Wednesday, July 7, 2010

Risk Therapy 109 - RISK MANAGEMENT 2010


So you have a small business or an idea for one - where do you start and what must you have to keep the business thriving?

The most important ingredients for any business, and their significance, are as follows:
1. A predictable, secure, spread, sustainable income; without this you have no security - this is your primary business legitimacy indicator.
2. Risk management activities plan - this is your business risk health protection indicator.
3. Sufficient organisational resource options, at least two of each key item (either your own or outsourced to trusted business partners) - this is your structural strength indicator.
4. A contemporary, tested Business Continuity Plan (BCP), (sometimes called a disaster recovery plan, although this is a less positive title) – this is your adaption indicator.
5. A strong, almost personal, spirit or culture - your only true unique difference.

If you have these five items noted above then you have a business that you can manage or sell. How many of us can claim ownership of these elements in our business for any length of time? One could almost assess businesses and people using these criteria.

There are ‘nice to haves’ too, which you might deem essential to accelerate or boost business success in the early stages of development. These include:
1. One or more unique products or services, a unique delivery method and the means to develop more once they have been replicated.
2. Trustworthy, communicative, responsive business partners, including legal, banking and insurance.
3. A strong team around you.
4. Access to cheap investment capital.
5. Excellent marketing and promotional channels.
6. A positive profile within your customer base.
7. Previous success.
8. Market leadership.
9. A sense of humour.

The above nine items and many more besides, are not necessities and will develop over time if you attain business success; they will come to you.

In previous articles we’ve explored the many reasons why risk management is not practiced formally. Here are the principal and principle motivators for doing so:
1. Risk management is an internationally recognised best practice, for all sizes and types of business, in any location(s).
2. Intellectuals, business theorists, advisors, financiers, business schools propose and expound it uses and benefits.
3. Regulators agreed and have made it a legal requirement for all businesses in many large developed economies around the world.
4. It is a common-sense choice too as it prompts you to plan and act ahead.
5. If your competitors practice risk management and you don’t then you are handing them a competitive advantage and one that they can laud over you in their marketing.

Assuming that you are now thinking of using or augmenting your risk management practices, what should you seek to achieve?

Always remember business risks belong to you as the main shareholder(s). They are your responsibility and noone else’s. The 2008 Companies Act, due to be enacted in the third quarter of 2010, holds you personally liable for the consequences of your actions or inactions in your business.

Risk management books and degree courses refer to risk propensity (willingness to retain - adverse or tolerant?), propinquity (importance to you), severity, return frequencies and probabilities. In reality, most corporate risk managers regularly expend much time and energy identifying all sorts of potential hazards, then they ignore the majority of them as these risks are too remote or expensive to contain. It is worth mentioning that a good corporate risk manager always has a robust, comprehensive, tested Business Continuity Plan though, which is expected to respond to almost all triggers; take note.

Another lesson for all business owners, large and small, is that there is an almost unchanging set of strategic, structural or inherent risks; call them what you will. Whilst these don’t change quickly, our exposure to them does over time. The trick is find (and manage) your key risks before they find you. Contact us if you would like to discover, debate and mitigate the risks in your own profile.

One last point to consider. We tend to focus on external risks that have the potential to affect us. On occasion we elect to change our business structures or products and services, thereby exposing ourselves to internally generated risks. The impact of project cancellations and delays are considered into our plans. The distraction factor is often missed though. A change project takes on a life of its own and distracts us from our main business. Be aware of this in your planning.

Mirrors can be great teachers. Picture your business and reflect whether you would embrace the experience of being your own customer. Would you trust you to deliver on your business promises beyond this year? How long is your guarantee and what is it worth without risk management?

Paul Brightman - ART (Pty) Ltd.
Creators of Risk Therapy. or or or

+27 (0) 83 708 3634 & +27 (0) 11 646 2777.

Websites or or

ART is an authorised Financial Services Provider - FSP16339.


Attitudes affect everything that we do, don’t do, or don’t do as well as we could. Success in activities as diverse as parenting, world cup events, business, even risk management is determined by our attitude. Sometimes we need a little push, guidance, education or support to motivate us. Our business leaders, legislators and regulators are providing the spur, so how are we going to respond?

Selecting and surrounding ourselves with (mostly) positive people, compatible suppliers and honest partners is a good start.

Positive individuals, not clones of you, bring tangible benefits such as fresh ideas and crime prevention or minimisation. These in turn raise or diversify income streams and reduce costs or leakage respectively. The inclusion of positive people in your teams is a more efficient means of conducting business. Intangible benefits include the motivation to get out of bed in the morning, to make the most of your life on any given day.

Are you part of a small business, a huge international corporate entity or somewhere in between? Do you prefer to buy from one or other of these size businesses? Do you have a tendency to seek out the less obvious solutions? Are you conscious of the implications of the choices that you make? Does the balance of power in these relationships favour you or the other party? Is there a cultural compatibility between you and your chosen partners?

There’s much to be said in favour of culture and size matching by business organisations. Can a large organisation readily appreciate or empathise with the challenges of say a sole trader? The target markets of both organisations are almost certainly very different so why would they choose to deal with each other if there were other options? This point alone is enough to prompt speculation that there is a higher inherent risk in dealings between incompatible entities due to size, cultural, language or expectation mismatches. Service success stories tend to involve one or more smaller businesses and peter out as the organisations grow in size, losing the personal touch that made them notable in the first place. You be the judge of the evidence that comes to your ears and eyes and decide for yourself if there are greater benefits or fewer risks to you when utilising the matching concept.

The 2008 Consumer Protection Act (CPA), due for implementation in October 2010, goes a long way towards the protection of Joe Public and some smaller juristic entities. Other business buyers (CPA extract -‘a juristic person whose asset value or annual turnover, at the time of the transaction, equals or exceeds the threshold value determined by the Minister in terms of section 6’) are deemed to be sufficiently well informed not to need this type of protection. If you are small business operator who is not protected do you think this is fair? Would you now consider making purchases from business entities in your private capacity? You might lose your discounts but you would gain the protection of the CPA. Forgive the slight pun, but is this a good trade-off? Is it honest, or does it serve to undermine the structural integrity of our society?

In the past, customers and employees of corporate organisations and governments irrationally perceived such entities as a gigantic cloud; so big that it can’t be held, challenged or controlled, massive yet without substance, tough to saddle with accountability. We got the service that we deserved. Both perception and reality have changed as we can see from the news in recent times.

In the end it all comes back to people, their attitudes and what you decide to do about them. Do you associate with those who are positive or negative, the builders or the destroyers? Without people there is no reason for business, but you can choose many of those who you deal with most of the time.

We have systems available that will assist you to explore the implications of seeming simple issues such as communication and cultural compatibility in our cosmopolitan society.

Gods don’t whine, or beg, but then they don’t have to comply or explain. Whining or begging doesn’t help, adopting a positive approach and making sound choices will though.

Paul Brightman - ART (Pty) Ltd.

Creators of Risk Therapy. or or

+27 (0) 83 708 3634 & +27 (0) 11 646 2777.

Websites or or

ART is an authorised Financial Services Provider - FSP16339.

Wednesday, April 21, 2010


“Write about models” a close personal friend urged. “Everyone loves models, of one type or another.”

In business we all need to make a profit in a sustainable manner, to verify that the contribution we make in our chosen arena has validity. Doing it right the first time reduces costs, adds to the sense of legitimacy and promotes an air of satisfaction within the operation. It’s good for team morale and serves as a platform for greater challenges.

Let’s look at business risk or compliance models, call them what you will, in plain language, (given the target audience), without reference to complex formulae. Models have to be legislation compliant including, amongst others, King III and the 2008 Companies Act.

It’s all about the emphasis though, which manifests itself in the company culture. Some aspects of the two hypothetical extremes are highlighted; more factors could be added. Before proceeding, please note that risk tolerance does not always partner customer-centricity; many permutations arise in real life. The linkage is being used in this article as a space saving mechanism:

Model 1 – Risk averse / organisation-centric.

  • We are coming from a long history of corporate power and will only deal with those who cannot challenge us effectively.
  • We start with our structures, processes, procedures and return expectations and address our supply-driven (push) customer interactions later. It’s an intermittent process; we change when we are forced to.
  • Protection of our triple bottom line earnings is our biggest risk(s).
  • We use the ‘tough love’ principle on our staff who, through our leadership example, will then apply similar tactics to our customers.
  • We ignore our customers’ views; we know what’s best for them. Where else are they going to go anyway, to our friends down the road?
  • We prefer to de-emphasise business risk. Risk and Disaster Recovery planning is dealt with by the Audit Committee, the Compliance function, the Insurance Department and damage control is handled by the Corporate Communications Department. There is no Chief Risk Officer, Risk Manager or service quality standards or controls. We have flatter, simpler structures this way and reduce our expense ratio accordingly.
  • The savings we gain by taking a minimalist approach to governance and risk, along with the confrontational tack with staff and customers, are used to outsource almost all potential risk exposures and /or increase profit. Any funding shortfalls are passed onto our customers with the minimum of notice, regardless of the economic climate. This approach has worked for us for decades.

Model 2 – Risk tolerant / customer-centric.

  • We are coming from a long history of corporate power and are prepared to adapt our operations to prosper within the changing business environment, where customers and regulators have the power to inflict serious financial or reputational damage.
  • We’ll start with customer / stakeholder expectations, structure ourselves accordingly and reap the concomitant benefits from our demand-driven (pull) approach. It is a continuous improvement process.
  • The development of a satisfied customer / stakeholder base is the best prospect for sustainable success. Whatever interferes with the servicing of our income base represent our biggest risk(s).
  • We will recognise our customers’ and stakeholders’ views, especially staff, as a free source of potential sales, risks and opportunities. Customers generally know what they want even if they don’t know how to describe it and, if we supply it before our competitors do, then we will be seen as a market leader. If we don’t then our so-called friends down the road will take our best customers and staff, those who are prepared to speak up.
  • We actively manage our business risks to local and international best practice standards. The Audit, Risk and Compliance functions are separate. They interact freely, authenticate each others’ work and are represented on the Audit Committee. All functions have the means to report serious incidents or potential hazards to the Board, and /or external authorities if required, independently of Executive management. Business Continuity planning (BCP) is the direct responsibility of Executive management using input from all functions. The BCP is tested at least annually in one or more functions or branches of the company. The BCP includes draft stakeholder communications for distribution by formally authorised staff.
  • We have confidence in our ability to manage our actual and potential risk costs. Therefore we take a substantial self-managed deductible on all outsourced risk mechanisms. This reduces primary risk costs and secondary money-swapping administration expenses for us and our business partners, without greatly increasing our exposures.

Model 3 – Risk / Customer neutral or ambivalent.

  • All stops between models one and two, by design or inertia.

Corporate Governance came into being because there is an international need to prevent further power abuses, both major and minor. Corporate SA now has an opportunity to polish its image, to be the quintessential model citizen, in more ways than one.

Is there better way though? Are refinements possible within the current system?

The King III guidelines are some of the best available so far. I favour the model 2 manifestation described above, as it is more likely to achieve the legislated aims and quickly adapts to further legislation, such as the 2008 Consumer Protection Act due for implementation in October 2010. I would prefer to be their customer or staff too. The difference is not so much in the structure though, it’s in the attitude. Extinction behaviour, ignore it and it will go away, works on people and opportunities, but not risks.

Call it tinkering if you like but the positive side of risk management is rarely seen or acknowledged. A quick and simple way to remedy this situation is to change the title of the Chief Risk Officer (CRO). Chief Risk Reward Officer is a more apt descriptor. You could probably think of an even better title. It immediately gives licence to the incumbent to deliver on a broader range of business options and clearly demonstrates to internal and external parties a more healthy, balanced portfolio approach.

It is also more realistic for the business to have a cost centre with an income and profit potential. It would be a more attractive prospect for candidates too.

Before closing, I believe that there will be an onus on private equity and non-profit business to demonstrate controls, including risk management, to those who deliver the annual audit or audit review opinion on your ‘going concern’, even though these two business entities are specifically excused from some of the provisions of the 2008 Companies Act.

So which model will you adopt to comply with King III, the 2008 Companies Act and other new legislation? Will you miss the business opportunities that come your way because of your structures, titles, attitudes or some other distraction?

Paul Brightman - ART (Pty) Ltd.

Creators of Risk Therapy. or or or

+27 (0) 83 708 3634 & +27 (0) 11 646 2777.

Websites or or

ART is an authorised Financial Services Provider - FSP16339.


There is no doubt that a million years from now our individual lives and actions will prove to be of little lasting significance. Nevertheless, we are destined to promote our immediate personal interests to the best of our abilities. Have you dwelt on what the best way to achieve this? There are many solutions of course.

The intention of this opening statement is to sharpen the focus on the here and now; also to reveal the individual’s exposures in a broader society or in regulated self-interest vehicles such as companies. We should not consider ourselves immune to, or shielded from, the effects of large positive or negative events, either because we are not the boss or responsibility is not specified in our job description.

What is meant by ‘risk is personal’ and what does this mean in our lives? There are many factors for us as individuals to reflect on; here are a few of them:

  1. Many of us shy away from thinking about the personal impact of the risks that we encounter in a group, team or association. Why confront such potential nightmares if we don’t have to? In SA as in many other countries, there are many more pleasant distractions. We tacitly encourage ourselves to escape our responsibilities by saying it is not our problem. This is neither true, nor does it encourage constructive behaviour! A useful motivator for new legislation then.
  2. ‘Corporate Risk’ is a convenient yet obfuscatory umbrella label which some use to shield or obscure the responsibility and personal exposure of the individual. Gone are the days when consumers have no rights.
  3. Corporate Governance standards were established for various reasons. One of these was because some individuals conducting business, not just in corporations, thought that certain laws, rules or morals didn’t apply to them.
  4. Ignorance abounds in the field of Corporate Governance / Risk Management legislation within the numerous levels and functions of business. What are your latest responsibilities, more work for the same pay no doubt, but what are the longer term benefits?
  5. Lucrative business models recognise and reward positive individual and team performance success over a prolonged period when compared to the market average. Where would you prefer to be?
  6. New legislation increases the reporting responsibilities and accountability of directors and officers in business. If you are not directly affected by this then you can guarantee that the individuals who are will surround themselves with hand-picked support staff. Would they choose you to contribute to their teams?

You can debate or ignore the above points if you like. However, it would be madness to believe that when your employer or team encounters a major problem, that you would remain magically insulated from the effects. To put it more simply, if they lose, you lose too.

The tide is turning. We are quickly approaching a tipping point of sorts; transparency is coming into the practice of business regardless of size. Logically this means that there will be knock-on effects for individuals too, the primary one being the need to take responsibility for your actions.

So where to from here? We are faced with the usual choices, to buy-in and self-improve, ignore it do nothing and hope it goes away or there’s always the King Canute option, to demonstrate through our activities that there is nothing we can do to stem the tide.

To close on a positive note, I heartily recommend that you choose to give yourself the best chance to win the business evolution race and adapt to your changing environment.

Paul Brightman - ART (Pty) Ltd.

Creators of Risk Therapy. or or or

+27 (0) 83 708 3634 & +27 (0) 11 646 2777.

Websites or or

ART is an authorised Financial Services Provider - FSP16339.


In 2010, all business owners in South Africa will be given a choice within the new Companies Act legislation and King III Commission guidelines, to ‘comply or explain’ their position on formal Risk Management processes. Similar legislation is being or has been enacted in many parts of the world; yet another global phenomenon. So far so good, but what are the issues?

  1. There are far too many business entities in SA for the authorities to quickly and effectively police the implementation of legislation.
  2. Risk Management is generally perceived as a costly, time-consuming, complex and a boring issue; greyer than insurance.
  3. Ignorance abounds regarding Risk Management and legislation relating to it.
  4. Expertise and solution suppliers are few and generally expensive.
  5. Business owners are in the higher pressure section of the business cycle, mainly due to economic circumstances.
So Risk Management could end up being treated as a dull cousin of AIDS and global warming, but with far fewer supporters, denialists and activists.
There are some positives though:
  1. We all practice some form of Risk Management, usually informally.
  2. You can discover business opportunities in the process.
  3. Corporate and Government operations will not escape scrutiny and will tend to deal with those entities who share their protocols, imperatives and cultures.
  4. There is a social police force to comply or explain to as well as the regulators; you, your family, shareholders, customers, suppliers, banks, insurers and so on. The list is long.
  5. This is an international business initiative with a sound logical and intellectual foundation.
  6. Business risk assessors such as banks and insurers can supplement existing information requirements with Risk Management profiles.
  7. The practice of Risk Management gives you a semblance of control, enabling you ‘thrive not survive’ in the business cycle.
  8. Support systems are available from as little as R3,500 per year, including VAT.
So the choice to exercise this preferred and legislated business imperative is to some extent in your hands, in the same way that your risks are your own. You can expect pressure to adopt formal Risk Management practices from other stakeholders over time though.
Will you be complying, explaining or embracing Risk Management in 2010?
Paul Brightman - ART (Pty) Ltd.
Creators of Risk Therapy.