Risking a Good Name
November 26, 2013
Jenny Reid, managing director of iFacts looks at how unmanaged people and security risk can undermine corporate governance through corruption, collusion and crime.
“Sound corporate governance and a sustainable, ethical business culture should always include removing people risks and implementing a strategic safety and security programme,” says Jenny Reid, Managing Director of iFacts. “We can’t ignore the rise in crime and corruption in South Africa or the loss of ethical principles,” she believes. “While executives set the most important moral character in this regard, the company’s risk and governance process must also play a significant part.”
In early November 2013, the Institute of Internal Auditors South Africa (IIA-SA) released the Corporate Governance and Risk Management Index. This is intended to deliver a baseline for the measurement of performance in these areas. According to IIA-SA, it aims to give a viewpoint on South Africa’s performance in applying good governance principles.
However its first-ever report shows that SA companies are lacking in this area, with only 41% of auditors confident that corporate risk is properly managed. “When profits must be kept high, shareholders happy and staff satisfied, it is easy for ethics to go out the window,” says Reid. “Even when companies do strive to uphold strong internal values, they skimp on proper due diligence, screening and background checks, or vendor verification to reduce costs.”
The increase in fraud in the procurement process is a good example, she says. “The rise of corruption and collusion among entrepreneurs, means independent verification and tracking makes sense in maintaining a clean corporate slate,” she says. “Companies should also look at similar checks into employees, investors, and partners.”
Starting at the top
Risk management must be a strategy that is applied throughout a company. “It should be effective enough to spot potential risks or uncover existing corruption or collusion, which may include independent security and safety investigations to discover the company’s risk tolerance and culture,” Reid adds. “The risk environment is always changing, so the identification process must be on-going. Instilling a culture of ethics should be part of all training initiatives.”
In SA, larger companies are guided by the King Report on Corporate Governance, a groundbreaking of code of control and authority brought in after democracy. “It’s important to remember that King III is not enforced by legislation,” she says. “While many principles of its predecessor are entrenched in the Companies Act and other legislation, it often seems to be overlooked as companies pursue profit or are undermined by criminal elements within the organisation.”
Reid firmly believes that self-regulation is the way of survival. “Managing risks through a risk management programme ensures consistency in awareness of risks within a company,” she says. “The more reports and risk data collected, the better the analysis of risk factors.”
In fact, Reid stresses, the more efficient and cohesive people risk management— as well as other security features become— the easier it becomes to adhere to compliance, regulatory standards and the auditing process promoted by the IIA-SA.
Companies must consider the nature and extent of risk in their organisation, continually identifying, evaluating and managing risk. “Companies must pay more attention to sound corporate governance in order to ensure long-term sustainability,” Reid says. “Beyond profit, they make ask if they can survive a significant breach in security and damage to their reputation,” she concluded.