At That Point
  • home
  • services
  • about us
  • our thoughts
  • videos

Does the IRP 2019 or Eskom plan reduce SA power risks?

21/11/2019

0 Comments

 
Picture
Do either the 2019 Integrated Resource Plan (IRP), gazetted on 18 October, or the Eskom turnaround plan, recently revealed by Public Enterprises Minister Pravin Gordhan, reduce the risk to the country’s power supply?

According to Paul Nel, Presenter at the IRMSA Western Cape, Risk Management Summit, both documents may be overly ambitious while providing little indication of how they will practically achieve their lofty goals.

Nel, a power industry veteran who, during his 18 years at Eskom, was responsible for all capital and large maintenance projects including all refurbishment and rehabilitation projects of nine power stations, understands the difficulties involved

“However, the right things are now being said and the right decisions are being made, and that is a good sign for the country,” he says.

IRP 2019
Many expectations hinged on the arrival of this gateway document, as government had put any plans to expand its renewable energy strategy on hold until its release.

Nel says that the Western Cape needs strong base load generation and that the policy to extend the life of Koeberg Nuclear Power Station by 20 years is the obvious option.

Apart from this project, there’s little mention of new nuclear developments with the exception of passing comment to an additional 2500MW at some point in the future.

In fact, the IRP is laden with mentions of renewable energy and, for the first time, lays out a time frame for decommissioning old fossil-fired power stations.

“These points should comfort critics who accused government of pushing its own agenda in terms of nuclear generation and expensive new builds,” says Nel.

“It shows they are responding to realistic concerns about affordability– that’s a very positive indicator.”

Of concern to Nel is the unclear narrative around the “just transition” of a coal-based workforce to a renewable-based system:

“Thermal generation is much more labour intensive than a renewables economy, and the IRP is not clear about how this transition will be accomplished.  In the interest of hitting the IRP energy targets, government should have  given clearer indications on when Round 5 of the Renewable Energy IPP program will be launched, instead the IRP suggests this may depend on some outcome of a ”just transition” process.”

Eskom turnaround plan
The eagerly anticipated turnaround plan for Eskom has arrived. Whether or not is represents a viable solution for the country’s troubled energy provider remains to be seen.

Again, Nel is concerned with the relatively high initial target of 70% availability for Eskom’s generation plant  indicated in this plan. To implement major corrective actions on specific units can take up to a year of planning and several months to implement.

“Even if all the right decisions are made and funding is available now, it would still take up to five years to reach a sustainable higher availability target,” he says. As with the IRP, the turnaround plan is somewhat vague on specific actions.

No quick fixes
Nel’s advice to the average South African is not to expect major improvements overnight or even within the next two years.

“With the IRP and turnaround issued, the first hurdles have been cleared, but a complete transformation of the country’s current energy woes is going to take a long time,” he concludes.

ENDS

Paul Nel from Aurecon, will be presenting on this topic at the 2019 Western Cape Risk Management Summit
When: Tuesday, November 26, 2019
7:00 AM

Where: Cape Town International Convention Centre (CTICC)
Convention Square
1 Lower Long Street
Cape Town

To attend contact: Roxanne Moodley
events@irmsa.org.za
0115551800

MEDIA CONTACT: Rosa-Mari, 060 995 6277, rosa-mari@thatpoint.co.za, www.atthatpoint.co.za 

For more information on IRMSA please visit:
Website: https://www.irmsa.org.za/
Twitter: https://twitter.com/IRMSAInsight
Facebook: https://www.facebook.com/IRMSAInsight/?ref=hl
LinkedIn: https://www.linkedin.com/company/irmsa-institute-of-risk-management-sa/
​
0 Comments

Tips on  how to identify a phishing email

19/11/2019

0 Comments

 
Picture
Written by; Farhad Rahaman for The Institute of Risk Management South Africa (IRMSA)

In this modern-day, tech-savvy world, we would like to believe that we could never be fooled by a social engineering scam or phishing attempt!

Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity via electronic communication.

​The reality is that it is easy to catch someone in this way.

Here are some tips to look out for so that you do not become just another phishing statistic:
  •  Do not trust the display name. A favourite phishing tactic is to spoof (imitate) the display name of an email to give it an air of legitimacy. If you click on the name, you will notice that the address differs from the display.
  • Look but do not click. Hover your mouse over any links embedded in the body of the email. If something seems even remotely strange, do not click on it.
  • Check for spelling mistakes. Brands usually do not make careless mistakes. This is an easy tell. Cybercriminals also do this purposefully to target less observant users.
  • Analyse the salutation. Watch out. Legitimate businesses usually use a personal salutation with your first and last name rather than a vague salutation.
  • Beware of urgent, threatening language. This is a common strategy to create a sense of panic, or to entice you to use poor judgement.
  • Review the signature. If you cannot find the sender’s details, or information on how to contact the company, this is probably a phish. Legitimate businesses always provide contact details.
  • Do not click on attachments or links. Including malicious attachments that contain viruses and malware is a common phishing tactic used to damage files on your computer, steal passwords or to spy on you without your knowledge. Do not open any email attachments that you were not expecting.
  • Do not ever give out your personal information. Legitimate banks (in fact most companies) will never ask for personal credentials via email.
  • Consider whether you have a relationship with the company that has sent the email. If you receive a message from a company that you do not deal with, assume that this is a phishing scam and ignore it!
  • Do not believe everything you see. Phishers are good at what they do. An email may look convincing and even display the company logo, but this does not mean it is legitimate. Be sceptical! If a message makes you feel even slightly unsettled, do not open it.
  • Look out for the secured lock icon in the browser indicating a secure site
Some last thoughts:
  • What are you as a company doing to make your staff “phishing savvy”?
  • Do you have a method where staff can report potential phishing emails?
  • Does your IT team block these phishing emails?
  • Is your business testing the knowledge of staff around phishing scam, if so, how, what metrices do you have that will provide and substantiate the exposure level?
  • Do you have an appointed data officer and a response plan to reduce the impact of a successful phishing attack?

ENDS

MEDIA CONTACT: Rosa-Mari, 060 995 6277, rosa-mari@thatpoint.co.za, www.atthatpoint.co.za 

For more information on IRMSA please visit:
Website: https://www.irmsa.org.za/
Twitter: https://twitter.com/IRMSAInsight
Facebook: https://www.facebook.com/IRMSAInsight/?ref=hl
LinkedIn: https://www.linkedin.com/company/irmsa-institute-of-risk-management-sa/ 
0 Comments

Is it conflict of interest or relationships?

12/11/2019

0 Comments

 
Picture

Authored by: Lindiwe Magobholi, IRMSA Risk Intelligence Committee Member


Conflict of interest has been topical in the recent history with debacle of “state capture” involving audit firms and the likes, and not forgetting landmarks events such as Steinhoff, Old Mutual (Moyo debacle) etc.  raising questions on the effectiveness of the governance structures existing within Corporate and Public Sector.

Are they even there? Do they have the knowledge/skills or even have the necessary authority to effect the necessary change or are they fit & proper? 

In the past year, Board and Sub-committee members have increased their level of awareness and scrutiny to management reports and the levels of assurance that can be drawn from it.

Similarly, professional bodies such as SAICA, IIA etc. have come under scrutiny on whether;
-          they can actually “bite” when a member has acted in a questionable manner;
-          whether there is a process to be followed in these eventualities and;
-          has the process stood the test of time or;
-          has a proven record of adding value to the organisation over time. 
​
Many organisations have policies in place on conflict interest that will address one of the following issues:
-          that conflicts of interest must be disclosed at the earliest point of detection.

​Generally, they’ll be a register where all the necessary information is recorded, the nature and monetary value.
-          that the concerned individual should not be involved in the decision-making process concerning the conflict. 

The definition of conflict of interest relates to the existence of a conflict (clash) between private interests and official responsibilities of person in a position of trust including family members and in external organisations, businesses and practices.  

These policies have been placed under serious scrutiny on their adequacy in preventing/managing conflicts of interest. 

So, the issue in many instances including the fall of entities such as Enron, is that there’s existing relationship between the conflicted parties and it “waters-down” the policies in place.

The culture of stakeholder management exists in business where events like Golf days etc. are held to strengthen business relationship.

These often set a different tone to that of conflict of interest as they create a relation of trust amongst stakeholders which underpins many important decisions in the business.

I’m of the opinion that the existence of conflicts of interest is the genesis of the problem. Prevention is always better than cure.

Professional bodies likewise, have reviewed their code of conducts and reverted to members to sign on an annual basis.

Understandably so, the reputational risk on them is immense because the question remains that “is a professional membership a carrot or stick (or both) relationship?

Is the benefit of professional membership balanced with the behavioural requirements? the systemic risk cannot be ignored.

These recent events as seen in media reports have raised the questions that we`ve never had to deal with before simply because there were no delinquents or even if they there were there, they were few-and- far in between or didn’t hold any reputational risk whatsoever.

It is normal business practice that senior positions are mostly based on networking relationships formed in and outside of the business environment.

Some can be traced as far back as Primary School and therefore run very deep.

They also provide a comfortable level of trust, an important element in business dealings.

At this level of management, the character of an individual outweighs their competencies.

Where the conflict concerns a person in a position of power, then the assurance providers come under extreme pressure not forgetting the impact on their careers.

This is where the lines of assurance, be it Audit or Risk are side-lined one way or the other. 

The COSO framework of 2017 stressed that not only do risk professionals need to review the implementation of strategies but should be involved in its formulation and evaluate its appropriateness in light of the vision & mission of the entity.

It is very easy to get side-tracked by a brilliant strategy, but does it speak to the heart of the entity?

And so the same principle should apply here i.e. the risk of conflicting interests should not only be acknowledged but fully dissected by the risk professionals, the implications and depth thereof.

Only then can the appropriate response be formulated. Business relationships exists purely for that i.e. business and not for personal gain.

And so, where a conflict arises, the introspection point for the decision makers is primarily, should that situation exist in the first place?

Secondly, is the exclusion of the conflicted member in the decision-making process translate to fact that their referent power, influence, existing relationships becomes absent in the minds of the decision-makers?

And thus, can we really argue that they do not influence the decision? What happens with the outcome of the decision and the impact on the existing relationship?

ENDS

MEDIA CONTACT: Rosa-Mari Le Roux, 060 995 6277, rosa-mari@thatpoint.co.za, www.atthatpoint.co.za

For more information on IRMSA please visit:
Website: https://www.irmsa.org.za/
Twitter: https://twitter.com/IRMSAInsight
Facebook: https://www.facebook.com/IRMSAInsight/?ref=hl
LinkedIn: https://www.linkedin.com/company/irmsa-institute-of-risk-management-sa/
​
0 Comments

Cyber Security Risks

4/11/2019

0 Comments

 
Picture
The Institute of Risk Management South Africa (IRMSA) risk chat authored by: Nicky Downing

Cyber security is the process of protecting networks and devices from emerging risks and cyberattacks.
​
The evolving nature of the digital landscape makes this potential threat critical to an organization, and information management has taken centre-stage as of late in terms of the potential risks associated with cyber security.

A mature cybersecurity system has multiple layers of defence spread across the organisation, but many organisations fail to understand the serious compliance and risk management implications of cyber and information security.

The ever-growing threat to the organisation that it poses in the pursuit of its overall business objectives and continuity cannot be understated, with an estimated 10 billion cybersecurity events (breached records) occurring in the last year. 

Cyber risk and compliance exposure, in the chaotic modern business world, is a complex mesh of vulnerabilities that crosses through different departments and functions within the business and its operations.

The effect of a seemingly isolated information or cyber risk can soon become ubiquitous – causing trouble throughout all levels of the organisation.

The Cost
In the context of just GDPR, the momentum in increased fines culminated in the data protection authority of the United Kingdom announcing its intent to impose significant fines against two companies for violations of the EU GDPR.

The ICO had decided to levy British Airways with a record £183.39 million (about R3.48 billion ZAR) fine for GDPR violations relating to a 2018 data breach. due to security failings, which exposed a half-million customers to data harvesting from a fraudulent site.

The UK’s information commissioner topped off the breaking news by urging caution to organisations, warning that similar fines could be levied unless organisations better protect the personal information and data of customers.

A day after the release of the fines levied against British Airways, it was released that Marriott International faces up to a $124 million fine (about R1.836 billion ZAR) for GDPR violations relating to a significant breach within its Starwood Hotels and Resorts subsidiary.

The breach is said to have allegedly affected over 300 million customers and guests globally.

Earlier this year, France’s CNIL (National Commission on Informatics and Liberty) announced a €50 million (about R956 million ZAR) fine levied against Google for failing to comply with the tough new privacy laws.

Shortly after this had happened, a published report came out of Germany stating that authorities had levied 41 GDPR related fines to organizations who were not compliant as of this past January.

These attacks, however, are not just left to the risk and compliance burdens of large corporations.

According to an annual study calculating cybersecurity costs holistically, 43% of online attacks are now aimed at small businesses and only 14% are prepared to combat a cyber breach – highlighting the need for organisations of all sizes to make cybersecurity a top priority.

The consequences for small businesses in the case of a cyber incident is estimated to cost on average $200,000.00, (nearly R3 million ZAR) threatening to potentially put 60% of small businesses out of business, or at least put the organisation in a financially dire situation.

The Aftermath
An effective cyber-breach can cause serious structural damage to your organisation.

The affects can range from reputational damage hurting consumer trust in your organisation, to compliance and financial affects that have serious implications on your organisation’s bottom line.

The impact of a cybersecurity breach can be split up into three categories:

Financial. Cyber-attacks often result in substantial financial loss.
Not only has corporate information likely been stolen (and possibly even financial information e.g. card and/or banking details), but the organisation will also generally incur costs associated with improving and repairing the affected networks and systems.

Recent experience with new data privacy laws, such as GDPR, tells us that there is a serious financial cost to non-compliance within cybersecurity and data protection.

Reputational. Trust is an essential element of building understanding within an organisation and its clientele. A cyber-breach can cause serious damage to your organisation’s reputation and erode the trust your customers have in you.

This could, as a result, potentially lead to loss of customers, lower sales numbers, and, in turn, a reduction in profits. The possible effects can even have serious implications on any partners, investors, and third-parties with a vested interest in your organisation.

Compliance. Data protection and privacy laws require you to manage the security of all personal data you hold - whether on your staff or your customers. If this data is accidentally or deliberately compromised, and you have failed to deploy appropriate security measures, you may face fines and regulatory sanctions.

Compliance
The challenges of personal data protection/privacy are growing as organisation’s not only have to respond to the EU GDPR, but also to California’s Consumer Protection Act (CCPA), New York Privacy Act (NYPA), South Africa’s Protection of Personal Information Act (POPIA), and more.

Although your organisation might not be headquartered in the jurisdiction of any of these laws, companies with a local operational presence in the EU or with an offering that is being directed to the EU, are subject to the GDPR’s territorial or extraterritorial reach.

Consequently, such companies must work on complying with GDPR requirements.

These companies have been required to comply with global data protection policies which have been adopted by their global management, effectively requiring them to comply with many material aspects of GDPR.

It is becoming increasingly clear that this growing list of data protection and information management legislation presents a massive risk and compliance obstacle for organisations.

Closing Thoughts
Organisations cannot rely on only managing and continuously monitoring cybersecurity.
Unless this monitoring and management is part of an integrated strategy that approaches information security, risk and compliance from a holistic lens, the organisation’s actions won’t be truly effective and fall short of meeting international standards.

The full scale of vulnerabilities and requirements that weigh down information and cybersecurity must be addressed in a standardised and well-established information management and cyber security architecture.

ENDS

MEDIA CONTACT: Rosa-Mari, 060 995 6277, rosa-mari@thatpoint.co.za, www.atthatpoint.co.za 
For more information on IRMSA please visit:
Website: https://www.irmsa.org.za/
Twitter: https://twitter.com/IRMSAInsight
Facebook: https://www.facebook.com/IRMSAInsight/?ref=hl
LinkedIn: https://www.linkedin.com/company/irmsa-institute-of-risk-management-sa/

​
0 Comments

​Will Diabetes be the “boiled frog” of SA healthcare?

22/10/2019

0 Comments

 
Picture
Authored by: Volker von Widdern, The Institute of Risk Management South Africa (IRMSA) Risk Intelligence Committee Member

It is possible that the increasing prevalence of diabetes in South Africa may become an even greater challenge than the HIV epidemic.

The development of anti-retro viral clinical responses to HIV have substantially reduced exposure to HIV, but it does not appear that similar clinical advances can be achieved in the next 10 years to mitigate the impacts of diabetes.

Since human resources are usually the highest priority and cost factor in most organisations, the consequential impact of diabetes on the productivity and development or retention of intellectual property, will face significant risks.

The increasing prevalence of diabetes in South Africa is unfortunately another outcome of the high levels of polarisation in our population. Eating patterns and increasing urbanisation are accelerating the prevalence of diabetes, and these social drivers are a reflection of our high levels of unemployment.

Should employers invest in strategies that reduce employee exposure to diabetes? It can be argued that such investments have no reliable return because employees can easily move to other businesses.

However, it is also true that well aligned and productive employees are by far the most differentiated source of company performance.

What could the scenarios be if no investment is made in reducing the prevalence of diabetes? It is then likely that employee turnover will increase and there will be an artificial demand for employees that have less risk or exposure to diabetes.

There are several research articles that demonstrate the sharp increase and high prevalence of diabetes in SA, and one example from which a short extract is shown below, is:

The prevalence of type 2 diabetes in South Africa: a systematic review protocol
Carmen Pheiffer, Victoria Pillay-van Wyk, Jané D Joubert, Naomi Levitt, Mweete D Nglazi, Debbie Bradshaw
“The prevalence of diabetes is rapidly increasing in South Africa. In 2009, approximately 2 million (9%) people aged 30 years and older had diabetes, increasing almost twofold since 2000 when Bradshaw et al reported a prevalence of 5.5%.

Several factors such as the ageing population, economic transition and urbanisation associated with nutrition transition and obesity have contributed to the increased diabetes prevalence.

In 2000, it was estimated that 87% of diabetes cases in South Africa were attributed to excess body weight.
This is concerning since in 2013 ~38% of men and ~69% of women in South Africa were considered overweight or obese.

In 2015, the global burden of disease study estimated that high body mass index and hyperglycaemia, ranked as the second and third leading risk factors, respectively, after unsafe sex, for early death and disability in South Africa.

Diabetes, due to its association with several microvascular and macrovascular complications, places a significant burden on the South African health system.

In 2009, it was estimated that diabetes caused about 8000 new cases of blindness and 2000 new cases of amputations annually.

A national burden of disease study in 2000 reported that diabetes accounted for approximately 14% of cases of ischaemic heart disease, 10% of stroke, 12% of hypertensive disease and 12% of renal disease.

Furthermore, the indirect costs of diabetes are high. Diabetes in Africa affect mainly working-aged people between 40 and 60 years of age placing an added burden on the economy due to work absenteeism and decreased productivity.

South Africa is battling a quadruple burden of disease due to high rates of infectious diseases, non-communicable disease, maternal and child mortality, and injury-related disorders, thus have limited resources to meet the increased health and economic costs of diabetes.”

ENDS

MEDIA CONTACT: Rosa-Mari, 060 995 6277, rosa-mari@thatpoint.co.za, www.atthatpoint.co.za 
​
For more information on IRMSA please visit:
Website: https://www.irmsa.org.za/
Twitter: https://twitter.com/IRMSAInsight
Facebook: https://www.facebook.com/IRMSAInsight/?ref=hl
LinkedIn: https://www.linkedin.com/company/irmsa-institute-of-risk-management-sa/

0 Comments

​Chief risk officers of the future

16/10/2019

0 Comments

 
Picture
Authored by: Sidney Mongala, CRM Prac Member at The Institute of Risk Management South Africa (IRMSA)

The way we do business today is 1000 times advanced than it was done in the last millennium, 100 times advanced than was done in the last century and 10 times advanced than was done in the last decade.This is an indication of how rapid life changes.

The more our lives are advancing, the more the need for advanced ways of doing things, the more complex the risk environment evolves.

This is therefore the driver of future business successes and determinant of future business traits and trends. As futurists and trend analysts project the future ahead, businesses should likewise be positioned for the advanced and sophisticated ways of doing business.

Future Chief Risk Officers (CRO) should thus not be left behind but partner with businesses in crafting future fit business models and strategies.

Thus competing with AI and Robotics in this 4IR era which might lead to diminishing credibility and relevance of human intervention and interface.

The way we do business has changed such that we don’t use much physical money anymore to do business as we venture into this 4IR era.

Cryptocurrencies are here to disrupt the old way of transacting and they are the future waves of doing business.
Likewise CROs should continue evolving the way they are doing things and improving their competencies to feed the new waves of doing business and be able with reasonable certainty to advice businesses to be competitive and business savvy to capture the rapidly changing 4IR market share.

With these advancements in the way business is done these days, surely I can safely say disappearing are the days of our lives wherein CROs:
  • Have a corner office waiting for a bell to ring to attend to problems;
  • Compile risk reports and present them to Risk and Audit Committees and Boards;
  • Are required to do anything and everything that could not be done elsewhere like Business Continuity Plans (BCPs), Fraud Prevention Plans, Investigations, Compliance, etc;
  • Are called after strategic directions and plans have already been finalised and are expected to identify and analyse risks;
  • Are carriers of jargon filled risk registers, reports, dashboards, etc;
  • Are seen as “Mr know it all” and find themselves running around fixing anything and everything they have identified as risky; and
  • Have the last item in an agenda that is ‘taken as read’ or ‘will be considered in the next meeting’.
Thus, the future relevance of CROs lie in the strategic partnering and value add to businesses.

Future CROs therefore need to position themselves to be business partners and advisers on business strategies, operations and decisions on the go; “Just In Time (JIT) Risk Management Advisory System and Processes”.

The CROs of the future should therefore possess the following traits:
  • Be mind full of and align to the business vision, mission, direction, strategy and operations including but not limited to future advancements and complexities of doing business;
  • Must be visible and embracing of the entire business vision, mission, direction, strategy and operations;
  • Have sentiments around opportunities for growth and/or service delivery exploitations;
  • Get involved and invested in the strategic projects from initiation to execution to legacy;
  • Walk, talk, sleep, eat and live everything about risks and opportunities;
  • Be the voices that are heard and supported by everyone;
  • Inspire, nurture and bring along direct supports;
  • Carry the best knowledge to advice the entire business’s current and future risks and opportunities;
  • Be active participants in strategic decision making structures, meetings, etc;
  • Act as Anti-Virus software to influence and protect the entire business systems and processes from disruptive technologies in this 4IR era; and
  • Have the audacity and steadfast to point the hidden, speak the unspoken and address the most hard-felt truths about business lessons learned and failures, flaws, improprieties, etc.
Future CROs are those that will not wait for risk agenda items to be included in strategic and operational meetings but influence consideration of risks in all strategic decisions and operations.

The future CROs should be engaged in every discussions, planning, decisions, projects, etc. for growth in business and/or service delivery.

Future CROs should be future risk visionaries of businesses and be able to advice of the future fit business strategies, decisions and plans in the 4IR wave of doing business.

Although future CROs are not expected to be “Drs Of All Problems and Mr/Ms/Mrs Know It All”, future CROs should be able to know where the business is going and be able to advice throughout the business journey.

The future CROs should be the library of risks and opportunities required to build future proof strategies for successful, growing and service delivery savvy businesses.

Like Artificial Intelligence (AI) and 4th Industrial Revolution, future CROs should:
  • Be the backbone of their organisations’ intelligence to predict the future and advice on the perfect alignment to future business directions;
  • At least have answers for all key decisions;
  • Position themselves to fit and thrive in the AI and 4IR era;
  • Upgrade and update processes to be responsive to the rapidly changing and disruptive technologies
  • Be the transformation their organisations need to meet future business needs;
  • Be readily available and prepared to advice on new business ideas; and
  • Be able to timely gauge circumstances and advice on solutions.
For businesses to be future business savvy, it will be critical that they place the right value and investment in the advancement of future risk management systems and processes and ensure that these systems and processes are driven by capable hands of future-programmed CROs.

This means that businesses should understand and put risk management as part and parcel of everything they do lest they fall on a double sharp-edged sword that cut the throats of big businesses such as Bearings Bank, Washington Mutual Bank, VBS Mutual Bank, WorldCom, Enron, Lehman Brothers, Arthur Andersen, etc.

A lot of businesses that are not fine-tuning to the new wave of doing business will suffer the consequences of business intelligence risks such as AI and 4IR in the next ten to fifty years.

These include mostly the labour intensive businesses, ICT businesses that have heavily invested in old ICT Infrastructure, Financial Institutions that are in denial of the arrival of the cryptocurrencies and other disruptive technologies, and so forth.

Likewise, to have future CROs that are equivalent to the old technology and are stuck in the old and safe way of doing business will not survive the use of rapidly evolving and competitive 4IR era of Robotics, AI, Big Data, IoT, etc.

This will be like running a financial institution wherein people queue for cash withdrawals and deposits in this era of EFTs, Banking Apps, Smart Banking, Cradles Transacting, cryptocurrency, virtual banking, etc.

​These kinds of future CROs will fall with their business ideas and may find it very difficult to fit anywhere in the future wave of doing business.

Another key question to be answered is “how prepared and advanced will our education system be to ensure that future CROs are relevant and fit into the rapidly changing business environment”.

How will the bridge between our education system and the future wave of doing business be closed in order to supply the business world with the bright minds for future fit CROs.

How prepared and adaptable is the education system to fit the future way of doing business and thus bridging the gap between the demand and the supply for future fit CROs, risk managers and assurance providers.

Let me leave you by saying “If we don’t take care of the future, the future will take care of us and we will suffer the consequences”.

ENDS

MEDIA CONTACT: Rosa-Mari, 060 995 6277, rosa-mari@thatpoint.co.za, www.atthatpoint.co.za 

For more information on IRMSA please visit:
Website: https://www.irmsa.org.za/
Twitter: https://twitter.com/IRMSAInsight
Facebook: https://www.facebook.com/IRMSAInsight/?ref=hl
LinkedIn: https://www.linkedin.com/company/irmsa-institute-of-risk-management-sa/ 
0 Comments

Dealing with the risk that’s not on the register

14/10/2019

0 Comments

 
Picture
 Authored by: Andrew Pike, Fellow of the Institute of Risk Management South Africa (IRMSA)

In August 1991, excited holiday-makers boarded the Oceanos, a Greek-owned passenger vessel, at East London for the trip of a lifetime.

Despite a raging storm, the Captain ordered the ship to set sail for Durban. Hurricane force winds and giant rogue waves battered the ship.

About 4 hours after she had set sail and when she was a couple of miles off a remote stretch of the Transkei coast, the auxiliary engine room was breached and the ship started taking huge volumes of water.

Panicking senior crew members scrambled into lifeboats, leaving the ship’s evacuation to on-board entertainers and crew staff. Women and children clambered aboard life boats which were then launched into the monstrous seas, but eventually all operational or launch-able life boats had been used and 221 passengers were left stranded aboard the sinking ship.

The South African Air Force, in cooperation with the Navy, then launched its biggest rescue operation in history to airlift passengers off the stricken vessel, battling 70 knot winds and waves in excess of 20 meters.

Passengers who had been evacuated in life boats were eventually all picked up by merchant ships and fishing vessels in the area.

The airlifted passengers were removed from the ship and taken to a local hotel about 2 to 3 miles away from the ship. During the helicopter airlift, the Captain of the ship also deserted all of the passengers and remaining crew, thus leaving the ship completely in the hands of civilians and junior crew members.

Eventually, about an hour before the ship sank and 17 hours after the drama started, all passengers had been safely evacuated. It was against all odds that no one perished in the disaster. Stories abound of heroism, cowardice, commitment and the emergency response of all involved.

However, the reality is that the Department of Transport itself had never planned for a disaster on this scale and certainly no one in South Africa had ever given any thought to the possibility of a passenger ship sinking.

This was the materialization of a risk on such a grand scale in maritime terms that it was never in any one’s contemplation and, had risk management been the art form then that it is nowadays, a sinking passenger liner would probably not have been on any one’s risk register.

And yet, despite mountainous seas, a cowardly crew, a shortage of life boats and everything else, South Africa pulled together and effected what was arguably the most successful maritime rescue in history.

Nowadays, with a keener sense of risk identification, most major organizations have some level of preparation in respect of most risks.

But what do we do about the risks which were just never seen coming? Given the current accelerated pace of technological growth, climate change, uncertain financial markets and the like, it seems inevitable that at some stage most organizations are going to be faced with a risk they hadn’t thought about.

For me, the common thread running through the Oceanos rescue was a combination of the following factors which made the rescue the success that it was:

People and skills:
  • There were people in all of the key response areas (Air Force, Maritime Rescue Co-ordination Centre and so on) who were capable of making sensible, but more importantly, bold decisions.
  • Those people were all empowered to make those decisions i.e. they did not need to defer to some higher power before the decision could be made.
  • It is one thing to have the right people in the right places, but unless they have sufficient skills and training, they will only be able to work within the realms of what they know. Where they have a depth of training which will enable them to extend their skills to any situation, no matter how unforeseen, the organization will have the necessary resilience.
  • Even where they do not have specific skills, sufficient basic skills must be in place to enable people to work efficiently well outside of their comfort zones. In the Oceanos rescue, the helicopter crews which flew from the hinterland did not have maritime rescue training in place, but they were nonetheless able to perform admirably.
Resources:
  • Remarkably, sufficient resources were available at the time. Somehow or other the Defence Force managed to mobilize sufficient helicopters, divers, air crew and naval vessels which were sufficient for the job.
  • The maritime rescue systems in place were able to call on resources which were not on any asset list, but were available nonetheless. Those were the civilian merchant vessels which came to the rescue. By convention, ships at sea are required to come to the aid of ships which are in trouble. How much stronger might we as a country be if that sort of convention existed amongst companies and organizations, rather than the prevailing attitude of “there but for the grace of God go I” and watching our competitors sink?
Systems:
  • Although there was no plan anywhere in the country for a sinking passenger ship, there were nonetheless systems of communication, response systems, support services like the NSRI, emergency services and so on.
  • Provided there are systems in place which can speak to virtually any eventuality, they will in most instances prove sufficiently resilient, even for risks which weren’t expected or foreseen.
Commitment:
  • There were on my reckoning over 50 different organizations involved at one level or another in the rescue operation. Every one of them was totally committed to rescuing the lives which were at risk, regardless of personal risk, safety or indeed legality.
  • The hinterland helicopter crews in fact flew unlawfully to the site of the rescue and participated in the rescue unlawfully because they had neither the necessary rescue equipment nor training. Nonetheless, they were so committed to a bigger cause that they worked outside of their normal parameters.
  • Looking at the operation in its entirety, that description can be given to most people who were involved: divers, entertainers, ships agents, air crew and the rest. Within any organization, unless the people in that organization are completely bought into the bigger vision of the organization and therefore willing to commit beyond the ordinary, the organization remains vulnerable to risks which are not on the register.

In conclusion, whilst Risk Registers and Risk Identification are becoming more sophisticated, it is likely that, as things change, organizations will not be able to anticipate and prepare for every risk.

However, if the basics and essentials are in place, what organizations will do is build sufficient resilience to address the disasters which may befall them.

ENDS

MEDIA CONTACT: Rosa-Mari, 060 995 6277, rosa-mari@thatpoint.co.za, www.atthatpoint.co.za 
​
For more information on IRMSA please visit:
Website: https://www.irmsa.org.za/
Twitter: https://twitter.com/IRMSAInsight
Facebook: https://www.facebook.com/IRMSAInsight/?ref=hl
LinkedIn: https://www.linkedin.com/company/irmsa-institute-of-risk-management-sa/
​
0 Comments

South Africa is undergoing significant shifts, despite major risks

30/8/2019

0 Comments

 
Picture
Authored by: Christopher Palm, Chief Risk Advisor, Institute of Risk Management South Africa

The top risk in South Africa is structurally high unemployment; followed by growing income disparity and inequality, according to the 2019 IRMSA Risk Report.

Stats SA says unemployment in the first quarter of 2019 increased by 0,5 of a percentage point, bringing the rate to 27,6%. The burden of unemployment is concentrated amongst the youth between the age of 15 and 34 years.
​
Almost 4 in every 10 young people in the labour force do not have a job.

The IRMSA report creates awareness of the risks facing the achievement of the South African country and industry objectives. More than 85 experts in their fields provided opinions and profound insights for each of the top ten risks facing the country and industry.

In the IRMSA report VoxCroft Analytics specifically expressed concern that the growing disillusionment among the youth of South Africa could lead to a youth-driven protest movement, on a much larger scale than the student protest movement.

Such a movement, if led and supported by other population groups in the country, would hold a particular challenge for the general political stability of the country.

Nerine Kahn, CEO at Employment Relations Exchange, says unemployment is possibly the highest risk to the achievement of any or all of the National Development Plan’s (NDP) objectives.

The NDP goals are targeted towards developing certain aspects of the economy, but require very significant skills and education levels.

IRMSA recognises the NDP as the legitimate summation of the joint goals of government and private sector; to work towards a shared and prosperous future for the country and its people.

Graeme Codrington, founding director of strategic insights firm, TomorrowToday, says South Africa is seemingly just limping along with not much changing, and yet, under the surface some significant shifts are taking place.

The impact of fraud and corruption and State failure has shifted down the risk-list. It is now in the fourth place.

In 2017 it was top of the list, and last year it was the second biggest risk facing the country.

This reflects the ending of the Zuma-era; a decade that will be blight on the nation for some time to come. Last year saw the beginnings of a collective resolve to reverse the damage.

Difficult decisions were made, such as raising the VAT rate with one percentage points, replacing the boards of key State-Owned Enterprises, dropping the nuclear deal and tackling the land issue.

South Africa has a robust economy and currency (relative, at least, to our peer group which include countries such as Turkey, Argentina, Thailand, Indonesia, Mexico, Egypt and Nigeria). It has a stronger government than we have had for years.

We are not where we want to be, but we are a long way ahead of where we once were.

The first few years of the 2020s will see a more resolute approach to solving the land issue. We have no future as a country if a vast majority of its citizens remain locked in endemic poverty and landlessness.

The ANC has pledged to deal with the land issue lawfully, carefully and without damaging the country’s economy.

Small groups, with their own particular agendas, are using fear-mongering tactics along with “sophisticated psychological techniques” and the manipulation of social media, to sow seeds of fear, discord and enmity between ordinary South Africans.

Business and individuals must get involved in solving the major issues that currently lock people out of their futures, especially education, employment and healthcare.

Trevor Channing, head of governance and risk at the Chemical Industries Education and Training Authority (CHIETA), is of the view that South Africa’s second biggest risk - growing income disparity and inequality - will threaten the majority of the six priorities in the NDP.

It will have a direct impact on our social cohesion, strengthening our democracy, citizenry and functioning as a capable and developmental state.

The country now needs ethical political leadership for sustainable foreign investments, and an end to wasteful expenditure for resources to be applied in ways that will stimulate economic growth.

The country needs all sectors of society to create a united front against the national issues that are holding us back.

South Africa top 10 overall risks
  1. Structurally high unemployment
  2. Growing income disparity and inequality
  3. Failure of governance in the public sector
  4. Unmanageable fraud and corruption
  5. Inadequate and/or sub-standard education and skills development
  6. Energy price shock
  7. Labour unrest and strike action
  8. National political uncertainty/instability
  9. Cyber-attacks (ransom. Algorithm shutdown of the internet of things)
  10. Macro-economic developments
Six pillars of the NDP
  1. Mobilisation of all South Africans
  2. Active engagement of citizens in their own development
  3. Expansion of the economy & making growth inclusive
  4. Building of key capabilities (human, physical & institutional)
  5. Building a capable and developmental state
  6. Fostering of strong leadership throughout society
 
ENDS
 
MEDIA CONTACT: Rosa-Mari, 060 995 6277, rosa-mari@thatpoint.co.za, www.atthatpoint.co.za 
For more information on IRMSA please visit:
Website: https://www.irmsa.org.za/
Twitter: https://twitter.com/IRMSAInsight
Facebook: https://www.facebook.com/IRMSAInsight/?ref=hl
LinkedIn: https://www.linkedin.com/company/irmsa-institute-of-risk-management-sa/
​
0 Comments

Governing The Digital Nomads of the Future

21/8/2019

0 Comments

 
Picture
Authored by: Jessica Knight, IRMSA Risk Intelligence Committee Member

The Fourth Industrial Revolution brings with it a fundamental shift in how we do business.

Advances in technology and the increasing digitisation of many roles means that the conventional brick-and-mortar business model is quickly shifting towards a hybrid model of an international corporation with nuances of the exponentially popular gig economy.

This hybrid is regularly defined by decentralised operations and autonomous employees.

In this ever-transforming landscape, a key consideration for organisations is how to take advantage of the global marketplace to source top talent, through the use of digital nomads.  

Digital nomads are remote workers who typically travel to different locations while still fulfilling their professional obligations.

They often work in coffee shops, co-working spaces, or public libraries, relying on devices with wireless internet capabilities like smartphones and mobile hotspots to do their work on the move.

The average digital nomad is a Millennial between the ages of 22-35 who is tech-savvy and in hot pursuit of the optimal work-life balance.

Rethink Productivity Measurement
The rise of digital nomadism is causing companies to re-evaluate the traditional model of measuring productivity.
Companies that are preoccupied with time spent working - as opposed to deliverables or results and the quality thereof - are focused on the wrong unit of measure.

The number of hours a person works rarely equates to their productivity or achieved results.

In a factory system you can achieve economies of scale through allocating and automating tasks that run on a time basis and can measure the cost/yield per hour of production.

People are not machines and you cannot achieve the same utility by treating them as such, so why do we continue to use elements of the factory system in how we manage and govern businesses?

Productivity and efficiency in humans should not be measured off the basis of hours worked.

There is an ebb and flow that needs to be considered, differentiating human and machine elements.

Enter the digital nomad, a role focused on results as "hours worked" becomes an almost ungovernable aspect of operations.

The appeal of the 40 - 50 plus hours per week spent in a cubicle environment is dwindling in the face of defining your own operational environment through digital nomadism.

Not all trends are relevant
The integration of digital nomadism is not necessarily suitable to every organisation as it poses new risks stemming from hybrid business models, decentralisation and technological reliance.

This refined form of freelancing is often ambiguous, lacks structure and is constantly adapting.

Defining and managing your company’s risk becomes tricky when your workforce does not sit in the same place and operate using standardised methods.

 Controlling roles and responsibilities from a distance becomes a challenge when your team cannot be easily monitored.

A business should be able to achieve the same or better results when considering the adoption of the digital nomad trend.

Not all trends are relevant so adoption should always align to business objectives before pop-culture imperatives.

The crux of governing digital nomads of the future is not to try and replicate a conventional business model for remote work, but rather to completely re-evaluate what a successful operational environment should look like.

There are many metrics to gauge business success, but operational success - a holistic success factor for employees, their environment and the work that they do - is traditionally measured through a mishmash KPI structure with the occasional employee happiness/satisfaction survey sprinkled in-between.

A company can still achieve good results with “sufficiently happy” or even unhappy employees.

Effectively measuring and monitoring operations is not always a priority when the business is making money, but employee wellbeing is often the first to suffer when the business is not.

Digital nomadism is an opportunity to completely overhaul this model of “average-at-best” operations by empowering employees with the ability to define their own operational environment.

Making a success of digital nomadism requires providing employees with the autonomy to determine their working hours - companies must remain cognisant that not all employees perform best from 9am to 5pm, nor do all employees require 8 hours to execute the tasks expected of them.

Further to this, productivity is likely to increase when employees are working in environments that make them work most efficiently.

Leveraging the right technology for your business and maximising your human capital in the right way can be the difference between success and failure of the digital endeavour.

Things to consider:
  • Does your organisation allow certain business units to work remotely?
  • Have you considered the cost of having a bum in seat vs the administration of employing digital nomads?
  • What are some of the managerial challenges your organisation could face should a shift to digital nomads be made?
  • How could a phased approach be implemented to gradually allow staff more work-life flexibility? Would this add to productivity in your organisation?
ENDS

MEDIA CONTACT: Rosa-Mari, 060 995 6277, rosa-mari@thatpoint.co.za, www.atthatpoint.co.za 
​
For more information on IRMSA please visit:
Website: https://www.irmsa.org.za/
Twitter: https://twitter.com/IRMSAInsight
Facebook: https://www.facebook.com/IRMSAInsight/?ref=hl
LinkedIn: https://www.linkedin.com/company/irmsa-institute-of-risk-management-sa/​

0 Comments

​South-Africa voted, now what?

7/8/2019

0 Comments

 
Picture
In the run-up to the important national elections in May this year, people were hopeful and desperately anticipating a change in the leadership of the country. 

Everybody knew that this election was such an important time for all South Africans, fully aware of the implications for the country and hoping for certain outcomes so that the business landscape would remain secure and bring positive growth, put a stop to the pervasive fraud and corruption and most importantly, create jobs!

Several months later things are still unfolding and developing, with uncertainty creating new risks and opportunities. “We need political stability in the country as it is affecting the economy. There are big issues to concern ourselves with such as stopping the mismanagement of public funds, reducing unemployment, and especially youth unemployment,” says Gillian le Cordeur, CEO of the Institute of Risk Management South Africa (IRMSA).

The results of Stats SA’s Quarterly Labour Force Survey for the second quarter of 2019 indicate that the official unemployment rate increased to 29%, up from 27.6% in the first quarter.  The country now has 6.7 million unemployed people.

Stability and confidence
“We need confidence in our leaders.  Stability is key for us to move forward,” says Le Cordeur.  She says the internal political struggles within the country’s local, provincial and national leadership are eroding the stability and confidence needed in South Africa from its citizens and international community alike.

Adding to this, is the uncertainty around land reform weighing heavily on business leaders, investors and risk professionals and whether or not it will be dealt with responsibly.  

“We need to be thinking ahead and to have a strategic purpose for what our country and our organisations need.”

It is IRMSA’s conviction that the country needs stronger risk professionals and stronger private and public sector leaders to be able to make the right strategic moves as we head into the future.  

Risk professionals that are able to reflect on the political and economic factors right now and how they could potentially play out in the next few months and how we need to prepare our organisations. 

To be on the forefront of informing decision making and enabling transformation - not only within our organisations but in the country as well.

Corporate governance and ethics
Le Cordeur adds that as much as IRMSA is concerned about the political and economic landscape they are also concerned about corporate governance and ethics.

There have been too many corporate failures in recent times. On top of that South Africans are being swamped with reports of corruption and state capture.

It is all very well to wait for this landscape to change from a political point of view, but at the same time the foundation of our society remains weak.

“As risk professionals and business leaders we must make sure that our house is in order so that there can be no finger-pointing. It will be such a pity that you could not make an impact, because your house was not in order.”

Post-election landscape
IRMSA will be tackling pressing issues during its post-election event in Johannesburg later this month (August).

Christopher Palm, Chief Risk Advisor at IRMSA says that linking risk to strategy, applying a systems-thinking approach to risk management and making sure that risk influences decision making through the development of predictive capabilities are critical success factors to build robust alternative futures over the short, medium and long term landscapes for South Africa and South African business.

“Once you know how the landscape will unfold in the next few years, you are able to align your own activities and strategies to be able to deal with those risks,” says Le Cordeur.

“We need to pull everything together to act pro-actively on the risks facing us on all fronts.”

ENDS


 
MEDIA CONTACT: Rosa-Mari, 060 9956277,rosa-mari@thatpoint.co.za, www.atthatpoint.co.za 
For more information on IRMSA please visit:
Website: https://www.irmsa.org.za/
Twitter: https://twitter.com/IRMSAInsight
Facebook: https://www.facebook.com/IRMSAInsight/?ref=hl
LinkedIn: https://www.linkedin.com/company/irmsa-institute-of-risk-management-sa/

0 Comments
<<Previous
    Welcome to the IRMSA Newsroom

    Archives

    November 2019
    October 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019

    Categories

    All

    RSS Feed

CONTACT US

office [at] atthatpoint [dot] co [dot] za
© COPYRIGHT 2019
ALL RIGHTS RESERVED.

  • home
  • services
  • about us
  • our thoughts
  • videos