The latest listed entity to meet the wrath of investors is Tongaat Hulett, who indicated earlier that it may have to restate its 2018 financial statements following a comprehensive review of “certain past practices”.
The share price has been bludgeoned and billions of rands have been wiped off its market value. Other big players such as Steinhoff, KPMG, Enterprise and Volkswagen have also felt the pain when they misled customers and investors.
South African companies have no shortage of guidance on best practices in risk management and auditing with a myriad of ethics and good corporate governance codes.
It is then no surprise that the market punishes those who do not live up to their “commitment” to integrity, competence, responsibility, accountability, fairness and transparency.
The ripples of brand and reputation damage go beyond the firm and its auditors.
Investors and their investment decisions are based on, amongst other things, audited financial statements that are supposed to give assurance of the integrity and credibility of companies’ financial performance.
What happened at Steinhoff, Enterprise and Tongaat Hulett, significantly impacts investment choices and returns where hard earned income of people saving for their pensions are now lost or at least significantly reduced, says Christopher Palm, Chief Risk Advisor of the Institute of Risk Management South Africa (IRMSA).
Pointing fingers – in the wrong direction
Ironically enough the 2019 IRMSA risk report shows that companies consider governance failure in the public sector – not amongst themselves – to be one of their biggest risk.
The loss of reputation and severe brand damage is number 17 out of the top 20 South African Industry risks highlighted in the 2019 IRMSA Risk Report.
However, Palm says recent corporate failures place the effectiveness of risk management once again under the spotlight.
“I think there is a lot to be said for organisation’s risk profiles not receiving enough thought in the organisation.” This goes for the board, the audit and risk committees and management.
Effective defences
Effective governance has three lines of defence; strong leadership, effective safeguarding functions like risk management, governance and compliance combined with assurance from a strong internal and strong independent external audit functions.
When a company has all of these defences in place, but does not consider its effectiveness and the way it is integrated into better decision-making it is purely for compl,iance purposes, he says.
Risk management is all about highlighting risks and opportunities to allow boards and the leadership of an organisation to make the best possible decisions, says Palm.
A company must consider the following when the board and the executive leadership debate the organisation’s risk profile:
• Risk appetite when setting strategy and when making decisions
• Consequences of the decisions they take on stakeholders, both internal and external
• Sustainability of the targets set (short vs. long term) because what gets measured gets done.
• Brand and reputation;
• Corporate governance; and corporate culture
• The effectiveness and maturity of the risk management programme.
Companies are still focused mainly on profits and losses. They measure changes in the share price, or the return on investments and profits against performance.
If you measure only financial performance, this is what drives the behaviour in the company. “Companies are not forward-looking enough.
The changing environment
Palm warns that consumers and investors, especially younger generations, are already considering companies differently.
The Youth is not only looking at profits and returns on shareholder money but increasingly demanding leadership with integrity, good corporate citizenship, necessary social investments and a responsible return on investment – all of this, made possible in a way that respects the environment.
They consider at which cost it was achieved, and who is really benefitting from their actions, says Palm.