ContinuitySA logo

The outcomes-based approach of King IV is a timely invitation for corporate South Africa to get better at managing risk in a world that is getting more risky by the day, says Michael Davies, CEO of ContinuitySA. Davies argues that King IV is directing organisations to see risk holistically, and ultimately to build resilience.

“Principle 11 of King IV speaks to governing risk in a way that helps an organisation to set and achieve its strategic objectives. This is a call to change the way organisations see risk, with many implications. To my mind, one of the most critical mindset changes will be to move from a focus on identifying risks—though that remains important—to building resilience,” Davies says.

At the end of every year, the ContinuitySA team attempts to identify what will define the risk landscape for the coming year. Meeting in November 2016, the team agreed that the main point to make was that risk and its effects were becoming increasingly unpredictable. Factors driving this unpredictability include unprecedented geo-political uncertainty coupled with an increasingly integrated world, in which the interconnectedness of digital markets and supply chains is now mirrored by large-scale human migrations that effectively globalise risk.

“Identifying and preparing for specific risks is becoming less useful because risks are less discrete than they used to be,” Davies observes. “Obviously, while one wants to know what is likely to happen, one needs to be aware that when a risk materialises, its effects are likely to be both widespread and hard to predict, especially as supply chains integrate still more closely. One might almost say that a risk is a trigger for negative business outcomes.”

The only solution, Davies argues, is for governing bodies to consider risk from multiple angles, and to devote time to making their organisations more resilient; that is, more able to recover from any negative event.

Within this context, ContinuitySA believes that the following areas warrant special consideration as organisations plan for resilience in 2017:

  • Clarify your approach to cyber risk, including mobility and the Internet of Things. The growing importance of data as a source of competitive advantage and source of value is attracting the interest of regulators—and criminal syndicates. The risk is exponentially enhanced by the mobile revolution, which is seeing corporate networks become boundaryless. “There are more mobile connections than there are people in South Africa, and malware and phishing scams are now prevalent in the mobile world, creating a significant threat for all organisations on all sorts of levels,” says Davies.

Similarly, the growth of the Internet of Things is seeing manufacturing and other non-IT devices connected to networks, often creating new vulnerabilities.

  • Consider the impact of civil unrest. ContinuitySA’s own client statistics show that since 2014, the number of invocations triggered by civil unrest has risen dramatically, and in fact constituted the largest category during 2016. Service delivery protests have now been joined by persistent student protests, with wide-scale damage and disruption reported. Even more worrying, students show no discrimination when it comes to making their point violently, so any business or person in their path could be affected.
  • Do not lose sight of utilities. Power outages have decreased and organisations have become more resilient by installing generators, but it is likely that any uptick in economic growth will once again place the power grid under strain. The drought and forecast water shedding (throttling back on municipal water supplies) means that providing for temporary water loss remains a smart move.
  • Make sure you have a crisis management plan and capability, including crisis communications. Samsung’s travails over batteries, which have forced the recall of its latest flagship handset, illustrate how a supply chain issue can affect the entire business—the batteries are manufactured by a third party. Such incidents also show how important it is to have a proper response plan in place to limit the damage. Once a crisis has struck, how an organisation handles it can affect its ability to recover.

In conclusion, says Davies, global research into the state of enterprise resilience reveals that effective leadership is the highest priority when it comes to implementing resilience principles, but over one-third (37 percent) lack the right skills or talent to drive resilience—a dramatic 17 percent rise from 2015.

“Data like this supports the view that the case for working with a specialist resilience partner has never been stronger. The ability to recover from an unexpected disaster has become a critical driver of sustainability,” he concludes.

** King IV and the King IV Report on Corporate Governance are trademarks of the Institute of Directors in Southern Africa NPC. King IV was launched on 1 November 2016.

Control Risks, The State of Enterprise Resilience Survey 2016/17.