 Do either the 2019 Integrated Resource Plan (IRP), gazetted on 18 October, or the Eskom turnaround plan, recently revealed by Public Enterprises Minister Pravin Gordhan, reduce the risk to the country’s power supply?
According to Paul Nel, Presenter at the IRMSA Western Cape, Risk Management Summit, both documents may be overly ambitious while providing little indication of how they will practically achieve their lofty goals. Nel, a power industry veteran who, during his 18 years at Eskom, was responsible for all capital and large maintenance projects including all refurbishment and rehabilitation projects of nine power stations, understands the difficulties involved “However, the right things are now being said and the right decisions are being made, and that is a good sign for the country,” he says. IRP 2019 Many expectations hinged on the arrival of this gateway document, as government had put any plans to expand its renewable energy strategy on hold until its release. Nel says that the Western Cape needs strong base load generation and that the policy to extend the life of Koeberg Nuclear Power Station by 20 years is the obvious option. Apart from this project, there’s little mention of new nuclear developments with the exception of passing comment to an additional 2500MW at some point in the future. In fact, the IRP is laden with mentions of renewable energy and, for the first time, lays out a time frame for decommissioning old fossil-fired power stations. “These points should comfort critics who accused government of pushing its own agenda in terms of nuclear generation and expensive new builds,” says Nel. “It shows they are responding to realistic concerns about affordability– that’s a very positive indicator.” Of concern to Nel is the unclear narrative around the “just transition” of a coal-based workforce to a renewable-based system: “Thermal generation is much more labour intensive than a renewables economy, and the IRP is not clear about how this transition will be accomplished. In the interest of hitting the IRP energy targets, government should have given clearer indications on when Round 5 of the Renewable Energy IPP program will be launched, instead the IRP suggests this may depend on some outcome of a ”just transition” process.” Eskom turnaround plan The eagerly anticipated turnaround plan for Eskom has arrived. Whether or not is represents a viable solution for the country’s troubled energy provider remains to be seen. Again, Nel is concerned with the relatively high initial target of 70% availability for Eskom’s generation plant indicated in this plan. To implement major corrective actions on specific units can take up to a year of planning and several months to implement. “Even if all the right decisions are made and funding is available now, it would still take up to five years to reach a sustainable higher availability target,” he says. As with the IRP, the turnaround plan is somewhat vague on specific actions. No quick fixes Nel’s advice to the average South African is not to expect major improvements overnight or even within the next two years. “With the IRP and turnaround issued, the first hurdles have been cleared, but a complete transformation of the country’s current energy woes is going to take a long time,” he concludes. ENDS Paul Nel from Aurecon, will be presenting on this topic at the 2019 Western Cape Risk Management Summit When: Tuesday, November 26, 2019 7:00 AM Where: Cape Town International Convention Centre (CTICC) Convention Square 1 Lower Long Street Cape Town To attend contact: Roxanne Moodley events@irmsa.org.za 0115551800 MEDIA CONTACT: Rosa-Mari, 060 995 6277, rosa-mari@thatpoint.co.za, www.atthatpoint.co.za For more information on IRMSA please visit: Website: https://www.irmsa.org.za/ Twitter: https://twitter.com/IRMSAInsight Facebook: https://www.facebook.com/IRMSAInsight/?ref=hl LinkedIn: https://www.linkedin.com/company/irmsa-institute-of-risk-management-sa/
0 Comments
 Written by; Farhad Rahaman for The Institute of Risk Management South Africa (IRMSA)
In this modern-day, tech-savvy world, we would like to believe that we could never be fooled by a social engineering scam or phishing attempt! Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity via electronic communication. The reality is that it is easy to catch someone in this way. Here are some tips to look out for so that you do not become just another phishing statistic:
ENDS MEDIA CONTACT: Rosa-Mari, 060 995 6277, rosa-mari@thatpoint.co.za, www.atthatpoint.co.za For more information on IRMSA please visit: Website: https://www.irmsa.org.za/ Twitter: https://twitter.com/IRMSAInsight Facebook: https://www.facebook.com/IRMSAInsight/?ref=hl LinkedIn: https://www.linkedin.com/company/irmsa-institute-of-risk-management-sa/  Authored by: Lindiwe Magobholi, IRMSA Risk Intelligence Committee Member Conflict of interest has been topical in the recent history with debacle of “state capture” involving audit firms and the likes, and not forgetting landmarks events such as Steinhoff, Old Mutual (Moyo debacle) etc. raising questions on the effectiveness of the governance structures existing within Corporate and Public Sector. Are they even there? Do they have the knowledge/skills or even have the necessary authority to effect the necessary change or are they fit & proper? In the past year, Board and Sub-committee members have increased their level of awareness and scrutiny to management reports and the levels of assurance that can be drawn from it. Similarly, professional bodies such as SAICA, IIA etc. have come under scrutiny on whether; - they can actually “bite” when a member has acted in a questionable manner; - whether there is a process to be followed in these eventualities and; - has the process stood the test of time or; - has a proven record of adding value to the organisation over time. Many organisations have policies in place on conflict interest that will address one of the following issues: - that conflicts of interest must be disclosed at the earliest point of detection. Generally, they’ll be a register where all the necessary information is recorded, the nature and monetary value. - that the concerned individual should not be involved in the decision-making process concerning the conflict. The definition of conflict of interest relates to the existence of a conflict (clash) between private interests and official responsibilities of person in a position of trust including family members and in external organisations, businesses and practices. These policies have been placed under serious scrutiny on their adequacy in preventing/managing conflicts of interest. So, the issue in many instances including the fall of entities such as Enron, is that there’s existing relationship between the conflicted parties and it “waters-down” the policies in place. The culture of stakeholder management exists in business where events like Golf days etc. are held to strengthen business relationship. These often set a different tone to that of conflict of interest as they create a relation of trust amongst stakeholders which underpins many important decisions in the business. I’m of the opinion that the existence of conflicts of interest is the genesis of the problem. Prevention is always better than cure. Professional bodies likewise, have reviewed their code of conducts and reverted to members to sign on an annual basis. Understandably so, the reputational risk on them is immense because the question remains that “is a professional membership a carrot or stick (or both) relationship? Is the benefit of professional membership balanced with the behavioural requirements? the systemic risk cannot be ignored. These recent events as seen in media reports have raised the questions that we`ve never had to deal with before simply because there were no delinquents or even if they there were there, they were few-and- far in between or didn’t hold any reputational risk whatsoever. It is normal business practice that senior positions are mostly based on networking relationships formed in and outside of the business environment. Some can be traced as far back as Primary School and therefore run very deep. They also provide a comfortable level of trust, an important element in business dealings. At this level of management, the character of an individual outweighs their competencies. Where the conflict concerns a person in a position of power, then the assurance providers come under extreme pressure not forgetting the impact on their careers. This is where the lines of assurance, be it Audit or Risk are side-lined one way or the other. The COSO framework of 2017 stressed that not only do risk professionals need to review the implementation of strategies but should be involved in its formulation and evaluate its appropriateness in light of the vision & mission of the entity. It is very easy to get side-tracked by a brilliant strategy, but does it speak to the heart of the entity? And so the same principle should apply here i.e. the risk of conflicting interests should not only be acknowledged but fully dissected by the risk professionals, the implications and depth thereof. Only then can the appropriate response be formulated. Business relationships exists purely for that i.e. business and not for personal gain. And so, where a conflict arises, the introspection point for the decision makers is primarily, should that situation exist in the first place? Secondly, is the exclusion of the conflicted member in the decision-making process translate to fact that their referent power, influence, existing relationships becomes absent in the minds of the decision-makers? And thus, can we really argue that they do not influence the decision? What happens with the outcome of the decision and the impact on the existing relationship? ENDS MEDIA CONTACT: Rosa-Mari Le Roux, 060 995 6277, rosa-mari@thatpoint.co.za, www.atthatpoint.co.za For more information on IRMSA please visit: Website: https://www.irmsa.org.za/ Twitter: https://twitter.com/IRMSAInsight Facebook: https://www.facebook.com/IRMSAInsight/?ref=hl LinkedIn: https://www.linkedin.com/company/irmsa-institute-of-risk-management-sa/  The Institute of Risk Management South Africa (IRMSA) risk chat authored by: Nicky Downing
Cyber security is the process of protecting networks and devices from emerging risks and cyberattacks. The evolving nature of the digital landscape makes this potential threat critical to an organization, and information management has taken centre-stage as of late in terms of the potential risks associated with cyber security. A mature cybersecurity system has multiple layers of defence spread across the organisation, but many organisations fail to understand the serious compliance and risk management implications of cyber and information security. The ever-growing threat to the organisation that it poses in the pursuit of its overall business objectives and continuity cannot be understated, with an estimated 10 billion cybersecurity events (breached records) occurring in the last year. Cyber risk and compliance exposure, in the chaotic modern business world, is a complex mesh of vulnerabilities that crosses through different departments and functions within the business and its operations. The effect of a seemingly isolated information or cyber risk can soon become ubiquitous – causing trouble throughout all levels of the organisation. The Cost In the context of just GDPR, the momentum in increased fines culminated in the data protection authority of the United Kingdom announcing its intent to impose significant fines against two companies for violations of the EU GDPR. The ICO had decided to levy British Airways with a record £183.39 million (about R3.48 billion ZAR) fine for GDPR violations relating to a 2018 data breach. due to security failings, which exposed a half-million customers to data harvesting from a fraudulent site. The UK’s information commissioner topped off the breaking news by urging caution to organisations, warning that similar fines could be levied unless organisations better protect the personal information and data of customers. A day after the release of the fines levied against British Airways, it was released that Marriott International faces up to a $124 million fine (about R1.836 billion ZAR) for GDPR violations relating to a significant breach within its Starwood Hotels and Resorts subsidiary. The breach is said to have allegedly affected over 300 million customers and guests globally. Earlier this year, France’s CNIL (National Commission on Informatics and Liberty) announced a €50 million (about R956 million ZAR) fine levied against Google for failing to comply with the tough new privacy laws. Shortly after this had happened, a published report came out of Germany stating that authorities had levied 41 GDPR related fines to organizations who were not compliant as of this past January. These attacks, however, are not just left to the risk and compliance burdens of large corporations. According to an annual study calculating cybersecurity costs holistically, 43% of online attacks are now aimed at small businesses and only 14% are prepared to combat a cyber breach – highlighting the need for organisations of all sizes to make cybersecurity a top priority. The consequences for small businesses in the case of a cyber incident is estimated to cost on average $200,000.00, (nearly R3 million ZAR) threatening to potentially put 60% of small businesses out of business, or at least put the organisation in a financially dire situation. The Aftermath An effective cyber-breach can cause serious structural damage to your organisation. The affects can range from reputational damage hurting consumer trust in your organisation, to compliance and financial affects that have serious implications on your organisation’s bottom line. The impact of a cybersecurity breach can be split up into three categories: Financial. Cyber-attacks often result in substantial financial loss. Not only has corporate information likely been stolen (and possibly even financial information e.g. card and/or banking details), but the organisation will also generally incur costs associated with improving and repairing the affected networks and systems. Recent experience with new data privacy laws, such as GDPR, tells us that there is a serious financial cost to non-compliance within cybersecurity and data protection. Reputational. Trust is an essential element of building understanding within an organisation and its clientele. A cyber-breach can cause serious damage to your organisation’s reputation and erode the trust your customers have in you. This could, as a result, potentially lead to loss of customers, lower sales numbers, and, in turn, a reduction in profits. The possible effects can even have serious implications on any partners, investors, and third-parties with a vested interest in your organisation. Compliance. Data protection and privacy laws require you to manage the security of all personal data you hold - whether on your staff or your customers. If this data is accidentally or deliberately compromised, and you have failed to deploy appropriate security measures, you may face fines and regulatory sanctions. Compliance The challenges of personal data protection/privacy are growing as organisation’s not only have to respond to the EU GDPR, but also to California’s Consumer Protection Act (CCPA), New York Privacy Act (NYPA), South Africa’s Protection of Personal Information Act (POPIA), and more. Although your organisation might not be headquartered in the jurisdiction of any of these laws, companies with a local operational presence in the EU or with an offering that is being directed to the EU, are subject to the GDPR’s territorial or extraterritorial reach. Consequently, such companies must work on complying with GDPR requirements. These companies have been required to comply with global data protection policies which have been adopted by their global management, effectively requiring them to comply with many material aspects of GDPR. It is becoming increasingly clear that this growing list of data protection and information management legislation presents a massive risk and compliance obstacle for organisations. Closing Thoughts Organisations cannot rely on only managing and continuously monitoring cybersecurity. Unless this monitoring and management is part of an integrated strategy that approaches information security, risk and compliance from a holistic lens, the organisation’s actions won’t be truly effective and fall short of meeting international standards. The full scale of vulnerabilities and requirements that weigh down information and cybersecurity must be addressed in a standardised and well-established information management and cyber security architecture. ENDS MEDIA CONTACT: Rosa-Mari, 060 995 6277, rosa-mari@thatpoint.co.za, www.atthatpoint.co.za For more information on IRMSA please visit: Website: https://www.irmsa.org.za/ Twitter: https://twitter.com/IRMSAInsight Facebook: https://www.facebook.com/IRMSAInsight/?ref=hl LinkedIn: https://www.linkedin.com/company/irmsa-institute-of-risk-management-sa/ |
Welcome to the IRMSA Newsroom
Archives
November 2019
Categories |
RSS Feed