At That Point
  • home
  • our story
  • our services
  • your resources
  • SA Industry News

Does the IRP 2019 or Eskom plan reduce SA power risks?

21/11/2019

0 Comments

 
Picture
Do either the 2019 Integrated Resource Plan (IRP), gazetted on 18 October, or the Eskom turnaround plan, recently revealed by Public Enterprises Minister Pravin Gordhan, reduce the risk to the country’s power supply?

According to Paul Nel, Presenter at the IRMSA Western Cape, Risk Management Summit, both documents may be overly ambitious while providing little indication of how they will practically achieve their lofty goals.

Nel, a power industry veteran who, during his 18 years at Eskom, was responsible for all capital and large maintenance projects including all refurbishment and rehabilitation projects of nine power stations, understands the difficulties involved

“However, the right things are now being said and the right decisions are being made, and that is a good sign for the country,” he says.

IRP 2019
Many expectations hinged on the arrival of this gateway document, as government had put any plans to expand its renewable energy strategy on hold until its release.

Nel says that the Western Cape needs strong base load generation and that the policy to extend the life of Koeberg Nuclear Power Station by 20 years is the obvious option.

Apart from this project, there’s little mention of new nuclear developments with the exception of passing comment to an additional 2500MW at some point in the future.

In fact, the IRP is laden with mentions of renewable energy and, for the first time, lays out a time frame for decommissioning old fossil-fired power stations.

“These points should comfort critics who accused government of pushing its own agenda in terms of nuclear generation and expensive new builds,” says Nel.

“It shows they are responding to realistic concerns about affordability– that’s a very positive indicator.”

Of concern to Nel is the unclear narrative around the “just transition” of a coal-based workforce to a renewable-based system:

“Thermal generation is much more labour intensive than a renewables economy, and the IRP is not clear about how this transition will be accomplished.  In the interest of hitting the IRP energy targets, government should have  given clearer indications on when Round 5 of the Renewable Energy IPP program will be launched, instead the IRP suggests this may depend on some outcome of a ”just transition” process.”

Eskom turnaround plan
The eagerly anticipated turnaround plan for Eskom has arrived. Whether or not is represents a viable solution for the country’s troubled energy provider remains to be seen.

Again, Nel is concerned with the relatively high initial target of 70% availability for Eskom’s generation plant  indicated in this plan. To implement major corrective actions on specific units can take up to a year of planning and several months to implement.

“Even if all the right decisions are made and funding is available now, it would still take up to five years to reach a sustainable higher availability target,” he says. As with the IRP, the turnaround plan is somewhat vague on specific actions.

No quick fixes
Nel’s advice to the average South African is not to expect major improvements overnight or even within the next two years.

“With the IRP and turnaround issued, the first hurdles have been cleared, but a complete transformation of the country’s current energy woes is going to take a long time,” he concludes.

ENDS

Paul Nel from Aurecon, will be presenting on this topic at the 2019 Western Cape Risk Management Summit
When: Tuesday, November 26, 2019
7:00 AM

Where: Cape Town International Convention Centre (CTICC)
Convention Square
1 Lower Long Street
Cape Town

To attend contact: Roxanne Moodley
[email protected]
0115551800

MEDIA CONTACT: Rosa-Mari, 060 995 6277, [email protected], www.atthatpoint.co.za 

For more information on IRMSA please visit:
Website: https://www.irmsa.org.za/
Twitter: https://twitter.com/IRMSAInsight
Facebook: https://www.facebook.com/IRMSAInsight/?ref=hl
LinkedIn: https://www.linkedin.com/company/irmsa-institute-of-risk-management-sa/
​
0 Comments

Tips on  how to identify a phishing email

19/11/2019

0 Comments

 
Picture
Written by; Farhad Rahaman for The Institute of Risk Management South Africa (IRMSA)

In this modern-day, tech-savvy world, we would like to believe that we could never be fooled by a social engineering scam or phishing attempt!

Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity via electronic communication.

​The reality is that it is easy to catch someone in this way.

Here are some tips to look out for so that you do not become just another phishing statistic:
  •  Do not trust the display name. A favourite phishing tactic is to spoof (imitate) the display name of an email to give it an air of legitimacy. If you click on the name, you will notice that the address differs from the display.
  • Look but do not click. Hover your mouse over any links embedded in the body of the email. If something seems even remotely strange, do not click on it.
  • Check for spelling mistakes. Brands usually do not make careless mistakes. This is an easy tell. Cybercriminals also do this purposefully to target less observant users.
  • Analyse the salutation. Watch out. Legitimate businesses usually use a personal salutation with your first and last name rather than a vague salutation.
  • Beware of urgent, threatening language. This is a common strategy to create a sense of panic, or to entice you to use poor judgement.
  • Review the signature. If you cannot find the sender’s details, or information on how to contact the company, this is probably a phish. Legitimate businesses always provide contact details.
  • Do not click on attachments or links. Including malicious attachments that contain viruses and malware is a common phishing tactic used to damage files on your computer, steal passwords or to spy on you without your knowledge. Do not open any email attachments that you were not expecting.
  • Do not ever give out your personal information. Legitimate banks (in fact most companies) will never ask for personal credentials via email.
  • Consider whether you have a relationship with the company that has sent the email. If you receive a message from a company that you do not deal with, assume that this is a phishing scam and ignore it!
  • Do not believe everything you see. Phishers are good at what they do. An email may look convincing and even display the company logo, but this does not mean it is legitimate. Be sceptical! If a message makes you feel even slightly unsettled, do not open it.
  • Look out for the secured lock icon in the browser indicating a secure site
Some last thoughts:
  • What are you as a company doing to make your staff “phishing savvy”?
  • Do you have a method where staff can report potential phishing emails?
  • Does your IT team block these phishing emails?
  • Is your business testing the knowledge of staff around phishing scam, if so, how, what metrices do you have that will provide and substantiate the exposure level?
  • Do you have an appointed data officer and a response plan to reduce the impact of a successful phishing attack?

ENDS

MEDIA CONTACT: Rosa-Mari, 060 995 6277, [email protected], www.atthatpoint.co.za 

For more information on IRMSA please visit:
Website: https://www.irmsa.org.za/
Twitter: https://twitter.com/IRMSAInsight
Facebook: https://www.facebook.com/IRMSAInsight/?ref=hl
LinkedIn: https://www.linkedin.com/company/irmsa-institute-of-risk-management-sa/ 
0 Comments

Is it conflict of interest or relationships?

12/11/2019

0 Comments

 
Picture

Authored by: Lindiwe Magobholi, IRMSA Risk Intelligence Committee Member


Conflict of interest has been topical in the recent history with debacle of “state capture” involving audit firms and the likes, and not forgetting landmarks events such as Steinhoff, Old Mutual (Moyo debacle) etc.  raising questions on the effectiveness of the governance structures existing within Corporate and Public Sector.

Are they even there? Do they have the knowledge/skills or even have the necessary authority to effect the necessary change or are they fit & proper? 

In the past year, Board and Sub-committee members have increased their level of awareness and scrutiny to management reports and the levels of assurance that can be drawn from it.

Similarly, professional bodies such as SAICA, IIA etc. have come under scrutiny on whether;
-          they can actually “bite” when a member has acted in a questionable manner;
-          whether there is a process to be followed in these eventualities and;
-          has the process stood the test of time or;
-          has a proven record of adding value to the organisation over time. 
​
Many organisations have policies in place on conflict interest that will address one of the following issues:
-          that conflicts of interest must be disclosed at the earliest point of detection.

​Generally, they’ll be a register where all the necessary information is recorded, the nature and monetary value.
-          that the concerned individual should not be involved in the decision-making process concerning the conflict. 

The definition of conflict of interest relates to the existence of a conflict (clash) between private interests and official responsibilities of person in a position of trust including family members and in external organisations, businesses and practices.  

These policies have been placed under serious scrutiny on their adequacy in preventing/managing conflicts of interest. 

So, the issue in many instances including the fall of entities such as Enron, is that there’s existing relationship between the conflicted parties and it “waters-down” the policies in place.

The culture of stakeholder management exists in business where events like Golf days etc. are held to strengthen business relationship.

These often set a different tone to that of conflict of interest as they create a relation of trust amongst stakeholders which underpins many important decisions in the business.

I’m of the opinion that the existence of conflicts of interest is the genesis of the problem. Prevention is always better than cure.

Professional bodies likewise, have reviewed their code of conducts and reverted to members to sign on an annual basis.

Understandably so, the reputational risk on them is immense because the question remains that “is a professional membership a carrot or stick (or both) relationship?

Is the benefit of professional membership balanced with the behavioural requirements? the systemic risk cannot be ignored.

These recent events as seen in media reports have raised the questions that we`ve never had to deal with before simply because there were no delinquents or even if they there were there, they were few-and- far in between or didn’t hold any reputational risk whatsoever.

It is normal business practice that senior positions are mostly based on networking relationships formed in and outside of the business environment.

Some can be traced as far back as Primary School and therefore run very deep.

They also provide a comfortable level of trust, an important element in business dealings.

At this level of management, the character of an individual outweighs their competencies.

Where the conflict concerns a person in a position of power, then the assurance providers come under extreme pressure not forgetting the impact on their careers.

This is where the lines of assurance, be it Audit or Risk are side-lined one way or the other. 

The COSO framework of 2017 stressed that not only do risk professionals need to review the implementation of strategies but should be involved in its formulation and evaluate its appropriateness in light of the vision & mission of the entity.

It is very easy to get side-tracked by a brilliant strategy, but does it speak to the heart of the entity?

And so the same principle should apply here i.e. the risk of conflicting interests should not only be acknowledged but fully dissected by the risk professionals, the implications and depth thereof.

Only then can the appropriate response be formulated. Business relationships exists purely for that i.e. business and not for personal gain.

And so, where a conflict arises, the introspection point for the decision makers is primarily, should that situation exist in the first place?

Secondly, is the exclusion of the conflicted member in the decision-making process translate to fact that their referent power, influence, existing relationships becomes absent in the minds of the decision-makers?

And thus, can we really argue that they do not influence the decision? What happens with the outcome of the decision and the impact on the existing relationship?

ENDS

MEDIA CONTACT: Rosa-Mari Le Roux, 060 995 6277, [email protected], www.atthatpoint.co.za

For more information on IRMSA please visit:
Website: https://www.irmsa.org.za/
Twitter: https://twitter.com/IRMSAInsight
Facebook: https://www.facebook.com/IRMSAInsight/?ref=hl
LinkedIn: https://www.linkedin.com/company/irmsa-institute-of-risk-management-sa/
​
0 Comments

Cyber Security Risks

4/11/2019

0 Comments

 
Picture
The Institute of Risk Management South Africa (IRMSA) risk chat authored by: Nicky Downing

Cyber security is the process of protecting networks and devices from emerging risks and cyberattacks.
​
The evolving nature of the digital landscape makes this potential threat critical to an organization, and information management has taken centre-stage as of late in terms of the potential risks associated with cyber security.

A mature cybersecurity system has multiple layers of defence spread across the organisation, but many organisations fail to understand the serious compliance and risk management implications of cyber and information security.

The ever-growing threat to the organisation that it poses in the pursuit of its overall business objectives and continuity cannot be understated, with an estimated 10 billion cybersecurity events (breached records) occurring in the last year. 

Cyber risk and compliance exposure, in the chaotic modern business world, is a complex mesh of vulnerabilities that crosses through different departments and functions within the business and its operations.

The effect of a seemingly isolated information or cyber risk can soon become ubiquitous – causing trouble throughout all levels of the organisation.

The Cost
In the context of just GDPR, the momentum in increased fines culminated in the data protection authority of the United Kingdom announcing its intent to impose significant fines against two companies for violations of the EU GDPR.

The ICO had decided to levy British Airways with a record £183.39 million (about R3.48 billion ZAR) fine for GDPR violations relating to a 2018 data breach. due to security failings, which exposed a half-million customers to data harvesting from a fraudulent site.

The UK’s information commissioner topped off the breaking news by urging caution to organisations, warning that similar fines could be levied unless organisations better protect the personal information and data of customers.

A day after the release of the fines levied against British Airways, it was released that Marriott International faces up to a $124 million fine (about R1.836 billion ZAR) for GDPR violations relating to a significant breach within its Starwood Hotels and Resorts subsidiary.

The breach is said to have allegedly affected over 300 million customers and guests globally.

Earlier this year, France’s CNIL (National Commission on Informatics and Liberty) announced a €50 million (about R956 million ZAR) fine levied against Google for failing to comply with the tough new privacy laws.

Shortly after this had happened, a published report came out of Germany stating that authorities had levied 41 GDPR related fines to organizations who were not compliant as of this past January.

These attacks, however, are not just left to the risk and compliance burdens of large corporations.

According to an annual study calculating cybersecurity costs holistically, 43% of online attacks are now aimed at small businesses and only 14% are prepared to combat a cyber breach – highlighting the need for organisations of all sizes to make cybersecurity a top priority.

The consequences for small businesses in the case of a cyber incident is estimated to cost on average $200,000.00, (nearly R3 million ZAR) threatening to potentially put 60% of small businesses out of business, or at least put the organisation in a financially dire situation.

The Aftermath
An effective cyber-breach can cause serious structural damage to your organisation.

The affects can range from reputational damage hurting consumer trust in your organisation, to compliance and financial affects that have serious implications on your organisation’s bottom line.

The impact of a cybersecurity breach can be split up into three categories:

Financial. Cyber-attacks often result in substantial financial loss.
Not only has corporate information likely been stolen (and possibly even financial information e.g. card and/or banking details), but the organisation will also generally incur costs associated with improving and repairing the affected networks and systems.

Recent experience with new data privacy laws, such as GDPR, tells us that there is a serious financial cost to non-compliance within cybersecurity and data protection.

Reputational. Trust is an essential element of building understanding within an organisation and its clientele. A cyber-breach can cause serious damage to your organisation’s reputation and erode the trust your customers have in you.

This could, as a result, potentially lead to loss of customers, lower sales numbers, and, in turn, a reduction in profits. The possible effects can even have serious implications on any partners, investors, and third-parties with a vested interest in your organisation.

Compliance. Data protection and privacy laws require you to manage the security of all personal data you hold - whether on your staff or your customers. If this data is accidentally or deliberately compromised, and you have failed to deploy appropriate security measures, you may face fines and regulatory sanctions.

Compliance
The challenges of personal data protection/privacy are growing as organisation’s not only have to respond to the EU GDPR, but also to California’s Consumer Protection Act (CCPA), New York Privacy Act (NYPA), South Africa’s Protection of Personal Information Act (POPIA), and more.

Although your organisation might not be headquartered in the jurisdiction of any of these laws, companies with a local operational presence in the EU or with an offering that is being directed to the EU, are subject to the GDPR’s territorial or extraterritorial reach.

Consequently, such companies must work on complying with GDPR requirements.

These companies have been required to comply with global data protection policies which have been adopted by their global management, effectively requiring them to comply with many material aspects of GDPR.

It is becoming increasingly clear that this growing list of data protection and information management legislation presents a massive risk and compliance obstacle for organisations.

Closing Thoughts
Organisations cannot rely on only managing and continuously monitoring cybersecurity.
Unless this monitoring and management is part of an integrated strategy that approaches information security, risk and compliance from a holistic lens, the organisation’s actions won’t be truly effective and fall short of meeting international standards.

The full scale of vulnerabilities and requirements that weigh down information and cybersecurity must be addressed in a standardised and well-established information management and cyber security architecture.

ENDS

MEDIA CONTACT: Rosa-Mari, 060 995 6277, [email protected], www.atthatpoint.co.za 
For more information on IRMSA please visit:
Website: https://www.irmsa.org.za/
Twitter: https://twitter.com/IRMSAInsight
Facebook: https://www.facebook.com/IRMSAInsight/?ref=hl
LinkedIn: https://www.linkedin.com/company/irmsa-institute-of-risk-management-sa/

​
0 Comments
    Welcome to the IRMSA Newsroom

    Archives

    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    November 2019
    October 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019

    Categories

    All
    Corona Virus
    COVID 19
    COVID-19
    Cyber Crime
    Food Scarcity
    Food Security
    Food Shortage
    Hunger
    IRMSA
    Risk Adjusted Strategy
    Risk Assessment
    Risk Manager
    Risk Report
    Second Wave
    South African Presidency
    Technology
    The Institute Of Risk Management South Africa
    Training
    World Food Day

    RSS Feed

CONTACT US

office [at] atthatpoint [dot] co [dot] za
© COPYRIGHT 2025
ALL RIGHTS RESERVED
  • home
  • our story
  • our services
  • your resources
  • SA Industry News