Managing and mitigating risk is a key priority for businesses all over the world. The business, economic and regulatory landscape is changing rapidly and in a global economy it is essential for organisations to have a thorough understanding of the risks they are facing and how they can best mitigate those risks to ensure on-going business success.
There are many risks facing organisations in Africa and the Middle East, such as the impact of climate change, increasing global data governance regulation, cyber security threats and global political and economic turbulence, to name just a few.
But although African technology and business is maturing rapidly, many businesses in Africa are at a different stage of risk management maturity compared with their counterparts in other parts of the world. Given the growing volume and severity of risk facing African organisations, it’s time for risk management to be given a much higher priority. Here are our five steps for successful enterprise risk management.
Get board-level buy-in
this is as true for businesses in Africa as it is for businesses anywhere else in the world. Risk management and broader GRC programmes start at the top, and if the CEO or MD is not supportive of risk management then it is never going to work as well as it could do in that organisation.
To mitigate risk, optimise performance and protect the company brand requires input and support from the very top of organisation. This sets the tempo for the rest of the business to approach risk in the right way and communicates clearly that company’s values and integrity. It’s the CEO or FD that will sign off budget too, for additional resource where required and to choose the right GRC software for the organisation.
Align risk management with business goals
if you are a Financial Services (FS) firm in Morocco, and your main business goal for the next 12 months is to successfully launch a new service in France, then your risk management needs to be extremely closely aligned to this goal. It’s something that sounds obvious but it’s also something that doesn’t always happen.
An organisation’s risk strategy must be in line with, and supporting that organisation’s overall business strategy. Risk management is not a business function that operates in silo and IT GRC tools can work much better with input from business users. Those users understand better than most the nature of risk in their own function or department, so it stands to reason their input would be incorporated into enterprise risk management software and strategies.
Identify and analysis risk
the complex and varied array of risks facing African businesses means that managing and mitigating risk is a major task. This is perhaps more true of African businesses than it is those elsewhere in the world, where firms are more experienced in managing risk, have more resources, advanced risk management software and expertise.
The African risk management market is not as mature, so it is even more important to follow the basic principles of smart risk management. The first step is always to identify what risks the organisation is facing. The Moroccan FS firm from earlier would need to be aware of GDPR requirements for example, if it was to make inroads into the French market. The list will be lengthy and comprehensive and would be the basis for the main risk management programme. From there, all these risks can be analysed and assessed – how big a threat are they, what damage could they cause the company and how can those risks be avoided?
This is a task that your GRC software vendor should help with. It’s a consulting service that Oxial provides, in conjunction with one of our strategic partners, and helps a firm get off to the right start with risk management.
Select the right risk management software
from speaking with African businesses and attending conferences across the continent, it is clear that many African organisations are still looking to manage and mitigate risk using simple tools such as Microsoft Excel. This is a risk in itself.
There are many IT GRC tools available from a number of GRC software vendors. We have recently produced a guide to help you choose the right GRC tool for your business, but it needn’t be hugely expensive and you do not need huge technical knowledge yourself. Oxial’ssGRC solutions are powerful GRC tools and are among the most cost-effective and innovative in the industry. Our African GRC experts work with you to get the system up and running and working with your proprietary data.
Ensure risk is an on-going priority
just by getting CEO approval and making an investment in enterprise risk management software, it does not mean that your organisation will now be able to comfortably manage and mitigate risk. Risk in 2019 (and beyond) is an on-going requirement and must be treated as such.
It’s important therefore for African businesses that are serious about risk management, to ensure that it remains a continuous process for the organisation. A digital GRC software solution such as Oxial’ssGRC solution is a good fit for mid-market businesses, coming with a range of features and functionality to ensure on-going risk management, but also being one that is very competitively priced.
Risk management needs to be higher up the African business agenda than it has been so far. Risk is more varied than before and the severity of damage it can cause is also greater, so it needs to be a priority if organisations in Africa are to manage and mitigate that risk successfully.
For more information on how Oxial can help with this, please get in touch with us at our North African office here.