Currently viewing: Risk Overview / Next: Stakeholder Engagement
EOH's enterprise risk management approach has been significantly developed over the last year. There has been comprehensive work to identify, quantify and embed best practice processes, with significant input from external and internal experts.
A significant proportion of the focus has been to ensure a more corporatised approach that extends consistent oversight across the companies in the Group. The risk management approach aims to strike a balance between mitigating and minimising risk, and identifying opportunity for value creation that nurtures our entrepreneurial and innovative organisational culture.
The Audit and Risk Committee has been a heavily utilised governance vehicle during 2019, bringing together senior governance stakeholders to manage issues arising. The Board has taken ultimate responsibility for reducing exposure to risk and for realising value. This has involved clear strategic direction and oversight of capability building to ensure strengthened risk management skill sets and processes were mobilised.
Extensive root cause analysis has been conducted with risks being forensically analysed by a number of external and independent parties, in collaboration with the newly galvanised internal function. Risks revealed by this process have been systematically tackled, to ensure that robust mitigating action was put in place to address issues, ensure lessons were learned, to drive forward statutory and regulatory compliance, and to futureproof EOH.
Key in this process has been the appointment of Fatima Newman as the Chief Risk Officer. She has led the process of mobilising *CODE*, a new governance, risk and compliance capability responsible for ethical leadership and responsible corporate citizenship across the diverse organisations within the Group. This new function will be responsible for embedding consistent enterprise risk management practices across the wider organisation.
The new framework is designed to enable delivery of the EOH strategy and purpose. It presents a critical platform for engaging with all EOH stakeholders, in line with the spirit of King IV. The approach places focus on driving forward the EOH sustainability agenda, motivating strong action to do more than to alleviate risk. The identification of opportunity to enable sustainable value creation is key.
Our risks and opportunities are identified, quantified, and monitored at a deeper level than before. Further work still needs to be done to embed ongoing and continuous reporting, as well as to map relevant risk owners. In the coming year there will be extensive work done to further develop systems, processes, and to enable people through training, while monitoring execution against the framework to ensure it is fully adopted and continuously improved. As such, we will continue to ensure robust and regular independent assessment.
Work still needs to be done to manage risk in an integrated way, and with a common language. This will necessitate enablement of a more collaborative organisational culture, that is motivated to candidly assess the status of risk and to nurture opportunity. The foundation laid in the latter part of this year will support a culture of good governance, as well as ethical and courageous leadership within EOH, presenting a critical opportunity to drive our business forward.
The risks tabulated below are the top ten risks for the EOH Group as at the end of October 2019, ranked from the highest to the lowest, in order of magnitude. Risks identified here are currently under management with the Governance and Risk Committee which is accountable for providing oversight of the actions being managed at executive level.
Risks are being managed within the context of the new risk and compliance framework, which forms part of the EOH corporate governance framework. This framework includes control, management compliance and integrated assurance, aligned to our five philosophies, and is designed to drive our strategic objectives and future value creation for all our stakeholders.
| Risk | Description, mitigation (policies, processes and systems) and leadership accountability |
|
Business information systems |
Definition: Major failure of EOH internal business information systems due to the lack of an integrated system with an overarching governance framework, continuity management and disaster recovery for key applications would disrupt business operations. Mitigation: To investigate the mobilisation of an EOH Group business information system to ensure control, oversight and sustainable continuity of business operations and improved decision making. Responsible for leadership and oversight: Technology and Information Committee |
|
Credit risk |
Definition: The lack of a robust credit management policy and oversight may result in excessive and unmanaged credit being given to customers, exposing EOH to an inability to collect on debt. Mitigation: To implement a credit management and oversight framework, including a reporting and control capability to manage existing credit, with an emphasis on training staff and customers on policy rules (know your client training). Responsible for leadership and oversight: Governance and Risk Committee and Audit Committee |
|
Inadequate governance framework and capability |
Definition: Inadequate governance practices, ineffective business processes, corporate control, reporting and poor quality of information could result in poor decision making, compromised value creation, and business performance problems. Mitigation: To implement a best practices governance, risk and control framework, ensuring that the professional skills, resources and systems needed are in place. Responsible for leadership and oversight: Governance and Risk Committee and Audit Committee |
|
Unethical tendering practices |
Definition: Future tenders could replicate the errors of the past resulting in contracts that are corrupt and do not create value for customers if an ethical Code of Conduct and governance framework is not in place to ensure good business practice. Mitigation: To redefine the bid assurance process to ensure robust control and oversight of tenders preventing ghost contracts, underdelivery of services, and over or underpayment. To develop an employee Code of Conduct, supported by a programme to drive an ethical business culture. Accountability: |
|
Liquidity |
Definition: Liquidity constraints could be faced should loss-making international acquisitions funded through debt continue to make a loss, or if the ongoing legal process results in large fines. Mitigation: To generate funds and reduce debt by deleveraging the business and ensure losses from international acquisitions are stemmed. Responsible for leadership and oversight: Audit Committee and Risk Committee (MANCO) |
|
Regulatory compliance, including data privacy |
Definition: Failure to meet regulatory requirements such as B-BBEE, tax liabilities relating to statutory employment, and emerging and evolving data privacy requirements would incur cost and reputational damage. Mitigation: To galvanise the drive for regulatory and statutory compliance, ensuring high calibre executives are in place to drive forward EOH compliance across the Group, supported by integrated technology systems to enable transparency and oversight. Accountability: Governance and Risk Committee, Technology and Information Committee |
|
Legal and litigation |
Definition: The ongoing legal and forensic examination of wrongdoing could consume ongoing resources and executive bandwidth, yielding further financial claims requiring justice, remediation and restitution. Mitigation: Ensure that legal resources are budgeted and in place to assure a fair process for justice and for restitution for stakeholders that have been wronged. Accountability: Chief Risk Officer |
|
Human capital and talent |
Definition: The evaluation of human capital and talent capabilities could reveal the need for ongoing recruitment of talent, professionalised human capital management processes, and a requirement to motivate for the retention of staff demoralised by restructuring. Mitigation: To ensure a focused approach to investing in an integrated and best practice human capital management capability and Group HR Officer to lead the full employee lifecycle, investing the recruitment of top class professional skills and staff motivation. Accountability: Nomination and Remuneration Committee |
|
Enterprise performance management |
Definition: The lack of integrated, consistent and best practice enterprise performance management to assure the quality of EOH project execution and performance could result in a lack of visibility where there are distressed projects that could fail, causing damage. Mitigation: To drive forward an enterprise performance management process with transparently monitored key performance measures, aligned to the EOH strategic objectives. Accountability: Governance and Risk Committee |
|
Strategy and organisation redesign |
Definition: The ongoing business restructuring will drive rapid cultural change that places pressure on the independent and entrepreneurial organisations within the Group, presenting operational challenges due to the complexity of integration. Mitigation: To ensure that the executive team plays a strong leadership role, engaging with EOH leaders across the wider organisation to motivate for the benefit of restructuring and the opportunity to drive forward integrated value creation. Accountability: The executive management team (MANCO) |
I have always viewed EOH as a high performance business with solid revenue streams and profitability. When I started, I was struck by my colleagues’ commitment to turning the business around and this gave me comfort that my initial views of EOH were not completely unfounded despite all the issues and challenges we were facing.
After conducting a review of the public sector business, it became clear that because there was limited oversight, some of the larger contracts had weaknesses. There was little to no project management and therefore lack of execution which led to milestones being missed. As there was no comprehensive bid governance process framework, there was evidence of unethical business practices when bidding for contracts. Finally, it became clear that in a bid to chase top line versus profitability, the Company had entered into onerous contracts.
Our remediation plan has included renegotiating contractual conditions as far as possible and improving project management and execution in order to deliver value to our customers which is only achievable by having the right skills in the right positions. While we have recruited some outside talent over the past year, I do want to highlight that we have a wide and deep skills base within our existing teams which are well positioned to carry out large and complex IT projects.
We have worked tirelessly on changing the culture within EOH in order to regain the trust of our employees who felt betrayed by the previous management team and were cognisant of the fact that we needed to motivate them once again to be proud EOH ambassadors.
On the client side, we have increased and improved our stakeholder engagement immensely and are always available to address any issues our clients may have and allay any concerns brought about by the reputational issues we have inherited. There is a marked improvement in the manner and level of interaction now between us and our clients and currently we have over 70 significant public sector projects under way. Our interactions with public sector officials has been positive and they have been extremely supportive of the courageous leadership of the new management team and the transparency in our communications with stakeholders has been key in rebuilding fractured relationships.
We are wholly committed to our partnership with the South African government. As a leading IT company, we are invested in assisting and supporting government in achieving their service delivery targets in any way we can. Youth and SMME development specifically are causes close to our hearts and are areas in which we have formed strategic partnerships in order to deliver IT services to government.
