 On 30 January 2020, the Director-General of the World Health Organisation (WHO) declared that the outbreak of the novel coronavirus (“2019-nCoV”) constitutes a Public Health Emergency of International Concern (PHEIC) and issued advice as Temporary Recommendations (TR) under the International Health Regulations (IHR).
The full report can be found here Since then there has been an upsurge in the news cycle and a plethora of news, both trustworthy and fake. What is a business leader or a risk manager to do? Firstly, recognise and state the risk as it could materialise in your organisation: For example: Staff may become infected by the novel corona virus which could lead to the death of a number of staff caused by management complacency, ineffective preventative measures and the lack of a preparedness and response plan, which may lead to the mandatory suspension of business operations as the offices of are sealed by national health authorities and the military, as a containment measure to mitigate the spread of the virus. Secondly, prepare as best you can. Realise that you will never have all the information and all the answers but strive to source the best available information on which to make decisions. The call to action from the IRMSA Risk Intelligence Committee is as follows: 1.Don’t panic but don’t be complacent. Get prepared! 2. Inform yourself accurately so that you can accurately inform and advise others. 3. Prepare a Pandemic Preparedness Plan (PPP) for your organisation. You could dust off and update an old PPP previously prepared for YOUR organisation but be thorough and do more than change the name of the virus and the date! Update the PPP using the best available information based on your diligent research and study of trusted resources. If you do not have a PPP, now is the time to prepare one and include it in your organisation’s business continuity management framework. Your organisation’s PPP is the core instrument to responsibly guide your organisation to PREVENT an outbreak and to REACT should a suspected case emerge in your organisation. 4. Constitute a “Corona Group” chaired by the CEO or a duly delegated and empowered alternate with the authority to make quick decisions. Staff the “Corona Group” with as few as possible but as many as necessary members committed to taking responsibility, allocating the time, and doing the work necessary to effectively develop and execute the PPP. The “Corona Group” should define the triggers that will activate specific actions by your organisation as and when they occur. 5. Stay up to date by following a few trusted sources. Fake news thrives in times like this; don’t fall into the trap. A few resources for you to consider are referenced below: https://www.who.int/health-topics/coronavirus Advice for the public – here you will find downloadable communication posters and other resources for you to print and post in the workplace. Situation reports – these will help to keep you up to date with concise information. Yes, it does not update as often as the mainstream news cycle, but it is based on more reliable information. Remember mainstream news sites are there to sell advertising space and to keep you hooked on every new snippet of news that comes along. Remember, sensationalism sells! Media resources – here you will find audio updates and transcripts to study for yourself what was said vs. how it is reported in the media. Technical guidance – here you will find guidance by topic: country readiness, patient management, risk communication and community engagement, and six other topics. There are also downloadable technical guidance publications covering all the above topics. Travel advice – here you will find updates on WHO advice for international traffic specifically in relation to the outbreak of the novel coronavirus. Follow two trustworthy news sites – limit it to one local and one international site. Follow www.irmsa.org.za to keep up to date with practical advice on how to manage this risk. ENDS MEDIA CONTACT: Rosa-Mari, 060 995 6277, rosa-mari@thatpoint.co.za, www.atthatpoint.co.za For more information on IRMSA please visit: Website: https://www.irmsa.org.za/ Twitter: https://twitter.com/IRMSAInsight Facebook: https://www.facebook.com/IRMSAInsight/?ref=hl LinkedIn: https://www.linkedin.com/company/irmsa-institute-of-risk-management-sa/
0 Comments
 The Institute of Risk Management South Africa (IRMSA) is looking forward to the launch of their IRMSA South Africa Risk Report 2020 in February this year. This will be the sixth edition of this report and looking back over the past five editions it is disappointing to see that so many risks have materialised.
Disappointing because first, the South Africa and Industry risk profiles have remained largely the same and most of them materialised over this period – so the risks were well known and yet the risk responses were overall ineffective says Christopher Palm, Chief Risk Advisor at the IRMSA. The risks, which include unemployment, fraud and corruption, income disparity and failure of governance, have not just already materialised, it has actually deteriorated e.g. unemployment. Looking ahead, risks that are making its way onto the South African and Industry risk radar are climate change, which has sporadically been included on South Africa’s risk profile, social disobedience, and pressure on South Africans’ Chapter 9 institutions, which include the Public Protector and the South Africa Human Rights Commission. “South Africa needs effective Chapter 9 institutions who uphold and enhance democracy on our behalf. IRMSA believes that a strong, ethical and independent leadership that visibly holds key role players accountable within the roles they have been voted into, is needed,” says Palm. International lessons While the risk profession in South Africa isn’t lagging behind its international peers, board members, executive committees and CEOs of South African organisations should expect more from their risk managers. This is however a “Tango” - Business must actively involve their risk managers (not just expect of or enable them to tick the boxes), and to actively be exposed to the business-critical information so that they can bring value to decisions. “Internationally, a risk manager will not be appointed if they cannot add value to the organisation’s performance. Risk managers are expected to confidently comment on the strategy and performance of an organisation and contribute to the company’s agility by delivering quality, timeous and relevant information. Local companies should demand more from risk managers, and we should deliver,” says Palm. “For example, a risk manager with quantitative analytics skills who takes this approach can be more predictive and support the business’ strategy with alternative futures, which will lead to better decision-making. If businesses know what their options are and these options have been quantified, it gets easier to make the right decisions,” says Palm. He says the risk manager who adds the most value to an organisation’s performance is the one who has accepted the notion that risk is about the future and that uncertainty is not confined to a risk register but that the integration of strategy, risk and resilience is a critical next step, if not already adopted. Reflecting on the risks that have materialised over the past five years, many things have to be done differently. The first is ethical leadership, accompanied by pervasive and persistent accountability and consequence management. A very critical paradigm shift required by leadership is that risk responses that were effective in the past are not guaranteed to address the risks and opportunities of the future,” says Palm. Thriving in a dynamic environment Palm concludes by saying there are three key requirements for companies to do more of the good, less of the bad and grow resilience to thrive in an ever-changing landscape. “Firstly, everyone needs to start talking about strategy, risk and resilience. Secondly, we need to clearly understand who our stakeholders are, the rules they play by, and the context in which this will happen. Lastly, organisations will need more agility and robustness in their governance processes.” ENDS MEDIA CONTACT: Rosa-Mari, 060 995 6277, rosa-mari@thatpoint.co.za, www.atthatpoint.co.za For more information on IRMSA please visit: Website: https://www.irmsa.org.za/ Twitter: https://twitter.com/IRMSAInsight Facebook: https://www.facebook.com/IRMSAInsight/?ref=hl LinkedIn: https://www.linkedin.com/company/irmsa-institute-of-risk-management-sa/  Do either the 2019 Integrated Resource Plan (IRP), gazetted on 18 October, or the Eskom turnaround plan, recently revealed by Public Enterprises Minister Pravin Gordhan, reduce the risk to the country’s power supply?
According to Paul Nel, Presenter at the IRMSA Western Cape, Risk Management Summit, both documents may be overly ambitious while providing little indication of how they will practically achieve their lofty goals. Nel, a power industry veteran who, during his 18 years at Eskom, was responsible for all capital and large maintenance projects including all refurbishment and rehabilitation projects of nine power stations, understands the difficulties involved “However, the right things are now being said and the right decisions are being made, and that is a good sign for the country,” he says. IRP 2019 Many expectations hinged on the arrival of this gateway document, as government had put any plans to expand its renewable energy strategy on hold until its release. Nel says that the Western Cape needs strong base load generation and that the policy to extend the life of Koeberg Nuclear Power Station by 20 years is the obvious option. Apart from this project, there’s little mention of new nuclear developments with the exception of passing comment to an additional 2500MW at some point in the future. In fact, the IRP is laden with mentions of renewable energy and, for the first time, lays out a time frame for decommissioning old fossil-fired power stations. “These points should comfort critics who accused government of pushing its own agenda in terms of nuclear generation and expensive new builds,” says Nel. “It shows they are responding to realistic concerns about affordability– that’s a very positive indicator.” Of concern to Nel is the unclear narrative around the “just transition” of a coal-based workforce to a renewable-based system: “Thermal generation is much more labour intensive than a renewables economy, and the IRP is not clear about how this transition will be accomplished. In the interest of hitting the IRP energy targets, government should have given clearer indications on when Round 5 of the Renewable Energy IPP program will be launched, instead the IRP suggests this may depend on some outcome of a ”just transition” process.” Eskom turnaround plan The eagerly anticipated turnaround plan for Eskom has arrived. Whether or not is represents a viable solution for the country’s troubled energy provider remains to be seen. Again, Nel is concerned with the relatively high initial target of 70% availability for Eskom’s generation plant indicated in this plan. To implement major corrective actions on specific units can take up to a year of planning and several months to implement. “Even if all the right decisions are made and funding is available now, it would still take up to five years to reach a sustainable higher availability target,” he says. As with the IRP, the turnaround plan is somewhat vague on specific actions. No quick fixes Nel’s advice to the average South African is not to expect major improvements overnight or even within the next two years. “With the IRP and turnaround issued, the first hurdles have been cleared, but a complete transformation of the country’s current energy woes is going to take a long time,” he concludes. ENDS Paul Nel from Aurecon, will be presenting on this topic at the 2019 Western Cape Risk Management Summit When: Tuesday, November 26, 2019 7:00 AM Where: Cape Town International Convention Centre (CTICC) Convention Square 1 Lower Long Street Cape Town To attend contact: Roxanne Moodley events@irmsa.org.za 0115551800 MEDIA CONTACT: Rosa-Mari, 060 995 6277, rosa-mari@thatpoint.co.za, www.atthatpoint.co.za For more information on IRMSA please visit: Website: https://www.irmsa.org.za/ Twitter: https://twitter.com/IRMSAInsight Facebook: https://www.facebook.com/IRMSAInsight/?ref=hl LinkedIn: https://www.linkedin.com/company/irmsa-institute-of-risk-management-sa/  Written by; Farhad Rahaman for The Institute of Risk Management South Africa (IRMSA)
In this modern-day, tech-savvy world, we would like to believe that we could never be fooled by a social engineering scam or phishing attempt! Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity via electronic communication. The reality is that it is easy to catch someone in this way. Here are some tips to look out for so that you do not become just another phishing statistic:
ENDS MEDIA CONTACT: Rosa-Mari, 060 995 6277, rosa-mari@thatpoint.co.za, www.atthatpoint.co.za For more information on IRMSA please visit: Website: https://www.irmsa.org.za/ Twitter: https://twitter.com/IRMSAInsight Facebook: https://www.facebook.com/IRMSAInsight/?ref=hl LinkedIn: https://www.linkedin.com/company/irmsa-institute-of-risk-management-sa/  Authored by: Lindiwe Magobholi, IRMSA Risk Intelligence Committee Member Conflict of interest has been topical in the recent history with debacle of “state capture” involving audit firms and the likes, and not forgetting landmarks events such as Steinhoff, Old Mutual (Moyo debacle) etc. raising questions on the effectiveness of the governance structures existing within Corporate and Public Sector. Are they even there? Do they have the knowledge/skills or even have the necessary authority to effect the necessary change or are they fit & proper? In the past year, Board and Sub-committee members have increased their level of awareness and scrutiny to management reports and the levels of assurance that can be drawn from it. Similarly, professional bodies such as SAICA, IIA etc. have come under scrutiny on whether; - they can actually “bite” when a member has acted in a questionable manner; - whether there is a process to be followed in these eventualities and; - has the process stood the test of time or; - has a proven record of adding value to the organisation over time. Many organisations have policies in place on conflict interest that will address one of the following issues: - that conflicts of interest must be disclosed at the earliest point of detection. Generally, they’ll be a register where all the necessary information is recorded, the nature and monetary value. - that the concerned individual should not be involved in the decision-making process concerning the conflict. The definition of conflict of interest relates to the existence of a conflict (clash) between private interests and official responsibilities of person in a position of trust including family members and in external organisations, businesses and practices. These policies have been placed under serious scrutiny on their adequacy in preventing/managing conflicts of interest. So, the issue in many instances including the fall of entities such as Enron, is that there’s existing relationship between the conflicted parties and it “waters-down” the policies in place. The culture of stakeholder management exists in business where events like Golf days etc. are held to strengthen business relationship. These often set a different tone to that of conflict of interest as they create a relation of trust amongst stakeholders which underpins many important decisions in the business. I’m of the opinion that the existence of conflicts of interest is the genesis of the problem. Prevention is always better than cure. Professional bodies likewise, have reviewed their code of conducts and reverted to members to sign on an annual basis. Understandably so, the reputational risk on them is immense because the question remains that “is a professional membership a carrot or stick (or both) relationship? Is the benefit of professional membership balanced with the behavioural requirements? the systemic risk cannot be ignored. These recent events as seen in media reports have raised the questions that we`ve never had to deal with before simply because there were no delinquents or even if they there were there, they were few-and- far in between or didn’t hold any reputational risk whatsoever. It is normal business practice that senior positions are mostly based on networking relationships formed in and outside of the business environment. Some can be traced as far back as Primary School and therefore run very deep. They also provide a comfortable level of trust, an important element in business dealings. At this level of management, the character of an individual outweighs their competencies. Where the conflict concerns a person in a position of power, then the assurance providers come under extreme pressure not forgetting the impact on their careers. This is where the lines of assurance, be it Audit or Risk are side-lined one way or the other. The COSO framework of 2017 stressed that not only do risk professionals need to review the implementation of strategies but should be involved in its formulation and evaluate its appropriateness in light of the vision & mission of the entity. It is very easy to get side-tracked by a brilliant strategy, but does it speak to the heart of the entity? And so the same principle should apply here i.e. the risk of conflicting interests should not only be acknowledged but fully dissected by the risk professionals, the implications and depth thereof. Only then can the appropriate response be formulated. Business relationships exists purely for that i.e. business and not for personal gain. And so, where a conflict arises, the introspection point for the decision makers is primarily, should that situation exist in the first place? Secondly, is the exclusion of the conflicted member in the decision-making process translate to fact that their referent power, influence, existing relationships becomes absent in the minds of the decision-makers? And thus, can we really argue that they do not influence the decision? What happens with the outcome of the decision and the impact on the existing relationship? ENDS MEDIA CONTACT: Rosa-Mari Le Roux, 060 995 6277, rosa-mari@thatpoint.co.za, www.atthatpoint.co.za For more information on IRMSA please visit: Website: https://www.irmsa.org.za/ Twitter: https://twitter.com/IRMSAInsight Facebook: https://www.facebook.com/IRMSAInsight/?ref=hl LinkedIn: https://www.linkedin.com/company/irmsa-institute-of-risk-management-sa/  The Institute of Risk Management South Africa (IRMSA) risk chat authored by: Nicky Downing
Cyber security is the process of protecting networks and devices from emerging risks and cyberattacks. The evolving nature of the digital landscape makes this potential threat critical to an organization, and information management has taken centre-stage as of late in terms of the potential risks associated with cyber security. A mature cybersecurity system has multiple layers of defence spread across the organisation, but many organisations fail to understand the serious compliance and risk management implications of cyber and information security. The ever-growing threat to the organisation that it poses in the pursuit of its overall business objectives and continuity cannot be understated, with an estimated 10 billion cybersecurity events (breached records) occurring in the last year. Cyber risk and compliance exposure, in the chaotic modern business world, is a complex mesh of vulnerabilities that crosses through different departments and functions within the business and its operations. The effect of a seemingly isolated information or cyber risk can soon become ubiquitous – causing trouble throughout all levels of the organisation. The Cost In the context of just GDPR, the momentum in increased fines culminated in the data protection authority of the United Kingdom announcing its intent to impose significant fines against two companies for violations of the EU GDPR. The ICO had decided to levy British Airways with a record £183.39 million (about R3.48 billion ZAR) fine for GDPR violations relating to a 2018 data breach. due to security failings, which exposed a half-million customers to data harvesting from a fraudulent site. The UK’s information commissioner topped off the breaking news by urging caution to organisations, warning that similar fines could be levied unless organisations better protect the personal information and data of customers. A day after the release of the fines levied against British Airways, it was released that Marriott International faces up to a $124 million fine (about R1.836 billion ZAR) for GDPR violations relating to a significant breach within its Starwood Hotels and Resorts subsidiary. The breach is said to have allegedly affected over 300 million customers and guests globally. Earlier this year, France’s CNIL (National Commission on Informatics and Liberty) announced a €50 million (about R956 million ZAR) fine levied against Google for failing to comply with the tough new privacy laws. Shortly after this had happened, a published report came out of Germany stating that authorities had levied 41 GDPR related fines to organizations who were not compliant as of this past January. These attacks, however, are not just left to the risk and compliance burdens of large corporations. According to an annual study calculating cybersecurity costs holistically, 43% of online attacks are now aimed at small businesses and only 14% are prepared to combat a cyber breach – highlighting the need for organisations of all sizes to make cybersecurity a top priority. The consequences for small businesses in the case of a cyber incident is estimated to cost on average $200,000.00, (nearly R3 million ZAR) threatening to potentially put 60% of small businesses out of business, or at least put the organisation in a financially dire situation. The Aftermath An effective cyber-breach can cause serious structural damage to your organisation. The affects can range from reputational damage hurting consumer trust in your organisation, to compliance and financial affects that have serious implications on your organisation’s bottom line. The impact of a cybersecurity breach can be split up into three categories: Financial. Cyber-attacks often result in substantial financial loss. Not only has corporate information likely been stolen (and possibly even financial information e.g. card and/or banking details), but the organisation will also generally incur costs associated with improving and repairing the affected networks and systems. Recent experience with new data privacy laws, such as GDPR, tells us that there is a serious financial cost to non-compliance within cybersecurity and data protection. Reputational. Trust is an essential element of building understanding within an organisation and its clientele. A cyber-breach can cause serious damage to your organisation’s reputation and erode the trust your customers have in you. This could, as a result, potentially lead to loss of customers, lower sales numbers, and, in turn, a reduction in profits. The possible effects can even have serious implications on any partners, investors, and third-parties with a vested interest in your organisation. Compliance. Data protection and privacy laws require you to manage the security of all personal data you hold - whether on your staff or your customers. If this data is accidentally or deliberately compromised, and you have failed to deploy appropriate security measures, you may face fines and regulatory sanctions. Compliance The challenges of personal data protection/privacy are growing as organisation’s not only have to respond to the EU GDPR, but also to California’s Consumer Protection Act (CCPA), New York Privacy Act (NYPA), South Africa’s Protection of Personal Information Act (POPIA), and more. Although your organisation might not be headquartered in the jurisdiction of any of these laws, companies with a local operational presence in the EU or with an offering that is being directed to the EU, are subject to the GDPR’s territorial or extraterritorial reach. Consequently, such companies must work on complying with GDPR requirements. These companies have been required to comply with global data protection policies which have been adopted by their global management, effectively requiring them to comply with many material aspects of GDPR. It is becoming increasingly clear that this growing list of data protection and information management legislation presents a massive risk and compliance obstacle for organisations. Closing Thoughts Organisations cannot rely on only managing and continuously monitoring cybersecurity. Unless this monitoring and management is part of an integrated strategy that approaches information security, risk and compliance from a holistic lens, the organisation’s actions won’t be truly effective and fall short of meeting international standards. The full scale of vulnerabilities and requirements that weigh down information and cybersecurity must be addressed in a standardised and well-established information management and cyber security architecture. ENDS MEDIA CONTACT: Rosa-Mari, 060 995 6277, rosa-mari@thatpoint.co.za, www.atthatpoint.co.za For more information on IRMSA please visit: Website: https://www.irmsa.org.za/ Twitter: https://twitter.com/IRMSAInsight Facebook: https://www.facebook.com/IRMSAInsight/?ref=hl LinkedIn: https://www.linkedin.com/company/irmsa-institute-of-risk-management-sa/  Authored by: Volker von Widdern, The Institute of Risk Management South Africa (IRMSA) Risk Intelligence Committee Member
It is possible that the increasing prevalence of diabetes in South Africa may become an even greater challenge than the HIV epidemic. The development of anti-retro viral clinical responses to HIV have substantially reduced exposure to HIV, but it does not appear that similar clinical advances can be achieved in the next 10 years to mitigate the impacts of diabetes. Since human resources are usually the highest priority and cost factor in most organisations, the consequential impact of diabetes on the productivity and development or retention of intellectual property, will face significant risks. The increasing prevalence of diabetes in South Africa is unfortunately another outcome of the high levels of polarisation in our population. Eating patterns and increasing urbanisation are accelerating the prevalence of diabetes, and these social drivers are a reflection of our high levels of unemployment. Should employers invest in strategies that reduce employee exposure to diabetes? It can be argued that such investments have no reliable return because employees can easily move to other businesses. However, it is also true that well aligned and productive employees are by far the most differentiated source of company performance. What could the scenarios be if no investment is made in reducing the prevalence of diabetes? It is then likely that employee turnover will increase and there will be an artificial demand for employees that have less risk or exposure to diabetes. There are several research articles that demonstrate the sharp increase and high prevalence of diabetes in SA, and one example from which a short extract is shown below, is: The prevalence of type 2 diabetes in South Africa: a systematic review protocol Carmen Pheiffer, Victoria Pillay-van Wyk, Jané D Joubert, Naomi Levitt, Mweete D Nglazi, Debbie Bradshaw “The prevalence of diabetes is rapidly increasing in South Africa. In 2009, approximately 2 million (9%) people aged 30 years and older had diabetes, increasing almost twofold since 2000 when Bradshaw et al reported a prevalence of 5.5%. Several factors such as the ageing population, economic transition and urbanisation associated with nutrition transition and obesity have contributed to the increased diabetes prevalence. In 2000, it was estimated that 87% of diabetes cases in South Africa were attributed to excess body weight. This is concerning since in 2013 ~38% of men and ~69% of women in South Africa were considered overweight or obese. In 2015, the global burden of disease study estimated that high body mass index and hyperglycaemia, ranked as the second and third leading risk factors, respectively, after unsafe sex, for early death and disability in South Africa. Diabetes, due to its association with several microvascular and macrovascular complications, places a significant burden on the South African health system. In 2009, it was estimated that diabetes caused about 8000 new cases of blindness and 2000 new cases of amputations annually. A national burden of disease study in 2000 reported that diabetes accounted for approximately 14% of cases of ischaemic heart disease, 10% of stroke, 12% of hypertensive disease and 12% of renal disease. Furthermore, the indirect costs of diabetes are high. Diabetes in Africa affect mainly working-aged people between 40 and 60 years of age placing an added burden on the economy due to work absenteeism and decreased productivity. South Africa is battling a quadruple burden of disease due to high rates of infectious diseases, non-communicable disease, maternal and child mortality, and injury-related disorders, thus have limited resources to meet the increased health and economic costs of diabetes.” ENDS MEDIA CONTACT: Rosa-Mari, 060 995 6277, rosa-mari@thatpoint.co.za, www.atthatpoint.co.za For more information on IRMSA please visit: Website: https://www.irmsa.org.za/ Twitter: https://twitter.com/IRMSAInsight Facebook: https://www.facebook.com/IRMSAInsight/?ref=hl LinkedIn: https://www.linkedin.com/company/irmsa-institute-of-risk-management-sa/  Authored by: Sidney Mongala, CRM Prac Member at The Institute of Risk Management South Africa (IRMSA)
The way we do business today is 1000 times advanced than it was done in the last millennium, 100 times advanced than was done in the last century and 10 times advanced than was done in the last decade.This is an indication of how rapid life changes. The more our lives are advancing, the more the need for advanced ways of doing things, the more complex the risk environment evolves. This is therefore the driver of future business successes and determinant of future business traits and trends. As futurists and trend analysts project the future ahead, businesses should likewise be positioned for the advanced and sophisticated ways of doing business. Future Chief Risk Officers (CRO) should thus not be left behind but partner with businesses in crafting future fit business models and strategies. Thus competing with AI and Robotics in this 4IR era which might lead to diminishing credibility and relevance of human intervention and interface. The way we do business has changed such that we don’t use much physical money anymore to do business as we venture into this 4IR era. Cryptocurrencies are here to disrupt the old way of transacting and they are the future waves of doing business. Likewise CROs should continue evolving the way they are doing things and improving their competencies to feed the new waves of doing business and be able with reasonable certainty to advice businesses to be competitive and business savvy to capture the rapidly changing 4IR market share. With these advancements in the way business is done these days, surely I can safely say disappearing are the days of our lives wherein CROs:
Future CROs therefore need to position themselves to be business partners and advisers on business strategies, operations and decisions on the go; “Just In Time (JIT) Risk Management Advisory System and Processes”. The CROs of the future should therefore possess the following traits:
The future CROs should be engaged in every discussions, planning, decisions, projects, etc. for growth in business and/or service delivery. Future CROs should be future risk visionaries of businesses and be able to advice of the future fit business strategies, decisions and plans in the 4IR wave of doing business. Although future CROs are not expected to be “Drs Of All Problems and Mr/Ms/Mrs Know It All”, future CROs should be able to know where the business is going and be able to advice throughout the business journey. The future CROs should be the library of risks and opportunities required to build future proof strategies for successful, growing and service delivery savvy businesses. Like Artificial Intelligence (AI) and 4th Industrial Revolution, future CROs should:
This means that businesses should understand and put risk management as part and parcel of everything they do lest they fall on a double sharp-edged sword that cut the throats of big businesses such as Bearings Bank, Washington Mutual Bank, VBS Mutual Bank, WorldCom, Enron, Lehman Brothers, Arthur Andersen, etc. A lot of businesses that are not fine-tuning to the new wave of doing business will suffer the consequences of business intelligence risks such as AI and 4IR in the next ten to fifty years. These include mostly the labour intensive businesses, ICT businesses that have heavily invested in old ICT Infrastructure, Financial Institutions that are in denial of the arrival of the cryptocurrencies and other disruptive technologies, and so forth. Likewise, to have future CROs that are equivalent to the old technology and are stuck in the old and safe way of doing business will not survive the use of rapidly evolving and competitive 4IR era of Robotics, AI, Big Data, IoT, etc. This will be like running a financial institution wherein people queue for cash withdrawals and deposits in this era of EFTs, Banking Apps, Smart Banking, Cradles Transacting, cryptocurrency, virtual banking, etc. These kinds of future CROs will fall with their business ideas and may find it very difficult to fit anywhere in the future wave of doing business. Another key question to be answered is “how prepared and advanced will our education system be to ensure that future CROs are relevant and fit into the rapidly changing business environment”. How will the bridge between our education system and the future wave of doing business be closed in order to supply the business world with the bright minds for future fit CROs. How prepared and adaptable is the education system to fit the future way of doing business and thus bridging the gap between the demand and the supply for future fit CROs, risk managers and assurance providers. Let me leave you by saying “If we don’t take care of the future, the future will take care of us and we will suffer the consequences”. ENDS MEDIA CONTACT: Rosa-Mari, 060 995 6277, rosa-mari@thatpoint.co.za, www.atthatpoint.co.za For more information on IRMSA please visit: Website: https://www.irmsa.org.za/ Twitter: https://twitter.com/IRMSAInsight Facebook: https://www.facebook.com/IRMSAInsight/?ref=hl LinkedIn: https://www.linkedin.com/company/irmsa-institute-of-risk-management-sa/  Authored by: Andrew Pike, Fellow of the Institute of Risk Management South Africa (IRMSA)
In August 1991, excited holiday-makers boarded the Oceanos, a Greek-owned passenger vessel, at East London for the trip of a lifetime. Despite a raging storm, the Captain ordered the ship to set sail for Durban. Hurricane force winds and giant rogue waves battered the ship. About 4 hours after she had set sail and when she was a couple of miles off a remote stretch of the Transkei coast, the auxiliary engine room was breached and the ship started taking huge volumes of water. Panicking senior crew members scrambled into lifeboats, leaving the ship’s evacuation to on-board entertainers and crew staff. Women and children clambered aboard life boats which were then launched into the monstrous seas, but eventually all operational or launch-able life boats had been used and 221 passengers were left stranded aboard the sinking ship. The South African Air Force, in cooperation with the Navy, then launched its biggest rescue operation in history to airlift passengers off the stricken vessel, battling 70 knot winds and waves in excess of 20 meters. Passengers who had been evacuated in life boats were eventually all picked up by merchant ships and fishing vessels in the area. The airlifted passengers were removed from the ship and taken to a local hotel about 2 to 3 miles away from the ship. During the helicopter airlift, the Captain of the ship also deserted all of the passengers and remaining crew, thus leaving the ship completely in the hands of civilians and junior crew members. Eventually, about an hour before the ship sank and 17 hours after the drama started, all passengers had been safely evacuated. It was against all odds that no one perished in the disaster. Stories abound of heroism, cowardice, commitment and the emergency response of all involved. However, the reality is that the Department of Transport itself had never planned for a disaster on this scale and certainly no one in South Africa had ever given any thought to the possibility of a passenger ship sinking. This was the materialization of a risk on such a grand scale in maritime terms that it was never in any one’s contemplation and, had risk management been the art form then that it is nowadays, a sinking passenger liner would probably not have been on any one’s risk register. And yet, despite mountainous seas, a cowardly crew, a shortage of life boats and everything else, South Africa pulled together and effected what was arguably the most successful maritime rescue in history. Nowadays, with a keener sense of risk identification, most major organizations have some level of preparation in respect of most risks. But what do we do about the risks which were just never seen coming? Given the current accelerated pace of technological growth, climate change, uncertain financial markets and the like, it seems inevitable that at some stage most organizations are going to be faced with a risk they hadn’t thought about. For me, the common thread running through the Oceanos rescue was a combination of the following factors which made the rescue the success that it was: People and skills:
In conclusion, whilst Risk Registers and Risk Identification are becoming more sophisticated, it is likely that, as things change, organizations will not be able to anticipate and prepare for every risk. However, if the basics and essentials are in place, what organizations will do is build sufficient resilience to address the disasters which may befall them. ENDS MEDIA CONTACT: Rosa-Mari, 060 995 6277, rosa-mari@thatpoint.co.za, www.atthatpoint.co.za For more information on IRMSA please visit: Website: https://www.irmsa.org.za/ Twitter: https://twitter.com/IRMSAInsight Facebook: https://www.facebook.com/IRMSAInsight/?ref=hl LinkedIn: https://www.linkedin.com/company/irmsa-institute-of-risk-management-sa/  Authored by: Christopher Palm, Chief Risk Advisor, Institute of Risk Management South Africa
The top risk in South Africa is structurally high unemployment; followed by growing income disparity and inequality, according to the 2019 IRMSA Risk Report. Stats SA says unemployment in the first quarter of 2019 increased by 0,5 of a percentage point, bringing the rate to 27,6%. The burden of unemployment is concentrated amongst the youth between the age of 15 and 34 years. Almost 4 in every 10 young people in the labour force do not have a job. The IRMSA report creates awareness of the risks facing the achievement of the South African country and industry objectives. More than 85 experts in their fields provided opinions and profound insights for each of the top ten risks facing the country and industry. In the IRMSA report VoxCroft Analytics specifically expressed concern that the growing disillusionment among the youth of South Africa could lead to a youth-driven protest movement, on a much larger scale than the student protest movement. Such a movement, if led and supported by other population groups in the country, would hold a particular challenge for the general political stability of the country. Nerine Kahn, CEO at Employment Relations Exchange, says unemployment is possibly the highest risk to the achievement of any or all of the National Development Plan’s (NDP) objectives. The NDP goals are targeted towards developing certain aspects of the economy, but require very significant skills and education levels. IRMSA recognises the NDP as the legitimate summation of the joint goals of government and private sector; to work towards a shared and prosperous future for the country and its people. Graeme Codrington, founding director of strategic insights firm, TomorrowToday, says South Africa is seemingly just limping along with not much changing, and yet, under the surface some significant shifts are taking place. The impact of fraud and corruption and State failure has shifted down the risk-list. It is now in the fourth place. In 2017 it was top of the list, and last year it was the second biggest risk facing the country. This reflects the ending of the Zuma-era; a decade that will be blight on the nation for some time to come. Last year saw the beginnings of a collective resolve to reverse the damage. Difficult decisions were made, such as raising the VAT rate with one percentage points, replacing the boards of key State-Owned Enterprises, dropping the nuclear deal and tackling the land issue. South Africa has a robust economy and currency (relative, at least, to our peer group which include countries such as Turkey, Argentina, Thailand, Indonesia, Mexico, Egypt and Nigeria). It has a stronger government than we have had for years. We are not where we want to be, but we are a long way ahead of where we once were. The first few years of the 2020s will see a more resolute approach to solving the land issue. We have no future as a country if a vast majority of its citizens remain locked in endemic poverty and landlessness. The ANC has pledged to deal with the land issue lawfully, carefully and without damaging the country’s economy. Small groups, with their own particular agendas, are using fear-mongering tactics along with “sophisticated psychological techniques” and the manipulation of social media, to sow seeds of fear, discord and enmity between ordinary South Africans. Business and individuals must get involved in solving the major issues that currently lock people out of their futures, especially education, employment and healthcare. Trevor Channing, head of governance and risk at the Chemical Industries Education and Training Authority (CHIETA), is of the view that South Africa’s second biggest risk - growing income disparity and inequality - will threaten the majority of the six priorities in the NDP. It will have a direct impact on our social cohesion, strengthening our democracy, citizenry and functioning as a capable and developmental state. The country now needs ethical political leadership for sustainable foreign investments, and an end to wasteful expenditure for resources to be applied in ways that will stimulate economic growth. The country needs all sectors of society to create a united front against the national issues that are holding us back. South Africa top 10 overall risks
ENDS MEDIA CONTACT: Rosa-Mari, 060 995 6277, rosa-mari@thatpoint.co.za, www.atthatpoint.co.za For more information on IRMSA please visit: Website: https://www.irmsa.org.za/ Twitter: https://twitter.com/IRMSAInsight Facebook: https://www.facebook.com/IRMSAInsight/?ref=hl LinkedIn: https://www.linkedin.com/company/irmsa-institute-of-risk-management-sa/ |
Welcome to the IRMSA Newsroom
Archives
January 2020
Categories |
RSS Feed