Get your risk management out of the boardroom

Get your risk management out of the boardroom

Analysing and controlling enterprise risk is one of the most important functions within organisations today. These risks cover such areas as competitive, compliance, economic, innovation, legal, operational, quality, reputation and strategy risks. Yet, in many instances many of these risks are managed only by the intuition of the process manager or management team.

While many are skilled enough to investigate and control most of these risks, the number of processes that fail to adequately meet expectations within tolerable risk limits serves as testament to the fact that the complexity of risk management is beyond the capabilities of the current, mostly manually-driven and disjointed, systems used within organisations today.

In large organisations, multi-disciplinary teams of experts may investigate and score risks using a standardised methodology, communicate regularly with relevant stakeholders and evaluate proposed solutions to issues against established criteria, only to see those processes also suffer from problems relating to awareness, accountability, ownership, follow-through, etc.

Problem statement

Many of the processes and tools used for evaluating and controlling risk in existence today only operate well at one particular phase of the risk management life cycle. Indeed, many organisations still use spreadsheets to create risk registers for the various departments and functions. These are then consolidated into one spreadsheet in order to form a holistic view of the risk landscape.

Whilst the process of risk identification and assessment is therefore easily digitised using spreadsheets, the ensuing phases of identifying and assessing controls and required control actions becomes a lot more time-consuming.

It becomes even more onerous for the risk management team to follow up with control owners and control action owners on a regular basis as to the status of implementation.

This manual approach leads to a great deal of inefficiency in the process and tends to undermine the accuracy and effectiveness of the risk management process overall; in fact, it could lead to the perception that risk management is merely an administrative burden that doesn’t really add much value to the organisation overall.

But what if things didn’t have to be that way?

What if the assessment and ongoing management of risk could be intrinsically woven into the daily workflow of employees?

What if employees had the ability to identify and report on risks as they are identified instead of waiting for an annual risk assessment workshop?

What if you could instantly see all the actions intended to mitigate risk, together with action owners and agreed implementation dates and manage these tasks from one, central location?

What if internal audit or the risk management team could quickly identify actions that have been completed as input to the review process without having to reach out to all control owners to confirm status in a time-consuming and manual process?

It's time to challenge the status quo

The deployment of an integrated solution that leverages the best of digital technologies presents organisations with the opportunity to not only more effectively manage enterprise risk but also to radically transform the risk culture and employee attitude toward risk management.

To get this right, the tools used for risk management must not only work throughout the entire risk management process, they must also prompt decision makers to select the correct option according to a pre-defined and standardised risk management framework that clearly sets out considerations for impact analysis and assessment of control effectiveness.

If a risk is somehow underestimated or overestimated by the person interpreting the analysis, the risk assessment and control process has not performed properly. The other problem is that even when control owners have identified required mitigating actions and assigned these to team members, those team members often lose sight of the required actions, leading to missed deadlines or, worse yet, continuing with implementing actions that might no longer be appropriate to mitigate the risk.

What is needed, is a system that successfully digitalises the entire risk management process, exposes necessary information to stakeholders and accountable people and drives transparent and effective communication at all times to all affected parties. All of this is to be achieved without affecting the productivity of employees or imposing onerous administration and reporting responsibility on stakeholders.

All this is possible .... today!

This situation is not so far-fetched as it once would have been.

The workflow, security and notifications mechanisms built into the core of the readyplatform architecture put almost all of the data required for this risk assessment and control system in a centrally accessible place.

Risk Manager on readyplatform presents a comprehensive, integrated risk management and control solution that enables risk managers to transform internal risk management practices and, indeed, the organisational risk culture as a whole, greatly improving the success of risk interventions. It presents a fresh approach to digitally driving the risk management process, involving all affected stakeholders at the appropriate time and reducing the administrative burden of capturing the outcomes of assessments and reporting to various committees.

Key features and benefits of Risk Manager include:

  • Data is input into one, central location using any browser-enabled device. Role players are able to record, update and view information on any device and at any time they choose without needing access to proprietary spreadsheets or other supporting software – or to have the latest copy emailed to them before they can start working. There is also no need to consolidate risk registers through copy-and-paste – a practice which usually leads to information becoming misaligned and out-of-date very quickly.
  • Easy of use. Any employee, anywhere in the organisation can quickly and easily record a risk using a simple to complete form, accessible on every screen in the webapp, that is configurable by your administrators.
  • Information is made available on an as-needed basis using the integrated user security framework. Staff see only the information they are supposed to. More importantly, they see everything that affects them either as a stakeholder, accountable party or responsible person driving greater accountability across the organisation by making the risk management process more transparent.
  • One-click reporting. All the information needed to present reports to stakeholders is available through an intuitive reporting dashboard without the need to prepare lengthy reports or graphs into reporting packs. Presenting data in the live system also presents the benefit that the most up-to-date information is always displayed reassuring stakeholders that they can rely on the information presented as been correct.
  • Work flowing of notifications makes sure that stakeholders are kept informed as to their responsibilities. For example, when control actions fall due, the system will send a reminder if the actions are still outstanding.
  • Intuitive interface. When users log in, they are presented with their personal dashboard that shows them the control actions they are responsible for. Easy access to reports lets them keep track of the risks, controls and control actions for which they are responsible.
  • Highly configurable. Administrators an configure all the options presented to users, including guidance, colour schemes, routing rules, etc.

Check out Risk Manager today and take the first step toward a more creative and intuitive approach to risk management!

How effective is your general declarations process?

How effective is your general declarations process?

Declaration of personal interest is key area that requires careful attention within organisations. Indeed, the general declaration of personal financial interests’ provision stipulated in s75(4) of the Companies Act 71 of 2008, as amended (“the Companies Act”), reads:

At any time, a director may disclose any personal financial interest in advance, by delivering to the board, or shareholders in the case of a company contemplated in subsection (3), a notice in writing setting out the nature and extent of that interest, to be used generally for the purposes of this section until changed or withdrawn by further written notice from that director.

Similarly, Part 5.3, Principle 7, Practice 25 of the King IV Report on Corporate Governance™ for South Africa 2016 (“King IV™”) recommends that:

Subject to legal provisions, each member of the governing body should submit to the governing body a declaration of all financial, economic and other interests held by the member and related parties at least annually or whenever there are significant changes.

The recommendation to make a general disclosure of relevant interests as alluded to above is in addition to the recommendation for a specific declaration to be made at the beginning of each meeting of the governing body or its committees of any conflict of interest that a member of the governing body may have in respect of a matter on the agenda.

Conflicts of Interest

Conflicts of interest may arise where an individual’s personal or family interests and/or loyalties conflict with those of the organisation. As a general rule, no conflict between the personal interests of members of a governing body and the interests of the organisation which they serve should be allowed.

Where a potential conflict of interest cannot be avoided, it has to be managed in such a manner as to ensure that the interests of the organisation are at all times protected. It is for this reason that the law in certain instances as well as best practice recommendations call for disclosure of interest in any matter on the agenda of the governing body or any of its committees.

Specific vs General Declarations

However, considering that a matter may not necessarily find its way onto the agenda of the governing body and/or its committees, it is recommended that each member of a governing body submits a general declaration of interests that could assist the organisation in identifying potential conflicts between its interests and that of the members of its governing body or parties related to such members.

Sidebar: It's not just about compliance

It is worthwhile to also note that correctly managing a conflict of interest could be of value and assistance to a member of the governing body wishing to rely on the business judgement rule as part of his defense in the event of legal action being taken against him in his capacity as a member of the governing body.

The difficulty with General Declarations

The maintenance of a register of general declarations by each member of the governing body and, in fact, every employee in an organisation who may operate in the chain of command, can be an onerous and sometimes difficult task.

Making a once-off declaration can be a relatively easy exercise – assuming that the systems and reporting mechanisms are in place - but peoples’ situations change requiring regular updates to be made.

Many of the processes and tools used for evaluating and controlling general declarations in existence today only operate well at one particular phase of the declarations cycle, often requiring administrative intensive campaigns to have information updated. In some organisations this process is unstructured with no tools in place, whilst in others, some formality has been introduced but the data is still maintained in unstructured formats such as spreadsheets.

In an environment that lacks appropriate tools and processes to manage the declarations process, it is difficult for the compliance team to assure the governing body that all potential conflicts are known and are being actively managed and monitored.

Moving toward a solution

The deployment of an integrated solution that leverages the best of digital technologies presents organisations with the opportunity to not only more effectively manage risks related to conflicts of interests but also to radically transform the risk culture and employee attitude toward risk and independence.

In order to achieve such a transformation requires the deployment of a system that makes it easy for employees to record general declarations and to regularly update these as their circumstances change. The compliance team needs access to this information through structured and unstructured reports in order to identify potential issues and take appropriate action.

Indeed, where proposals are often made to public sector organisations where independence declarations are mandatory and, more specifically, where tan organisation needs to ensure that its employees comply with a Code of Conduct requiring ongoing independence, the need for a system that provides efficient, clear and transparent management of the process is even greater.

What is needed, is a system that successfully digitises the entire declarations process, exposes necessary information to stakeholders and accountable people and drives transparent and effective communication at all times to all affected parties. All of this is to be achieved without affecting the productivity of employees or imposing onerous administration and reporting responsibility on stakeholders.

Are there any solutions?

As mentioned above, tools available in the market are fairly disjointed and either don't always cover the entire process of capturing, managing and reporting on declarations. On the other extreme, some tools are so rigid that they cannot meet the specific demands of an organisation's already defined processes - requiring a lot of rework and re-education to get the process to work.

We believe that Declarations on readyplatform presents a fresh approach to digitally driving the declarations process, involving all affected stakeholders at the appropriate time and reducing the administrative burden of identifying and managing potential conflicts.

  • It is affordable: costs are calculated on a (very low) per user rate
  • It covers a wide variety of declaration types: Declarations helps organisations to track and report on perceived and actual Conflicts of Interest by evaluating employee general declarations covering a variety of configurable areas such as gifting, personal relationships, ownership interests, investment, and much more ....
  • It is flexible: The highly configurable nature of Declarations means that your administrators can configure the solution to meet your specific requirements.

Take a look at Declarations. It's the right solution for you business.

What is a digital platform? And should you care?

Digital platforms help businesses to enhance user experience in order to attract new customers and to unlock new channels and products or services.

Most organisations are adopting digital platforms for smart consumption of digital assets in order to maximise operational excellence, improve profitability, implement intelligent processes, monetise internal resources and enhance the customer experience. Also, digital platforms provide services which enables the IT and e-commerce organisations to quickly resolve issues and problems in order to provide higher levels of business user satisfaction at reduced cost.

They come in different flavours

While the term “digital platforms” includes anything from search engines (Google and Bing), to social platforms (Facebook and Snapchat), all the way to IaaS providers and PaaS providers (such as AWS and Azure), digitalised business technology is becoming increasingly refined.

When you look around, you will notice a few classes of digital platform:

  • Aggregation Platforms: Help facilitate transactions and connect users to data resources.
  • Social Platforms: Help in facilitating social interactions and connecting individuals to communities.
  • Mobilisation Platforms: Facilitate mobilisation and moving people to act together. This model tends to foster longer-term relationships to achieve shared goals.
  • Enterprise Platforms: Help to centralise and publish the wide variety of applications used with organisation in order to improve management and control of the IT investment but also to help employees quickly find the solutions they need.

There are, of course, many more examples and categories...

What makes a digital platform good?

The platform you choose is going to have to meet a variety of needs but some of the most important aspects to look for include:

  • It has to scale elastically (ideally automatically) and offer a range of entry touch-points
  • It should be able to support one to millions of customers
  • It must enable global, distributed large and small organisations
  • It's going to have to integrate with the business processes of growing numbers of partners, suppliers and even competitors
  • Workflow, messaging and collaboration is key to ensure momentum and buy-in
  • If you're going to be interfacing with customers commercially, you've got to have a solid e-Commerce engine built in
  • Most importantly, security, privacy and data protection are paramount - especially if your digital platform is going to live in the Cloud.

Bottom line

The right digital platform will connect, inspire, put to work and support your people, your clients and your partners.