive to the often more expensive cash or bank guaran-tees. In many cases, particularly junior mining fi rms provided for a portion of the rehabilitation fund with the insurers underwriting the balance. This enabled the smaller mining companies to use their capital to grow operations.

However, in the fi rst quarter of 2009, the DME sus-pended the practice in which mining companies ob-tained environmental rehabilitation guarantees from insurance companies. The department based its deci-sion on its belief that cash or bank guarantees provid-ed greater security. It said that insurance guarantees exposed the state to the risk of a guarantee not being honoured in cases where the mining company did not disclose all material facts, neglected to pay premiums, or did not meet its obligations in terms of the contract of insurance.

NEW SOLUTIONS According to Holtzhausen, while many mines in South Africa have some form of premature closure guarantee in place, only a few have holistic strategies to fund for fi nal closure. This is slowly changing as legislation and tax incentives encourage mine owners to set aside assets for fi nal closure.

Old Mutual has developed a specialised fi nancial model to help mining companies develop strategies for ongoing rehabilitation determine contributions to trust funds, make appropriate use of premature closure guarantees and formulate asset strategies for trust fund investments. The specialised fi nan-cial model is designed to play an important role in helping mines develop the most suitable asset and contribution strategies for funding mine closure and environmental re-habilitation plans. The model helps mines maintain the balance between ongoing trust contributions, ongoing

rehabilitation, and pre-mature closure guaran-tees. Last year, Nedbank Capital designed and

developed a multimillion-rand rehabilitation fund solution for Rand Uranium, with a fully inclusive, end-to-end means of meeting its mining rehabilita-tion liabilities while remaining compliant with South African mining and tax regulations. This kind of in-novation has seen over R2.4 billion of rehabilitation funding infl ows into the Nedbank Capital’s rehabili-tation fund offerings, which focuses on the provi-sion of tailored rehabilitation trust fund investment management coupled with the provision of DME guarantees. According to Peter van Kerckhoven, jointhead of mining and resources at Nedbank Capi-tal, the rehabilitation solutions created by Nedbank Capital not only minimise the cost of guarantees, but do so in a way that reduces the impact on the mining companies’ ability to raise other forms of fi nance in the future.

MOVING AHEAD“At present, insurers cannot offer mining guarantees until the issues raised by the DME have been ad-dressed to the government’s satisfaction. At the time of writing, our insurers report that there has been no change in the current situation although discussions are taking place to fi nd a solution that will again see the insurance option become a viable alternative for mining companies,” says Cheryl Crick, consult-ant: performance bonds & guarantees, a division of Alexander Forbes Risk Services. In the mean time, it seems other fi nancial services companies have been quick to provide solu-tions to challenges min-ing companies face and we watch with interest to see what innovations the insurance industry will create to regain this once growing market segment.

SHORT TERM

15

ENTERPRISE RISK May 10

"MINING COMPANIES’ INCREASED RELIANCE ON THEIR CREDIT LINES CREATES A DOMINO EFFECT ON THEIR RISK AND INSURANCE PROFILES” LIZELLE PROSCH, ENVIRONMENTAL SERVICES CONSULTING MANAGER, MARSH

“ALLOWANCE IS MADE FOR FOUR METHODS OF FINANCIAL PROVISION FOR ENVIRONMENTAL REHABILITATION” NATASHA

WALLY, RISK SOLUTIONS ADVISOR, MARSH

Page 18: 32449234 Enterprise Risk May 2010

16

The debate surrounding the reform the re-tirement system continues, but it remains important to stick to existing retirement savings arrangements for the foreseeable future. There is an interesting debate ahead in terms of achieving the appropriate retirement funding system in South Africa, but the fundamental principles of saving for retirement – including start-ing early and investing to beat infl ation – will always remain.

It has been nearly six years since the fi rst paper outlining National Treasury’s proposed improvements

to the retirement system in South Africa. Further dis-cussion documents have been issued, most notably a number setting out proposals including wider social se-curity reform from the Department of Social Develop-ment (DSD). It is critical that there is rigorous debate to ensure any new system implemented achieves its goals. But perhaps even more signifi cant, it is important that any new system is understood and appreciated by its recipients. This process may take some time to reach an optimal outcome. The problem is how to deal with cur-rent retirement funding arrangements and their mem-bers in the interim.

FOCUS OF THE PROPOSALSThe proposals are focused primarily on widening the coverage of the retirement savings net from the current estimated 6 million to the approximately 12 million South African wage earners. The missing benefi ciar-ies are largely lower earners, in temporary or transitory employment and tend to be in industries with low un-ion movement involvement.

The current system run by the private sector tends to exclude these individuals, as they cannot provide cost-effi cient solutions to them. In addition, the tax incentives granted to higher paid workers have little at-traction to those not paying tax because their earnings are below the thresholds. The proposals also aim for a simpler, more cost-effi cient arrangement.

LIKELY OUTCOMESGiven the complexity of the issues faced by the decision makers, it is very diffi cult to speculate about the fi nal

ENTERPRISE RISK May 1010ENTELONG TERM

While the retirement reform debate continues and the outcome remains

uncertain, the fundamental principles of saving for retirement remain

unchanged. BY ROWAN BURGER, LIBERTY CORPORATE

RETIREMENT REFORM

Uncertain seas ahead

About the authorRowan Burger is head of pension reform at Liberty Corporate. provider in South Africa. Burger has 15 years’ experience in the industry.

proposal. However, given the stated intentions, we can make certain inferences about the likely outcome that can guide employers and advisors in terms of how re-tirement funding matters should be dealt with. It is clear that with the extension of the system to a broader base, there is the inclusion of a larger proportion of individu-als who have less fi nancial literacy when it comes to retirement savings matters. It should be pointed out that most studies into the low-paid market reveal a sophisticated system of money management, includ-ing a number of different loan arrangements and better budgeting skills than their affl uent counterparts.

The success of any system will depend on whether benefi ciaries see value and understand their benefi ts. Therefore, the system would need to be simple in its benefi t structure by being defi ned benefi t in nature, or simple in its benefi t accumulation structure, by being defi ned contribution, probably with low volatility of returns and few capital losses.

IMPLICATIONS FOR EXISTING MEMBERSEither way, for existing retirement fund members this would be a far more conservative construction with lower upside potential for participants. In order to place these members in an equivalent retirement po-sition had the new system not been introduced, a far more aggressive strategy will need to be followed in existing arrangements.

This could be either through a higher allocation to riskier assets, or even the inclusion of the more exotic and expensive asset classes in the hopes of achieving higher returns for a given risk tolerance.

INVESTMENT GUIDELINES The prudent investment guidelines, detailed in Regula-tion 28 of the Pension Funds Act, which set out how retirement funds invest their assets, are currently under review. Unfortunately, this is largely a process aimed at modernising the old framework to cater for new in-vestment classes, rather than a holistic review of ap-propriate investment strategies, which has resulted in criticism from some commentators.

This criticism is unfounded given the uncertainty as to the fi nal outcome. However, it may be prudent to consider building in an additional margin to a retire-ment savings plan to cater for the introduction of a more widely accessible but conservative scheme.

THE SUCCESS OF ANY SYSTEM WILL DEPEND ON WHETHER BENEFICIARIES SEE VALUE AND UNDERSTAND THEIR BENEFITS

Page 19: 32449234 Enterprise Risk May 2010

ENTERPRISE RISK May 10 LONG TERM

LEGAL COMPULSION VS. TAX INCENTIVESA key failing of the current system is that it uses tax incentives to drive the appro-priate behaviour. There is nothing wrong with the concept; however, in practice few members act rationally and avoid heavy tax penalties when they cash in their re-tirement savings after leaving their em-ployers.

The statistics can be devastating, as money spent on other essentials is very rarely replaced. Recently, a Cape-based insurer reported than only 83 members of over 17 000 exits did not cash in their benefi ts over the last year.

It is unfortunate that the means test done when applying the state old-age grant fur-ther incentivises this sort of behaviour. It therefore seems likely that the new system will try legal compulsion rather than gen-tle tax persuasion to achieve the long-term,

consistent savings patterns required to achieve adequate pensions in retirement.

MORE RESTRICTIONS This is therefore likely to cause less fl ex-ibility in the retirement savings system. We have already seen a proposal from National Treasury to remove provident funds, be-cause the ability to receive the full retire-ment benefi t as a lump sum, rather than as an income stream, results in benefi ts being squandered prior to the end of retirement. Government are cognisant of the danger of applying more restrictive provisions to ex-isting savings and have publically assured that rights attached to legacy assets will be honoured.

Given the future system will probably be more restrictive and existing savings will have their entitlements honoured, it makes sense to have as much of your assets in the

current more fl exible system than the more paternalistic future one.

BASIC PRINCIPLES STILL APPLYWhile the future system aims to be more simplistic, it also aims to be more cost ef-fi cient. It is only those individuals who require the fl exibility who may want to accelerate their savings beyond the cur-rent requirements to the current system. On a very simplistic basis, each delay of 10 years in starting your retirement savings programme roughly doubles your required contribution rate to achieve an adequate retirement pension. Much like a sailor trying to reach his destination, the most must be made of favourable conditions that exist at present. It is unclear what the weather and seas look like on our journey ahead, but the basic principles of naval navigation will al-ways remain.

Page 20: 32449234 Enterprise Risk May 2010

ENTERPRISE RISK May 1010ENTEEMPLOYEE BENEFITS

While international experience illustrates the complexities of providing

national healthcare, public-private collaboration may hold the key to

revolutionise healthcare in South Africa.

HEALTHCARE

National Health Insurance (NHI)Are public private partnerships the solution?

18

National healthcare is an extremely diffi cult and controversial issue, even in developed economies. US President Barak Obama’s controversial healthcare bill, commonly referred to as ObamaCare, was vigorously opposed before being passed. Already, some of the hidden costs of ObamaCare are coming to light as US companies report write-downs amount-ing to billions of dollars, and review health benefi ts offered to retired employees.

GLOBAL LESSONS LEARNTWhat lessons can SA learn from this and other statist healthcare systems such as those in the UK, Canada and Australia?

Says Jasson Urbach, director of the Health Policy Unit, a division of the Free Market Foundation. “Governments cannot raise enough funds to provide unlimited care to all citizens. A government-run, single payer system that provides ‘free health care for all’, will cost individuals dearly, affecting both their wallets and their health.

“If wealthy countries such as Canada are unable to provide timely healthcare servic-es on a single-payer ‘free healthcare’ basis, how will SA manage to do so? A cursory look at the fi nancial resources required to fund the ‘free healthcare for all’ proposal in SA, as well as the stock of healthcare

professionals, reveals the infeasibility of the proposal,” comments Urbach.

Fedhealth’s CEO Katy Caldis concurs, “We have more complex problems than other countries, so I think we all realise it will take much longer to achieve a workable NHI. Fortunately, there is a clear under-standing from a government perspective that NHI is not something that can be im-plemented within a year or other unrealisti-cally short time horizons.”

THE OPTIONS Increasing government’s role in healthcare will make the health system less fl exible and innovative, says Urbach. “The goal of healthcare reform should be to create

conditions for the private sector to ex-pand and give more people access to bet-ter healthcare from vigorously competing medical schemes and healthcare provid-ers.”

“As the global recession bites ever deeper into most national fi scusses there seems to be a new willingness to revisit the thorny issue of public private partnerships in the delivery of national health,” says Bode Ola-jumoke, health actuary, Alexander Forbes Health.

“Given the scale of the task to provide adequate healthcare to all South Africans, the funding required and the skills sets that need to be assembled, it is becoming ob-vious that all sources of investment, skills and technology, including those in the pri-vate sector, should be mobilised.”

PROACTIVE PLAYERSSeveral private healthcare providers and funders have already pledged their com-mitment to assist government design and implement a sustainable NHI model by lev-eraging the expertise of the private sector.

“The challenge is to strike a balance between cost factors and the delivery of quality care, along with the broader na-tional health objectives. Neither state nor the private sector will ever be fully satis-fi ed with such a partnership; therefore, a national health system should be recog-nised as a compromise.”

HARNESSING SYNERGIESRegarding closer partnerships between the public and private healthcare systems as a prerequisite for setting up an NHI, Caldis says the budget specifi cally highlights the intent of broadening the use of public pri-vate partnerships.

“There is a great deal of expertise with-in the private sector. Knowledge transfer is key."

SA’S UNIQUE CHALLENGES • High unemployment rate – approximately 24%

of the available work force in SA is unemployed. • SA has only eight physicians and 41 nursing

and midwifery personnel per 10 000 of the population.

• SA’s welfare burden on taxpayers is already heavy, with 8% of GDP spent on healthcare.

• The country has one of the highest mortality rates at birth, both mother and child.

• Very low life expectancy.• Double burden of disease: fi rst-world lifestyles

diseases, as well as HIV. • Currently, 920 000 people receive anti-retroviral

treatment. By 2012/13 this number will reach 2.1 million.

Bode Olajumoke, health actuary, Alexander Forbes Health

Jasson Urbach, director, Health Policy Unit Katy Caldis, CEO, Fedhealth

Page 21: 32449234 Enterprise Risk May 2010

ENTERPRISE RISK May 10 RISK MANAGEMENT

Although Microsoft Excel is the system most used for risk management

today, these spreadsheets fall short in a number of areas, with signifi cant

implications for risk managers. BY AVI EYAL, CURA SOFTWARE SOLUTIONS

RM SOLUTIONS

Spreadsheets vs systems

The use of spreadsheets has pro-liferated in every area of modern organi-sations. And the reason is simple: How much easier can it be than to click an icon and instantly access perfect calculations, grids and tables to convey complex infor-mation? Or is it?

While Microsoft Excel is a great tool to create basic risk registers, which can provide some additional validation and functionality with macros and calcula-tions, spreadsheets fall short in a number of areas.

CONSISTENCY As spreadsheets are used and enhanced over time, the inherent fl exibility disap-pears, and consistency and standardisation become harder to manage. A good system manages the frameworks and methodolo-gies, supporting extensions, rework and relationships in a consistent manner.

DEVELOPMENTAs risk management is embedded into the organisation, more people are required to add more data, and more consolidation is required, with more permutations that must be considered. When using spread-sheets, templates, best practices, security and confi dentiality soon become compro-mised. User documentation and online help take time to develop, burdening al-ready stretched resources. Reworking or extending a predecessor’s set of macros and multiple-sheet formulas becomes near impossible.

A system for managing risk is developed once and shared across a large user base. It encompasses documentation, training and best practice frameworks, and takes care of security integrated with the organisa-tion’s policies.

STANDARDISATION Inevitably, if allowed, each department or division will deploy its own version of

a spreadsheet. How does one consolidate this? A system will support either one methodology or, in the case of sophisti-cated systems such as Cura, allow multiple methodologies to be used. It will provide a normalisation and consolidation func-tionality. Standardisation also extends to version control, deployment and inte-gration, as well as interoperability with other systems.

AUDITABILITY AND DATA CONSISTENCY It is diffi cult or impossible to achieve au-ditability and data consistency in spread-sheets. Effective systems will incorporate and automate audit trails and have data validation built in to ensure the infor-mation is accurate and consistent at any point in time. Accountability for data in a system is based on permissions granted to staff.

DATA CHANGESHow does one compare old information to new information in spreadsheets? How does one even know what information has been changed between spreadsheets, when a risk recorded in a previous period and deleted in the current period in a spread-sheet is discarded? Trending becomes al-most an impossible function over a period of time when using spreadsheets.

Risk systems maintain an accurate his-tory of all data. In a system, this informa-tion is retained so that one can analyse decisions taken and trends based on ex-ternal factors.

ACTIONS AND NOTIFICATIONS How does a spreadsheet convey tasks and remind users to update information? How does it escalate information that has not been acted upon?

A system will manage the tasks, work-fl ows and notifi cations related to data and will pre-emptively communicate remind-ers, and escalate unattended requests.

19

LIBRARIES With spreadsheets, managing libraries of risk or controls becomes a complex task of either creating or integrating into a data-base source, or building complex macros that update central spreadsheets. And when libraries change, how do those changes ripple through the spreadsheets fl oating about in the organisation? How are users forced to reassess the changed items?

An effective system on the other hand will manage library items consistently, manage additions and changes to librar-ies, propagate changes and trigger notifi -cations to relevant users.

REPORTS Tables can be formatted and graphs can be created with spreadsheets, but drilling down to core data is cumbersome and the reporting is highly reliant on correct cell selection.

Systems incorporate predefi ned re-port writers, with best practice reporting built in. Some even facilitate exporting to multiple formats, including Excel. These reports are consistent as they deal with fi xed table structures and integrity can be assured.

For these reasons and more, moving to a system-based approach can greatly en-hance the effi ciency of staff, reduce distractions and help achieve a more reliable and consist-ent approach to recording and man-aging risk information throughout the organi-sation.

About the authorAvi Eyal is the CEO of Cura Software Solutions.

Page 22: 32449234 Enterprise Risk May 2010

20

When it comes to business continuity, budget cutbacks have a direct

impact on deliverables and the opinion and support of business leaders.

BY ANSOPHIE STRYDOM, CONTINUITYSA

BUSINESS CONTINUITY

Reducing BCM spending with care

“Ladies and gentlemen, the instruction from the board is to cut all operational spend by 20%.”

How many companies have heard that phrase during the past year of recession-ary turmoil? How many managers have had to sweat it out and simply fi nd ways to get by with less than optimal resourc-es? How many companies are making do with providing less than 100% in terms of service and quality?

It may be easier to make cuts in some divisions, but when it comes to business continuity, a discipline still fi ghting for its rightful place on the boardroom agen-da in many organisations, cutbacks have a direct impact on deliverables and the opinion of leaders of the whole concept.

UNDERSTANDING THE RESPONSIBILITY What chance does a fl edgling programme with reduced resources and support have in supporting the drive to be a responsible corporate citizen when business survival

is paramount in the minds of the board?It is in the manner in which the board

and other executives view business con-tinuity that we are able to ascertain how serious an organisation is about ensuring business continuance in the face of an operational disruption. As Andrew Hiles (FBCI) puts it on www.continuitycentral.com: “In the good times we can simply argue, ‘Everyone should have business continuity’. In the bad times, we need hard proof of its payback before practi-tioners get the support from all parties."

To appreciate the trends and implica-tions of the reductions in business conti-nuity management (BCM) spend in 2009 fully, the focus should really be divided

into two distinct categories: Business continuity spend and IT continuity (or disaster recovery) spend.

BUSINESS CONTINUITY SPENDThe past year saw a signifi cant reduction in spend on training and consulting serv-ices in the BCM arena. Companies with mature BCM programmes maintained their existing strategies and plans, uti-lising strategically selected outside help only if necessary. Many companies with in-house BCM resources did exactly the same: Maintaining status quo and spend-ing as little as was reasonably possible seemed to have been the ultimate goal.

Because many companies have not had the luxury of staff dedicated to BCM on a full-time basis, the retrenchment of staff with BCM responsibilities is of grave con-cern. Quick hand-overs to overwhelmed and already stressed employees have left many companies with voids of experience and a severe loss of information. This is

not simply a replaceable skill that is lost; it is experience and know-how that may have a grave impact on the recov-erability of companies when a disaster does strike.

Over the past year, companies that had nothing in place when it comes to a BCM programme didn’t even contem-plate starting the process owing to insuf-fi cient funds being made available. This makes me wonder whether these compa-nies have made a deal with the universe to wait with operational disruption until they’re ready to proceed.

IT CONTINUITY (DISASTER RECOVERY) SPENDCutting a percentage off your budget is an easy thing to do, but how does a CIO cut 20% on disaster recovery, while still satisfying ever more complex regula-tory requirements? And if Gartner says

ENTERPRISE RISK May 1010ENTERISK MANAGEMENT

THE PAST YEAR SAW A SIGNIFICANT REDUCTION IN SPEND ON TRAINING AND CONSULTING SERVICES IN THE BCM ARENA

IT disaster recovery is a “must-do and not a would-like-to-do” activity, how can organisations halt all IT continuity spend in favour of a business strategy based on “lets hold our breaths and pray nothing happens”?

Many organisations tasked their already overloaded IT divisions with conjuring up home-grown strategies and plans to en-sure IT recovery, or decided to ignore best practice and global standards in favour of opting for cheap and often make-shift solutions. Apart from the fact that imme-diate IT priorities always take precedence over long-term requirements, such as disaster recovery, this strategy is bound to miss critical aspects of IT continuity because the right expertise was missing, too expensive or had recently been re-trenched.

Heinan Landa, president and founder of Optimal Networks, says of back-up and disaster recovery mechanisms: “En-sure your back-up and disaster recov-ery systems are working well. You don’t want operations to stop during a reces-sion should something happen with your front-line business applications.” (www.allbusiness.com)

WHO IS RESPONSIBLE? Surely the responsibility of ensuring the recoverability of mission-critical IT sys-tems lies not with the CIO, but with execu-tive committees and boards of companies, which have to lay down the law in terms of which activities are non-negotiable in times of recession.

Let’s put it differently: Does a reces-sion mean that an organisation's risk appetite reduces? Quite the contrary, I would think. Does a recession change the liability of directors or reduce the responsibility in terms of stakeholder management? Of course not. Corpo-rate governance regulations apply de-spite economic conditions and budget

Page 23: 32449234 Enterprise Risk May 2010

cutbacks are no excuse for reneging on one’s fi duciary du-ties. Companies should contemplate the impact of the cuts in BCM spend on their businesses and these consequences should be communicated clearly to boards and stakeholders to ensure they understand the implications to the business and to themselves.

STRATEGIES TO GET VALUE FOR MONEYThere are a number of things companies can do to re-main responsible with their BCM programmes, in the face of budget cuts: • Focus on what is mission critical. Whether you start from

scratch or have a mature programme in place, energy and funds should be spent on protecting those applications, sys-tems and processes that are vital to the long-term survival of the business.

• Invest in BCM training. Make sure the board and executive committees understand the value of BCM and the implica-tions of not having BCM in place, both for the company and for each board member and executive in his or her personal capacity. Also, increase the awareness of BCM among your staff members to ensure buy-in and support for all BCM ac-tivities. Where members of staff are responsible for BCM ac-tivities, make sure that they are skilled enough to execute their duties to the required standards.

• Outsource the BCM function. Traditionally companies have been fearful of putting their business survival in the hands of others, but with the loss of critical staff and the possible freeze on recruitment, it may make fi nancial sense for com-

panies to outsource this function to an appropriate service provider.• Choose your BCM and IT conti-

nuity partner carefully. A slow-down in spend in other areas has encouraged companies from various industries to dabble in the provision of BCM-related serv-ices. This is a specialised science and choosing a cheaper solution may have long-term fi nancial implications. Are you happy to have your BCM service evolve as the provider develops its skills in this arena, hoping they will learn enough before something happens to your business?

• Think partnerships. If there is lit-tle budget, spend it on obtaining advice and engaging with repu-table service providers willing to share their knowledge and ex-perience with you, empowering you to implement a cost-effective solution.

21

About the authorAnsophie Strydom has been involved in BCM for the past fi ve years. As general manager at ContinuitySA, her portfolio includes business development, marketing and information management.

Page 24: 32449234 Enterprise Risk May 2010

ENTERPRISE RISK May 1010ENTERISK MANAGEMENT

If we take the view that enterprise risk management (ERM) is ultimately about improving the likelihood of successfully achieving strategic objectives and driv-ing value in the organisation, then ERM is about the extent to which risk is built into decision-making.

Much has been written about the psy-chology of making decisions. It is impor-tant for risk managers to appreciate the behavioural psychology around decision-making.

DRIVING THE ERM PROGRAMME For example, after the 9/11 terrorist attacks, terrorism events sat close to the top of cor-poration risk registers. For most compa-nies, the weighted signifi cance has dropped down the importance list – it may not even be in the top ten now. Arguably the risk of terrorism is the same if not higher than it has ever been; it’s only the current per-ception that has changed. Risk managers need to challenge themselves as to whether their perceptions are infl uencing their risk priorities and must ensure that their at-titudes and perceptions do not drive the ERM programme.

ADDRESSING THE RISK TOLERANCE AND APPETITE Developing a reliable model for addressing the risk tolerance and risk appetite for an organisation can be less complicated than measuring the non-fi nancial infl uenc-ers that can determine strategic decision-making. Using a model of working capital to determine risk tolerance and a combi-nation of weighted average cost of capital (WACC), EVA and discounted cash fl ows to set a range for the risk appetite accounts predominantly for the fi nancial measures in the more traditional ERM approach to risk management.

Placing a weighting on the non-fi nancial components of enterprise-wide risk requires a broadening of the risk assessment. Both

Dr Brad Beira, managing consultant at Marsh, explores how both internal

and external political infl uencers can drive an organisation into a position

beyond its willingness to tolerate risk.

POLITICAL RISK

Politics and ERM

internal and external political infl uencers can drive the organisation into a position beyond its willingness to tolerate risk.

POLITICAL INFLUENCERS In certain instances environmental factors can lead to a political situation where sig-nifi cant loss of investment might occur.

The political response to private sector capitalisation and, at times, exploitation of natural resources, has led to the introduc-tion of new and often far reaching envi-ronmentally focused legislation that can drive business into the public sector. Shell Oil experienced this fi rst hand in their ex-ploration project in the North Sea. Locally, the granting of licences compliant with en-vironmental legislation can delay the onset

of projects. Awareness of these risks and their effects on capital expenditure and fu-ture revenues should assist in enterprise-wide risk decisions.

The implementation of new legisla-tion creates an added dimension of risk for organisations in the form of far rang-ing accountability of product design and quality. The enactment of the Consumer Protection Act (CPA) in South Africa has far ranging consequences for all businesses involved in the development, manufacture, distribution and supply of goods to con-sumers through exposing product liability claims upon the entire supply chain.

The CPA has created the need for a re-vision of existing operating models, ne-cessitating fi rms to implement and pro-mote transparent, auditable, symbiotic relationships with all parts of the supply chain. Changes in accountability will result in revisiting policy wordings and changing premiums. Decisions on how to retain or transfer those risks will become a political

as well as fi nancial consideration within the ERM arena. An aversion to detail proc-ess and procedure – political, operational and/or technical – can materially and neg-atively impact on the successful implemen-tation of an ERM strategy.

This is regardless of whether the process has been implemented to improve future credit ratings, comply with evolving gov-ernance norms and practices or implement the necessary fail safe practices in a devel-oping or maturing operation.

INTERNAL POLITICAL CONFIDENCEInternal changes to the political landscape will likely affect the risk appetite of the organisation in as signifi cant manner as a loss in working capital through an un-

realised investment. A bullish approach to entering a new market, decisions to rational-ise a workforce, divesting an operational aspect of the or-

ganisation can be as much a political deci-sion as a fi nancial one. The tolerance of the organisation to this type of risk can be shaped by forces far greater then the bal-ance sheet and share price.

When considering the risk bearing ca-pacity of the organisation, internal and external headroom would certainly be infl uenced by the internal political con-fi dence on display and in reserve in the boardroom. Dynamic risk bearing capacity would be heavily affected by the ability of the organisational stakeholders to infl u-ence terms of covenants, monetise assets and raise guarantees. This internal political capital should be calculated and consid-ered (as in the case of intellectual capital – another form of weightless wealth) when evaluating its impact on both the risk toler-ance and risk appetite of the organisation.

A combined metric should be considered that includes both the fi nancial and non-fi nancial contributors to the calculation of the enterprise risk of the business.

PLACING A WEIGHTING ON THE NON-FINANCIAL COMPONENTS OF ENTERPRISE WIDE RISK REQUIRES A BROADENING OF THE RISK ASSESSMENT

22

Page 25: 32449234 Enterprise Risk May 2010

Marsh is an authorised financial services provider© Copyright 2010 Marsh Ltd • All rights reserved

Marsh is the world’s number one risk specialist.™Marsh (Pty) Ltd4 Sandown Valley Crescent, SandtonPrivate Bag X14, Benmore 2010+27 (0) 11 506 [email protected]

understand their business goals and challenges, as well as their financial and operational objectives and limitations.

Working with them, we can assist in identifying and prioritising the risks faced by their organization. We can then build a complete risk management solution, incorporating both appropriate risk transfer coverage and services, and internal policies and procedures, designed to effectively mitigate and manage risk today and in the future. In addition, Marsh is able to identify and quantify issues such as environmental exposures, supply chain disruptions and construction risks.

It is this ability to service our clients across a wide range of risk requirements that truly demonstrates our leadership as a risk advisor in the mining industry.

The Upside of Mining Risk

Mining is a complex industry that must achieve a delicate balance between risk and reward. Stakeholders including lenders, investors, and insurers typically understand the risks but also expect management commitment to prudent risk mitigation.

At Marsh, we understand that finding the opportunity behind risk means knowing just as much about our clients industry as we do our own. That’s why we have over 100 dedicated mining, metals, and minerals professionals around the world. Through our industry focus, we can help clients move beyond purchasing insurance and begin applying risk solutions that could materially impact their bottom line.

Helping clients address the challenges they face starts with looking at the world from their perspective. We strive to

Page 26: 32449234 Enterprise Risk May 2010

24

ENTERPRISE RISK May 1010ENTERISK MANAGEMENT

The new Companies Act, due to come into operation sometime after

1 April this year, extends substantial rights to minority shareholders.

BY WOUTER SCHOLTZ, MAZARS MOORES ROWLAND

LEGAL & COMPLIANCE

Companies Act Shareholders’ agreements under threat

Certain sections within the new Companies Act will override a variety of common provisions in shareholders’ agreements.

For example, if a company gives notice of a new scheme of arrangement, proposes a merger or amalgamation or wants to sell the majority of its assets, dissent-ing minority share-holders can force it to buy back their shares at fair value. The right to force a buy back, which is extended by Section 164, will prevail over restrictive terms in the shareholders’ agreement.

SCHEME OF ARRANGEMENTThe wide meaning being attributed to a ‘scheme of arrangement’, as defi ned in Section 114 of the act, will also extend the scope of minority sharehold-ers’ rights.

Once the act is operational, a scheme of arrange-ment will include any reorganisation of the share capital of a company, whether through a split or through consolidating shares into different classes, or an exchange of securities, or a reacquisition of securities. An exchange of securities would include a share-for-share exchange, and a reacquisition of securities may include a share buy-back.

Minority shareholders who are not prepared to go along with the scheme, merger, or sale of assets can compel the company’s directors to determine the fair value of the shares, and to make an offer to buy their shares back.

If the dissenting minority shareholder is dissatis-fi ed with the buy-back price being offered, or if the company fails to make an offer, the shareholder can apply to the court for a determination of fair value. The court may appoint one or more apprais-ers to assist it.

RESTRICTIVE TERMS As regards restrictive terms in shareholders’ agree-ments, Section 15 (7) of the new act specifi cally

states that any provision in a shareholders’ agree-ment which is inconsistent with the act will be void to the extent of the inconsistency.

Section 164 may serve to override a variety of common provisions in shareholders’ agreements, particularly provisions commonly imposed on black shareholders.

It’s not uncommon to stipulate that if black shareholders want to sell their shares within a specifi ed time, normally three years, a company can buy their shares back at the issue price, wheth-er or not this presents fair value. More commonly, the agreement provides for a lock-in, placing a prohibition on the sale of the shares for a speci-fi ed period.

FAIR VALUE It’s also not uncommon, in the case of private com-panies, to provide that a shareholder who wants to dispose of his or her shares must offer them to the company or fellow shareholders at a price deter-mined by a prescribed formula, which may or may not yield a fair value.

It is to be expected that minority shareholders burdened with restrictive shareholders’ agreements will, on notice of a manoeuvre contemplated in Section 164, avail themselves of the opportunity to force or compel a buyback of their shares at fair value. In such circumstances, the appraisal rights extended by Section 164 will trump any restric-tions imposed in the shareholders’ agreement, or even in the memorandum of incorporation.

About the authorWouter Scholtz (BA (hons) NHED LLB) is a director at tax, audit and advisory fi rm Mazars Moores Rowland. A widely published author and commentator, he is a corporate tax specialist.

A SCHEME OF ARRANGEMENT WILL INCLUDE ANY REORGANISATION OF THE SHARE CAPITAL OF A COMPANY

Page 27: 32449234 Enterprise Risk May 2010
Page 28: 32449234 Enterprise Risk May 2010

26

ENTERPRISE RISK May 1010ENTERISK MANAGEMENT

The risk of using mobile phones in business is a challenge recognised

across the globe and solutions to mitigate this risk are being sought.

RECORDING MOBILE CONVERSATIONS

Mitigating business risk,

improving customer service

Binding agreements are reached verbally on mobile phones every day, with customers giving permission, in-structions and undertakings to business pro-fessionals and service providers. As such, it is critical for organisations to record these communications if they are to mitigate business risk.

“The law, specifi cally the Financial Advi-sory and Intermediary Services Act, requires an accurate record of all transactions made by registered fi nancial service providers, and compels accountable institutions – such as banks or long-term insurers – to report cer-tain transactions. Having a full record of cus-tomer interactions is vital for any business in the case of a dispute or a lawsuit brought against the company,” says Kgabo Badimo, MD of Spescom DataVoice.

ENHANCING CUSTOMER EXPERIENCEThe drivers for recording of mobile calls are fi rst and foremost compliance with legal and regulatory requirements, reduction of risk and keeping a record for confi rmation of accuracy. There are additional advantages, however.

“With recordings of mobile calls, organi-sations can measure and better manage the quality of interactions with customers and

therefore customer satisfaction levels, imple-ment process evaluation and optimisation, and have legally tenderable evidence of any potential fraud. It also increases effi ciencies and effectiveness, enhancing the ‘customer experience’. The inability to record mobile conversations previously meant that some work had to wait until staff were back in the offi ce where recordings could be made on an-alogue lines,” explains Dadimo. “But technol-ogy has advanced suffi ciently to enable the affordable and easy recording of mobile calls for both business users and consumers.”

The most advanced, yet surprisingly af-fordable and user-friendly, solutions com-prise a mobile application and hosted service. Subscribers’ mobile conversations, pictures and documents are captured, seamlessly and securely uploaded to a hosted site, where this data can be managed, viewed, played, downloaded or sent by e-mail.

THE WAY OF THE FUTURE“The increasing availability of these solu-tions has motivated the UK’s Financial Serv-ices Authority (FSA) to consider mandating recording of calls made and received on a mobile device before the end of 2010. Indus-try watchers believe this will set in motion similar amendments by other major fi nancial services regulators in the EU and US,” com-ments Badimo.

“I believe recording technologies have ma-tured suffi ciently to make mandated recording

of mobile calls a reality in the UK. I also be-lieve these rules will quickly be adopted in South Africa and across the globe. South Af-rica, as a provider of sophisticated fi nancial services and products, and a participant in the international fi nancial arena, will most assuredly implement fi nancial regulations that are considered good practice globally. However, we expect there is a much broader audience of users who could benefi t from the use of mobile recording technologies. The technology decision will be an important one for corporates, driving cost, ease of re-cording and future scalability,” says Badimo.

WIDE APPLICATIONBadimo further notes that recording is impor-tant for any person who:• gives advice which may have legal, medical

or fi nancial implications • gives or receives important information • is asked for an opinion or decision based on

information conveyed by phone • or needs to remember information commu-

nicated by phone. This includes fi nancial service providers, bro-kers, legal and medical professionals, manag-ers or directors, estate agents, property devel-opers and valuators, insurance loss adjusters, couriers and many other knowledge workers.

“The value of recording cellphone conver-sations – for the corporate as well as the indi-vidual – is indisputable. Shoring up the risks associated with using these devices for busi-ness purposes should be on the priority list of every corporate.

It is important to look ahead at how these solutions will practically impact the organisa-tion and what the potential future needs of the organisation will be, however, and select an appropriate solution.”

“THE TECHNOLOGY DECISION REGARDING MOBILE RECORDING TECHNOLOGIES WILL BE AN IMPORTANT ONE FOR CORPORATES, DRIVING COST, EASE OF RECORDING AND FUTURE SCALABILITY” KGABO BADIMO, MD, SPESCOM DATAVOICE

A FULL RECORD OF CUSTOMER INTERACTIONS IS VITAL FOR ANY BUSINESS

Page 29: 32449234 Enterprise Risk May 2010

Sustainability Risk Management Essential for organisational longevity

ENTERPRISE RISK May 10 RISK MANAGEMENT

27

SPECIALISED RISK MANAGEMENT DISCIPLINES

In the current competitive environment, companies are under increasing pressure to excel, and are beginning to realise the need to move away from growth in revenue at any cost, and more towards de-veloping a value-driven approach.

Sustainability risk management’s fi t with other disciplines of risk management is as an overarching, complementary discipline, as risks infl uence an or-ganisation’s sustainability, both from an upside and downside risk perspective. This is reinforced in King III, which states that the essence of sustainability risk management is to protect the value of intangible as-sets by combining various elements of risk manage-ment into a sustainable and economic enterprise risk management system.

MAIN FOCUSThe main focus area of sustainability risk manage-ment is the management of environmental, social and economic impacts in an organisation. Attention must be given to all three areas. If emphasis is only on economic performance, risks will arise in the en-vironmental and social areas and potentially lead to cost ‘surprises’.

Some examples of sustainability risks from an eco-nomic perspective could be business interruption, boycotts or fraud. From an environmental perspec-tive, examples include global warming, environmental non-compliance and use or production of hazardous substances. From a social perspective, litigation from inequitable treatment of employees, class action from accusations such as discrimination, or simply a lack of social investment by organisations, are examples.

IDENTIFYING OPPORTUNITIESAccompanying the potential downside risks or nega-tive impacts, sustainability is an important source of opportunity, or upside risk for businesses. Opportu-nities may include cost savings through innovative effi ciencies in business, environmental conservation and social upliftment, which will all contributes to brand promotion.

The management of sustainability risks is

being adopted by leading organisations

as a methodology for developing a value-

driven approach. BY VANESSA PAYNE, IQ BUSINESS GROUP

FUNDAMENTAL SHIFT, SIGNIFICANT BENEFITSNature, society, and busi-ness are interconnected in many ways, which have not been a focus in business strategy. There-fore, a fundamental shift is required in the way directors make decisions and businesses operate towards the management of sustainability.

While some companies develop sustainability risk management for ethical reasons, most do so for busi-ness reasons as risk costs are reduced, competitive po-sitions strengthened, reputations promoted and bot-tom lines improved.

THE PROCESS OF INTEGRATING SUSTAINABILITY INTO OTHER RM DISCIPLINES• Integrating sustainability into the organisation’s strategy and risk management policy.• Obtaining the commitment of the board and appointing the CEO accountable and making

members of staff responsible for the execution of sustainability risk management.• Integrating data from various sources to determine the maturity of environmental, social

and economic sustainability management and setting targets such as carbon footprint reduction, increase in CSR spend or commitment to sustainability reporting.

• Identifying sustainability risks enabling management and anticipation through implementing appropriate risk mitigation and fi nancing strategies.

• Developing plans for reducing environmental exposures or impacts, anticipating competitor actions, and implementing social and environmentally driven strategies.

• Sustainability scorecards, such as the JSE’s SRI Index may be implemented for measuring the performance of the three pillars of sustainability management.

Financial Risk Management

Credit RiskTools

Liquidity Risk

Management

ConsumerCreditRisk

OperationalRisk

Management

BusinessContinuity

Management

Credit Risk

Management

Market RiskManagement

Enterprise Risk Management

ProjectRisk

Management

Sustainability

Risk

Management

DIAGRAM 1 Specialised risk management disciplines

BENEFITS OF THE SUCCESSFUL IMPLEMENTATION OF SUSTAINABLE RM• Board/senior management are able to make more informed, sustainable strategic decisions. • Board/senior management confi dence that reputation risks are properly managed and the

brand is protected.• Enhanced ability to recruit, develop and retain staff. • Improved innovation, competitive advantage and market positioning.• Enhanced operational effi ciencies and cost savings.• Improved ability to attract and build effective and effi cient supply chain relationships. • Enhanced ability to address change and respond appropriately.• Meeting regulatory and good governance requirements.

Page 30: 32449234 Enterprise Risk May 2010

ENTERPRISE RISK May 1010ENTERISK MANAGEMENT

28

When it comes to protecting client information, ignorance is risk - a risk that compromises not only your organisa-tion’s bottom line, but also its credibility and reputation. One of the most signifi cant problems is the vagueness that seems to envelop the whole information security issue in organisations. “Corporate security policies create vulner-abilities through the many ‘grey areas’ and blurry lines that characterise their composi-tion,” says Simon Webster, technical consult-ant at The Webcom Group. “And this prob-lem extends to guidelines for compliance with several international regulations.”

RISKS POSED BY EMPLOYEESAnother risk faced by organisations stor-ing sensitive client information is its em-ployees. This could be due to ignorance or disregard of the security policy on the part of the user or due to employeessabotaging their company by sell-ing/using the information for their own purposes. Effective commu-nication of the formal corporate security policy to employees, can assist to resolve part of this challenge, but little can be done to prevent employee sabotage.

Notes Webster: “The possibilities for em-ployees to sabotage an organisation are numerous - from stealing sensitive client information to introducing malicious fi les

or bringing the whole network down. Par-ticularly IT employees can do damage even months after they have left the organisation, easily covering their tracks.”

In addition, the rise of the mobile workforce introduces corporate data to a whole new landscape of threats, as does the use of USB sticks which can store an enormous amount of data.

WHAT CAN BE DONE? Thankfully, security technology advances ensure there is a security solution to almost every security threat. However, there is often

Safeguarding client information means developing a security-conscious

corporate culture.

IT RISKS

Information securitynot just a technology issue

FEATURES OF A WELL-DEFINED CORPORATE SECURITY POLICY • Avoid vague references by closely examining

and evaluating how employees use and interact with information.

• Draft an unambiguous policy, using specifi c terms and references relevant to employees.

• Properly communicate the security policy to staff and enforce it consistently to keep security top-of-mind.

• Create a security-conscious corporate culture through regular ‘security-awareness campaigns’ and constant reminders in different formats and via different platforms.

• Ward off sabotage through a strong relationship between HR and IT, to ensure early signs of dissatisfaction and unusual behaviour are picked up.

a fi ne line between maintaining security and compromising accessibility or usability, which ultimately impacts productivity.

And while there is a solution to every IT risk, it is almost impossible - from a cost per-spective - for an organisation to implement every single security measure possible.

For these reasons, organisations need to start by evaluating their security needs ac-cording to an appropriate risk model. This will assist to establish the budget, the major

risks and vulnerabilities; and the balances required between security and accessibility.

CORPORATE SECURITY POLICY“It is vital that the security system implement-ed is compatible with the corporate security policy. Organisations fi rst need to develop their own policy, taking into account , for ex-ample, their business objectives, with which they need to comply,” says Jayen Vyravene, MD of Quency, a provider of advisory and training services on governance, risk man-agement, compliance and ethics (GRC).

INVESTMENT WORTH MAKING Although implementing the best security policy possible may seem like a complex, time-consuming exercise; the organisation’s sur-vival can literally depend on it.

“THE DEGREE TO WHICH TECHNOLOGY INFLUENCES THE BUSINESS WORLD IS NOT MATCHED BY ADEQUATE AWARENESS OF THE ACCOMPANYING IT RISKS”

SIMON WEBSTER, TECHNICAL CONSULTANT AT THE WEBCOM GROUP

“IT IS VITAL THAT THE SECURITY SYSTEM IMPLEMENTED IS COMPATIBLE WITH THE CORPORATE SECURITY POLICY” JAYEN VYRAVENE, MD OF QUENCY

Page 31: 32449234 Enterprise Risk May 2010
Page 32: 32449234 Enterprise Risk May 2010

30

ENTERPRISE RISK May 1010ENTERISK MANAGEMENT

IT and software have become the backbone upon which business operates. Organisations are often entirely dependent on software which the company does not own, but is licensed to use by third parties.

This dependency on software over which it has limited or no control, exposes a com-pany to a high level of operational risk.

LEGAL AND COMPLIANCE ISSUE The imminent new Companies Act 2008 and King III place increased accountability on the board and its executive management to manage all the company’s risks.

“Neglecting the management of the risk of a third party software supplier no longer supplying services on which the company has a critical dependency, can attract per-sonal liability for companies and their of-fi cers,” says Terry Booysen, CEO of CGF Re-search Institute.

Most corporate governance protocols, guidelines and imperatives hold directors personally accountable for the organisa-tion’s assets and reputation, including the assurance that systems and technology are adequate.

“In the US for example, Sarbanes-Oxley calls for an operational system of internal controls over fi nancial information encom-passing contracts for mission-critical soft-ware and their susceptibility to changes in

The threat of business discontinuity necessitates the practice of

underwriting technology-dependent risk through an escrow agreement.

PROFESSIONAL ACTIVE ESCROW

Safeguarding business continuity

vendor business conditions. Similarly, King III expects the board of directors of all com-panies to take a robust approach to risk management, particularly IT-related risks,” notes Booysen.

UNDERSTANDING THE IMPLICATIONS “At the outset, reliance on third parties for mission critical software may not ap-pear problematic, but companies must consider that such software is often sub-ject to maintenance agreements and ongo-ing support by the software supplier,” says Andrew Stekhoven, managing director of Escrow Europe.

“This means that any unforeseen devel-opments within your software supplier’s business – such as insolvency, a change of ownership or a new strategic priority - could lead to a discontinuation of the support and maintenance of your company’s mission critical software, leaving you stranded with extremely serious - possibly catastrophic - impacts on the reputational and fi nancial health of your company.”

SMART, EFFECTIVE SOLUTIONSTechnology escrow ensures access to critical source code should the technology vendor no longer maintain the software.

“Active escrow agreements primarily safeguard business-critical processes, func-tions and/or services that are dependent

on technology, such as third party licenced software, important databases industrial de-signs, specifi cations and more, for which the end-user requires comprehensive continuity of use warranties, i.e. proper access to the underlying source code in the event of an emergency,” explains Stekhoven.

“Through an active escrow agreement, or-ganisations can guarantee business continu-ity for their mission critical business proc-esses and functions if their software supplier is no longer available or does not honour predefi ned commitments such as warranty, support and maintenance conditions.”

The guidelines in ISO9001 confi rm source code escrow as a process whereby access to maintainable information systems can be guaranteed, irrespective of:• the stability of the commercial status of

the software supplier • whether certain predefi ned commitments

such as warranty, support and mainte-nance are not honoured.

ACTIVE VS. PASSIVE ESCROW The use of active escrow is well entrenched in Europe and the United States. Profession-al active escrow is a highly effective, low-cost measure to mitigate against technology and its software-related risks when it is in the control of third parties.

Says Booysen. “Passive escrow is not an option for the proper protection of your business continuity and does not constitute professional source code escrow best prac-tice.”

“From an operational risk perspective, an active escrow arrangement is the only prop-er reassurance that the software vital to the survival of a business will not become ‘or-phanware’,” comments Stekhoven.

“Unlike passive escrow, where an organisa-tion will simply deposit the source code with an escrow agent, active escrow ensures the

source code of the soft-ware is verifi ed and that the software and correlat-ing technical documenta-tion is complete.”

MINIMUM REQUIREMENTS FOR ACTIVE ESCROW• The arrangements must be legally sound.• All source code together with all relevant

technical material should be provided and subjected to technical verifi cation by a qualifi ed, independent and neutral expert third party.

• The source code and relevant material should be frequently updated as part of a robust and consistent administrative process.

“THROUGH AN ACTIVE ESCROW AGREEMENT, ORGANISATIONS CAN GUARANTEE BUSINESS CONTINUITY FOR THEIR MISSION CRITICAL BUSINESS PROCESSES AND FUNCTIONS” ANDREW STEKHOVEN, MANAGING DIRECTOR, ESCROW EUROPE

Page 33: 32449234 Enterprise Risk May 2010

SAS, the leader in business analytics software and services, is No.1 in Chartis Research’s prestigious

RiskTech100 rankings, an annual international listing of the top risk technology vendors.

Although SAS has been a leader in several categories since the inception of this report, this is the first year that SAS has earned top spot, a jump of six places from 2008.

The RiskTech100 methodology assessed each vendor’s functionality, core technology, organisational strength, customer satisfaction, market presence and innovation. In addition to its overall success, the report placed SAS as the category winner for banking, Europe (market presence) and credit risk.

“SAS’ success in this year’s RiskTech100 rankings is linked to particularly high scores in the functionality and core technology categories,” said Peyman Mestchian, Managing Partner at Chartis Research. “In addition, our end-user surveys have given SAS a marked improvement in the customer satisfaction rating in the last 12 months.”

“This honour is confirmation of our dedication to deliver unsurpassed enterprise risk management to our customers,” said André Zitzke, Head of Risk Practice at SAS South Africa.

“We strive to address all aspects of key risk concerns from credit, operational and market risk to anti-money laundering, combating fraud and financial crime. SAS continued to make sales across the world in 2009 - such as Allied Bank, Banca delle Marche, FirstBank and Union Bank - to name a few.”

The Chartis RiskTech100 report also contained the key results of a survey of 824 risk technology buyers and end-users and reveals that 57 percent of respondents believe that their firms’ approach to enterprise risk management can be characterised as “a set of tactical/reactive initiatives addressing specific gaps” (18 percent), or “a loose concept that is not fully defined with partial sponsorship from the board of directors” (29 percent), or “no current

strategy or plans in place” (9 percent). On a positive note, 66 percent of respondents expect to increase their risk technology expenditure by 10 percent or more in 2010.

SAS risk management software has garnered many accolades this past year. SAS placed in the Leaders quadrant of the Magic Quadrant for Operational Risk Management Software for Financial Services by Gartner, Inc. in September. Also, in July 2009, Chartis ranked SAS as a leader in its Credit Risk Management Systems 2009 report for the third straight year and for a fifth straight

year, SAS was a leader in Chartis Research’s Operational Risk Management Systems 2009 report in June.

Currently, more than 200 organisations use SAS for risk management, including: ABN AMRO (Netherlands), Allied Bank (Pakistan), AXA Bank (Belgium), Banca delle Marche (Italy), Banca Intesa (Italy), BB&T (US), BNL - Gruppo BNP Paribas (Italy), Caisse Nationale des Caisses d’Epargne (France), China Merchants Bank (China), CIMB Bank (Malaysia), Citibank Singapore (Singapore), EON Bank Group (Malaysia), First Bank of Nigeria (Nigeria), ING (Netherlands), Kookmin Bank (Korea), Riyad Bank (Saudi Arabia), Swedbank (Sweden), Union Bank (US), Vattenfall (Sweden), Woori Bank (Korea) and Zagreba ka banka (Croatia).

The full report can be obtained, free of charge, on www.chartis-research.com.

To learn more about how to meet the requirements for real-time decision making, contact SAS on +27 11 713 3400 (Johannesburg and Pretoria) or +27 21 912 2420 (Cape Town) or visit our website, www.sas.com/sa

SAS ranks first in Chartis RiskTech100 reportUser-driven survey deems SAS the leader in risk management software

SAS

André Zitzke, Head of Risk Practice SAS South Africa

We strive to address all aspects of key risk concerns from credit,operational and market risk to anti-money laundering, combating fraud and financial crime.

Page 34: 32449234 Enterprise Risk May 2010

32

ENTERPRISE RISK May 10

In addition to the internal controls and risks faced in the course of

normal business, the enterprise risk manager has a slew of macro

issues to deal with in these volatile times. BY MIKE DUREK, ACE INSURANCE SA

VOLATILITY RISKS

Perilous times demand careful

Volatility is perhaps one of the defi ning characteristics of business in our times. In interactions with risk managers, it emerges that many are well aware of the recent shocks to busi-ness, in particular the recession, but also many

other factors such as terrorism, labour activism, protectionism from certain parts of the world and economic mismanagement.

Then there is the reality of the impacts of natural disasters: In a globalised environment, earthquakes, tsunamis and heavy storms affect even those busi-nesses which are headquartered thousands of kilo-metres away from the event – the recent earth-quake in Chile serves as a ready example.

LOCAL MACRO RISKS ABOUND Specifi c to South Africa, risk managers have much to deal with. While the world cup brings with it more than a few rays of hope, there are neverthe-less serious potential issues looming. The econom-ic slowdown may have spared the country the pain and ignominy of power outages, but as the economy proves resilient and delivers the growth which eve-ry South African wants, electricity supply is again becoming precarious.

For those who have an income, the reality of pay-ing more stands in stark contrast to those who don’t; The latter group is inclined to steal power while others must pay their escalating bills or face being cut off.

The introduction of the nationalisation debate and friction within the ANC’s tripartite alliance has an impact on business confi dence – as does the looming succession battle within the ruling party, which has proved damaging in the past.

There are the ongoing social realities of poverty and unemployment, while deteriorating conditions for publically provided healthcare and sanitation are fuelling societal divides and driving the threat

of social unrest; the poor are increasingly agitat-ing for government to make good on promises.

The enterprise risk manager therefore has a slew of macro issues to deal with and put on the radar in addition to the internal controls and risks faced in the course of normal business.

POSITIVE OUTLOOK Despite the realities of an undeniably risky en-vironment, it’s hard not to be positive about the South African scenario.

The country has a high interest rate, which en-courages foreign investment, particularly as the developed world keeps its interest rates at unprec-edented low levels.

As we pass 100 days to go, the world cup looks set to be a resounding success. The biggest risk – and one which cannot be ruled out as we remember Munich in 1972 – is that something unforeseen happens which will affect the country’s image. While the market looks at numbers from a quantitative point of view, the qualitative view indicates that right now, the country is enjoying an once-in-a-lifetime opportunity.

WHAT PERIL FOR INSURERS?From the perspective of an insurer, while the en-vironment is potentially volatile, performance has been consistent since 2008. Insurance companies typically have two income streams: underwriting, and investing the underwriting income. The latter came under severe pressure with the global fi nan-cial crisis.

While there was an expectation of dramatic up-wards pricing changes, this has not come to pass and the anticipated Q4 2009 fi nancial catastrophe within insurance never happened. Across the in-dustry, capital has been protected. Simultaneously, the investment income, which plays a major part of any insurance company’s bottom line, is on the recovery.

APPLIED RISK MANAGEMENT TRIUMPHSThe underlying reality is that good insurance com-panies accept that underwriting profi t is core. If the

About the authorMichael Durek is the CEO of ACE Insurance, South Africa. The ACE Group conducts its business on a worldwide basis with operating subsidiaries in more than 50 countries.

WHILE THE WORLD CUP BRINGS WITH IT MORE THAN A FEW RAYS OF HOPE, THERE ARE NEVERTHELESS SERIOUS POTENTIAL ISSUES LOOMING

RISK MANAGEMENT

Page 35: 32449234 Enterprise Risk May 2010

ERM organisation can’t rely on that, its busi-ness is in trouble. This has seen a shift by insurance companies to refocus on underwriting effi ciency, with geographic and process rationalisation driving some contraction of the industry. In particu-lar, companies have closed down smaller branches and shed some jobs.

What is clear though is that the South African insurance industry has proven re-silient as it has adhered to its core busi-ness. As an industry, it did not branch out into playing with fi nancial instruments. Local banks also did not deviate from their core business and get tempted into gambling for short-term profi t.

The bottom line is that risk management prevailed, helping the fi nancial services industry avoid expensive mistakes.

QUANTIFYING AND MANAGING RISKThe risk manager faces a tough task, as he is to play out future scenarios and moni-tor and observe a huge range of variables. Add to that the fact that risk management is a relatively new discipline, with its genesis in the 1980s.

The global fi nancial crisis has also shown that risk managers have lacked the clout and authority to take salient action. Those who detected the crisis in 2005 were unable to get a reaction from deci-sion makers. Indeed, profi t-centre manag-ers took something of an ‘I hear you, but

HIGHLY SPECIALISED TRAINING COURSES:

• The 3-Day MBA • Management for New Managers • Labour Relations and Labour Law •

• Project Management for Non-Project Managers • Finance for Non-Financial Managers •0861 ASTROTECH [email protected]

www.astrotech.co.za

AstroTech’s training courses are designed to refine and build your skills today, making you the next success story of tomorrow.

TRAIN TODAY.SMILE TOMORROW.

THE SOUTH AFRICAN INSURANCE INDUSTRY HAS PROVEN RESILIENT AS IT HAS ADHERED TO ITS CORE BUSINESS

we need to make money’ approach, ignoring what, to some, was the inevitable. How-

ever, the crisis has taught some tough lessons, among which is the need for more responsible approaches to business.

INTO A BRAVE NEW WORLDThe ‘triple bottom line’ is becoming more relevant: Sustainability is being intro-duced as a non-negotiable which has to go hand in hand with profi tability. It is a brave new world, by all accounts, and one in which the enterprise risk manager has a stronger voice. And an indispensa-ble role to play.

ENTERPRISE RISK May 10 RISK MANAGEMENT

Page 36: 32449234 Enterprise Risk May 2010

34

Since Roman times the purchaser of goods, which are latently (i.e. not patently) defec-tive, has had well-recognised remedies against the seller. Unless the contract alters the position, every

sale of goods carries with it an implied war-ranty that there are no latent defects in the goods that would render the goods useless or materially useless for the purpose for which the goods are sold.

The purchaser is entitled to cancel the sale and reclaim the purchase price or, for lesser defects, claim a reduction of the purchase price.

DEFECTIVE VEHICLESThere is nothing new about claims relating to de-fective vehicles. In 1896, in Wiid v Murison, a wag-onette had been sold with a latent defect in that the futchels were broken resulting in the wheel-plate clipping off the felloe and the wagon jamming on turning. It was held to be a material defect and Wiid returned the vehicle and got his money back. The futchels and felloes may no longer be familiar to us, but the principles live on.

PROTECTING THE CONSUMERIf defective goods are sold subject to an uncondi-tional express warranty of quality, the purchaser is entitled not only to cancel the sale and get the sale price back but is also entitled to claim conse-quential damages.

The arrival of the Consumer Protection Act (CPA) means that sellers will trade in parallel universes. The Act will have thresholds above which it will not apply. The thresholds are likely to be similar to those in the National Credit Act so that the CPA will not apply to juristic persons such as compa-nies who have an asset value or turnover exceed-ing R1 million. Sales to such corporate purchasers will continue to be governed by the common law. But natural persons and small corporations will have added protection under the CPA.

Under the act every consumer has a right to de-mand safe good quality goods and quality service save in relation to goods bought at an auction. Not

Thousands of defective motor vehicles are being recalled around the

world. Product recall is not expressly part of the common law nor is it

compulsory under the CPA, but implementing a recall programme can

reduce risks. BY PATRICK BRACHER, DENEYS REITZ

PRODUCT RECALL

The best of recollection

unlike the common law, goods must be reasonably suitable for the purpose for which they are gener-ally intended, and of good quality, in good work-ing order and free of any defects. The act enhances the common law test by requiring the goods to be usable and durable for a reasonable period of time having regard to the use to which the goods would normally be put and the surrounding cir-cumstances of supply.

The goods must also comply with any applica-ble standards under the Standards Act. The goods must also be reasonably suitable for any purpose for which they were specifi cally purchased to the knowledge of the seller. It no longer matters under the act whether the defect was latent or patent or could have been detected by the consumer. If the goods fail to satisfy the requirements and stand-ard required by the act, a consumer may within six months after delivery of the goods return the goods without penalty and at the seller’s risk and expense.

If the goods are unable to perform in the intended manner or are unsafe, generally unacceptable or the goods are less useful, practicable or safe than reasonably expected, the consumer can require the seller to repair or replace the goods or ask for a re-fund of the purchase price. Repaired goods must be warranted for at least three months and also have all the common law warranties attached to them.

PROTECTING THE SELLERThe act also preserves the ‘sold as is’ right of the seller in terms of the so-called voetstoots clause, which literally means ‘sold with a push of a foot’. Goods can be sold to a consumer who is expressly informed that the goods are offered in a specifi c condition and the consumer accepts the good as it. Save for that, implied warranties of quality are built into the sale transaction.

RIGHT TO RECALL Neither the common law nor the CPA carries with-in them a right of the seller to recall of the goods for repairs. Vehicle warranties commonly contain

10 million vehicles have been recalled by Toyota worldwide

About the authorPatrick Bracher is a director at Deneys Reitz. His expertise includes highly specialised knowledge of the long-term, short-term and risk aspects of insurance law.

ENTERPRISE RISK May 10RISK MANAGEMENT

Page 37: 32449234 Enterprise Risk May 2010

ENTERPRISE RISK May 10

provisions according to which the manufacturer or seller are entitled to repair or replace any defective parts in the vehicle sold. These express and limited warranties will continue to be binding on purchasers who are not subject to the CPA. Con-sumers who are subject to the act may exercise those rights but can also pursue the remedies described above.

The National Consumer Commission must promote industry-wide codes of practice providing for effective and effi cient systems to receive and monitor consumer complaints and in-formation regarding defects and to notify consumers of risks

pertaining to any goods. If the goods are unsafe – goods which present an extreme risk

of personal injury or property damage – the code must make provision for a recall of those goods for repair, replacement or refund. If the commission itself has reasonable grounds to

believe that any goods may be unsafe or that there is a potential risk to the public from continued use of or expo-sure to the goods, and the producer or importer has not taken recall steps it-self, the commission may conduct an investigation and force the producer to carry out a recall programme.

BENEFITS OF A RECALL PROGRAMMEThe producer, importer or seller of

goods which are found to be defective, particularly goods which are unsafe or hazardous, will always gain by instituting a recall programme.

First of all, recall and repair may discourage consumers or other purchasers from exercising their more powerful rights under the common law or the act. Secondly, producers, im-porters, distributors and retailers of goods are liable for any harm caused by unsafe, failed, defective or hazardous goods or goods carrying inadequate warnings without any proof of negligence on their part.

Because there is now no-fault liability, it is obviously in the interests of the responsible parties to avoid the risk of death, injury, illness or physical damage to people who use or are exposed to the goods. In any event, their insurers will expect them to take reasonable steps to avoid losses.

Product recall is therefore not expressly part of the common law nor is it compulsory under the CPA until industry codes are introduced. Besides the reputational issues, any produc-er, importer, distributor or retailer would be well-advised to implement a recall programme rather than risking worse consequences.

UNLESS THE CONTRACT ALTERS THE POSITION, EVERY SALE OF GOODS CARRIES WITH IT AN IMPLIED WARRANTY

35

SUBSCRIPTION SALES Cindy Cloete on tel+27 (0)11 233 2600 • fax +27 (0)11 234 7274/5

[email protected]

Subscriber contact details

Surname:

Name:

Designation:

Company:

Type of business:

Address:

Code:

Tel: Fax:

Cell:

E-mail:

Subscriber VAT Reg. No:

Payment options

Cheque enclosedPayable to 3S MEDIA (Pty) Ltd

Direct transfer: Bank detailsNedbankBranch code: 128405Acc. number: 1284129934

Acc. type: current

Acc. name: 3S MEDIA

Please invoice me

Credit card Mastercard Visa

Expiry date: /

Credit Card Number

Last 3 digits on back of card:

Signature:

Date: / /

Fax or e-mail proof of payment to activate your subscription. Your magazine will be mailed to you.

• A

ll r

ate

s inclu

de p

osta

ge a

nd V

AT w

ithin

South

Afr

ica.

Fore

ign s

ubscripti

ons inclu

de a

irm

ail r

ate

s.

SUBSCRIBE SA SADC In t . Rand US$ US$

325 80 100

MEDIA

halfPageVertSubsEntRisk2010.indd 1 2010/05/04 12:41:47 PM

MANUFACTURERS RECALLING VEHICLES IN 2010 General Motors HondaHyundai Nissan Peugeot Citroën Toyota

Page 38: 32449234 Enterprise Risk May 2010

36

ENTERPRISE RISK May 10

business. In terms of institutional cred-ibility, governance of risk is covered by

Chapter 4 of the King III report. The 10 key principles outlined have colloquially been referred to as the “Ten Command-ments of risk management”.

COMPANY SECRETARY’S ROLECurrent governance best practice recog-nises the “governance” role of the com-pany secretary. Principle 2.21 of King III states: “The board should be assisted by a competent, suitably qualifi ed and

The company secretary has a pivotal role to play in the provision of

appropriate guidance and advice to the board regarding its duties and

responsibilities pertaining to RM. BY JOEL WOLPERT, CHARTERED SECRETARIES SOUTHERN AFRICA

RM RESPONSIBILITIES

The role of the Company Secretary

Risk management has always been regarded as an inherent or integral feature of sound business man-agement – the received wisdom is that the CEO of any business is the ultimate chief risk offi cer! As a feature of corpo-rate governance, risk management really came of age in South Africa when it was allocated a separate chapter in the King II report.

In fi nancial institutions risk manage-ment is effectively a line function as risk is a cost of doing business. In non-fi nan-cial business enter-prises, risk manage-ment is regarded as a “staff function”, normally reporting to the CFO.

CRITICAL SUCCESS FACTOR The major fi nancial upheavals follow-ing the Enron crisis in the USA and more recently the 2008/9 downturn/recession following the banking crisis in the USA, UK and Europe, have catapulted risk management into a prominent manage-ment “soundbite”, and it is now a criti-cal success factor in the survival of any

KEY PRINCIPLES IN CHAPTER 4 OF KING III4.1 The board should be responsible for the governance of risk. 4.2 The board should determine the levels of risk tolerance.4.3 The risk committee or audit committee should assist the board in carrying out its

risk responsibilities. 4.4 The board should delegate to management the responsibility to design implement and

monitor the risk management plan.4.5 The board should ensure that risk assessments are performed on a continual basis. 4.6 The board should ensure that frameworks and methodologies are implemented to increase

the probability of anticipating unpredictable risks. 4.7 The board should ensure that management considers and implements appropriate risk

responses.4.8 The board should ensure continual risk monitoring by management. 4.9 The board should receive assurance regarding the effectiveness of the risk management

process.4.10 The board should ensure that there are processes in place enabling complete, timely,

accurate and accessible risk disclosure to stakeholders.

experienced company secretary”.In addition, paragraph 101 of King III

emphasises: “The individual directors and the board collectively, should look to the company secretary for guidance on their responsibilities and duties and how such responsibilities and duties should be properly discharged in the best interests of the company."

Paragraph 102 states that “The company secretary should provide a central source of guidance and advice to the board, and within the company, on matters of good governance and of changes in legisla-tion.”

It follows from the above that the board and senior management would look to the company secretary to assist them in the exercise of their risk management responsibilities. The company secretary needs to be equipped with the neces-sary expertise in order to become the risk management “knowledge manager” in the organisation.

RM AND THE FINANCIAL CRISIS The 2008/9 fi nancial crisis highlighted the importance of risk management, par-ticularly in fi nancial institutions/banks.Poor risk management has been identi-fi ed in every report regarding the fi nan-cial crisis.

The board must accept responsibility for the risk management function. Risk man-agement must be enterprise based and not

BUSINESS PHILOSOPHY OF RISK MANAGEMENT From a corporate governance perspective, risk management involves reconciling the conflicting aspects of Conformance (control threat/hazard downside) with Performance (return opportunity/downside). • Investment and return: All investment opportunities present uncertainty; embracing and

mastering risk is critical to managing investment and return. • Opportunity and reward: Risk is the partner of reward; managers must understand the risks

and be empowered and enabled to manage them. • Competitive advantage and growth: Business risk management must eschew a

philosophy of avoiding risks and hedging bets; dynamic and powerful economic forces present opportunities.

CURRENT GOVERNANCE BEST PRACTICE RECOGNISES THE “GOVERNANCE” ROLE OF THE COMPANY SECRETARY

CORPORATE GOVERNANCE

Page 39: 32449234 Enterprise Risk May 2010

37

ELEMENTS OF A RISK MANAGEMENT FRAMEWORK 1. Policy: approach, attitude, appetite. 2. Resourcing: identification of resources required to implement, monitor and co-

ordinate the risk management process as well as reporting. 3. Implementation: formalisation of processes involved in identification and definition

of risk, likelihood and impact assessment and response processes.4. Review and reporting: form and frequency of reporting.

BOARD’S MAJOR RISK MANAGEMENT FUNCTIONS • Approve the firm’s risk appetite as a component of its strategy. This requires

the alignment of strategy, risks and financial objectives. Further, the interaction between risk and revenue drivers must be tested.

• Understand and challenge the breadth of risks faced by the company. This requires knowledge, communication and training.

• Ensure robust oversight of risk at board level. This includes managing the skill, competence and experience of NEDs as well as allocating sufficient time to co-ordinated risk oversight.

• Promote a risk-focused culture and open communication across the firm by setting the tone at the top and interacting with external risk professionals.

• Assign clear lines of accountability and enable an effective risk management infrastructure. This requires a formal risk governance policy approval, clear approvals frameworks as well as the integration of risk insights and intelligence into other functions’ planning processes. The reference in King III to risk-based internal audit is an example of this.

RISK MANAGEMENT PROCESS 1. Identifying and assessing key risks.2. Designing and implementing processes to manage those risks and maintain them at

a level acceptable to the board.

TECHNIQUES TO MANAGE RISKS 1. Risk transfer (hedging/insurance)2. Internal control (including internal audit)3. Outright avoidance (non-engagement in relevant

activity)4. Accepted knowingly and objectively subject to

business policy/criteria on risk tolerance.

only activity based. Boards may have approved a strategy but did not establish suitable metrics to monitor its implementation (KPIs). Disclosure re-garding foreseeable risk was inadequate and there was a failure to implement stress testing and sce-nario analysis.

The risk management expertise of the board must be evaluated and monitored. Boards need to be ed-ucated on risk issues and to be given the means to understand risk appetite and the fi rm’s perform-ance against it. The risk or audit committee must be staffed with members with technical fi nancial sophistication in risk disciplines or with solid business experience giving clear perspectives on risk issues.

RM FUNCTION: PRACTICAL ASPECTSRisks can be grouped in a number of ways:• Risks that are applicable to all types of business• Risks that arise from the strategies adopted by

the board /management of a specifi c company• Risk areas that are industry specifi c.

RISKS APPLICABLE TO ALL BUSINESSES • Changing political and competitive environment• Compliance with laws and regulations • Reliability and timeliness of fi nancial and other

management information• Safeguarding assets and information systems;• An appropriate corporate culture, business ethos

and people integrity • Effective investment in technology • Fraud• Sustainability and governance imperatives.

RISKS RELATED TO COMPANY STRATEGY • Expansion by acquisition• Investing in emerging markets• Outsourcing • New technology• New products and services, and changes in busi-

ness model • Raising capital• Organisational change • Supply chain changes • Major capital investment products.

INDUSTRY SPECIFIC RISK AREAS • Airlines: terrorism, fuel price, passenger safety• Automobiles: product reliability and safety• Banking: credit /derivative products • Mining: environmental issues• Gaming: licence conditions

• Pharmaceutical/healthcare: product safety, medical insurance industry; and

• Retailing: consumer activism.

UNDERSTANDING THE ROLES The board of a company is responsible for the management of risk. The board must have a clear understanding of the risks facing the company; it must ensure that the organisation has effective risk management and control processes; and it must be provided with assurance that the processes and key risks are being effectively managed.

The company secretary has a pivotal role to play in the provision of appropriate guidance/advice to the board regarding its duties and responsibilities pertaining to risk management.

About the authorJoel Wolpert (CA (SA) FCMA FCIS) is a technical adviser to Chartered Secretaries Southern Africa and his career spans over 40 years in senior fi nancial positions. He has been a keynote speaker at Corporate Governance seminars.

ENTERPRISE RISK May 10 CORPORATE GOVERNANCE

Page 40: 32449234 Enterprise Risk May 2010

38

ENTERPRISE RISK May 10MARKET NEWS

Momentum and Metropolitan merge Momentum and Metropolitan will merge to create a major new South African insurance group. The merger creates a powerful

new player in the South African fi nancial services industry, bringing together two businesses that have created very successful franchises in different but complementary markets.

SAIA and FIA Insurance Data ExchangeSAIA and FIA have embarked

on a joint industry initiative to enable safe and secure exchange of standardised data between brokers and the fi nal underwriter of the risk. The initiative aims to create one single source of integration or communication, requiring all brokers and insurers to conform only once to a single standard. An Insurance Data Exchange (IDE) steering committee was formed in 2009 and endorsed the formation of a South African ACORD standard.

Many insurers and intermediary groups have already joined the South African ACORD standards organisation. A workshop to share information and additional detail will be held in the second quarter 2010.

Anglo Platinum selects JMP tool for laboratory data analysisThe Anglo Platinum Group recently turned to Octoplus and the SAS JMP data visualisation tool for its data analysis, data representation, reporting and auditing requirements, and to a large extent automate a laborious process. Used by scientists and engineers, JMP is a data visualisation and statistical discovery software that combines the use of graphical capabilities, the ability to manage virtually unlimited volumes of data and seamless integration with SAS Analytics tools.

Escrow Europe Achieves ISO 9001:2008 Escrow Europe, the leading provider of escrow services in South Africa, has achieved the ISO 9001:2008 quality certifi cation standard. As the only BEE-certifi ed provider of active software escrow, Escrow Europe primarily guards business-critical intellectual property such as software source code.

movers & shakers

Yegs Ramiah has been appointed as executive head: People and Brand at Santam.

Quinten Matthew has been appointed as executive head: Specialist Business.

Sanlam Life Insurance has appointed Sagie Nadasen as its chief legal advisor.

Zurich South Africa has appointed Sharon Hough as its new chief marketing offi cer.

The Actuarial Society of South Africa has appointed Emil Boeke as its fi rst ever CEO.

Group will continue operations as normal, as will its other subsidiaries. It has not affected ContinuitySA's operations.

Accessible risk management training A cooperative agreement between the Open Learning Group (OLG) and Expectra ensures the Expectra Risk Academy will soon offer a variety of training programmes in the fi eld of risk management. Programmes which will be offered on a national basis include Safety Health and Environment (SHE representative course); Hazard Identifi cation, Risk Assessment and Control; Legal Liability; Incident Analysis HBTA (hazard barrier target analysis); Supervisor Safety Training; Train-the-trainer and the SAMTECH course.

Powerful GRC software solution LexisNexis South Africa, in exclusive partnership with governance, risk and compliance (GRC) software provider Cura Software Solutions, now offers a new compliance solution called CuraComply. This solution will provide companies with easy-to-understand electronic checklists of more than one hundred acts, as well as regulations, enabling compliance offi cers to manage areas of non-compliance.

Recognising the unsung heroes CGF Research Institute has been appointed nominating partner for AllWorld Network: South Africa Fast Growth 100 (SAFG100), a national programme recently introduced to promote and recognise entrepreneurship in South Africa.

SAS Global Forum The SAS Global Forum, the premier event for SAS and business analytics professionals worldwide, was hosted in Seattle in April, featuring more than 400 presentations, workshops and seminars. Visit www.sas.com for more information.

Accenture and SAS expand strategic relationship Accenture and SAS, in forming the Accenture SAS Analytics Group, plan to develop, implement and manage next-generation industry-specifi c predictive analytics solutions, starting with the fi nancial services, healthcare and public service sectors; as well as cross-industry solutions in the customer and enterprise management domains. They also plan to begin delivering sophisticated analytical capabilities as a managed service.

ContinuitySA not affected by liquidation Dialogue Group Holdings, which holds 51% of the shares in ContinuitySA, decided earlier this year to liquidate one of its subsidiaries, Dialogue SA. Dialogue

Page 41: 32449234 Enterprise Risk May 2010

ENTERPRISE RISK May 10 EXECUTIVE PAGES

BI insurance implications According to Aon Global Risk Consulting business interruption (BI) insurance policies will most likely not be responding to the disruption to airspace

caused by the volcanic ash. BI policies will only kick in if there is physical damage. Aon Global Risk Consulting CEO Stephen Cross commented that while it is not possible to plan for every eventuality, especially such

it would automatically extend travellers’ policies to cover extra travel time associated with flight delays. Policyholders could also change the travel dates on existing policies if they were yet to travel, or could cancel their policy with a full refund of their premium if they cancelled their trip altogether.

MUST-READ BOOKS

39

Priceless: The Myth of Fair Value (and How to Take Advantage of It)William Poundstone

Why do text messages cost money, while e-mails are free? In Priceless, bestselling author William Poundstone reveals the hidden psychology of value. Rooted in the emerging field of behavioural decision theory, this book should prove indispensible to anyone who negotiates.

in back-country California, Alex suddenly realises that she has a connection to the case. As more violent deaths and a series of deadly rituals shock the small town, Alex is finally forced to confront the terrible truth about a single night that changed her family’s life forever.

SUBSCRIBER GIVE-AWAY!One lucky Enterprise Risk subscriber will be treated to a hamper containing a selection of books from Pan Macmillan South Africa. If you are already a subscriber to Enterprise Risk, watch this space and your post box! If you have not yet subscribed to Enterprise Risk, turn to page 35 for the subscription form.

Retailers are advised on how to convince customers to pay more for less, and negotiation coaches offer similar advice for business people cutting deals.

Rice Bible

With more than 2000 listed varieties, rice is a staple food for more than half the world’s population. It is easy to cook and incredibly versatile. This collection brings together Indian rice dishes and Continental favourites – biryani, khichdi, risotto, paella and dolmades. Sushi and Thai spicy soups add to the assortment of snacks and

complete one-dish meals on offer. Rice Bible includes more than 120 recipes, from savoury mains to sweet and fragrant desserts. There is even a guide to choosing and preparing the various grains available.

Blood Vines Erica Spindler

Thirty-something Alex Owens knows very little about her childhood or who she really is. But when an infant’s remains are unearthed in her hometown

rare occurrences as a volcanic eruption, the event highlighted the importance of monitoring the business continuity measures implemented by suppliers of critical inputs and having contingency plans around alternative suppliers.

Cover for stranded travellers While no business interruption claims related to the ash cloud disruption had been reported at the time of writing, travel insurance policies around the globe have responded to insured travellers’ distress. Locally, insurance company Chartis South Africa announced that due to the exceptional travel disruptions caused by the volcanic ash over Europe,

ASH CLOUD

Valuable insights into the ash cloud

disruptionDon’t miss the June edition of

Enterprise Risk in which we will feature an in-depth case study

highlighting the business, risk management and

insurance implications of the ash cloud disruption.

Page 42: 32449234 Enterprise Risk May 2010
Page 43: 32449234 Enterprise Risk May 2010
Page 44: 32449234 Enterprise Risk May 2010

40

ENTERPRISE RISK May 10

INDEX TO ADVERTISERSAlexander Forbes 17

Astotech 33

CGF OBC

Charted Secretaries SA 21

Chartis Insurance 41

CQS IFC

Cura Software 1

IBR Fire 25

KEU underwriters 40

Lombard Insurance 9 - 11

Marsh SA 23

Sapics 2

SAS 31

Terrapin 29

The first rule of thumb when playing a fairway bunker shot is to take a club with enough loft to get over the lip in front of you. If the lip is severe, you may not be able to reach the green, but at least you’ll be playing the next shot from the fairway, and not from the same bunker.

If the bunker is flat and the lip is not a problem, take a club or two longer than the distance. In the set-up, take a slightly wider than usual stance, shuffling your feet into the sand for stability. Grip the golf club a little shorter to increase control and to counteract the effect of your feet being sunken into the

Fairway bunker shotsDiscover the correct technique for fairway bunker

shots. BY MARTIN WHITCHER

sand. This is the one reason why you should use a club or two longer than the actual distance.

Place the ball position forward, just inside the left foot. If you place the ball back in your stance, you’ll tend to hit with a descending blow

and the ball will come out too low. With the ball forward in the stance, you’ll have a better chance of picking the ball up clean or sweeping the ball off the sand, which is what you want to do.

The golden rule is to raise your chin up a fraction just

before you execute the shot and to maintain this position throughout the swing. This will also encourage clean contact. Now execute a fully committed golf swing and nip the ball out of the fairway bunker.

CANCELLATION, ABANDONMENT OR POSTPONEMENT OF EVENTS

A conference to organise, a major arts festival or an open air concert ...

K E U p r o v i d e s a n i c h e p roduc t tha t w i l l su i t e your needs for almost any type of event. W e h a v e a t a i l o r m a d e so lut ion for your event organise r or sponsor in respect of cancellation of events or events liability. Cance l l a t ion cover can i n c l u d e p e r i l s s u c h a s non-appearance, national mourning, adverse weather conditions and more...

Tell 0861 00 0090 Fax 0861 00 0030Website www.keu.co.za Contact Denise Hattingh

e-mail [email protected]@keu.co.za

“Why take the risk when KEU can cover it all”?

A n A u t h o r i s e d F i n a n c i a l S e r v i c e s P r o v i d e r F S P 5 0 7 6

GOOD GOLFING

GRIP THE GOLF CLUB A LITTLE SHORTER TO INCREASE CONTROL


Recommended