Executives and board members in Africa-based companies are taking effective steps to address risk strategy and management, placing them well ahead of their global peers, revealed a PwC report titled Risk in review 2015
The constant political, economic and social developments have raised concerns among African businesses, in addition to inadequate infrastructure, improper access to healthcare and food security as well as effects of climate change. Though penetration of technology in Africa is on the rise, the sustenance of the same isn’t consistent. However, simultaneously, there has been an increase in awareness towards cyber crime and cyber terrorism.
Anton van Wyk, head of risk assurance services for PwC Africa, said, “Business risk is everywhere – external and internal, interconnected, growing and ever-changing. Executives and boards know it, and they are concerned.”
More than 350 executives in 27 African nations have been surveyed for this report. According to respondents, top risks that are likely to affect the companies include regulatory complexity (84 per cent), technological and IT-related risk (84 per cent), government and policy changes (81 per cent) and inadequate infrastructure (74 per cent).
“Our survey findings suggest that these shifts are opening capability gaps in risk management, particularly in the areas of regulation, data risk management and building organisational resilience,” said Carmen Le Grange, business resilience leader of PwC Africa.
A change in business is a given, felt respondents. Eighty seven per cent of respondents revealed that their organisations have either recently undergone a transformation initiative, is in the process of doing so, or will do so in the near future. Ninety eight per cent of the respondents felt business transformation would be a major driver of change, 84 per cent felt it would be IT while 81 per cent voted in favour of innovation. With business transformation changes, risk management can no longer operate independently of strategy, as excessive regulation and compliance is a concern for business, they added.
Meanwhile, cyber-risks have been highlighted by a significantly higher proportion of African respondents (38 per cent) than global (23 per cent). Failure of new IT systems to deliver expected benefits and lack of technology skills to support new digital strategies have been ranked among the top technological risks by respondents across all industry sectors. Another concern was the exposure created by the interconnectivity of IT systems, brand or reputational risks from social media and open-web communication. Cyber-crime requires improved mitigation strategies. Changing consumer behaviour is the top-rated market opportunity in the survey and its significance has escalated substantially given the rise of social media, digital and mobile channels, said the report.
On the other hand, the report highlighted the need for risk analysis, which is typically anchored in historical data. There needs to be a big shift into forward-looking analysis built around scenarios, stress and sensitivity analysis. This also requires subjective judgement, which has to be applied to a greater extent. This will be a challenge for some, as many risk professionals are reluctant to break away from data-driven models and controls, said the PwC report.
Risk professionals in some industries are changing risk management processes to be more focused on incorporating the effect of uncertainty into business planning, performance management and investment appraisal among other factors. For instance, approach in financial services is about risk capital. More can be done to consider what a company’s risk exposures mean from a strategy and performance perspective, added Keith Ackerman, PwC risk assurance leader for southern Africa.
Meanwhile, its interesting to note that for African respondents, bribery, corruption and fraud did not feature as high up the list. The survey has suggested that this could be due to organisations embracing challenges of anti-bribery compliance and starting to build workable compliance programmes that mitigate bribery risks.