Combined Assurance

There should be a strong alignment in the relationship between these assurance functions with clear rules of engagement and a combined effort to ensure that management and the Board receive one version of the truth when it comes to risk assurance.


Current Business Trends

Pandemics, climate change, political uncertainty, and trade wars are just some of the risks that have raised the intensity and range of potential disruptions that companies are facing.


Transitioning to the “new reality”: From crisis reaction to active success

During this time of crisis, leaders from SMEs to large corporates are having to navigate unchartered waters and an unprecedented business landscape. Decisions ranging from the wellbeing of people to business continuity, long-term sustainability, and strategic adjustment of the business model are having to be made quickly for a future fraught with uncertainty. According to Business for South Africa (B4SA), SA’s GDP is expected to decline by between 10% and 17% in 2020 with between a million and four million formal and informal sector jobs at risk.  Entire supply chains are being disrupted and consumer spending will reduce at a rate not seen in a century.

Procursus and Turricula have developed a Covid-19 Business Response Framework that will help your company transition to the new reality in a structured and focused manner, moving from crisis reaction to actively achieving success. The framework provides a roadmap that enables stakeholders in key leadership roles to Act swiftly and pragmatically in response to the crisis, stabilise and Restore business operations, and position your business to Flourish in the post-pandemic new reality.

Act with Urgency

It is necessary to act urgently, with your optimised ‘Crisis Command Centre’ addressing the landscape changing every day with different Government directives, supply chain crises, and evolving clients. You need to continue to activate and adapt your business continuity and crisis management plans and perform robust business impact assessments to determine the critical areas in your business that are being triggered by the crisis. At the same time, stringent health and safety protocols must be implemented to ensure people wellbeing, financial metrics like cash flow and liquidity constantly recalibrated, business operations stabilised, new regulatory compliance requirements identified, and assurance activities repurposed to ensure governance, risk management, and controls are not overlooked or compromised during this time of crisis.

Restore Business Operations

Having stabilised your business, established protocols to manage the organisation through the pandemic, and enhanced your governance and internal controls, your business will be in a position to rapidly transition to the next stage of restoring and optimising operations. Operational capability and supply chains will be rebuilt and reconfigured, pre-existing revenue streams may be recovered or replaced by new revenue streams, and the organisation’s new ways of working reviewed in light of the changes to workspaces and virtualisation. Business solutions and information technology infrastructure, such as cloud computing, will require updating and modernisation, and enhancement of customer-facing digital solutions will need to be accelerated.

Position to Flourish

With the business restored and positioned to exceed pre-pandemic levels and having adapted to a new way of working, your company will be ready to seek out value opportunities and flourish in the new reality. The business model will be refreshed in the context of the strategy and environment, and a more agile operating model adopted. Opportunities arising from the crisis and business disruptions will present themselves and should be seized upon. The supply chain infrastructure must be optimized and opportunities to take costs and friction out of the supply chain and improve its resilience should be identified and acted on. A sustainable growth strategy should evolve, raising opportunities to unlock a competitive advantage in the emerging new reality. The information technology strategy is core to each business and has to be refreshed with data interpretation, machine learning, AI and digital solutions leveraged to improve productivity and to distinguish the company as being agile, able to respond quickly, and at the cutting edge of technology. Assurance must adopt a more agile, risk-based, as well as technology and data driven approach, serving as trusted partners to the business, enabling the organisation to quickly anticipate and respond to existing and emerging risks.

Execution of the Covid-19 Business Response Framework is only as good as the weakest link in the chain, whether it is adapting the business model, digitalising the offering or optimising the supply chain.  Most organisations have been able to weather the first weeks of the crisis by throwing their key resources at the challenges with abandon. Going forward, the organisation’s response framework must be sustainable, pragmatic and mapped holistically, resulting in a winning programme for the business to flourish.


Third-Party Risk Management

Third-Party Risk Management in the Age of Big Data and Advanced Analytics


As organizations continue to grow their business operations with the introduction of new products, additional services, and expansion into new jurisdictions, compliance and legal officers are facing increasing pressures to manage risks from new and existing third-party relationships, some of which can be dangerously complex. This white paper discusses the risk presented by third parties, the components of an effective third-party risk management system, limitations of current third party systems, and finally, how platforms powered by advanced technology solutions such as big data analytics, artificial intelligence, natural language processing, and social network analyses can assist organizations by minimizing expensive outsourced due diligence, streamline data management and decision making and, in turn, achieve effective regulatory compliance.

Stabilizing and Growing Finance & Operations During Covid-19 and Beyond

The pandemic and increased pressures of the economic downturn have created a number of operational and financial challenges for most businesses.  The economic impact from COVID-19 and the lockdown is leading to severe business disruption, cash flow and liquidity issues, disrupted and even broken supply chains, job losses, poor employee wellbeing, and other operational interruptions.

Act with Urgency

As businesses return to work and ramp-up following the stringent lockdown, the focus of leadership is on recovering and stabilising the operations, preservation of cash, review of existing credit lines, and examination of new funding options, apart from the many challenges arising from ensuring staff wellbeing, strong customer relationships, and safety.

Financial planning and cash flow forecasting will be critical and require financial leadership to focus on horizons encompassing the short, medium, and long term. Preserving working capital over the next months to sustain business operations is paramount, and the old adage that “Cash is King” holds more than ever in times of crisis. A business impact assessment of critical operations is urgently needed, whereby actions and efforts should be targeted at stabilising finance and operations.

Finance leadership should determine for what period sufficient cash must be set aside to maintain business operations and prepare short, medium, and long-term forward-looking cash flow projections under several scenarios. Access to Government relief schemes, including any tax relief measures should be explored and leveraged to support cash flow needs in the short term. Furthermore, financing options should be revisited under the current circumstances.

Supplier contracts may need to be reviewed and credit terms re-negotiated during the initial ‘Act with Urgency’ phase to ensure continued liquidity.

Regular, transparent communication with all stakeholders is important to gain confidence, particularly in supporting contract and credit re-negotiations with suppliers, customers, and financial services providers.


During the Restore phase, the focus and priorities shift to strengthening the balance sheet and seeking out cost reduction opportunities across the entire business. These may include institutionalizing the new ways of working which could have significant real estate, virtualisation, and other cost benefits, revised supply-chain sourcing strategies and contracts, outsourcing, and workforce re-sizing, amongst others. An asset inventory and needs assessment should be performed and redundant and non-core assets should be considered for disposal as part of the effort to shore up the balance sheet.

The risk assessment should be updated to reflect the move to the Restore stage and to support the strategic initiatives that need to be taken across all functional areas of the company is planning for the future.


Having taken a structured approach to restoring operations and strengthening its financial position, the business will be well-positioned to take advantage of opportunities to acquire lower-valued and distressed assets arising from the business disruption as it moves into the Flourish stage.  A critical view of the industry and its value chain will unearth opportunities.

Cost reduction strategies taken during the Restore stage should be further leveraged to extract long term value and maximise profitability.

The strategy should be refreshed and re-aligned to reflect the ‘new reality’. Digitilisation, AI, and machine learning initiatives should be accelerated to enhance efficiency and leverage data.

The Covid-19 Business Response Framework provides a sustainable, pragmatic, and holistic roadmap to navigating the current crisis and a winning programme for the business to flourish beyond the crisis.

procursus-blog-good governace

Good Governance

There can be no substitute for good governance!

There is no shortage of cases of greed, misconduct, corruption, and fraud, amongst other similar criminal acts, perpetrated by executives and senior management of large multi-national companies and which have resulted in the destruction of shareholder value, loss of employment, reputational damage, and in the worst case, companies going out of business.

I have no doubt that most (if not all) of these companies have well-documented ethics and compliance policies and value statements that are stressed to both new and existing employees as part of their ethics and compliance training programs. In many cases, these policies and value statements were signed and endorsed by the very executives who have perpetrated the wrongdoings mentioned above!

The question is: Are they above these policies and values that everyone else in the organisation is expected to abide by?

The answer is: Obviously not. It remains the responsibility of the Board and its oversight structures (sub-committees) to ensure that these executives, and in turn their managers and employees, comply with these policies and values and are held accountable. The Board and it’s sub-committees are assisted by the relevant assurance functions in the organisation i.e. internal audit, compliance, risk management, corporate secretarial, amongst others to identify and report on any transgressions without fear or favour. Aligning all these oversight activities in a large organisation is no easy task, but it is no excuse for not doing so. It requires the Board and executive management to take responsibility for the promotion of good governance, transparency, and accountability across the organisation, including the C-suite. At the same time, the Board and its sub-committees should encourage an open line of communication between itself and the assurance functions they have tasked to perform an oversight role on its behalf. The Board must also show its commitment to employees voicing or raising their ethical concerns by establishing an independent whistleblowing hotline, and taking action when wrongdoing occurs. Ultimately the Board has to take responsibility. There can be no substitute for good governance!’


Strategic Risk Partners

The expectations of governance, risk, and compliance (GRC) activities such as internal audit, risk management, and compliance, from both internal and external stakeholders, have never been greater. ‘Backward-looking’ audit reports, and ‘paper-driven’ risk-assessments and compliance programmes are not always helpful and effective in identifying what is on the horizon.

As the risk profile of businesses evolve to keep pace with various forms of disruption and radical technological change (artificial intelligence is already here), so too would the assurance need and GRC expectations of both the Board and management change. Although much of the work of internal GRC activities would continue to center on assessing and providing assurance on financial, operational, IT, and compliance risks and the internal controls, processes, and programmes in place to mitigate these risks, these activities would also be expected to help the business to anticipate and react quickly to emerging issues.

Big data, technology, and digital innovation will have a fundamental impact on shaping, enabling, and disrupting an organisation’s operations and strategy. Businesses should therefore take a close look at how they can position and leverage their GRC activities to help them identify, anticipate, and react quickly and effectively to the risks arising from these developments. This will require their GRC activities to become more agile, learn new skills, and adopt innovative tools to enhance their capabilities.

The business environment is increasingly fast-paced. Static, backward-looking, and paper-driven risk assessments, audits, and compliance programmes that fail to consider the future (as well as the present) quickly date, and therefore offer less value.

GRC activities should therefore be accepted by management and the Board as ‘strategic risk partners’ to the business, operating alongside and at the speed of the business, and not just as standalone oversight and assurance functions.


Covid-19 Business Response Framework

Businesses are facing unprecedented uncertainty. Covid-19 has significantly disrupted our normal ways of thinking and operating.  We need to radically transform our organisations now so that we are prepared for the ‘new normal’ and our ‘new reality’.  Critical activities that we need to focus on and act on now, just to restore our business and survive over the next weeks and months, including emphasizing the wellbeing of our people, finances, operations, and business continuity.  But at the same time, we should not ‘let this crisis go to waste’ and prepare to flourish by taking a medium to long-term view on supply chain infrastructure, customer and market dynamics, IT, and digital capability within our new reality.

You must set out a framework for your business that will help you to:

–       Act now to stabilise your business,

–       Restore your operating parameters, and prepare your business to

–       Flourish in the post-pandemic new reality.

All key activities should be examined in-depth, and strategic yet practical initiatives for these activities identified in each of the above stages, to develop a business response roadmap that will ensure a resilient and flourishing business in the ‘new reality’.

Some of the key concerns and activities requiring our immediate attention include:

  • The wellbeing of our people –  the Government regulations require us to have a plan to protect our people as they return to work. Beyond the hygiene factors, how do we continue to look after and engage our teams, allocate resources, recognize and promote talent, etc.?
  • Finance & Operations – liquidity, cash-flow, cost, and sustaining our critical operations are top of mind for all of us right now. Do we have a clear plan to restore all facets of our operating parameters including financial?
  • Assurance – now is not the time to throw governance and proven processes and systems out the window.  Now more than ever, when we are all under severe pressure, coupled with a distributed workforce and new ways of working, we need to double-down on what has served us well and enhance our assurance activities (internal audit, risk management, compliance, etc.) to ensure transparency, accountability, and efficiency.  Have we considered governance in the new reality, including the delivery of new services and products?
  • Supply Chain, Customers, and Digital are some of the key areas most impacted by our new reality. Has our organisation made a plan to confront these challenges, for example, to reduce our dependency on restrained sources or bottlenecks for our key inputs or to digitalize our channels?
  • Sustainable Strategy – we need to re-visit our strategy in an expedited and efficient manner and answer the questions – what are our core strengths, what is our value proposition, what do our clients need?  We should not be throwing resources at products, services, and ideas that will end up dead in the water – even if they served us well in the past, in the old normal.  We need to focus on our strengths, unleash our resources, with a holistic view of all the risks across all our functional areas, and execute.  Have we documented and shared our strategy on this with key stakeholders?

We all realize that ‘business as usual’ in the future will be very different in many facets,  and the Covid-19 Business Response Framework will support you on the path to this future.

Seize the opportunity to transform, build resilience, and flourish in the new reality.


Transforming the Assurance Activities during Covid-19 and Beyond

The Covid-19 pandemic has resulted in unparalleled business disruption on a global scale, transforming workplaces and challenging operations. This has forced businesses to adapt their ways of working and re-imagine their risk landscape as they increase resilience. There has been a rapid shift to remote working, recovery, and rebuilding of supply-chains, re-evaluation of customers and suppliers, cost containment, liquidity constraints, and increasing regulatory requirements, amongst other challenges.

Risk and assurance leaders within the risk management, internal audit, and compliance functions, amongst others, should be repurposing and repositioning their activities to support the business in anticipating and responding to these challenges and risks arising during the crisis, restoring operations in a controlled manner, and positioning the business for the ‘new reality’.

The Covid-19 Business Response Framework developed by Procursus and Turricula will help your company’s assurance activities transition to the new reality in a structured and focused manner, moving from crisis reaction to actively achieving success. The framework provides a roadmap that enables stakeholders in these key leadership roles to Act swiftly and pragmatically in response to the crisis, stabilise and Restore business operations, and position your business to Flourish in the post-pandemic new reality.

Act with Urgency

Risk management, compliance and assurance professionals must ensure that they understand the impact the Covid-19 crisis has had on the business as well as on the governance and control environment.  They should be directly involved in the establishment of an effective response and recovery plan.

As businesses return to scale, risk, compliance, and assurance leaders must Act urgently to assess the impact on particularly the following challenges triggered by the crisis:

–       People

–       Regulatory compliance and Covid-19 regulations

–       Finances and liquidity

–       Critical processes, personnel, functions, products, and services

–       Legal and contractual liabilities (including negligence)

–       Diverse multi-stakeholder environment (employees, customers, suppliers, industry bodies, and authorities)

A repurposed and repositioned internal audit function can help business leaders to identify and respond to existing and emerging vulnerabilities and to provide ongoing risk advisory support by refocusing the audit plan.

Internal controls should be re-evaluated, revised, and reinforced in alignment with the new ways of working and the associated risks arising, and the risk assessment, and business continuity management and recovery plan critically reviewed and updated.

Restore Business Operations

As businesses Restore their operations and adapt to the ‘new reality’, policies and communication standards should be reviewed and updated to reflect the new way of working to ensure engagement, productivity and collaboration, and to safeguard company assets. Cybersecurity and the security of data and information risks will be elevated with a distributed workforce. A strengthened and transparent control environment is required to mitigate risks arising from remote working. Risk leaders must perform regular scenario and contingency planning related to ongoing cost, revenue, and liquidity risks to keep pace with the rapidly evolving risk environment. Risk assessments should be reviewed, third party impact analysis performed, and the governance and internal control frameworks re-evaluated.

For the internal audit activity to respond effectively to the changing environment and provide the breadth and depth of assurance required, it needs to become more agile, leverage automation and digital innovation, and strengthen its analytical and business knowledge, serving as a trusted partner to the business.

Position to Flourish

As organisations prepare to Flourish in the ‘new reality’, with a refreshed strategy and business model, the assurance activities will need to adapt and align their scope and focus with the strategic initiatives and objectives of the business.

Business and Risk leaders should also refresh the following business response criteria to incorporate lessons learnt from the crisis:

–       Business continuity management plans

–       Crisis management plans

–       Risk intelligence mechanisms

–       Risk management and risk assessments

–       Long term plans with key stakeholders

By leveraging digital innovation, and existing technology and data analytics platforms internal audit can continue to enhance its effectiveness and agility

The governance and internal control framework should be optimized against the updated risk assessment, operating model and the ‘new reality’. Going forward risk management, internal audit and compliance must work together to provide forward-looking, reliable and proactive combined assurance, to deliver a single version of the truth to senior management and the Board.

The Covid-19 Business Response Framework guides your organisation in repurposing and realigning your assurance activities to anticipate and respond (Act) with urgency to existing and emerging threats during this time of crisis, support the stabilization and restoration (Restore) of your business operations and become agile and strategic partners as you position your business to Flourish in the ‘new reality’