I N S I D E MAY 10

RISK MANAGEMENT
19 RM Solutions: Spreadsheets vs systems

20 Business Continuity: Reducing BCM spending with care

22 Political risk: Politics and ERM

Cover concept and design:

24 Legal and Compliance: Companies Act

Frédérick Danton
26 Recording mobile conversations

27 Specialised risk management disciplines: Sustainability

risk management

28 IT Risks: Information security

HOT SEAT 30 Escrow: Safeguarding business continuity

4 Technology: enabler and accelerator
32 Volatility risks: Perilous times demand careful ERM

GENERAL INSURANCE 34 Product Recall: The best of recollection

6 High performance in financial services
8 Broker's Corner: Evaluating and
prioritising risk CORPORATE GOVERNANCE
36 The role of the company secretary
SHORT TERM
12 Specialised risks: Kidnap and ransom
14 Mining focus: Environmental guarantees REGULARS & EXECUTIVE SECTION

LONG TERM
3 Editor's Note
16 Retirement reform: Uncertain seas ahead 38 Market news

EMPLOYEE BENEFITS 39 Must-read books

18 Healthcare: National Health Insurance 40 Good golfing: Fairway bunker shots

 The beat goes on
The 2010 Soccer World Cup will offer many
challenges for the operations management
profession. But what happens when it is all over?
Supply Chain and Operations Management
professionals must maintain a steady, reliable
beat as we continue to move African industry
forward to ensure our sustainable footprint.

The SAPICS Annual Conference is the Leading

Event in Africa for Supply Chain and Operations
Management Professionals.
With the participation of: Principal sponsor:

32nd Annual Conference & Exhibition

Platinum sponsors:

25 - 28 July 2010
Sun City
Gold sponsor: Silver sponsor:

T 011 023 6707, F 086 575 2979 or

upavon@icon.co.za. www.sapics.org.za

Anticipating ash clouds
CEOs, CFOs and other executives,
chief risk officers and risk managers, as well
as directors and officers need to be at the
top of their game at all times to anticipate
and manage, rather than merely react to, the
growing number of unexpected and unfore-
seen risks that seem to be the defining char-
acteristic of today’s world.
The global impact of the eruption of the Ey-
jafjallajokull volcano in Iceland, and the re-
sulting ash cloud over Europe which led to a
six-day flight ban, has again highlighted the
reality that it is not possible to plan for every
eventuality. This makes proactive risk man-
agement and well-designed business continu-
ity plans, incorporating comprehensive insur-
ance cover, an absolute imperative in today’s
dynamic globalised economy.
THE GROWING NUMBER
OF UNEXPECTED AND
UNFORESEEN RISKS SEEM TO BE
THE DEFINING CHARACTERISTIC
OF TODAY ’S WORLD
The volcano has not shown any sign of
activity in 300 years, but the magnitude of
its impact on industries around the world can
only be described as a global crisis. Accord-
ing to the International Air Transport Asso-
ciation (IATA), the grounding of European
flights cost airlines $1.7 billion (R12.6 billion)
in lost sales alone. But it is not only the air-
line industry that has been affected. Losses
have been incurred by businesses around the
globe, most notably those involved in perish-
able exports.
While air travel has resumed, the full im-
pact of the crisis will only unfold over the
next few weeks, as businesses across the
globe recover and count the costs. Don’t miss
the June edition of Enterprise Risk in which
we will take an in-depth look at the business,
risk management and insurance implications
of the ash cloud disruption.
Even in the midst of a global crisis such as
this, risk managers need to keep their eye on
a myriad of other potential risks.
Local political tensions have grown sig-
nificantly as the ANC Youth League leader
continues to create media sensation, and the
murder of Eugene Terre’blanche stirs up old
ENTERPRISE RISK May 10
fears. Headlines about land reforms and na-
tionalisation have caused wide-spread jitters.
Government’s focus on consumer protection
and reform poses significant risks to every
company and every industry. And given this
focus on consumer protection, the recall of
millions of vehicles across the globe by well-
established vehicle manufacturers such as
Toyota, Honda, Nissan and General Motors,
will place the manufacturing industry under
scrutiny. Unfortunately, there is less govern-
ment attention on the issue of security, which
is remains a major and growing risk. Just a
few weeks ago, a South African cameraman
en route to cover soccer matches in Nigeria
was kidnapped, followed by the kidnapping
of a Zimbabwean businessman in Sandton.
In this edition of Enterprise Risk, we touch
on all these many diverse developments and
bring you the insights and opinions of some
of the leading experts in the respective indus-
try sectors. We also look at some remarkable
risk management solutions available to risk
managers as they face a mammoth task of
identifying and managing the complex, in-
terlinked and growing number of risks in the
modern business world, often with shrinking
budgets.
As the CQS team points out in our Hot Seat
feature, simply knowing where to start when
identifying the most critical risks among so
many possibilities and potentialities is half
the battle won. The other half can be man-
aged surprisingly easily with the right cus-
tomisable systems, and a risk management
partner that understands your business.
Editor
3
EDITOR’S NOTE
ENTERPRISE
PUBLISHER Elizabeth Shorten
EDITOR Debbie Besseling
ASSISTANT EDITOR Monique Terrazas
CREATIVE DIRECTOR Frédérick Danton
CONTRIBUTORS Johann Maree, Vanessa Payne, Terry
Booysen, Heinrich Degener, Rowan Burger, Avi Eyal, Ansophie
Strydom, Brad Beira, Wouter Scholtz, Kgabo Badimo, Mike
Durek, Patrick Bracher, Joel Wolpert, Martin Whitcher
CHIEF SUB-EDITOR Milton Webber
MARKETING MANAGER Jackie Slavin
PRODUCTION MANAGER Felicity Moon
PRODUCTION ASSISTANT Constance de Sousa
FINANCIAL MANAGER Andrew Lobban (ACIS, FCIBM)
ADMINISTRATION Tonya Hebenton
SUBSCRIPTION SALES Cindy Cloete
DISTRIBUTION COORDINATOR Asha Pursotham
PRINTERS United Litho Johannesburg
ADVERTISING SALES
Stacey Glad Tel: +27 (0)11 233 2643
Cell: +27 (0)83 567 0073
Fax: +27 (0)11 234 7274/5
E-mail: stacey@3smedia.co.za
ANNUAL SUBSCRIPTION: R300.00
cindy@3smedia.co.za
ISSN 1993-8217
© Copyright. All rights reserved.
All articles in Enterprise Risk are copyright protected and may not
be reproduced either in whole or in part without the prior written
permission of the publisher. The views of contributors do not
necessarily reflect those of Enterprise Risk or the publisher.
PUBLISHER MEDIA 4, 5th Avenue, Rivonia, 2191
• PO Box 92026, Norwood 2117 Tel: +27 (0)11 233 2600
• Fax: +27 (0)11 234 7274/5
E-mail: debbie@3smedia.co.za www.3smedia.co.za
STRATEGIC PARTNER
CGF
RESEARCH INSTITUTE
(PTY) LTD
 HOT SEAT ENTERPRISE RISK May 10

CQS TECHNOLOGY

Technology: enabler and

they do not know where to start. The CQS team says
Enterprise Risk speaks to Katharine that in their experience, companies generally respond

Janisch and Jason Timm from CQS in one of three ways:

1. Assign responsibility to a group executive to im-
Technology Holdings about the plement a risk management strategy. The executive
will often try to outsource this responsibility.
challenges facing risk managers today 2. Appoint a person to implement a risk manage-
ment strategy.
and some of the streamlined and efficient 3. Attempt to incorporate risk management into
the internal audit function, negating their
solutions available. independence.
“In all three cases, there is still no resolution of the
main problem – the group executive, the newly ap-

“Risk management in South Africa

pointed risk manager or the internal audit department
doesn’t know where or how to start. The company may
has developed rapidly over the last few years, evolving even acquire state-of-the-art technology, but still the
from a focus on risk financing and transfer via insur- problem remains: Where to start?” explains Janisch.
ance, to a new focus on governance, risk and compli-
ance as espoused in King III and the new Companies START AT THE BEGINNING…
Act,” explains Katharine Janisch, general manager
CQS realised that knowing where to start is the number
at CQS. one challenge companies face in implementing risk
“Common business sense, as well as King III has
management and set out to create a solution.
ensured that risk management is now something all“Those tasked with implementing risk management
companies must pay attention to. It is no longer a
often feel overwhelmed by the term, which is not
‘nice-to-have’ or a concept reserved for financial serv-
always well understood and often feared as the un-
ices companies or JSE-listed companies.” known,” comments Jason Timm, Methodware product
Janisch adds that CQS has noticed an increase in
manager at CQS. “People fail to realise that risk man-
the number of companies trying to establish a risk
agement is something everyone does to some extent
management function,
every day. It is, in fact, a formalisation of common
particularly in the light
sense practices, a manifestation of what line manage-
of the economic condi-
ment does in any case."
tions, the aftermath of
“The most logical and easiest place to start when
the financial crisis, and
implementing a risk management strategy is to start
the implementation of
by listing the risks that are pertinent to the company,
legislation and regula-
considering the industry it operates in,” says Janisch.
tion such as the Compa-
“Once you have a list of risks, you can begin map-
nies Act and King III.
ping which ones apply to the company and its opera-
tions, and to what extent. The risks that are relevant
RESPONDING TO THE must then be controlled. This is the next challenge:
CHALLENGES Access to a list of risk controls associated with every
The main problem, it risk identified, so the most appropriate can be selected,
seems, is not that com- given the context.
panies are unwilling to “Realising that these two crucial first steps present a
implement risk manage- major obstacle to implementing risk management in
ment. It is simply that most companies, CQS decided to provide our clients
with a ‘kick start’ to the process by cre-
ating the CQS Risk and Control libraries.
“G ,
OVERNANCE RISK AND COMPLIANCE MATURITY IMPLIES THAT
These contain extensive lists of both the
,
RISK MANAGEMENT INTERNAL AUDIT AND THE BUSINESS REMAIN possible risks a company in a specific in-
dustry face, as well as the relevant con-
,
INDEPENDENT AND YET WORK TOGETHER FOR THE BEST INTEREST OF
trols for each risk.”
”
THE COMPANY KATHARINE JANISCH, GENERAL MANAGER AT CQS Once a company has identified the

4

accelerator
possible risks and the potential controls as-
sociated with these risks, the risk manage-
ment strategy is 75% complete, and what
remains is refining and monitoring the on-
going risk management efforts. In essence
then, CQS offers more than a software sys-
tem, it provides a solution to the most com-
mon obstacles to implementing risk manage-
ment, as well as the ability to monitor risk
management efforts across diverse depart-
ments and divisions, in the simplest and most
efficient way.
THE UPSIDE OF RISK
Timm notes that many risk managers also
fail to appreciate the fact that risk manage-
ment is not only about avoiding risks, but
also about identifying opportunities. “Iden-
tifying and monitoring risks reveal oppor-
tunities. For example, if an investment of
R100 000 in fraud prevention measures
can reduce fraudulent activities costing a
company R8 million a year by half, it rep-
resents a significant opportunity to improve
performance.
“Other opportunities include controlling
costs or identifying areas where customers or
key staff members are being lost to competi-
tors because the risks are not managed. If the
company does not know the risk, the risk can-
not be managed, nor can the opportunities be
identified.”
BRIDGING THE GAP BETWEEN RM AND IA
“Risk management is not a new concept
globally. However, the focus used to be on
reactive management of risks via the in-
ternal audit function, which merely re-
ported on risks and losses that had occurred
and the effectiveness or lack of controls,”
explains Janisch.
“The modern risk management function is
proactive, with the objective of preventing
risks from occurring and where this is not
possible, minimising the impact. Risks are
identified before they occur and controls are
implemented to prevent, mitigate and trans-
fer the risk. There is no
need for a loss to occur “R ISK MANAGEMENT IS NOT ONLY ABOUT AVOIDING RISKS
before it is managed.”
Janisch notes that
BUT ALSO ABOUT IDENTIFYING OPPORTUNITIES JASON TIMM, ”
in South Africa, there METHODWARE PRODUCT MANAGER AT CQS.
ENTERPRISE RISK May 10
seems to be a peculiar adversarial relation-
ship between the internal audit and risk
management functions. “In the US and Aus-
tralasia, there is a much closer working re-
lationship between these functions, which
actually depend on each other to achieve
success. Internal audit should take its lead
from risk management in terms of which
risks are most crucial, since there is no point
in auditing the management of risks that are
non-critical or irrelevant to the business.
This realisation is driving the new concept of
risk-based internal auditing.
“Governance, risk and compliance matu-
rity implies that risk management, internal
audit and the business remain independ-
ent, and yet work together for the best in-
terest of the company. Instead of operating
in silos, they are integrated via technology
that provides a single integrated view using
one database, with the necessary authori-
ties, checks and balances to ensure integrity
and independence.
“If there is a gap between the risk manage-
ment and internal audit functions, such as
is created when different systems are used,
many vital risk issues could slip through
the cracks,” warns Janisch. “The CQS Meth-
odware solution allows internal audit and
risk management to use the same informa-
tion, with no manual intervention to ensure
data integrity.”
In addition, Methodware reports consoli-
date information,
drawn across depart-
ments and line man-
agers, in a simplified
MS Word format
and presents this in
a manner that adds
real value to the ex-
ecutives and board
members, allowing
them to monitor
progress and track
trends. Such reports
add far more value
,
5
HOT SEAT
than spreadsheets that are neat and colour-
coded, but do not reflect the complex and
dynamic nature of risk management in to-
day’s world.
TECHNOLOGY AS AN ENABLER
While technology is undoubtedly an ena-
bler in business, it is often paradoxically
perceived as a barrier. This is mainly due to
people’s fear of the unknown and their re-
sistance to change – even to a more efficient
and beneficial new software system.
The CQS solution was to use familiar tech-
nology – Microsoft Word – in their Method-
ware software. “We believe that if a system is
easy to use, it will be used. But this is not the
only success factor,” explains Timm. “Cus-
tomisation is crucial to ensure that the staff
experience the system as their own. As such,
our Methodware software system is com-
pletely customisable.
“It does take our business experts signifi-
cant time and effort to extract the relevant
information from the various line managers
and staff members, and to formalise this into
a customised software solution. However, it
is important to make sure that people are part
of facilitation, so it becomes ‘their’ system.
When staff members see their contributions
and the language they use every day in the
system, it creates ownership and excitement.
This is when technology becomes an enabler
and accelerator.”
 GENERAL
COVERINSURANCE
STORYY ENTERPRISE RISK May 10
HIGH PERFORMANCE IN FINANCIAL SERVICES
RM shortcomings contributing to
A recent Accenture survey on global risk points to the kind of changes
necessary to avoid future meltdowns.
Risk executives surveyed at 74 bank-
ing, capital markets and insurance firms revealed
that many financial services companies have gen-
erally managed risk merely as a compliance issue,
meaning they neglected to:
• include risk in objective-setting and performance
management
• measure, much less manage, enterprise-
wide risk
• align risk strategy with business strategy.
NARROW VIEW
Because firms were measuring risk in silos, to-
tal enterprise risk exposure was not transparent.
Therefore senior management could not see how
credit, liquidity, market and other risks were in-
teracting and potentially compounding exposures
throughout the institution. Even when risks were
clearly visible and risk managers raised red flags,
organisational models made it all too easy to ignore
the warning signals. Risk operating models often
failed to define clear risk management responsibili-
ties both at a corporate level and within the busi-
DIAGRAM 1 The cost ness units.
of risk management Collaboration was unclear, risk strategy not
has risen in recent aligned to overall business strategy and risk man-
years due to agement not deeply embedded into performance
multiple factors management, objective setting, decision-making
6
or incentives. Indeed, the survey revealed that risk
managers spend only about 20% of their time ad-
vising business units – almost 60% was spent on
data management and compliance.
Too frequently, the long-embedded organisa-
tional cultures actually encouraged the behaviour
that would ultimately destroy so many of them.
Compensation practices often rewarded short-term
revenues without considering the longer-term risks
traders were taking.
SELECTED KEY FINDINGS
For financial services companies, the key findings
of the survey are:
• Risk management capabilities are not currently
equal to today’s challenges. Significant changes
are required with respect to an integrated ap-
proach to risk management.
• Risk management is inadequately aligned with
business strategy and poorly integrated into busi-
ness operations. Alignment to business strategy,
integration with firm culture and collaboration
with business units are the three biggest chal-
lenges faced by financial services firms.
• The integration of risk management and perform-
ance management is limited. The risk function is
important in strategic decision-making but is less
involved in objective setting, incentives and per-
formance management.
The costs of risk man-
agement increased sig-
nificantly over the last
three years as expected
regulatory actions add
to the pressures on ex-
isting risk capabilities.
For 73% of respondents,
the cost of risk manage-
ment is up by more than
10% and for 43% of re-
spondents it has risen
by more than 25%.
In addition to regula-
tion, increased business
complexity, poor data
quality, fragmented in-
ternal processes and IT
 ENTERPRISE RISK May 10 GENERAL INSURANCE

the global financial crisis

systems, along with an increased number of ad-
hoc information requests, are the main cost drivers.
These factors are also key contributors to the rising
cost of risk for more than 30% of financial services
respondents.
Financial services firms are investing to improve
their risk management capabilities. More than
two-thirds of respondents either have increased or
are planning to increase investments in risk man-
agement. The key challenges are seen in creating
the right processes, systems and culture to em-
bed risk management within and across the busi-
ness while instilling a culture of risk awareness
throughout the organisation. Firms will need to
rethink collaboration between corporate and busi-
ness units, especially in such areas as enterprise-
wide risk awareness and strategic alignment of
risk appetite.
Optimism still exists about the ability of strong
risk management to drive performance. Besides
compliance, 58% of respondents expect a major im-
pact from risk management on profit sustainability
and growth.
FROM SURVIVAL TO VALUE-ORIENTED RM
Dramatic deterioration of market value, liquidity
and continuing capital pressures call for immediate
changes in business and risk strategy. In the short
term, firms need to ensure survival by properly
managing liquidity and strengthening their capital
positions.
Beyond the short-term survival mode, financial
services firms need to establish a holistic and stra-
tegic risk management approach to rebuild trust
and increase business value. Firms must also focus
on measuring liquidity, counterparty exposure and
cross-product behaviour.
It is vital to assess counterparty exposure and
credit risk concentration. Firms cannot continue to
rely only on external rating agencies. Instead, firms
should calculate their own internal ratings, based
on market-derived ratings from spreads, derivatives
and equities.
Among the most important changes necessary:
The management of risk must become part of the
performance management process. It must become
a factor in strategic decisions. Short-term incentives
should not encourage too much risk or the wrong
kind of risk at the wrong time. Financial services
companies must align risk management with busi-
ness strategy and integrate risk into every related
process and the organisational culture. To be suc-
cessful, the effort demands a closer collaboration
between risk management and business units, cou- THE RIGHT
pled with a renewed emphasis on winning the war RM APPROACH
for talent and resources. CAN ENABLE
A dedicated risk transformation programme can COMPANIES TO
help financial services firms deal with increasing
• Achieve the right balance
complexity, optimise risk/reward and transform the between performance
risk function into a value-adding partner. and risk.
• Treat risk as a
RISK MANAGEMENT TRANSFORMATION competitive differentiator
While financial institutions need to take decisive to manage the
short-term risk mitigation actions, they also must business better, deliver
renew confidence by creating a transformed, fully sustainable shareholder
returns and reduce the
integrated risk management approach. This requires
cost of risk management.
scrutinising and redefining the business model and
• Integrate risk
synching business strategy with risk strategy. management practices
When it comes to risk transformation, one size and procedures
does not fit all. Yet, consistency is a fundamen- throughout the enterprise
tal component of a healthy risk culture overall. to safeguard the
Every role within the risk operating model has achievement of targets
risk management responsibility that must be re- while protecting against
flected in activities, behaviours and incentives. downside risks.
• Instill a culture of risk
The organisational structure, culture and behav-
consciousness to
iour must all align directly with risk appetite. Per-
improve bottom lines
formance measurement and reward policies should and reputations and
reinforce these. use incentives to align
Only 27% of respondents have an integrated risk- individual behavior with
and-finance IT architecture. Robust financial risk organisational goals.
architecture should follow logical layers and lever- • Rely on a trusted partner
age common inputs, shared analytics and flexible for insightful strategic
reporting. thinking, implementation
at scale and outsourcing
Meanwhile, sound process risk architecture in-
capabilities.
tegrates operational risk, risk control self-assess-
ments, compliance and audit functions. Firms need
integrated IT capabilities and infrastructure to sup-
port and drive the transformation of their risk mod-
el and ensure its effectiveness.
The financial services executives surveyed are
keenly aware of the potential business value in-
tegrated risk management capabilities can create.
Besides the reduction in cost of capital, most com-
panies expect such integration to affect competitive
advantage positively and profitable growth sustain-
ability.
But to get these benefits, financial services
companies must move beyond more reactive risk
compliance-driven activities to value creation. Ac-
centure believes by linking and balancing risk and
performance management to aid decision-making About the author
and increase shareholder returns, an organisation
Heinrich Degener is
can improve its performance and position for eco-
the senior executive
nomic recovery. financial services –
Ultimately, effective risk management is about capital markets at
achieving and sustaining high performance. Accenture SA.

7
 GENERAL
COVERINSURANCE
STORYY
BROKERS' CORNER
Evaluating and prioritising risk
The purpose of evaluating risk in a financial advisory business is to
identify the inherent risk of performing various business functions.
BY JOHANN MAREE, MYRIAD PLANNING SOLUTIONS
FIGURE 1: RISK
FACTORS INHERENT IN
BUSINESS
• Access risk
• Business disruption risk
• Credit risk
• Customer service risk
• Data integrity risk
• Financial misstatement
risk
• Legal and regulatory
risk
• Fraud risk
• Business process risk
• Physical harm risk
About the author
Johann Maree is
the co-founder of
both the Institute of
Practice Management
and Myriad Planning
Solutions, which
develops rules-based
integrated business
solutions for financial
advisers.
ENTERPRISE RISK May 10
In a financial advisory business, re- APPLICATION IN PRACTICE
sources should be allocated to those functions that Each of the risks must be evaluated using a proba-
have the highest risk. bility and exposure tool. The objective of analysing
The risk evaluation, aimed at identifying the inher- each of these risks is to determine whether or not
ent risk of performing various business functions, extra controls are warranted to reduce risk levels in
will directly affect the nature, timing and extent of the advisory business further.
the resources allocated.
The two primary questions to consider when eval- OVERALL RISK PROFILE
uating the risk inherent in a business function are: The results from each individual assessment should
• What is the probability that things can go wrong? be collated to give an overall risk profile for the
(The probability of one event.) advisory business. The end result is to arrive at a
• What is the cost if what
can go wrong does go
TABLE 1 An example of a risk-evaluation method
wrong? (The exposure
of one event.) (Describe type of risk here) Probability Exposure
Risk is evaluated by an- High High
Insert brief description of
swering the above ques- what is meant by access Medium Medium
tions for various risk risk, business disruption
factors and assessing risk or legal and regulat- Low Low
the probability of failure ory risk
N/A N/A
and the impact of expo-
sure for each risk factor. TABLE 2 Risk rating
Risk is the probability
Overall rating Probability Exposure Overall risk
times the exposure.
Based on the evaluation of:
• What can go wrong? (Probability);
POTENTIAL EXPOSURES
and
All the risk factors in High High High
• What is the cost if what can go
figure 1 cause potential wrong, does go wrong? (The
exposures. The potential exposure).
exposures include, but
Evaluate the overall magnitude of
are not limited to: Medium Medium Medium
the risk in the area/function.
• financial loss
Evaluate the probability and
• legal and regulatory
exposure, and then combine the
violations/censorship Low Low Low
two for an estimate of overall risk of
• negative customer business mission failure.
impact
• loss of business opportunities prioritised list of risks which can be flagged for
• public embarrassment treatment by the financial adviser.
• inefficiencies in the business process. The evaluation of risk will enable priorities to
The evaluation should NOT consider the effective- be established that equate to an appropriate level
ness of the current internal control environment. of risk. This will allow financial advisers to decide
The evaluation should focus on the risks and ex- what an appropriate action for treating each risk
posures inherent to the function being evaluated. will be.
However, while performing the risk evaluation, the
financial adviser should consider what controls are DON'T MISS THE NEXT ARTICLE in our Brokers'
needed in order to minimise, if not eliminate, the Corner series which will look at how the prioritised risk
risks and exposures. may be treated.
8
 COVER
SHORT STORY
TERMY ENTERPRISE RISK May 10

SPECIALISED RISKS

Kidnap and ransom

South Africa has one of the highest kidnap and ransom incident rates in
Africa, and as the World Cup draws near, the risk increases exponentially.

In March, South African M-Net Su- PROVINCE 2003/04 2004/05 2005/06 2006/07 2007/08 2008/09
perSport sound engineer Nick Greyling was Eastern Cape 349 273 202 108 93 88
kidnapped in Nigeria along with Nigerian Free State 83 61 67 65 66 93
commentator Bowie Attamah. Later in the Gauteng 1,062 921 850 944 947 1,058
month, right here in Johannesburg, five peo- KwaZulu-Natal 693 714 680 696 716 686
ple were arrested for allegedly kidnapping Limpopo 82 112 91 103 83 91
Mpumalanga 149 137 115 115 107 164
a Zimbabwean man, demanding a R50 000
North West 104 78 74 96 96 157
ransom and a car for his release.
Northern Cape 32 32 25 17 27 29
These two events are but a recent drop in
Western Cape 450 290 216 201 188 169
a dark sea of local and global kidnapping RSA 3.004 2,618 2,320 2,345 2,323 2,535
incidents, which are increasing at an alarm-
ing rate. But they provide insight into a grim
TABLE 1 Reported Cases South African Police Service statistics show that 2 535 kidnappings
were reported in 2008/2009, with the vast majority conducted in Gauteng
reality: Kidnapping is a risk South African
corporates ignore at their peril. groups, high crime rates, large disparities be- has reached record levels and appears to
tween the affluent and the poor, topped by be increasing.”
HOT SPOTS governments which are notorious for either
Although executive or high-net worth kid- inefficient or corrupt practices.” TARGETS
napping is known to be a common occur- “There’s a misguided perception that kid- “Typically the targets for kidnappings and
rence in countries such as Iraq, Mexico, Pa- napping is limited to third world or South ransom are high-net worth individuals, their
kistan, Venezuela, Brazil and the Philippines, American countries, but increasingly kid- families, their staff, employees travelling
countries such as South Africa, the DRC and napping and ransom have become part of overseas, companies with high profiles, those
Tanzania are quickly becoming the new dan- the South African scenario as well. In fact, that handle large amounts of cash or work
ger zones. And it is not only the wealthy that South Africa has one of the highest number with sensitive information, even sportsmen
are being targeted. of such incidents in Africa,” says Alan Taylor, and women, many of whom enjoy enormous
According to Alexander Forbes Risk Serv- General Manager Risk Services at Glenrand incomes,” says Taylor.
ices, South Africa is ranked as one of the M.I.B. “Unfortunately, the South Africa en- However, corporate kidnappings, involving
world’s top ten countries for kidnap and ran- vironment, with its perceived low levels of the kidnapping of a company’s staff, partic-
som incidents. law enforcement, is conducive to kidnapping ularly executives, followed by ever greater
“As the operations of sophisticated inter- professionals. Something of a kidnapping ransom demands from the relevant company
nationally-based kidnap syndicates expand ‘culture’ is already well entrenched in the for their return, are a lucrative business for
into more vulnerable countries such as South country, albeit mostly without the associated sophisticated, advanced syndicates, which in
Africa - now considered a medium to high extortion part.” some cases involve as many as 20 people.
risk kidnapping country - the risks attached “Most particularly, those criminals who
to an individual being kidnapped increases,” INCIDENCE INCREASING specialise in kidnapping of executives for
says Terry Booysen, CEO of CGF Research Accurate figures for kidnapping are sketchy, ransom have become a nightmare for em-
Institute. simply because many victims prefer to stay ployers, especially for those employees who
“There are many reasons for this phenom- anonymous. travel to kidnapping hotspot countries,”
enon, however the most common reasons “According to experts, kidnapping for ran- comments Booysen.
which increase the risk of a corporate execu- som is on the rise in an increasingly glo- Taylor adds that “Kidnap patterns in Africa
tive being kidnapped may be linked to coun- balised market,” says Booysen. “As the gap show that expats from international compa-
tries which have a history of political and continues to widen between the haves and nies and the personnel of international aid
social instability, the presence of extremist have-nots, we can most certainly expect to organisations are likely victims.”
see more kidnapping cases of high-net worth
executives being reported.” SOPHISTICATED PERPETRATORS
Alexander Forbes Risk Services concurs,
Alexander Forbes Risk Services says that
adding that “The number of kidnap events
kidnapping is a highly evolved billion-rand
business. “Some
“THE RISK OF KIDNAPPING IS NO LONGER LIMITED TO TRAVELLING THE kidnappings
’ .I ’ ”
WORLD S HOT SPOTS T S ON YOUR DOORSTEP ALEXANDER FORBES RISK SERVICES are short-term

12

‘opportunistic’ incidents where the kidnap-
pers are seeking a quick payoff. Other kid-
nappings will involve careful planning,
observation of the victim, military style
executions and months of negotiation. Kid-
nappings are increasingly connected to re-
lated crimes such as hijacking, extortion and
hold-ups.”
Glenrand M.I.B. adds that while the ‘petty’
kidnappings still continue, the quantum of
high profile, high ransom incidents in South
Africa is clearly on the increase. “There is
concern that the likes of Nigerian syndicates,
East Europeans, Asian and the more sophis-
ticated South African operators are coming
to the fore.”
Booysen notes that the price tags attached
to high-net worth executives runs into mil-
lions and the perpetrators have become quite
brazen about their business. “The perpetrators
involved in this type of kidnapping know
what they are doing, and they also know
“CORPORATE EXECUTIVES HAVE BECOME
‘FAIR GAME’ TO PROFESSIONAL KIDNAPPERS”
TERRY BOOYSEN, CEO, CGF RESEARCH INSTITUTE
the high stakes involved. The planning of a
kidnap for ransom will often span weeks or
months as every detail of the target is meticu-
lously surveyed and calculated with military
precision. Anything from high tech surveil-
lance equipment, recording devices and cell
phones are used to execute the crime.
“Of course, the more valuable the ‘prize’,
the greater the reward. In this vein, corpo-
rate executives have become ‘fair game’ to
professional kidnappers, who understand
not only the intimate detail of their target,
but also their worth to organisations ei-
ther materially, financially or their strategic
ENTERPRISE RISK May 10
importance to the success of the organisa-
tion by which they are employed.”
UNDERSTANDING THE RAMIFICATIONS
Booysen explains that a kidnapping incident
can have devastating impacts on the health
“SOMETHING OF A KIDNAPPING ‘CULTURE’ IS
ALREADY WELL ENTRENCHED IN SOUTH AFRICA”
ALAN TAYLOR, GENERAL MANAGER RISK SERVICES, GLENRAND M.I.B.
of the victim, as well as the victim’s family
and business associates. “There can also be
dire implications on the business and its mo-
rale, not least the severe interruptions in the
operations and its financial impacts. Clearly
when a kidnap incident occurs, particularly if
it is drawn out for a long period of time, huge
strain is placed on the business, giving the
hostage takers greater power to extort higher
ransoms and more demands.”
MANAGING THE RISK
CGF Research Institute, in one of their lat-
est Governance, Risk and Compliance (GRC)
reports, entitled Corporate Kidnapping: Pro-
tecting Key Officers, recommends that busi-
ness and their executives seriously consider
their pre-emptive measures to safeguard their
key employees.
“Kidnapping methods deployed may range
from high surveillances of the victim to
snatching victims at ATMs. These types of in-
cidences will most often occur when the vic-
tim is in transit. Employees should be trained
to manage and survive a kidnapping ordeal.
Moreover, employees should know what type
of action the company will take to secure
their release, including the fact that it could
take months to free them. The risks associ-
ated with rescue are high, given the fact that
in some countries there are poorly trained
law enforcement officers and rescue attempts
could result in the death of the victim. Nego-
tiations should always be entrusted to security
consultants and insurance professionals hired
to handle the situation,” advises Booysen.
“Fortunately, employers are realising the
13
SHORT TERM
critical importance of providing their key
executives with kidnap and ransom (K&R)
insurance cover, particularly for those execu-
tives who travel and deal in high risk kidnap-
ping countries.”
ASSESSING THE RISK: 3 key questions
• Who are high risk individuals
• Where are the greatest risks and when are they
likely to happen
• Who is likely to commit the kidnapping
Source: Cre8, division of Alexander Forbes
K&R INSURANCE
According to Assurex International, the
world’s largest privately held commercial
insurance brokerage group, executives who
have K&R insurance in place are four times
more likely to survive a kidnapping ordeal
than those without.
Specific policy details will differ depend-
ing on the underwriter, but in general the
cover includes:
• Access to a specialist crisis management
company for assistance and advice
• Reimbursement for any ransom paid
• Loss of ransom money in transit
• Expenses, including rewards and fees
• Psychiatric, medical and dental care costs
• Legal advice
• Payment of the salary of a detained or kid-
napped person
• Payment of the salary for the temporary
replacement
• Interest on loans
• Legal liability
• Consultation fees for employee training
• Payment of the salary for the tempo-
rary replacement of the kidnapped or
detained person
• Interest on loans
• Legal liability
• Consultation fees for training in the latest
prevention and avoidance techniques.
 COVER
SHORT STORY
TERMY
MINING INDUSTRY FOCUS
Environmental guarantees
The DME’s recent suspension of environmental guarantees issued by
insurance companies as a means of meeting rehabilitation obligations
has created challenges for many mining companies.
Despite a cautious recovery
following the recent global economic down-
turn, increased regulatory focus is forcing
some mining companies to find innovative
ways to economise and deal with operational
constraints and project delays. “This is par-
ticularly evident in the mid-tier mining sec-
tor. The regulatory focus centres on health
and safety issues and environmental issues,
particularly the remediation of environmental
damage,” says Lizelle Prosch, environmental
services consulting manager at Marsh.
THE LEGAL REQUIREMENT
South African law requires mines to make
financial provision for ongoing environ-
mental rehabilitation and the environmental
costs associated with mine closure, creating
one of the biggest challenges facing mining
companies today.
Requirements for making financial provi-
sion for the remediation of environmental
damage as well as for the issuing of a clo-
sure certificate are included in the Mineral
and Petroleum Resources Development Act
28 of 2002 (MPRDA). These include the re-
quirement that financial provision must be
in place before approval of the environmen-
tal management plan or programme by the
minister of minerals and energy.
“T HERE IS A LEVEL OF UNCERTAINTY IMPACTING THE
UNFOLDING OF THE CLOSURE AND REHABILITATION LIABILITY
NICKY HOLTZHAUSEN, HEAD: CORPORATE CUSTOMISATION, OLD MUTUAL
ENTERPRISE RISK May 10
CALCULATING THE COST helps to limit growth in the closure liability.
“Currently, closure costing for mine reha- Because of the returns that can be earned on
bilitation is based on the Department of trust fund assets, regular contributions help
Minerals and Energy’s (DME) prescribed reduce the present value of total costs in-
Master Rates with the application of CPIX,” curred over the mine’s life.
explains Natasha Wally, risk solutions advi- The traditional guideline contribution for-
sor at Marsh. “A shortcoming of this costing mula is widely used to determine contribu-
method is the failure to provide for contin- tions. This formula takes into account his-
ued monitoring and maintenance after final torical returns earned on assets, but does not
mine closure has been achieved. In terms anticipate future returns.
of the MPRDA, an annual revision of the Moderate investment in higher yielding
closure costing is required; however, this is asset classes, such as equities, can reduce
poorly enforced and seldom completed by the average present value of expected total
the mining companies. Through the use of costs, because higher returns ultimately re-
an insurance-based costing provision, an- duce the amount of contributions needed.
nual policy review procedures may impose a Regular reviews are necessary to adjust the
more comprehensive analysis of the require- company’s strategy as time passes.
ments for financial provisions. This elimi- Environmental engineering and financial
nates the risk of a shortfall at the end of life models provide valuable insights into get-
of the mine.” ting the most out of asset and contribution
Mines are also not always clear about the strategies.
balance between the use of premature closure
guarantees, ongoing rehabilitation and the MAKING PROVISION
contributions needed to fund final closure.
Wally explains that in terms of Regulation
“The final closure liability is determined by
53, promulgated under the MPRDA, allow-
the extent and type of mining and is some-
ance is made for four methods of financial
times impacted by unexpected geological in-
provision for environmental rehabilitation:
cidences,” says Nicky Holtzhausen, head of
• cash deposit into an account specified by
Old Mutual’s corporate customisation unit.the director-general
“It is also affected by inflation. As a result,
• an approved contribution to a trust fund
there is a level of uncertainty impacting the
as required in terms of section 10(1)(cH) of
unfolding of the closure and rehabilitation
the Income Tax Act
liability.” • a financial guarantee from a registered
In a recent Mining Indaba paper entitled
South African bank or any other bank or
Optimisation of Asset and Contribution financial institution approved by the di-
Strategies for Mine Closure and Environ- rector-general
mental Rehabilitation, Old Mutual, working
• any other method as determined by the
in collaboration with environmental engi- director-general.
neers, found the following: The cash method involves the deposit of
While some mines want to defer rehabili-
funds with the DME. The investment income
tation expenditure, ongoing rehabilitation
accrues to the DME, and this option is rarely
can make good financial sense because itfavoured.
Trust funds are commonly
used, particularly by well-es-
tablished mining companies.
”
The contributions to such a
trust are tax deductible and
14

the build-up of funds in the trust is tax exempt.
However, the trust structure may be inflexible and
few junior mining companies have the financial re-
sources to create rehabilitation trusts. Guarantees is-
sued by banks or insurance companies have proven
to be an attractive option for mining companies.
However, bank guarantees may tie up the mining
company’s facilities.
“In addition, the decline in the availability of credit
and liquidity has forced mining companies to rely more
heavily on their credit lines,” says Prosch. “This cre-
ates a domino effect on a mining companies risk and
insurance profiles.”
THE INSURANCE OPTION
The insurance guarantee option provided an alterna-
tive to the often more expensive cash or bank guaran-
tees. In many cases, particularly junior mining firms
provided for a portion of the rehabilitation fund with
the insurers underwriting the balance. This enabled
the smaller mining companies to use their capital to
grow operations.
However, in the first quarter of 2009, the DME sus-
pended the practice in which mining companies ob-
tained environmental rehabilitation guarantees from
insurance companies. The department based its deci-
sion on its belief that cash or bank guarantees provid-
ed greater security. It said that insurance guarantees
exposed the state to the risk of a guarantee not being
honoured in cases where the mining company did not
disclose all material facts, neglected to pay premiums,
or did not meet its obligations in terms of the contract
of insurance.
NEW SOLUTIONS
According to Holtzhausen, while many mines in South
Africa have some form of premature closure guarantee
in place, only a few have holistic strategies to fund
for final closure. This is slowly changing as legislation
and tax incentives encourage mine owners to set aside
assets for final closure.
Old Mutual has developed a specialised financial
model to help mining companies develop strategies
for ongoing rehabilitation determine contributions
to trust funds, make appropriate use of premature
closure guarantees and formulate asset strategies
for trust fund investments. The specialised finan-
cial model is designed to play an important role in
helping mines develop the most suitable asset and
contribution strategies for funding
mine closure and environmental re- “A LLOWANCE IS MADE FOR FOUR METHODS OF FINANCIAL
habilitation plans. The model helps
mines maintain the balance between PROVISION FOR ENVIRONMENTAL REHABILITATION NATASHA
ongoing trust contributions, ongoing WALLY, RISK SOLUTIONS ADVISOR, MARSH
ENTERPRISE RISK May 10 SHORT TERM
rehabilitation, and pre-
mature closure guaran-
tees. Last year, Nedbank
Capital designed and
"MINING COMPANIES’ INCREASED RELIANCE ON THEIR CREDIT
LINES CREATES A DOMINO EFFECT ON THEIR RISK AND INSURANCE
PROFILES” LIZELLE PROSCH, ENVIRONMENTAL SERVICES CONSULTING MANAGER, MARSH
developed a multimillion-rand rehabilitation fund
solution for Rand Uranium, with a fully inclusive,
end-to-end means of meeting its mining rehabilita-
tion liabilities while remaining compliant with South
African mining and tax regulations. This kind of in-
novation has seen over R2.4 billion of rehabilitation
funding inflows into the Nedbank Capital’s rehabili-
tation fund offerings, which focuses on the provi-
sion of tailored rehabilitation trust fund investment
management coupled with the provision of DME
guarantees. According to Peter van Kerckhoven,
jointhead of mining and resources at Nedbank Capi-
tal, the rehabilitation solutions created by Nedbank
Capital not only minimise the cost of guarantees, but
do so in a way that reduces the impact on the mining
companies’ ability to raise other forms of finance in
the future.
MOVING AHEAD
“At present, insurers cannot offer mining guarantees
until the issues raised by the DME have been ad-
dressed to the government’s satisfaction. At the time
of writing, our insurers report that there has been no
change in the current situation although discussions
are taking place to find a solution that will again
see the insurance option become a viable alternative
for mining companies,” says Cheryl Crick, consult-
ant: performance bonds & guarantees, a division of
Alexander Forbes Risk Services. In the mean time, it
seems other financial services companies have been
quick to provide solu-
tions to challenges min-
ing companies face and
we watch with interest
to see what innovations
the insurance industry
will create to regain this
once growing market
segment.
”
15
 LONG TERM ENTERPRISE RISK May 10
ENTE
RETIREMENT REFORM
Uncertain seas ahead
While the retirement reform debate continues and the outcome remains
uncertain, the fundamental principles of saving for retirement remain
unchanged. BY ROWAN BURGER, LIBERTY CORPORATE
The debate surrounding the reform the re-
tirement system continues, but it remains important to
stick to existing retirement savings arrangements for
the foreseeable future. There is an interesting debate
ahead in terms of achieving the appropriate retirement
funding system in South Africa, but the fundamental
principles of saving for retirement – including start-
ing early and investing to beat inflation – will always
remain.
It has been nearly six years since the first paper
outlining National Treasury’s proposed improvements
THE SUCCESS OF ANY SYSTEM WILL DEPEND ON WHETHER
BENEFICIARIES SEE VALUE AND UNDERSTAND THEIR BENEFITS
to the retirement system in South Africa. Further dis-
cussion documents have been issued, most notably a
number setting out proposals including wider social se-
curity reform from the Department of Social Develop-
ment (DSD). It is critical that there is rigorous debate to
ensure any new system implemented achieves its goals.
But perhaps even more significant, it is important that
any new system is understood and appreciated by its
recipients. This process may take some time to reach an
optimal outcome. The problem is how to deal with cur-
rent retirement funding arrangements and their mem-
bers in the interim.
FOCUS OF THE PROPOSALS
The proposals are focused primarily on widening the
coverage of the retirement savings net from the current
estimated 6 million to the approximately 12 million
South African wage earners. The missing beneficiar-
ies are largely lower earners, in temporary or transitory
employment and tend to be in industries with low un-
ion movement involvement.
The current system run by the private sector tends
to exclude these individuals, as they cannot provide
cost-efficient solutions to them. In addition, the tax
incentives granted to higher paid workers have little at-
About the author
traction to those not paying tax because their earnings
Rowan Burger is head are below the thresholds. The proposals also aim for a
of pension reform at
simpler, more cost-efficient arrangement.
Liberty Corporate.
provider in South
Africa. Burger has 15 LIKELY OUTCOMES
years’ experience in Given the complexity of the issues faced by the decision
the industry. makers, it is very difficult to speculate about the final
16
proposal. However, given the stated intentions, we can
make certain inferences about the likely outcome that
can guide employers and advisors in terms of how re-
tirement funding matters should be dealt with. It is clear
that with the extension of the system to a broader base,
there is the inclusion of a larger proportion of individu-
als who have less financial literacy when it comes to
retirement savings matters. It should be pointed out
that most studies into the low-paid market reveal a
sophisticated system of money management, includ-
ing a number of different loan arrangements and better
budgeting skills than their affluent counterparts.
The success of any system will depend on whether
beneficiaries see value and understand their benefits.
Therefore, the system would need to be simple in its
benefit structure by being defined benefit in nature, or
simple in its benefit accumulation structure, by being
defined contribution, probably with low volatility of
returns and few capital losses.
IMPLICATIONS FOR EXISTING MEMBERS
Either way, for existing retirement fund members this
would be a far more conservative construction with
lower upside potential for participants. In order to
place these members in an equivalent retirement po-
sition had the new system not been introduced, a far
more aggressive strategy will need to be followed in
existing arrangements.
This could be either through a higher allocation to
riskier assets, or even the inclusion of the more exotic
and expensive asset classes in the hopes of achieving
higher returns for a given risk tolerance.
INVESTMENT GUIDELINES
The prudent investment guidelines, detailed in Regula-
tion 28 of the Pension Funds Act, which set out how
retirement funds invest their assets, are currently under
review. Unfortunately, this is largely a process aimed
at modernising the old framework to cater for new in-
vestment classes, rather than a holistic review of ap-
propriate investment strategies, which has resulted in
criticism from some commentators.
This criticism is unfounded given the uncertainty as
to the final outcome. However, it may be prudent to
consider building in an additional margin to a retire-
ment savings plan to cater for the introduction of a
more widely accessible but conservative scheme.

LEGAL COMPULSION VS. TAX INCENTIVES
A key failing of the current system is that
it uses tax incentives to drive the appro-
priate behaviour. There is nothing wrong
with the concept; however, in practice few
members act rationally and avoid heavy
tax penalties when they cash in their re-
tirement savings after leaving their em-
ployers.
The statistics can be devastating, as
money spent on other essentials is very
rarely replaced. Recently, a Cape-based
insurer reported than only 83 members
of over 17 000 exits did not cash in their
benefits over the last year.
It is unfortunate that the means test done
when applying the state old-age grant fur-
ther incentivises this sort of behaviour. It
therefore seems likely that the new system
will try legal compulsion rather than gen-
tle tax persuasion to achieve the long-term,
ENTERPRISE RISK May 10
consistent savings patterns required to
achieve adequate pensions in retirement.
MORE RESTRICTIONS
This is therefore likely to cause less flex-
ibility in the retirement savings system. We
have already seen a proposal from National
Treasury to remove provident funds, be-
cause the ability to receive the full retire-
ment benefit as a lump sum, rather than as
an income stream, results in benefits being
squandered prior to the end of retirement.
Government are cognisant of the danger of
applying more restrictive provisions to ex-
isting savings and have publically assured
that rights attached to legacy assets will
be honoured.
Given the future system will probably be
more restrictive and existing savings will
have their entitlements honoured, it makes
sense to have as much of your assets in the
LONG TERM
current more flexible system than the more
paternalistic future one.
BASIC PRINCIPLES STILL APPLY
While the future system aims to be more
simplistic, it also aims to be more cost ef-
ficient. It is only those individuals who
require the flexibility who may want to
accelerate their savings beyond the cur-
rent requirements to the current system.
On a very simplistic basis, each delay of
10 years in starting your retirement savings
programme roughly doubles your required
contribution rate to achieve an adequate
retirement pension. Much like a sailor trying
to reach his destination, the most must be
made of favourable conditions that exist at
present. It is unclear what the weather and
seas look like on our journey ahead, but the
basic principles of naval navigation will al-
ways remain.
 EMPLOYEE BENEFITS
HEALTHCARE
National Health Insurance (NHI)
Are public private partnerships the solution?
While international experience illustrates the complexities of providing
national healthcare, public-private collaboration may hold the key to
revolutionise healthcare in South Africa.
National healthcare is
an extremely difficult and controversial
issue, even in developed economies. US
President Barak Obama’s controversial
healthcare bill, commonly referred to as
ObamaCare, was vigorously opposed before
being passed. Already, some of the hidden
costs of ObamaCare are coming to light as
US companies report write-downs amount-
ing to billions of dollars, and review health
benefits offered to retired employees.
GLOBAL LESSONS LEARNT
What lessons can SA learn from this and
other statist healthcare systems such as
those in the UK, Canada and Australia?
Says Jasson Urbach, director of the
Health Policy Unit, a division of the Free
Market Foundation. “Governments cannot
raise enough funds to provide unlimited
care to all citizens. A government-run,
single payer system that provides ‘free
health care for all’, will cost individuals
dearly, affecting both their wallets and
their health.
“If wealthy countries such as Canada are
unable to provide timely healthcare servic-
es on a single-payer ‘free healthcare’ basis,
how will SA manage to do so? A cursory
look at the financial resources required to
fund the ‘free healthcare for all’ proposal
in SA, as well as the stock of healthcare
Bode Olajumoke, health
actuary, Alexander
Forbes Health Katy Caldis, CEO, Fedhealth
ENTERPRISE RISK May 10
ENTE
SA’S UNIQUE CHALLENGES
• High unemployment rate – approximately 24%
of the available work force in SA is unemployed.
• SA has only eight physicians and 41 nursing
and midwifery personnel per 10 000 of the
population.
• SA’s welfare burden on taxpayers is already
heavy, with 8% of GDP spent on healthcare.
• The country has one of the highest mortality
rates at birth, both mother and child.
• Very low life expectancy.
• Double burden of disease: first-world lifestyles
diseases, as well as HIV.
• Currently, 920 000 people receive anti-retroviral
treatment. By 2012/13 this number will reach
2.1 million.
professionals, reveals the infeasibility of
the proposal,” comments Urbach.
Fedhealth’s CEO Katy Caldis concurs, “We
have more complex problems than other
countries, so I think we all realise it will
take much longer to achieve a workable
NHI. Fortunately, there is a clear under-
standing from a government perspective
that NHI is not something that can be im-
plemented within a year or other unrealisti-
cally short time horizons.”
THE OPTIONS
Increasing government’s role in healthcare
will make the health system less flexible
and innovative, says Urbach. “The goal
of healthcare reform should be to create
Jasson Urbach,
director, Health
Policy Unit
18
conditions for the private sector to ex-
pand and give more people access to bet-
ter healthcare from vigorously competing
medical schemes and healthcare provid-
ers.”
“As the global recession bites ever deeper
into most national fiscusses there seems to
be a new willingness to revisit the thorny
issue of public private partnerships in the
delivery of national health,” says Bode Ola-
jumoke, health actuary, Alexander Forbes
Health.
“Given the scale of the task to provide
adequate healthcare to all South Africans,
the funding required and the skills sets that
need to be assembled, it is becoming ob-
vious that all sources of investment, skills
and technology, including those in the pri-
vate sector, should be mobilised.”
PROACTIVE PLAYERS
Several private healthcare providers and
funders have already pledged their com-
mitment to assist government design and
implement a sustainable NHI model by lev-
eraging the expertise of the private sector.
“The challenge is to strike a balance
between cost factors and the delivery of
quality care, along with the broader na-
tional health objectives. Neither state nor
the private sector will ever be fully satis-
fied with such a partnership; therefore, a
national health system should be recog-
nised as a compromise.”
HARNESSING SYNERGIES
Regarding closer partnerships between the
public and private healthcare systems as a
prerequisite for setting up an NHI, Caldis
says the budget specifically highlights the
intent of broadening the use of public pri-
vate partnerships.
“There is a great deal of expertise with-
in the private sector. Knowledge transfer
is key."

RM SOLUTIONS
Spreadsheets vs systems
Although Microsoft Excel is the system most used for risk management
today, these spreadsheets fall short in a number of areas, with significant
implications for risk managers.
The use of spreadsheets has pro-
liferated in every area of modern organi-
sations. And the reason is simple: How
much easier can it be than to click an icon
and instantly access perfect calculations,
grids and tables to convey complex infor-
mation? Or is it?
While Microsoft Excel is a great tool
to create basic risk registers, which can
provide some additional validation and
functionality with macros and calcula-
tions, spreadsheets fall short in a number
of areas.
CONSISTENCY
As spreadsheets are used and enhanced
over time, the inherent flexibility disap-
pears, and consistency and standardisation
become harder to manage. A good system
manages the frameworks and methodolo-
gies, supporting extensions, rework and
relationships in a consistent manner.
DEVELOPMENT
As risk management is embedded into the
organisation, more people are required to
add more data, and more consolidation
is required, with more permutations that
must be considered. When using spread-
sheets, templates, best practices, security
and confidentiality soon become compro-
mised. User documentation and online
help take time to develop, burdening al-
ready stretched resources. Reworking or
extending a predecessor’s set of macros
and multiple-sheet formulas becomes near
impossible.
A system for managing risk is developed
once and shared across a large user base. It
encompasses documentation, training and
best practice frameworks, and takes care
of security integrated with the organisa-
tion’s policies.
STANDARDISATION
Inevitably, if allowed, each department
or division will deploy its own version of
ENTERPRISE RISK May 10 RISK MANAGEMENT
BY AVI EYAL, CURA SOFTWARE SOLUTIONS
a spreadsheet. How does one consolidate LIBRARIES
this? A system will support either one With spreadsheets, managing libraries of
methodology or, in the case of sophisti- risk or controls becomes a complex task of
cated systems such as Cura, allow multiple either creating or integrating into a data-
methodologies to be used. It will provide base source, or building complex macros
a normalisation and consolidation func- that update central spreadsheets. And when
tionality. Standardisation also extends libraries change, how do those changes
to version control, deployment and inte- ripple through the spreadsheets floating
gration, as well as interoperability with about in the organisation? How are users
other systems. forced to reassess the changed items?
An effective system on the other hand
AUDITABILITY AND DATA CONSISTENCY will manage library items consistently,
It is difficult or impossible to achieve au- manage additions and changes to librar-
ditability and data consistency in spread- ies, propagate changes and trigger notifi-
sheets. Effective systems will incorporate cations to relevant users.
and automate audit trails and have data
validation built in to ensure the infor- REPORTS
mation is accurate and consistent at any Tables can be formatted and graphs can
point in time. Accountability for data in be created with spreadsheets, but drilling
a system is based on permissions granted down to core data is cumbersome and the
to staff. reporting is highly reliant on correct cell
selection.
DATA CHANGES Systems incorporate predefined re-
How does one compare old information port writers, with best practice reporting
to new information in spreadsheets? How built in. Some even facilitate exporting to
does one even know what information has multiple formats, including Excel. These
been changed between spreadsheets, when reports are consistent as they deal with
a risk recorded in a previous period and fixed table structures and integrity can be
deleted in the current period in a spread- assured.
sheet is discarded? Trending becomes al- For these reasons and more, moving to
most an impossible function over a period a system-based approach can greatly en-
of time when using spreadsheets. hance the
Risk systems maintain an accurate his- efficiency of
tory of all data. In a system, this informa- staff, reduce
tion is retained so that one can analyse distractions
decisions taken and trends based on ex- and help
ternal factors. achieve a
more reliable
ACTIONS AND NOTIFICATIONS and consist-
How does a spreadsheet convey tasks and ent approach
remind users to update information? How to recording
does it escalate information that has not and man-
been acted upon? aging risk
A system will manage the tasks, work- information About the author
flows and notifications related to data and throughout Avi Eyal is the CEO
will pre-emptively communicate remind- the organi- of Cura Software
ers, and escalate unattended requests. sation. Solutions.
19
 RISK MANAGEMENT ENTERPRISE RISK May 10
ENTE

BUSINESS CONTINUITY

Reducing BCM spending with care

When it comes to business continuity, budget cutbacks have a direct
impact on deliverables and the opinion and support of business leaders.
BY ANSOPHIE STRYDOM, CONTINUITYSA

“Ladies and gentlemen, the into two distinct categories: Business IT disaster recovery is a “must-do and
instruction from the board is to cut all continuity spend and IT continuity (or not a would-like-to-do” activity, how
operational spend by 20%.” disaster recovery) spend. can organisations halt all IT continuity
How many companies have heard that spend in favour of a business strategy
phrase during the past year of recession- BUSINESS CONTINUITY SPEND based on “lets hold our breaths and pray
ary turmoil? How many managers have The past year saw a significant reduction nothing happens”?
had to sweat it out and simply find ways in spend on training and consulting serv- Many organisations tasked their already
to get by with less than optimal resourc- ices in the BCM arena. Companies with overloaded IT divisions with conjuring up
es? How many companies are making do mature BCM programmes maintained home-grown strategies and plans to en-
with providing less than 100% in terms of their existing strategies and plans, uti- sure IT recovery, or decided to ignore best
service and quality? lising strategically selected outside help practice and global standards in favour
It may be easier to make cuts in some only if necessary. Many companies with of opting for cheap and often make-shift
divisions, but when it comes to business in-house BCM resources did exactly the solutions. Apart from the fact that imme-
continuity, a discipline still fighting for same: Maintaining status quo and spend- diate IT priorities always take precedence
its rightful place on the boardroom agen- ing as little as was reasonably possible over long-term requirements, such as
da in many organisations, cutbacks have seemed to have been the ultimate goal. disaster recovery, this strategy is bound
a direct impact on deliverables and the Because many companies have not had to miss critical aspects of IT continuity
opinion of leaders of the whole concept. the luxury of staff dedicated to BCM on a because the right expertise was missing,
full-time basis, the retrenchment of staff too expensive or had recently been re-
UNDERSTANDING THE RESPONSIBILITY with BCM responsibilities is of grave con- trenched.
What chance does a fledgling programme cern. Quick hand-overs to overwhelmed Heinan Landa, president and founder
with reduced resources and support have and already stressed employees have left of Optimal Networks, says of back-up
in supporting the drive to be a responsible many companies with voids of experience and disaster recovery mechanisms: “En-
corporate citizen when business survival and a severe loss of information. This is sure your back-up and disaster recov-
not simply a replaceable skill ery systems are working well. You don’t
T HE PAST YEAR SAW A SIGNIFICANT REDUCTION that is lost; it is experience want operations to stop during a reces-
and know-how that may have sion should something happen with
IN SPEND ON TRAINING AND CONSULTING a grave impact on the recov- your front-line business applications.”
SERVICES IN THE BCM ARENA erability of companies when a (www.allbusiness.com)
disaster does strike.
is paramount in the minds of the board? Over the past year, companies that WHO IS RESPONSIBLE?
It is in the manner in which the board had nothing in place when it comes to Surely the responsibility of ensuring the
and other executives view business con- a BCM programme didn’t even contem- recoverability of mission-critical IT sys-
tinuity that we are able to ascertain how plate starting the process owing to insuf- tems lies not with the CIO, but with execu-
serious an organisation is about ensuring ficient funds being made available. This tive committees and boards of companies,
business continuance in the face of an makes me wonder whether these compa- which have to lay down the law in terms
operational disruption. As Andrew Hiles nies have made a deal with the universe of which activities are non-negotiable in
(FBCI) puts it on www.continuitycentral. to wait with operational disruption until times of recession.
com: “In the good times we can simply they’re ready to proceed. Let’s put it differently: Does a reces-
argue, ‘Everyone should have business sion mean that an organisation's risk
continuity’. In the bad times, we need IT CONTINUITY (DISASTER RECOVERY) appetite reduces? Quite the contrary, I
hard proof of its payback before practi- SPEND would think. Does a recession change
tioners get the support from all parties." Cutting a percentage off your budget is the liability of directors or reduce the
To appreciate the trends and implica- an easy thing to do, but how does a CIO responsibility in terms of stakeholder
tions of the reductions in business conti- cut 20% on disaster recovery, while still management? Of course not. Corpo-
nuity management (BCM) spend in 2009 satisfying ever more complex regula- rate governance regulations apply de-
fully, the focus should really be divided tory requirements? And if Gartner says spite economic conditions and budget

20
cutbacks are no excuse for reneging on one’s fiduciary du-
ties. Companies should contemplate the impact of the cuts
in BCM spend on their businesses and these consequences
should be communicated clearly to boards and stakeholders to
ensure they understand the implications to the business and
to themselves.

STRATEGIES TO GET VALUE FOR MONEY

There are a number of things companies can do to re-
main responsible with their BCM programmes, in the face of
budget cuts:
• Focus on what is mission critical. Whether you start from
scratch or have a mature programme in place, energy and
funds should be spent on protecting those applications, sys-
tems and processes that are vital to the long-term survival of
the business.
• Invest in BCM training. Make sure the board and executive
committees understand the value of BCM and the implica-
tions of not having BCM in place, both for the company and
for each board member and executive in his or her personal
capacity. Also, increase the awareness of BCM among your
staff members to ensure buy-in and support for all BCM ac-
tivities. Where members of staff are responsible for BCM ac-
tivities, make sure that they are skilled enough to execute
their duties to the required standards.
• Outsource the BCM function. Traditionally companies have
been fearful of putting their business survival in the hands
of others, but with the loss of critical staff and the possible
freeze on recruitment, it may make financial sense for com-
panies to outsource this function to
an appropriate service provider.
• Choose your BCM and IT conti-
nuity partner carefully. A slow-
down in spend in other areas
has encouraged companies from
various industries to dabble in the
provision of BCM-related serv-
ices. This is a specialised science
and choosing a cheaper solution
may have long-term financial
implications. Are you happy to
have your BCM service evolve as
the provider develops its skills in
this arena, hoping they will learn
About the author enough before something happens
Ansophie Strydom has to your business?
been involved in BCM • Think partnerships. If there is lit-
for the past five years. tle budget, spend it on obtaining
As general manager advice and engaging with repu-
at ContinuitySA, her
table service providers willing to
portfolio includes
business development, share their knowledge and ex-
marketing and perience with you, empowering
information you to implement a cost-effective
management. solution.

21
 RISK MANAGEMENT
POLITICAL RISK
Politics and ERM
Dr Brad Beira, managing consultant at Marsh, explores how both internal
and external political influencers can drive an organisation into a position
beyond its willingness to tolerate risk.
If we take the view that enterprise
risk management (ERM) is ultimately about
improving the likelihood of successfully
achieving strategic objectives and driv-
ing value in the organisation, then ERM is
about the extent to which risk is built into
decision-making.
Much has been written about the psy-
chology of making decisions. It is impor-
tant for risk managers to appreciate the
behavioural psychology around decision-
making.
DRIVING THE ERM PROGRAMME
For example, after the 9/11 terrorist attacks,
terrorism events sat close to the top of cor-
poration risk registers. For most compa-
nies, the weighted significance has dropped
down the importance list – it may not even
be in the top ten now. Arguably the risk
of terrorism is the same if not higher than
it has ever been; it’s only the current per-
ception that has changed. Risk managers
need to challenge themselves as to whether
their perceptions are influencing their risk
priorities and must ensure that their at-
titudes and perceptions do not drive the
ERM programme.
ADDRESSING THE RISK TOLERANCE
AND APPETITE
Developing a reliable model for addressing
the risk tolerance and risk appetite for an
organisation can be less complicated than
measuring the non-financial influenc-
ers that can determine strategic decision-
making. Using a model of working capital
to determine risk tolerance and a combi-
nation of weighted average cost of capital
(WACC), EVA and discounted cash flows to
set a range for the risk appetite accounts
predominantly for the financial measures
in the more traditional ERM approach to
risk management.
Placing a weighting on the non-financial
components of enterprise-wide risk requires
a broadening of the risk assessment. Both
ENTERPRISE RISK May 10
ENTE
internal and external political influencers as well as financial consideration within
can drive the organisation into a position the ERM arena. An aversion to detail proc-
beyond its willingness to tolerate risk. ess and procedure – political, operational
and/or technical – can materially and neg-
POLITICAL INFLUENCERS atively impact on the successful implemen-
In certain instances environmental factors tation of an ERM strategy.
can lead to a political situation where sig- This is regardless of whether the process
nificant loss of investment might occur. has been implemented to improve future
The political response to private sector credit ratings, comply with evolving gov-
capitalisation and, at times, exploitation of ernance norms and practices or implement
natural resources, has led to the introduc- the necessary fail safe practices in a devel-
tion of new and often far reaching envi- oping or maturing operation.
ronmentally focused legislation that can
drive business into the public sector. Shell INTERNAL POLITICAL CONFIDENCE
Oil experienced this first hand in their ex- Internal changes to the political landscape
ploration project in the North Sea. Locally, will likely affect the risk appetite of the
the granting of licences compliant with en- organisation in as significant manner as
vironmental legislation can delay the onset a loss in working capital through an un-
realised investment. A bullish
P LACING A WEIGHTING ON THE NON FINANCIAL- approach to entering a new
COMPONENTS OF ENTERPRISE WIDE RISK REQUIRES market, decisions to rational-
ise a workforce, divesting an
A BROADENING OF THE RISK ASSESSMENT operational aspect of the or-
of projects. Awareness of these risks and ganisation can be as much a political deci-
their effects on capital expenditure and fu- sion as a financial one. The tolerance of
ture revenues should assist in enterprise- the organisation to this type of risk can be
wide risk decisions. shaped by forces far greater then the bal-
The implementation of new legisla- ance sheet and share price.
tion creates an added dimension of risk When considering the risk bearing ca-
for organisations in the form of far rang- pacity of the organisation, internal and
ing accountability of product design and external headroom would certainly be
quality. The enactment of the Consumer influenced by the internal political con-
Protection Act (CPA) in South Africa has fidence on display and in reserve in the
far ranging consequences for all businesses boardroom. Dynamic risk bearing capacity
involved in the development, manufacture, would be heavily affected by the ability of
distribution and supply of goods to con- the organisational stakeholders to influ-
sumers through exposing product liability ence terms of covenants, monetise assets
claims upon the entire supply chain. and raise guarantees. This internal political
The CPA has created the need for a re- capital should be calculated and consid-
vision of existing operating models, ne- ered (as in the case of intellectual capital
cessitating firms to implement and pro- – another form of weightless wealth) when
mote transparent, auditable, symbiotic evaluating its impact on both the risk toler-
relationships with all parts of the supply ance and risk appetite of the organisation.
chain. Changes in accountability will result A combined metric should be considered
in revisiting policy wordings and changing that includes both the financial and non-
premiums. Decisions on how to retain or financial contributors to the calculation of
transfer those risks will become a political the enterprise risk of the business.
22
The Upside of Mining Risk
Mining is a complex industry
that must achieve a delicate
balance between risk and reward.
Stakeholders including lenders,
investors, and insurers typically
understand the risks but also
expect management commitment to
prudent risk mitigation.
At Marsh, we understand that
finding the opportunity behind
risk means knowing just as much
about our clients industry as we do
our own. That’s why we have over
100 dedicated mining, metals, and
minerals professionals around the
world. Through our industry focus,
we can help clients move beyond
purchasing insurance and begin
applying risk solutions that could
materially impact their bottom line.
Helping clients address the
challenges they face starts
with looking at the world from
their perspective. We strive to
Marsh is an authorised financial services provider
© Copyright 2010 Marsh Ltd • All rights reserved
understand their business goals and
challenges, as well as their financial
and operational objectives and
limitations.
Working with them, we can assist
in identifying and prioritising the
risks faced by their organization.
We can then build a complete risk
management solution, incorporating
both appropriate risk transfer
coverage and services, and internal
policies and procedures, designed
to effectively mitigate and manage
risk today and in the future. In
addition, Marsh is able to identify
and quantify issues such as
environmental exposures, supply
chain disruptions and construction
risks.
It is this ability to service our
clients across a wide range of
risk requirements that truly
demonstrates our leadership as a
risk advisor in the mining industry.
Marsh is the world’s number one
risk specialist.™
Marsh (Pty) Ltd
4 Sandown Valley Crescent, Sandton
Private Bag X14, Benmore 2010
+27 (0) 11 506 5000
www.marsh-africa.com
Marshafrica.contact@marsh.com
 RISK MANAGEMENT ENTERPRISE RISK May 10
ENTE

LEGAL & COMPLIANCE

Companies Act
Shareholders’ agreements under threat
The new Companies Act, due to come into operation sometime after
1 April this year, extends substantial rights to minority shareholders.
BY WOUTER SCHOLTZ, MAZARS MOORES ROWLAND

Certain sections within the new

Companies Act will override a variety of common
provisions in shareholders’ agreements.
For example, if a company gives notice of a
new scheme of arrangement, proposes a merger
or amalgamation or wants to sell the majority of
its assets, dissent-
ing minority share- A SCHEME OF ARRANGEMENT WILL INCLUDE
holders can force it
ANY REORGANISATION OF THE SHARE CAPITAL
to buy back their
shares at fair value. OF A COMPANY
The right to force a buy back, which is extended by states that any provision in a shareholders’ agree-
Section 164, will prevail over restrictive terms in ment which is inconsistent with the act will be
the shareholders’ agreement. void to the extent of the inconsistency.
Section 164 may serve to override a variety of
SCHEME OF ARRANGEMENT common provisions in shareholders’ agreements,
The wide meaning being attributed to a ‘scheme of particularly provisions commonly imposed on
arrangement’, as defined in Section 114 of the act, black shareholders.
will also extend the scope of minority sharehold- It’s not uncommon to stipulate that if black
ers’ rights. shareholders want to sell their shares within a
Once the act is operational, a scheme of arrange- specified time, normally three years, a company
ment will include any reorganisation of the share can buy their shares back at the issue price, wheth-
capital of a company, whether through a split or er or not this presents fair value. More commonly,
through consolidating shares into different classes, the agreement provides for a lock-in, placing a
or an exchange of securities, or a reacquisition of prohibition on the sale of the shares for a speci-
securities. An exchange of securities would include fied period.
a share-for-share exchange, and a reacquisition of
securities may include a share buy-back. FAIR VALUE
Minority shareholders who are not prepared to It’s also not uncommon, in the case of private com-
go along with the scheme, merger, or sale of assets panies, to provide that a shareholder who wants to
can compel the company’s directors to determine dispose of his or her shares must offer them to the
the fair value of the shares, and to make an offer company or fellow shareholders at a price deter-
to buy their shares back. mined by a prescribed formula, which may or may
About the author If the dissenting minority shareholder is dissatis- not yield a fair value.
Wouter Scholtz (BA fied with the buy-back price being offered, or if the It is to be expected that minority shareholders
(hons) NHED LLB) company fails to make an offer, the shareholder burdened with restrictive shareholders’ agreements
is a director at tax, can apply to the court for a determination of fair will, on notice of a manoeuvre contemplated in
audit and advisory
value. The court may appoint one or more apprais- Section 164, avail themselves of the opportunity
firm Mazars Moores
Rowland. A widely ers to assist it. to force or compel a buyback of their shares at fair
published author value. In such circumstances, the appraisal rights
and commentator, RESTRICTIVE TERMS extended by Section 164 will trump any restric-
he is a corporate tax As regards restrictive terms in shareholders’ agree- tions imposed in the shareholders’ agreement, or
specialist. ments, Section 15 (7) of the new act specifically even in the memorandum of incorporation.

24
 RISK MANAGEMENT
RECORDING MOBILE CONVERSATIONS
Mitigating business risk,
improving customer service
The risk of using mobile phones in business is a challenge recognised
across the globe and solutions to mitigate this risk are being sought.
Binding agreements are
reached verbally on mobile phones every
day, with customers giving permission, in-
structions and undertakings to business pro-
fessionals and service providers. As such, it
is critical for organisations to record these
communications if they are to mitigate
business risk.
“The law, specifically the Financial Advi-
sory and Intermediary Services Act, requires
an accurate record of all transactions made
by registered financial service providers, and
compels accountable institutions – such as
banks or long-term insurers – to report cer-
tain transactions. Having a full record of cus-
tomer interactions is vital for any business
in the case of a dispute or a lawsuit brought
against the company,” says Kgabo Badimo,
MD of Spescom DataVoice.
ENHANCING CUSTOMER EXPERIENCE
The drivers for recording of mobile calls are
first and foremost compliance with legal and
regulatory requirements, reduction of risk
and keeping a record for confirmation of
accuracy. There are additional advantages,
however.
“With recordings of mobile calls, organi-
sations can measure and better manage the
quality of interactions with customers and
“THE TECHNOLOGY DECISION REGARDING MOBILE RECORDING TECHNOLOGIES WILL
BE AN IMPORTANT ONE FOR CORPORATES, DRIVING COST, EASE OF RECORDING AND
FUTURE SCALABILITY” KGABO BADIMO, MD, SPESCOM DATAVOICE
ENTERPRISE RISK May 10
ENTE
A FULL RECORD
OF CUSTOMER
INTERACTIONS IS
VITAL FOR
ANY BUSINESS
therefore customer satisfaction levels, imple-
ment process evaluation and optimisation,
and have legally tenderable evidence of any
potential fraud. It also increases efficiencies
and effectiveness, enhancing the ‘customer
experience’. The inability to record mobile
conversations previously meant that some
work had to wait until staff were back in the
office where recordings could be made on an-
alogue lines,” explains Dadimo. “But technol-
ogy has advanced sufficiently to enable the
affordable and easy recording of mobile calls
for both business users and consumers.”
The most advanced, yet surprisingly af-
fordable and user-friendly, solutions com-
prise a mobile application and hosted service.
Subscribers’ mobile conversations, pictures
and documents are captured, seamlessly
and securely uploaded to a hosted site,
where this data can be managed, viewed,
played, downloaded or sent by e-mail.
THE WAY OF THE FUTURE
“The increasing availability of these solu-
tions has motivated the UK’s Financial Serv-
ices Authority (FSA) to consider mandating
recording of calls made and received on a
mobile device before the end of 2010. Indus-
try watchers believe this will set in motion
similar amendments by other major financial
services regulators in the EU and US,” com-
ments Badimo.
“I believe recording technologies have ma-
tured sufficiently to make mandated recording
26
of mobile calls a reality in the UK. I also be-
lieve these rules will quickly be adopted in
South Africa and across the globe. South Af-
rica, as a provider of sophisticated financial
services and products, and a participant in
the international financial arena, will most
assuredly implement financial regulations
that are considered good practice globally.
However, we expect there is a much broader
audience of users who could benefit from the
use of mobile recording technologies. The
technology decision will be an important
one for corporates, driving cost, ease of re-
cording and future scalability,” says Badimo.
WIDE APPLICATION
Badimo further notes that recording is impor-
tant for any person who:
• gives advice which may have legal, medical
or financial implications
• gives or receives important information
• is asked for an opinion or decision based on
information conveyed by phone
• or needs to remember information commu-
nicated by phone.
This includes financial service providers, bro-
kers, legal and medical professionals, manag-
ers or directors, estate agents, property devel-
opers and valuators, insurance loss adjusters,
couriers and many other knowledge workers.
“The value of recording cellphone conver-
sations – for the corporate as well as the indi-
vidual – is indisputable. Shoring up the risks
associated with using these devices for busi-
ness purposes should be on the priority list of
every corporate.
It is important to look ahead at how these
solutions will practically impact the organisa-
tion and what the potential future needs of
the organisation will be, however, and select
an appropriate solution.”
 ENTERPRISE RISK May 10 RISK MANAGEMENT

SPECIALISED RISK MANAGEMENT DISCIPLINES

Sustainability Risk Management

Essential for organisational longevity
The management of sustainability risks is Enterprise Risk Management
Su
sta
being adopted by leading organisations Business Project
Ma i
Ri nab
na sk ility
ge
Risk
as a methodology for developing a value-
Continuity me
Management nt
Management

driven approach. BY VANESSA PAYNE, IQ BUSINESS GROUP

Operational Credit
Credit
Risk

In the current
Risk Risk
Management Tools
competitive environment, FUNDAMENTAL SHIFT, Management
companies are under increasing pressure to excel, and SIGNIFICANT BENEFITS
are beginning to realise the need to move away from Nature, society, and busi-
growth in revenue at any cost, and more towards de- ness are interconnected Consumer Market Risk Liquidity
Credit Management Risk
veloping a value-driven approach. in many ways, which Risk Management
Sustainability risk management’s fit with other have not been a focus in
disciplines of risk management is as an overarching, business strategy. There-
complementary discipline, as risks influence an or- fore, a fundamental shift Financial Risk Management

ganisation’s sustainability, both from an upside and is required in the way

downside risk perspective. This is reinforced in King
III, which states that the essence of sustainability risk
management is to protect the value of intangible as-
sets by combining various elements of risk manage-
ment into a sustainable and economic enterprise risk
management system.
MAIN FOCUS
The main focus area of sustainability risk manage-
ment is the management of environmental, social
and economic impacts in an organisation. Attention
must be given to all three areas. If emphasis is only
on economic performance, risks will arise in the en-
vironmental and social areas and potentially lead to
cost ‘surprises’.
Some examples of sustainability risks from an eco-
nomic perspective could be business interruption,
boycotts or fraud. From an environmental perspec-
tive, examples include global warming, environmental
non-compliance and use or production of hazardous
substances. From a social perspective, litigation from
inequitable treatment of employees, class action from
accusations such as discrimination, or simply a lack of
social investment by organisations, are examples.
IDENTIFYING OPPORTUNITIES
Accompanying the potential downside risks or nega-
tive impacts, sustainability is an important source of
opportunity, or upside risk for businesses. Opportu-
nities may include cost savings through innovative
efficiencies in business, environmental conservation
and social upliftment, which will all contributes to
brand promotion.
directors make decisions DIAGRAM 1
and businesses operate towards the management Specialised risk
of sustainability. management
While some companies develop sustainability risk disciplines
management for ethical reasons, most do so for busi-
ness reasons as risk costs are reduced, competitive po-
sitions strengthened, reputations promoted and bot-
tom lines improved.
THE PROCESS OF INTEGRATING SUSTAINABILITY INTO OTHER RM
DISCIPLINES
• Integrating sustainability into the organisation’s strategy and risk management policy.
• Obtaining the commitment of the board and appointing the CEO accountable and making
members of staff responsible for the execution of sustainability risk management.
• Integrating data from various sources to determine the maturity of environmental, social
and economic sustainability management and setting targets such as carbon footprint
reduction, increase in CSR spend or commitment to sustainability reporting.
• Identifying sustainability risks enabling management and anticipation through
implementing appropriate risk mitigation and financing strategies.
• Developing plans for reducing environmental exposures or impacts, anticipating
competitor actions, and implementing social and environmentally driven strategies.
• Sustainability scorecards, such as the JSE’s SRI Index may be implemented for
measuring the performance of the three pillars of sustainability management.
BENEFITS OF THE SUCCESSFUL IMPLEMENTATION OF SUSTAINABLE RM
• Board/senior management are able to make more informed, sustainable strategic decisions.
• Board/senior management confidence that reputation risks are properly managed and the
brand is protected.
• Enhanced ability to recruit, develop and retain staff.
• Improved innovation, competitive advantage and market positioning.
• Enhanced operational efficiencies and cost savings.
• Improved ability to attract and build effective and efficient supply chain relationships.
• Enhanced ability to address change and respond appropriately.
• Meeting regulatory and good governance requirements.

27
 RISK MANAGEMENT ENTERPRISE RISK May 10
ENTE

IT RISKS

Information security
not just a technology issue
Safeguarding client information means developing a security-conscious
corporate culture.

When it comes to protecting FEATURES OF A WELL-DEFINED a fine line between maintaining security
client information, ignorance is risk - a risk CORPORATE SECURITY POLICY and compromising accessibility or usability,
that compromises not only your organisa- • Avoid vague references by closely examining which ultimately impacts productivity.
tion’s bottom line, but also its credibility and evaluating how employees use and And while there is a solution to every IT
and reputation. interact with information. risk, it is almost impossible - from a cost per-
One of the most significant problems is the • Draft an unambiguous policy, using specific spective - for an organisation to implement
vagueness that seems to envelop the whole terms and references relevant to employees. every single security measure possible.
information security issue in organisations. • Properly communicate the security policy For these reasons, organisations need to
to staff and enforce it consistently to keep
“Corporate security policies create vulner- start by evaluating their security needs ac-
security top-of-mind.
abilities through the many ‘grey areas’ and cording to an appropriate risk model. This
• Create a security-conscious corporate
blurry lines that characterise their composi- culture through regular ‘security-awareness will assist to establish the budget, the major
tion,” says Simon Webster, technical consult- campaigns’ and constant reminders in
ant at The Webcom Group. “And this prob- different formats and via different platforms.
lem extends to guidelines for compliance • Ward off sabotage through a strong
with several international regulations.” relationship between HR and IT, to ensure
early signs of dissatisfaction and unusual
RISKS POSED BY EMPLOYEES behaviour are picked up.
Another risk faced by organisations stor- Notes Webster: “The possibilities for em-
ing sensitive client information is its em- ployees to sabotage an organisation are
ployees. This could be due to ignorance or numerous - from stealing sensitive client
disregard of the security policy on the part information to introducing malicious files
of the user or due to employees
sabotaging their company by sell- “I T IS VITAL THAT THE SECURITY SYSTEM IMPLEMENTED
ing/using the information for their IS COMPATIBLE WITH THE CORPORATE SECURITY POLICY ”
own purposes. Effective commu-
nication of the formal corporate JAYEN VYRAVENE, MD OF QUENCY
security policy to employees, can assist to or bringing the whole network down. Par- risks and vulnerabilities; and the balances
resolve part of this challenge, but little can ticularly IT employees can do damage even required between security and accessibility.
be done to prevent employee sabotage. months after they have left the organisation,
easily covering their tracks.” CORPORATE SECURITY POLICY
In addition, the rise of the mobile “It is vital that the security system implement-
workforce introduces corporate data to ed is compatible with the corporate security
a whole new landscape of threats, as policy. Organisations first need to develop
does the use of USB sticks which can their own policy, taking into account , for ex-
store an enormous amount of data. ample, their business objectives, with which
they need to comply,” says Jayen Vyravene,
WHAT CAN BE DONE? MD of Quency, a provider of advisory and
Thankfully, security technology advances training services on governance, risk man-
ensure there is a security solution to almost agement, compliance and ethics (GRC).
every security threat. However, there is often
INVESTMENT WORTH MAKING
“THE DEGREE TO WHICH TECHNOLOGY INFLUENCES Although implementing the best
THE BUSINESS WORLD IS NOT MATCHED BY ADEQUATE security policy possible may seem
like a complex, time-consuming
AWARENESS OF THE ACCOMPANYING IT RISKS” exercise; the organisation’s sur-
SIMON WEBSTER, TECHNICAL CONSULTANT AT THE WEBCOM GROUP vival can literally depend on it.

28
 RISK MANAGEMENT ENTERPRISE RISK May 10
ENTE

PROFESSIONAL ACTIVE ESCROW

Safeguarding business continuity

The threat of business discontinuity necessitates the practice of
underwriting technology-dependent risk through an escrow agreement.

IT and software have become MINIMUM REQUIREMENTS FOR on technology, such as third party licenced
the backbone upon which business operates. ACTIVE ESCROW software, important databases industrial de-
Organisations are often entirely dependent • The arrangements must be legally sound. signs, specifications and more, for which the
on software which the company does not • All source code together with all relevant end-user requires comprehensive continuity
own, but is licensed to use by third parties. technical material should be provided and of use warranties, i.e. proper access to the
This dependency on software over which subjected to technical verification by a underlying source code in the event of an
it has limited or no control, exposes a com- qualified, independent and neutral expert emergency,” explains Stekhoven.
third party.
pany to a high level of operational risk. “Through an active escrow agreement, or-
• The source code and relevant material should
ganisations can guarantee business continu-
be frequently updated as part of a robust and
LEGAL AND COMPLIANCE ISSUE consistent administrative process. ity for their mission critical business proc-
The imminent new Companies Act 2008 and esses and functions if their software supplier
King III place increased accountability on vendor business conditions. Similarly, King is no longer available or does not honour
the board and its executive management to III expects the board of directors of all com- predefined commitments such as warranty,
manage all the company’s risks. panies to take a robust approach to risk support and maintenance conditions.”
“Neglecting the management of the risk management, particularly IT-related risks,” The guidelines in ISO9001 confirm source
of a third party software supplier no longer notes Booysen. code escrow as a process whereby access to
supplying services on which the company maintainable information systems can be
has a critical dependency, can attract per- UNDERSTANDING THE IMPLICATIONS guaranteed, irrespective of:
sonal liability for companies and their of- “At the outset, reliance on third parties • the stability of the commercial status of
ficers,” says Terry Booysen, CEO of CGF Re- for mission critical software may not ap- the software supplier
search Institute. pear problematic, but companies must • whether certain predefined commitments
Most corporate governance protocols, consider that such software is often sub- such as warranty, support and mainte-
guidelines and imperatives hold directors ject to maintenance agreements and ongo- nance are not honoured.
personally accountable for the organisa- ing support by the software supplier,” says
tion’s assets and reputation, including the Andrew Stekhoven, managing director of ACTIVE VS. PASSIVE ESCROW
assurance that systems and technology are Escrow Europe. The use of active escrow is well entrenched
adequate. “This means that any unforeseen devel-
in Europe and the United States. Profession-
“In the US for example, Sarbanes-Oxley opments within your software supplier’s
al active escrow is a highly effective, low-
calls for an operational system of internal business – such as insolvency, a change of
cost measure to mitigate against technology
controls over financial information encom- ownership or a new strategic priority - could
and its software-related risks when it is in
passing contracts for mission-critical soft- lead to a discontinuation of the support and
the control of third parties.
ware and their susceptibility to changes in maintenance of your company’s missionSays Booysen. “Passive escrow is not an
critical software, leaving you stranded with
option for the proper protection of your
extremely serious - possibly catastrophic -
business continuity and does not constitute
impacts on the reputational and financial
professional source code escrow best prac-
health of your company.” tice.”
“From an operational risk perspective, an
SMART, EFFECTIVE SOLUTIONS active escrow arrangement is the only prop-
Technology escrow ensures access to critical er reassurance that the software vital to the
source code should the technology vendor survival of a business will not become ‘or-
no longer maintain the software. phanware’,” comments Stekhoven.
“Active escrow agreements primarily “Unlike passive escrow, where an organisa-
safeguard business-critical processes, func- tion will simply deposit the source code with
tions and/or services that are dependent an escrow agent, active escrow ensures the
source code of the soft-
“THROUGH AN ACTIVE ESCROW AGREEMENT ORGANISATIONS CAN , ware is verified and that
the software and correlat-
GUARANTEE BUSINESS CONTINUITY FOR THEIR MISSION CRITICAL BUSINESS ing technical documenta-
”
PROCESSES AND FUNCTIONS ANDREW STEKHOVEN, MANAGING DIRECTOR, ESCROW EUROPE tion is complete.”

30
 SAS

SAS ranks first

in
Chartis RiskTech100 report
User-driven survey deems SAS the leader in risk management software

S
AS, the leader in
business analytics
software and services,
is No.1 in Chartis
Research’s prestigious
RiskTech100 rankings, an annual
international listing of the top risk
technology vendors.
Although SAS has been a leader in
several categories since the inception
of this report, this is the first year that
SAS has earned top spot, a jump of
six places from 2008.
The RiskTech100 methodology
assessed each vendor’s functionality,
core technology, organisational
strength, customer satisfaction,
market presence and innovation. In
addition to its overall success, the
report placed SAS as the category
winner for banking, Europe (market
presence) and credit risk.
We strive to address all aspects of key risk concerns from credit,
operational and market risk to anti-money laundering, combating
fraud and financial crime.
“SAS’ success in this year’s
RiskTech100 rankings is linked
to particularly high scores in the
functionality and core technology
categories,” said Peyman Mestchian,
Managing Partner at Chartis
Research. “In addition, our end-user
surveys have given SAS a marked
improvement in the customer
satisfaction rating in the last 12
months.”
“This honour is confirmation of our
“We strive to address all aspects
of key risk concerns from credit,
operational and market risk to anti-
money laundering, combating fraud
and financial crime. SAS continued to
make sales across the world in 2009
- such as Allied Bank, Banca delle
Marche, FirstBank and Union Bank -
to name a few.”
The Chartis RiskTech100 report
also contained the key results of
a survey of 824 risk technology
buyers and end-users and reveals
that 57 percent of respondents
believe that their firms’ approach to
enterprise risk management can be
characterised as “a set of tactical/
reactive initiatives addressing specific
gaps” (18 percent), or “a loose
concept that is not fully defined with
partial sponsorship from the board of
directors” (29 percent), or “no current
strategy or plans in place” (9 percent).
On a positive note, 66 percent of
respondents expect to increase their
risk technology expenditure by 10
percent or more in 2010.
SAS risk management software has
garnered many accolades this past
year. SAS placed in the Leaders
quadrant of the Magic Quadrant
for Operational Risk Management
Software for Financial Services by
Gartner, Inc. in September. Also, in
André Zitzke, Head of Risk Practice
SAS South Africa
year, SAS was a leader in Chartis
Research’s Operational Risk
Management Systems 2009 report
in June.
Currently, more than 200 organisations use
SAS for risk management, including: ABN
AMRO (Netherlands), Allied Bank (Pakistan),
AXA Bank (Belgium), Banca delle Marche
(Italy), Banca Intesa (Italy), BB&T (US),
BNL - Gruppo BNP Paribas (Italy), Caisse
Nationale des Caisses d’Epargne (France),
China Merchants Bank (China), CIMB Bank
(Malaysia), Citibank Singapore (Singapore),
EON Bank Group (Malaysia), First Bank of
Nigeria (Nigeria), ING (Netherlands), Kookmin
Bank (Korea), Riyad Bank (Saudi Arabia),
Swedbank (Sweden), Union Bank (US),
Vattenfall (Sweden), Woori Bank (Korea) and
Zagreba ka banka (Croatia).
The full report can be obtained, free of
charge, on www.chartis-research.com.
To learn more about how to meet
the requirements for real-time
decision making, contact SAS on
+27 11 713 3400 (Johannesburg
and Pretoria) or +27 21 912 2420
(Cape Town) or visit our website,
www.sas.com/sa
:(%,1.$'9(57,6,1*

dedication to deliver unsurpassed July 2009, Chartis ranked SAS as a

enterprise risk management to our leader in its Credit Risk Management
customers,” said André Zitzke, Head Systems 2009 report for the third
of Risk Practice at SAS South Africa. straight year and for a fifth straight
 RISK MANAGEMENT ENTERPRISE RISK May 10
VOLATILITY RISKS
Perilous times demand careful
In addition to the internal controls and risks faced in the course of
normal business, the enterprise risk manager has a slew of macro
issues to deal with in these volatile times.
Volatility is perhaps one of the
defining characteristics of business in our times.
In interactions with risk managers, it emerges that
many are well aware of the recent shocks to busi-
ness, in particular the recession, but also many
WHILE THE WORLD CUP BRINGS WITH IT MORE THAN A FEW
RAYS OF HOPE, THERE ARE NEVERTHELESS SERIOUS POTENTIAL
ISSUES LOOMING
other factors such as terrorism, labour activism,
protectionism from certain parts of the world and
economic mismanagement.
Then there is the reality of the impacts of natural
disasters: In a globalised environment, earthquakes,
tsunamis and heavy storms affect even those busi-
nesses which are headquartered thousands of kilo-
metres away from the event – the recent earth-
quake in Chile serves as a ready example.
LOCAL MACRO RISKS ABOUND
Specific to South Africa, risk managers have much
to deal with. While the world cup brings with it
more than a few rays of hope, there are neverthe-
less serious potential issues looming. The econom-
ic slowdown may have spared the country the pain
and ignominy of power outages, but as the economy
proves resilient and delivers the growth which eve-
ry South African wants, electricity supply is again
becoming precarious.
For those who have an income, the reality of pay-
ing more stands in stark contrast to those who don’t;
The latter group is inclined to steal power while
others must pay their escalating bills or face being
cut off.
About the author The introduction of the nationalisation debate
Michael Durek is and friction within the ANC’s tripartite alliance
the CEO of ACE has an impact on business confidence – as does the
Insurance, South
looming succession battle within the ruling party,
Africa. The ACE Group
which has proved damaging in the past.
conducts its business
on a worldwide There are the ongoing social realities of poverty
basis with operating and unemployment, while deteriorating conditions
subsidiaries in more for publically provided healthcare and sanitation
than 50 countries. are fuelling societal divides and driving the threat
32
BY MIKE DUREK, ACE INSURANCE SA
of social unrest; the poor are increasingly agitat-
ing for government to make good on promises.
The enterprise risk manager therefore has a slew
of macro issues to deal with and put on the radar
in addition to the internal controls and risks faced
in the course of normal business.
POSITIVE OUTLOOK
Despite the realities of an undeniably risky en-
vironment, it’s hard not to be positive about the
South African scenario.
The country has a high interest rate, which en-
courages foreign investment, particularly as the
developed world keeps its interest rates at unprec-
edented low levels.
As we pass 100 days to go, the world cup looks set to
be a resounding success. The biggest risk – and one
which cannot be ruled out as we remember Munich
in 1972 – is that something unforeseen happens
which will affect the country’s image. While the
market looks at numbers from a quantitative point
of view, the qualitative view indicates that right
now, the country is enjoying an once-in-a-lifetime
opportunity.
WHAT PERIL FOR INSURERS?
From the perspective of an insurer, while the en-
vironment is potentially volatile, performance has
been consistent since 2008. Insurance companies
typically have two income streams: underwriting,
and investing the underwriting income. The latter
came under severe pressure with the global finan-
cial crisis.
While there was an expectation of dramatic up-
wards pricing changes, this has not come to pass
and the anticipated Q4 2009 financial catastrophe
within insurance never happened. Across the in-
dustry, capital has been protected. Simultaneously,
the investment income, which plays a major part
of any insurance company’s bottom line, is on the
recovery.
APPLIED RISK MANAGEMENT TRIUMPHS
The underlying reality is that good insurance com-
panies accept that underwriting profit is core. If the
 ENTERPRISE RISK May 10 RISK MANAGEMENT

ERM
organisation can’t rely on that, its busi-
ness is in trouble. This has seen a shift
by insurance companies to refocus on
underwriting efficiency, with geographic
and process rationalisation driving some
contraction of the industry. In particu-
lar, companies have closed down smaller
branches and shed some jobs.
What is clear though is that the South
African insurance industry has proven re-
silient as it has adhered to its core busi-
ness. As an industry, it did not branch out
into playing with financial instruments.
Local banks also did not deviate from
their core business and get tempted into
gambling for short-term profit.
The bottom line is that risk management
prevailed, helping the financial services
industry avoid expensive mistakes.
THE SOUTH AFRICAN INSURANCE INDUSTRY HAS we need to make
money’ approach,
PROVEN RESILIENT AS IT HAS ADHERED TO ITS
ignoring what,
CORE BUSINESS to some, was the
inevitable. How-
QUANTIFYING AND MANAGING RISK ever, the crisis has taught some tough
The risk manager faces a tough task, as he lessons, among which is the need
is to play out future scenarios and moni- for more responsible approaches
tor and observe a huge range of variables. to business.
Add to that the fact that risk management
is a relatively new discipline, with its INTO A BRAVE NEW WORLD
genesis in the 1980s. The ‘triple bottom line’ is becoming more
The global financial crisis has also relevant: Sustainability is being intro-
shown that risk managers have lacked the duced as a non-negotiable which has to
clout and authority to take salient action. go hand in hand with profitability. It is
Those who detected the crisis in 2005 a brave new world, by all accounts, and
were unable to get a reaction from deci- one in which the enterprise risk manager
sion makers. Indeed, profit-centre manag- has a stronger voice. And an indispensa-
ers took something of an ‘I hear you, but ble role to play.

TRAIN TODAY.
SMILE TOMORROW.
AstroTech’s training courses are designed to refine
and build your skills today, making you the next
success story of tomorrow.
,I \RX·UH D EXVLQHVV SURIHVVLRQDO \RX·OO XQGHUVWDQG WKH
LPSRUWDQFHRIFRQVWDQWO\UHHYDOXDWLQJ\RXUVHOIZLWKLQ\RXU
FRUSRUDWHHQYLURQPHQW8SVNLOOLQJLVWKHRQO\ZD\WRVWD\
DKHDGRIWKHSDFN$VWUR7HFKRIIHUVDYDULHW\RIKLJKOHYHO
WUDLQLQJFRXUVHVWKDWZLOOJLYH\RXWKHVNLOOVDQGNQRZOHGJH
WRUHDFKIRUWKHVN\DQGDFKLHYH\RXUFDUHHUH[SHFWDWLRQV

HIGHLY SPECIALISED TRAINING COURSES:

• The 3-Day MBA • Management for New
Managers • Labour Relations and Labour Law •
• Project Management for Non-Project Managers
0861 ASTROTECH _ training@astrotech.co.za • Finance for Non-Financial Managers •
w w w. a s t r o t e c h . c o . z a
 RISK MANAGEMENT ENTERPRISE RISK May 10
PRODUCT RECALL
The best of recollection
Thousands of defective motor vehicles are being recalled around the
world. Product recall is not expressly part of the common law nor is it
compulsory under the CPA, but implementing a recall programme can
reduce risks. BY PATRICK BRACHER, DENEYS REITZ
Since Roman times the purchaser of
goods, which are latently (i.e. not patently) defec-
tive, has had well-recognised remedies against the
seller. Unless the contract alters the position, every
10
sale of goods carries with it an implied war-
million vehicles have ranty that there are no latent defects in the
been recalled by goods that would render the goods useless or
Toyota worldwide materially useless for the purpose for which
the goods are sold.
The purchaser is entitled to cancel the sale and
reclaim the purchase price or, for lesser defects,
claim a reduction of the purchase price.
DEFECTIVE VEHICLES
There is nothing new about claims relating to de-
fective vehicles. In 1896, in Wiid v Murison, a wag-
onette had been sold with a latent defect in that the
futchels were broken resulting in the wheel-plate
clipping off the felloe and the wagon jamming on
turning. It was held to be a material defect and
Wiid returned the vehicle and got his money back.
The futchels and felloes may no longer be familiar
to us, but the principles live on.
PROTECTING THE CONSUMER
If defective goods are sold subject to an uncondi-
tional express warranty of quality, the purchaser
is entitled not only to cancel the sale and get the
sale price back but is also entitled to claim conse-
quential damages.
The arrival of the Consumer Protection Act (CPA)
means that sellers will trade in parallel universes.
The Act will have thresholds above which it will
not apply. The thresholds are likely to be similar
to those in the National Credit Act so that the CPA
About the author will not apply to juristic persons such as compa-
Patrick Bracher nies who have an asset value or turnover exceed-
is a director at ing R1 million. Sales to such corporate purchasers
Deneys Reitz. His will continue to be governed by the common law.
expertise includes
But natural persons and small corporations will
highly specialised
knowledge of the have added protection under the CPA.
long-term, short-term Under the act every consumer has a right to de-
and risk aspects of mand safe good quality goods and quality service
insurance law. save in relation to goods bought at an auction. Not
34
unlike the common law, goods must be reasonably
suitable for the purpose for which they are gener-
ally intended, and of good quality, in good work-
ing order and free of any defects. The act enhances
the common law test by requiring the goods to
be usable and durable for a reasonable period of
time having regard to the use to which the goods
would normally be put and the surrounding cir-
cumstances of supply.
The goods must also comply with any applica-
ble standards under the Standards Act. The goods
must also be reasonably suitable for any purpose
for which they were specifically purchased to the
knowledge of the seller. It no longer matters under
the act whether the defect was latent or patent or
could have been detected by the consumer. If the
goods fail to satisfy the requirements and stand-
ard required by the act, a consumer may within
six months after delivery of the goods return the
goods without penalty and at the seller’s risk and
expense.
If the goods are unable to perform in the intended
manner or are unsafe, generally unacceptable or
the goods are less useful, practicable or safe than
reasonably expected, the consumer can require the
seller to repair or replace the goods or ask for a re-
fund of the purchase price. Repaired goods must be
warranted for at least three months and also have
all the common law warranties attached to them.
PROTECTING THE SELLER
The act also preserves the ‘sold as is’ right of the
seller in terms of the so-called voetstoots clause,
which literally means ‘sold with a push of a foot’.
Goods can be sold to a consumer who is expressly
informed that the goods are offered in a specific
condition and the consumer accepts the good as
it. Save for that, implied warranties of quality are
built into the sale transaction.
RIGHT TO RECALL
Neither the common law nor the CPA carries with-
in them a right of the seller to recall of the goods
for repairs. Vehicle warranties commonly contain
 ENTERPRISE RISK May 10 SUBSCRIBE
SA SADC Int.
Rand US$ US$

325 80 100

Subscriber contact details

Surname:
provisions according to which the manufacturer or seller are
entitled to repair or replace any defective parts in the vehicle Name:
sold. These express and limited warranties will continue to be
Designation:
binding on purchasers who are not subject to the CPA. Con-
sumers who are subject to the act may exercise those rights but Company:
can also pursue the remedies described above.
The National Consumer Commission must promote industry- Type of business:
wide codes of practice providing for effective and efficient
Address:
systems to receive and monitor consumer complaints and in-
formation regarding defects and to notify consumers of risks Code:

UNLESS THE CONTRACT ALTERS THE POSITION, Tel: Fax:

EVERY SALE OF GOODS CARRIES WITH IT AN Cell:
IMPLIED WARRANTY E-mail:
pertaining to any goods. Subscriber VAT Reg. No:
If the goods are unsafe – goods which present an extreme risk
of personal injury or property damage – the code must make
provision for a recall of those goods for repair, replacement Payment options
or refund. If the commission itself has reasonable grounds to
believe that any goods may be unsafe T Cheque enclosed
MANUFACTURERS or that there is a potential risk to the Payable to 3S MEDIA (Pty) Ltd
RECALLING public from continued use of or expo-
• All rates include postage and VAT within South Africa. Foreign subscriptions include airmail rates.

sure to the goods, and the producer or

VEHICLES IN 2010
General Motors
importer has not taken recall steps it- T Direct transfer: Bank details
self, the commission may conduct an Nedbank
Honda Branch code: 128405
Hyundai investigation and force the producer to
Acc. number: 1284129934
Nissan carry out a recall programme.
Acc. type: current
Peugeot Citroën
BENEFITS OF A RECALL PROGRAMME Acc. name: 3S MEDIA
Toyota
The producer, importer or seller of T Please invoice me
goods which are found to be defective, particularly goods
which are unsafe or hazardous, will always gain by instituting
a recall programme. T Credit card T Mastercard T Visa
First of all, recall and repair may discourage consumers or
other purchasers from exercising their more powerful rights Expiry date: /
under the common law or the act. Secondly, producers, im-
porters, distributors and retailers of goods are liable for any Credit Card Number
harm caused by unsafe, failed, defective or hazardous goods
or goods carrying inadequate warnings without any proof of
negligence on their part.
Because there is now no-fault liability, it is obviously in the Last 3 digits on back of card:
interests of the responsible parties to avoid the risk of death,
injury, illness or physical damage to people who use or are
exposed to the goods. In any event, their insurers will expect Signature:
them to take reasonable steps to avoid losses.
Product recall is therefore not expressly part of the common
law nor is it compulsory under the CPA until industry codes Date: / /
are introduced. Besides the reputational issues, any produc-
Fax or e-mail proof of payment to activate your subscription.
er, importer, distributor or retailer would be well-advised to
Your magazine will be mailed to you.
implement a recall programme rather than risking worse
consequences.
SUBSCRIPTION SALES Cindy Cloete
35 on tel+27 (0)11 233 2600 • fax +27 (0)11 234 7274/5
cindy@3smedia.co.za MEDIA
 CORPORATE GOVERNANCE ENTERPRISE RISK May 10

RM RESPONSIBILITIES

The role of the Company Secretary

The company secretary has a pivotal role to play in the provision of
appropriate guidance and advice to the board regarding its duties and
responsibilities pertaining to RM. BY JOEL WOLPERT, CHARTERED SECRETARIES SOUTHERN AFRICA

Risk management has BUSINESS PHILOSOPHY OF RISK MANAGEMENT

always been regarded as an inherent or From a corporate governance perspective, risk management involves reconciling the
integral feature of sound business man- conflicting aspects of Conformance (control threat/hazard downside) with Performance (return
agement – the received wisdom is that opportunity/downside).
the CEO of any business is the ultimate • Investment and return: All investment opportunities present uncertainty; embracing and
mastering risk is critical to managing investment and return.
chief risk officer! As a feature of corpo-
• Opportunity and reward: Risk is the partner of reward; managers must understand the risks
rate governance, risk management really
and be empowered and enabled to manage them.
came of age in South Africa when it was • Competitive advantage and growth: Business risk management must eschew a
allocated a separate chapter in the King philosophy of avoiding risks and hedging bets; dynamic and powerful economic forces
II report. present opportunities.
In financial institutions risk manage-
ment is effectively a line function as risk business. In terms of institutional cred- experienced company secretary”.
is a cost of doing business. In non-finan- ibility, governance of risk is covered by In addition, paragraph 101 of King III
cial business enter- emphasises: “The individual directors
prises, risk manage- and the board collectively, should look
ment is regarded as
C URRENT GOVERNANCE BEST PRACTICE RECOGNISES THE
to the company secretary for guidance on
“ ”
a “staff function”, GOVERNANCE ROLE OF THE COMPANY SECRETARY their responsibilities and duties and how
normally reporting such responsibilities and duties should be
to the CFO. Chapter 4 of the King III report. The 10 properly discharged in the best interests
key principles outlined have colloquially of the company."
CRITICAL SUCCESS FACTOR been referred to as the “Ten Command- Paragraph 102 states that “The company
The major financial upheavals follow- ments of risk management”. secretary should provide a central source
ing the Enron crisis in the USA and more of guidance and advice to the board, and
recently the 2008/9 downturn/recession COMPANY SECRETARY’S ROLE within the company, on matters of good
following the banking crisis in the USA, Current governance best practice recog- governance and of changes in legisla-
UK and Europe, have catapulted risk nises the “governance” role of the com- tion.”
management into a prominent manage- pany secretary. Principle 2.21 of King It follows from the above that the board
ment “soundbite”, and it is now a criti- III states: “The board should be assisted and senior management would look to
cal success factor in the survival of any by a competent, suitably qualified and the company secretary to assist them in
the exercise of their risk management
KEY PRINCIPLES IN CHAPTER 4 OF KING III responsibilities. The company secretary
4.1 The board should be responsible for the governance of risk. needs to be equipped with the neces-
4.2 The board should determine the levels of risk tolerance. sary expertise in order to become the risk
4.3 The risk committee or audit committee should assist the board in carrying out its management “knowledge manager” in the
risk responsibilities. organisation.
4.4 The board should delegate to management the responsibility to design implement and
monitor the risk management plan. RM AND THE FINANCIAL CRISIS
4.5 The board should ensure that risk assessments are performed on a continual basis. The 2008/9 financial crisis highlighted
4.6 The board should ensure that frameworks and methodologies are implemented to increase
the importance of risk management, par-
the probability of anticipating unpredictable risks.
ticularly in financial institutions/banks.
4.7 The board should ensure that management considers and implements appropriate risk
responses. Poor risk management has been identi-
4.8 The board should ensure continual risk monitoring by management. fied in every report regarding the finan-
4.9 The board should receive assurance regarding the effectiveness of the risk management cial crisis.
process. The board must accept responsibility for
4.10 The board should ensure that there are processes in place enabling complete, timely, the risk management function. Risk man-
accurate and accessible risk disclosure to stakeholders. agement must be enterprise based and not

36

only activity based. Boards may have approved a
strategy but did not establish suitable metrics to
monitor its implementation (KPIs). Disclosure re-
garding foreseeable risk was inadequate and there
was a failure to implement stress testing and sce-
nario analysis.
The risk management expertise of the board must
be evaluated and monitored. Boards need to be ed-
ucated on risk issues and to be given the means to
understand risk appetite and the firm’s perform-
ance against it. The risk or audit committee must
be staffed with members with technical financial
sophistication in risk disciplines or with solid
business experience giving clear perspectives on
risk issues.
RM FUNCTION: PRACTICAL ASPECTS
Risks can be grouped in a number of ways:
• Risks that are applicable to all types of business
• Risks that arise from the strategies adopted by
the board /management of a specific company
• Risk areas that are industry specific.
RISKS APPLICABLE TO ALL BUSINESSES
• Changing political and competitive environment
• Compliance with laws and regulations
• Reliability and timeliness of financial and other
management information
• Safeguarding assets and information systems;
• An appropriate corporate culture, business ethos
and people integrity
• Effective investment in technology
• Fraud
• Sustainability and governance imperatives.
RISKS RELATED TO COMPANY STRATEGY
• Expansion by acquisition
• Investing in emerging markets
• Outsourcing
• New technology
• New products and services, and changes in busi-
ness model
• Raising capital
• Organisational change
• Supply chain changes
• Major capital investment products.
INDUSTRY SPECIFIC RISK AREAS
• Airlines: terrorism, fuel price, passenger safety
• Automobiles: product reliability and safety
• Banking: credit /derivative products
• Mining: environmental issues
• Gaming: licence conditions
37
ENTERPRISE RISK May 10 CORPORATE GOVERNANCE
ELEMENTS OF A RISK MANAGEMENT FRAMEWORK
1. Policy: approach, attitude, appetite.
2. Resourcing: identification of resources required to implement, monitor and co-
ordinate the risk management process as well as reporting.
3. Implementation: formalisation of processes involved in identification and definition
of risk, likelihood and impact assessment and response processes.
4. Review and reporting: form and frequency of reporting.
BOARD’S MAJOR RISK MANAGEMENT FUNCTIONS
• Approve the firm’s risk appetite as a component of its strategy. This requires
the alignment of strategy, risks and financial objectives. Further, the interaction
between risk and revenue drivers must be tested.
• Understand and challenge the breadth of risks faced by the company. This requires
knowledge, communication and training.
• Ensure robust oversight of risk at board level. This includes managing the skill,
competence and experience of NEDs as well as allocating sufficient time to co-
ordinated risk oversight.
• Promote a risk-focused culture and open communication across the firm by setting
the tone at the top and interacting with external risk professionals.
• Assign clear lines of accountability and enable an effective risk management
infrastructure. This requires a formal risk governance policy approval, clear
approvals frameworks as well as the integration of risk insights and intelligence
into other functions’ planning processes. The reference in King III to risk-based
internal audit is an example of this.
RISK MANAGEMENT PROCESS
1. Identifying and assessing key risks.
2. Designing and implementing processes to manage those risks and maintain them at
a level acceptable to the board.
TECHNIQUES TO MANAGE RISKS
1. Risk transfer (hedging/insurance)
2. Internal control (including internal audit)
3. Outright avoidance (non-engagement in relevant
activity)
4. Accepted knowingly and objectively subject to
business policy/criteria on risk tolerance.
• Pharmaceutical/healthcare: product safety,
medical insurance industry; and
• Retailing: consumer activism.
UNDERSTANDING THE ROLES
The board of a company is responsible for the About the author
management of risk. The board must have a clear Joel Wolpert (CA
understanding of the risks facing the company; it (SA) FCMA FCIS) is
must ensure that the organisation has effective risk a technical adviser to
management and control processes; and it must be Chartered Secretaries
provided with assurance that the processes and key Southern Africa and
risks are being effectively managed. his career spans over
40 years in senior
The company secretary has a pivotal role to play
financial positions. He
in the provision of appropriate guidance/advice to has been a keynote
the board regarding its duties and responsibilities speaker at Corporate
pertaining to risk management. Governance seminars.
 MARKET NEWS
Momentum and
Metropolitan merge
Momentum and Metropolitan will
merge to create a major new
South African insurance group.
The merger creates a powerful
new player in the South African
financial services industry,
bringing together two businesses
that have created very successful
franchises in different but
complementary markets.
SAIA and FIA
Insurance Data
Exchange
SAIA and FIA have embarked
on a joint industry initiative to
enable safe and secure exchange
of standardised data between
brokers and the final underwriter
of the risk. The initiative aims
to create one single source of
integration or communication,
requiring all brokers and insurers
to conform only once to a single
standard. An Insurance Data
Exchange (IDE) steering committee
was formed in 2009 and endorsed
the formation of a South African
ACORD standard.
Many insurers and intermediary
groups have already joined the
South African ACORD standards
organisation. A workshop to share
information and additional detail
will be held in the second quarter
2010.
Anglo Platinum
selects JMP tool
for laboratory data
analysis
The Anglo Platinum Group
recently turned to Octoplus and
the SAS JMP data visualisation
tool for its data analysis, data
representation, reporting and
auditing requirements, and to a
large extent automate a laborious
process. Used by scientists
and engineers, JMP is a data
visualisation and statistical
discovery software that combines
the use of graphical capabilities,
the ability to manage virtually
unlimited volumes of data and
seamless integration with SAS
Analytics tools.
ENTERPRISE RISK May 10
movers & shakers
Yegs Ramiah has been
appointed as executive head:
People and Brand at Santam.
Quinten Matthew has been
appointed as executive head:
Specialist Business.
Sanlam Life Insurance has
appointed Sagie Nadasen as
its chief legal advisor.
Escrow Europe
Achieves ISO
9001:2008
Escrow Europe, the leading provider
of escrow services in South Africa,
has achieved the ISO 9001:2008
quality certification standard. As
the only BEE-certified provider of
active software escrow, Escrow
Europe primarily guards business-
critical intellectual property such as
software source code.
38
Zurich South Africa has
appointed Sharon Hough
as its new chief marketing
officer.
The Actuarial Society of South
Africa has appointed Emil
Boeke as its first ever CEO.
Accenture and SAS
expand strategic
relationship
Accenture and SAS, in forming the
Accenture SAS Analytics Group,
plan to develop, implement and
manage next-generation industry-
specific predictive analytics
solutions, starting with the financial
services, healthcare and public
service sectors; as well as cross-
industry solutions in the customer
and enterprise management
domains. They also plan to begin
delivering sophisticated analytical
capabilities as a managed service.
ContinuitySA
not affected by
liquidation
Dialogue Group Holdings, which
holds 51% of the shares in
ContinuitySA, decided earlier
this year to liquidate one of its
subsidiaries, Dialogue SA. Dialogue
Group will continue operations
as normal, as will its other
subsidiaries. It has not affected
ContinuitySA's operations.
Accessible risk
management
training
A cooperative agreement between
the Open Learning Group (OLG) and
Expectra ensures the Expectra Risk
Academy will soon offer a variety
of training programmes in the field
of risk management. Programmes
which will be offered on a national
basis include Safety Health and
Environment (SHE representative
course); Hazard Identification, Risk
Assessment and Control; Legal
Liability; Incident Analysis HBTA
(hazard barrier target analysis);
Supervisor Safety Training; Train-the-
trainer and the SAMTECH course.
Powerful GRC
software solution
LexisNexis South Africa, in
exclusive partnership with
governance, risk and compliance
(GRC) software provider Cura
Software Solutions, now offers a
new compliance solution called
CuraComply. This solution will
provide companies with easy-to-
understand electronic checklists
of more than one hundred acts,
as well as regulations, enabling
compliance officers to manage
areas of non-compliance.
Recognising the
unsung heroes
CGF Research Institute has been
appointed nominating partner for
AllWorld Network: South Africa Fast
Growth 100 (SAFG100), a national
programme recently introduced
to promote and recognise
entrepreneurship in South Africa.
SAS Global Forum
The SAS Global Forum, the
premier event for SAS and
business analytics professionals
worldwide, was hosted in Seattle
in April, featuring more than 400
presentations, workshops and
seminars. Visit www.sas.com for
more information.

ASH CLOUD
BI insurance
implications
According to Aon Global Risk
Consulting business interruption
(BI) insurance policies will
most likely not be responding
to the disruption to airspace
Priceless: The
Myth of Fair Value
(and How to Take
Advantage of It)
William Poundstone
Why do text messages cost
money, while e-mails are free?
In Priceless, bestselling author
William Poundstone reveals the
hidden psychology of value.
Rooted in the emerging field of
behavioural decision theory, this
book should prove indispensible
to anyone who negotiates.
ENTERPRISE RISK May 10
caused by the volcanic ash. BI
policies will only kick in if there
is physical damage. Aon Global
Risk Consulting CEO Stephen
Cross commented that while it
is not possible to plan for every
eventuality, especially such
Retailers are advised on how to
convince customers to pay more
for less, and negotiation coaches
offer similar advice for business
people cutting deals.
Rice Bible
With more than 2000 listed
varieties, rice is a staple food
for more than half the world’s
population. It is easy to cook
and incredibly versatile. This
collection brings together Indian
rice dishes and Continental
favourites – biryani, khichdi,
risotto, paella and dolmades.
Sushi and Thai spicy soups add
to the assortment of snacks and
39
rare occurrences as a volcanic
eruption, the event highlighted
the importance of monitoring the
business continuity measures
implemented by suppliers
of critical inputs and having
contingency plans around
alternative suppliers.
Cover for stranded
travellers
While no business interruption
claims related to the ash cloud
disruption had been reported
at the time of writing, travel
insurance policies around
the globe have responded to
insured travellers’ distress.
Locally, insurance company
Chartis South Africa announced
that due to the exceptional
travel disruptions caused by
the volcanic ash over Europe,
MUST-READ BOOKS
complete one-dish meals on
offer. Rice Bible includes more
than 120 recipes, from savoury
mains to sweet and fragrant
desserts. There is even a guide
to choosing and preparing the
various grains available.
Blood Vines
Erica Spindler
Thirty-something Alex Owens
knows very little about her
childhood or who she really is.
But when an infant’s remains
are unearthed in her hometown
EXECUTIVE PAGES
it would automatically extend
travellers’ policies to cover extra
travel time associated with flight
delays. Policyholders could
also change the travel dates on
existing policies if they were yet
to travel, or could cancel their
policy with a full refund of their
premium if they cancelled their
trip altogether.
Valuable
insights into
the ash cloud
disruption
Don’t miss the June edition of
Enterprise Risk in which we will
feature an in-depth case study
highlighting the business,
risk management and
insurance implications of the
ash cloud disruption.
in back-country California, Alex
suddenly realises that she has a
connection to the case. As more
violent deaths and a series of
deadly rituals shock the small
town, Alex is finally forced to
confront the terrible truth about
a single night that changed her
family’s life forever.
SUBSCRIBER
GIVE-AWAY!
One lucky Enterprise Risk
subscriber will be treated to a
hamper containing a selection
of books from Pan Macmillan
South Africa. If you are already
a subscriber to Enterprise
Risk, watch this space and
your post box! If you have not
yet subscribed to Enterprise
Risk, turn to page 35 for the
subscription form.

GOOD GOLFING
Fairway bunker shots
Discover the correct technique for fairway bunker
shots. BY MARTIN WHITCHER
CANCELLATION,
ABANDONMENT
OR POSTPONEMENT
OF EVENTS
A conference to organise,
a major arts festival or an
open air concert ...
KEU provides a niche
product that will suite
your needs for almost any
type of event.
The first rule
We have a tailor made of thumb when playing a
solution for your event fairway bunker shot is to
organiser or sponsor in take a club with enough loft
to get over the lip in front of
respect of cancellation of you. If the lip is severe, you
events or events liability. may not be able to reach the
green, but at least you’ll be
Cancellation cover can playing the next shot from
the fairway, and not from the
include perils such as same bunker.
non-appearance, national If the bunker is flat and the
mourning, adverse weather lip is not a problem, take a
conditions and more... club or two longer than the
distance. In the set-up, take
a slightly wider than usual
stance, shuffling your feet
“Why take the risk when into the sand for stability. Grip
KEU can cover it all”? the golf club a little shorter
to increase control and to
counteract the effect of your
Tell 0861 00 0090 Fax 0861 00 0030
feet being sunken into the
Website www.keu.co.za Contact Denise Hattingh
e-mail denise@keu.co.za
info@keu.co.za
Alexander Forbes 17
Astotech 33
CGF OBC
Charted Secretaries SA 21
Chartis Insurance 41
An Authorised Financial Services Provider FSP5076
ENTERPRISE RISK May 10
sand. This is the one reason before you execute the shot
why you should use a club or and to maintain this position
two longer than the throughout the swing. This will
actual distance. also encourage clean contact.
Place the ball position Now execute a fully committed
forward, just inside the left golf swing and nip the ball out
foot. If you place the ball back of the fairway bunker.
in your stance, you’ll tend to
hit with a descending blow
GRIP THE GOLF CLUB A LITTLE SHORTER TO
INCREASE CONTROL
and the ball will come out too
low. With the ball forward in
the stance, you’ll have a better
chance of picking the ball up
clean or sweeping the ball off
the sand, which is what you
want to do.
The golden rule is to raise
your chin up a fraction just
INDEX TO ADVERTISERS
CQS IFC Marsh SA 23
Cura Software 1
Sapics 2
IBR Fire 25
SAS 31
KEU underwriters 40
Lombard Insurance 9 - 11 Terrapin 29
40