Transitioning to the “new reality”: From crisis reaction to active success

During this time of crisis, leaders from SMEs to large corporates are having to navigate unchartered waters and an unprecedented business landscape. Decisions ranging from the wellbeing of people to business continuity, long-term sustainability, and strategic adjustment of the business model are having to be made quickly for a future fraught with uncertainty. According to Business for South Africa (B4SA), SA’s GDP is expected to decline by between 10% and 17% in 2020 with between a million and four million formal and informal sector jobs at risk.  Entire supply chains are being disrupted and consumer spending will reduce at a rate not seen in a century.

Procursus and Turricula have developed a Covid-19 Business Response Framework that will help your company transition to the new reality in a structured and focused manner, moving from crisis reaction to actively achieving success. The framework provides a roadmap that enables stakeholders in key leadership roles to Act swiftly and pragmatically in response to the crisis, stabilise and Restore business operations, and position your business to Flourish in the post-pandemic new reality.

Act with Urgency

It is necessary to act urgently, with your optimised ‘Crisis Command Centre’ addressing the landscape changing every day with different Government directives, supply chain crises, and evolving clients. You need to continue to activate and adapt your business continuity and crisis management plans and perform robust business impact assessments to determine the critical areas in your business that are being triggered by the crisis. At the same time, stringent health and safety protocols must be implemented to ensure people wellbeing, financial metrics like cash flow and liquidity constantly recalibrated, business operations stabilised, new regulatory compliance requirements identified, and assurance activities repurposed to ensure governance, risk management, and controls are not overlooked or compromised during this time of crisis.

Restore Business Operations

Having stabilised your business, established protocols to manage the organisation through the pandemic, and enhanced your governance and internal controls, your business will be in a position to rapidly transition to the next stage of restoring and optimising operations. Operational capability and supply chains will be rebuilt and reconfigured, pre-existing revenue streams may be recovered or replaced by new revenue streams, and the organisation’s new ways of working reviewed in light of the changes to workspaces and virtualisation. Business solutions and information technology infrastructure, such as cloud computing, will require updating and modernisation, and enhancement of customer-facing digital solutions will need to be accelerated.

Position to Flourish

With the business restored and positioned to exceed pre-pandemic levels and having adapted to a new way of working, your company will be ready to seek out value opportunities and flourish in the new reality. The business model will be refreshed in the context of the strategy and environment, and a more agile operating model adopted. Opportunities arising from the crisis and business disruptions will present themselves and should be seized upon. The supply chain infrastructure must be optimized and opportunities to take costs and friction out of the supply chain and improve its resilience should be identified and acted on. A sustainable growth strategy should evolve, raising opportunities to unlock a competitive advantage in the emerging new reality. The information technology strategy is core to each business and has to be refreshed with data interpretation, machine learning, AI and digital solutions leveraged to improve productivity and to distinguish the company as being agile, able to respond quickly, and at the cutting edge of technology. Assurance must adopt a more agile, risk-based, as well as technology and data driven approach, serving as trusted partners to the business, enabling the organisation to quickly anticipate and respond to existing and emerging risks.

Execution of the Covid-19 Business Response Framework is only as good as the weakest link in the chain, whether it is adapting the business model, digitalising the offering or optimising the supply chain.  Most organisations have been able to weather the first weeks of the crisis by throwing their key resources at the challenges with abandon. Going forward, the organisation’s response framework must be sustainable, pragmatic and mapped holistically, resulting in a winning programme for the business to flourish.


Third-Party Risk Management

Third-Party Risk Management in the Age of Big Data and Advanced Analytics


As organizations continue to grow their business operations with the introduction of new products, additional services, and expansion into new jurisdictions, compliance and legal officers are facing increasing pressures to manage risks from new and existing third-party relationships, some of which can be dangerously complex. This white paper discusses the risk presented by third parties, the components of an effective third-party risk management system, limitations of current third party systems, and finally, how platforms powered by advanced technology solutions such as big data analytics, artificial intelligence, natural language processing, and social network analyses can assist organizations by minimizing expensive outsourced due diligence, streamline data management and decision making and, in turn, achieve effective regulatory compliance.
procursus-blog-good governace

Good Governance

There can be no substitute for good governance!

There is no shortage of cases of greed, misconduct, corruption, and fraud, amongst other similar criminal acts, perpetrated by executives and senior management of large multi-national companies and which have resulted in the destruction of shareholder value, loss of employment, reputational damage, and in the worst case, companies going out of business.

I have no doubt that most (if not all) of these companies have well-documented ethics and compliance policies and value statements that are stressed to both new and existing employees as part of their ethics and compliance training programs. In many cases, these policies and value statements were signed and endorsed by the very executives who have perpetrated the wrongdoings mentioned above!

The question is: Are they above these policies and values that everyone else in the organisation is expected to abide by?

The answer is: Obviously not. It remains the responsibility of the Board and its oversight structures (sub-committees) to ensure that these executives, and in turn their managers and employees, comply with these policies and values and are held accountable. The Board and it’s sub-committees are assisted by the relevant assurance functions in the organisation i.e. internal audit, compliance, risk management, corporate secretarial, amongst others to identify and report on any transgressions without fear or favour. Aligning all these oversight activities in a large organisation is no easy task, but it is no excuse for not doing so. It requires the Board and executive management to take responsibility for the promotion of good governance, transparency, and accountability across the organisation, including the C-suite. At the same time, the Board and its sub-committees should encourage an open line of communication between itself and the assurance functions they have tasked to perform an oversight role on its behalf. The Board must also show its commitment to employees voicing or raising their ethical concerns by establishing an independent whistleblowing hotline, and taking action when wrongdoing occurs. Ultimately the Board has to take responsibility. There can be no substitute for good governance!’


Strategic Risk Partners

The expectations of governance, risk, and compliance (GRC) activities such as internal audit, risk management, and compliance, from both internal and external stakeholders, have never been greater. ‘Backward-looking’ audit reports, and ‘paper-driven’ risk-assessments and compliance programmes are not always helpful and effective in identifying what is on the horizon.

As the risk profile of businesses evolve to keep pace with various forms of disruption and radical technological change (artificial intelligence is already here), so too would the assurance need and GRC expectations of both the Board and management change. Although much of the work of internal GRC activities would continue to center on assessing and providing assurance on financial, operational, IT, and compliance risks and the internal controls, processes, and programmes in place to mitigate these risks, these activities would also be expected to help the business to anticipate and react quickly to emerging issues.

Big data, technology, and digital innovation will have a fundamental impact on shaping, enabling, and disrupting an organisation’s operations and strategy. Businesses should therefore take a close look at how they can position and leverage their GRC activities to help them identify, anticipate, and react quickly and effectively to the risks arising from these developments. This will require their GRC activities to become more agile, learn new skills, and adopt innovative tools to enhance their capabilities.

The business environment is increasingly fast-paced. Static, backward-looking, and paper-driven risk assessments, audits, and compliance programmes that fail to consider the future (as well as the present) quickly date, and therefore offer less value.

GRC activities should therefore be accepted by management and the Board as ‘strategic risk partners’ to the business, operating alongside and at the speed of the business, and not just as standalone oversight and assurance functions.


Transforming the Assurance Activities during Covid-19 and Beyond

The Covid-19 pandemic has resulted in unparalleled business disruption on a global scale, transforming workplaces and challenging operations. This has forced businesses to adapt their ways of working and re-imagine their risk landscape as they increase resilience. There has been a rapid shift to remote working, recovery, and rebuilding of supply-chains, re-evaluation of customers and suppliers, cost containment, liquidity constraints, and increasing regulatory requirements, amongst other challenges.

Risk and assurance leaders within the risk management, internal audit, and compliance functions, amongst others, should be repurposing and repositioning their activities to support the business in anticipating and responding to these challenges and risks arising during the crisis, restoring operations in a controlled manner, and positioning the business for the ‘new reality’.

The Covid-19 Business Response Framework developed by Procursus and Turricula will help your company’s assurance activities transition to the new reality in a structured and focused manner, moving from crisis reaction to actively achieving success. The framework provides a roadmap that enables stakeholders in these key leadership roles to Act swiftly and pragmatically in response to the crisis, stabilise and Restore business operations, and position your business to Flourish in the post-pandemic new reality.

Act with Urgency

Risk management, compliance and assurance professionals must ensure that they understand the impact the Covid-19 crisis has had on the business as well as on the governance and control environment.  They should be directly involved in the establishment of an effective response and recovery plan.

As businesses return to scale, risk, compliance, and assurance leaders must Act urgently to assess the impact on particularly the following challenges triggered by the crisis:

–       People

–       Regulatory compliance and Covid-19 regulations

–       Finances and liquidity

–       Critical processes, personnel, functions, products, and services

–       Legal and contractual liabilities (including negligence)

–       Diverse multi-stakeholder environment (employees, customers, suppliers, industry bodies, and authorities)

A repurposed and repositioned internal audit function can help business leaders to identify and respond to existing and emerging vulnerabilities and to provide ongoing risk advisory support by refocusing the audit plan.

Internal controls should be re-evaluated, revised, and reinforced in alignment with the new ways of working and the associated risks arising, and the risk assessment, and business continuity management and recovery plan critically reviewed and updated.

Restore Business Operations

As businesses Restore their operations and adapt to the ‘new reality’, policies and communication standards should be reviewed and updated to reflect the new way of working to ensure engagement, productivity and collaboration, and to safeguard company assets. Cybersecurity and the security of data and information risks will be elevated with a distributed workforce. A strengthened and transparent control environment is required to mitigate risks arising from remote working. Risk leaders must perform regular scenario and contingency planning related to ongoing cost, revenue, and liquidity risks to keep pace with the rapidly evolving risk environment. Risk assessments should be reviewed, third party impact analysis performed, and the governance and internal control frameworks re-evaluated.

For the internal audit activity to respond effectively to the changing environment and provide the breadth and depth of assurance required, it needs to become more agile, leverage automation and digital innovation, and strengthen its analytical and business knowledge, serving as a trusted partner to the business.

Position to Flourish

As organisations prepare to Flourish in the ‘new reality’, with a refreshed strategy and business model, the assurance activities will need to adapt and align their scope and focus with the strategic initiatives and objectives of the business.

Business and Risk leaders should also refresh the following business response criteria to incorporate lessons learnt from the crisis:

–       Business continuity management plans

–       Crisis management plans

–       Risk intelligence mechanisms

–       Risk management and risk assessments

–       Long term plans with key stakeholders

By leveraging digital innovation, and existing technology and data analytics platforms internal audit can continue to enhance its effectiveness and agility

The governance and internal control framework should be optimized against the updated risk assessment, operating model and the ‘new reality’. Going forward risk management, internal audit and compliance must work together to provide forward-looking, reliable and proactive combined assurance, to deliver a single version of the truth to senior management and the Board.

The Covid-19 Business Response Framework guides your organisation in repurposing and realigning your assurance activities to anticipate and respond (Act) with urgency to existing and emerging threats during this time of crisis, support the stabilization and restoration (Restore) of your business operations and become agile and strategic partners as you position your business to Flourish in the ‘new reality’