Category Risk Management

Building resilience is key to managing risk in 2017 and beyond

12 January 2017 Michael Davies, ContinuitySA
Michael Davies, CEO of ContinuitySA.

Michael Davies, CEO of ContinuitySA.

The outcomes-based approach of King IVTM is a timely invitation for corporate South Africa to get better at managing risk in a world that is getting more risky by the day, says Michael Davies, CEO of ContinuitySA. Davies argues that King IVTM is directing organisations to see risk holistically, and ultimately to build resilience.

“Principle 11 of King IVTM speaks to governing risk in a way that helps an organisation to set and achieve its strategic objectives. This is a call to change the way organisations see risk, with many implications. To my mind, one of the most critical mindset changes will be to move from a focus on identifying risks—though that remains important—to building resilience,” Davies says.

At the end of every year, the ContinuitySA team attempts to identify what will define the risk landscape for the coming year. Meeting in November 2016, the team agreed that the main point to make was that risk and its effects were becoming increasingly unpredictable. Factors driving this unpredictability include unprecedented geo-political uncertainty coupled with an increasingly integrated world, in which the interconnectedness of digital markets and supply chains is now mirrored by large-scale human migrations that effectively globalise risk.

“Identifying and preparing for specific risks is becoming less useful because risks are less discrete than they used to be,” Davies observes. “Obviously, while one wants to know what is likely to happen, one needs to be aware that when a risk materialises, its effects are likely to be both widespread and hard to predict, especially as supply chains integrate still more closely. One might almost say that a risk is a trigger for negative business outcomes.”

The only solution, Davies argues, is for governing bodies to consider risk from multiple angles, and to devote time to making their organisations more resilient; that is, more able to recover from any negative event.

Within this context, ContinuitySA believes that the following areas warrant special consideration as organisations plan for resilience in 2017:

• Clarify your approach to cyber risk, including mobility and the Internet of Things. The growing importance of data as a source of competitive advantage and source of value is attracting the interest of regulators—and criminal syndicates. The risk is exponentially enhanced by the mobile revolution, which is seeing corporate networks become boundaryless. “There are more mobile connections than there are people in South Africa, and malware and phishing scams are now prevalent in the mobile world, creating a significant threat for all organisations on all sorts of levels,” says Davies.
Similarly, the growth of the Internet of Things is seeing manufacturing and other non-IT devices connected to networks, often creating new vulnerabilities.
• Consider the impact of civil unrest. ContinuitySA’s own client statistics show that since 2014, the number of invocations triggered by civil unrest has risen dramatically, and in fact constituted the largest category during 2016. Service delivery protests have now been joined by persistent student protests, with wide-scale damage and disruption reported. Even more worrying, students show no discrimination when it comes to making their point violently, so any business or person in their path could be affected.
• Do not lose sight of utilities. Power outages have decreased and organisations have become more resilient by installing generators, but it is likely that any uptick in economic growth will once again place the power grid under strain. The drought and forecast water shedding (throttling back on municipal water supplies) means that providing for temporary water loss remains a smart move.
• Make sure you have a crisis management plan and capability, including crisis communications. Samsung’s travails over batteries, which have forced the recall of its latest flagship handset, illustrate how a supply chain issue can affect the entire business—the batteries are manufactured by a third party. Such incidents also show how important it is to have a proper response plan in place to limit the damage. Once a crisis has struck, how an organisation handles it can affect its ability to recover.

In conclusion, says Davies, global research into the state of enterprise resilience[1] reveals that effective leadership is the highest priority when it comes to implementing resilience principles, but over one-third (37 percent) lack the right skills or talent to drive resilience—a dramatic 17 percent rise from 2015.

“Data like this supports the view that the case for working with a specialist resilience partner has never been stronger. The ability to recover from an unexpected disaster has become a critical driver of sustainability,” he concludes.

** King IV and the King IV Report on Corporate Governance are trademarks of the Institute of Directors in Southern Africa NPC. King IVTM was launched on 1 November 2016.

Quick Polls


ASISA’s lobbying of the SARB to suspend Circular 15, which contained significant changes to foreign exchange controls. What is your take on this accusation?


[a] ASISA was right to seek clarity on Circular 15
[b] Large asset managers are conflicted & will suffer financially if Circular 15 stands
[c] Savers get enough exposure to offshore assets under existing Reg 28
[d] Who cares?
fanews magazine
FAnews November 2020 Get the latest issue of FAnews

This month's headlines

Customer experience in the ‘now’ generation
Is our industry a tainted industry?
How to keep brokers out of the firing line
Getting to grips with contractual versus delictual liability
International trusts and tax consequences
The COVID-19 pandemic and medical schemes
Subscribe now