CRO (chief risk officer ) - Fatima Newman

Focus on technology has led to greater efficiency, optimisation and transparency at EOH

When we take a stand against unethical behaviour we do more than prevent its ill effects. Most people are honest and hard-working. Whatever advantage we can give them shores up our systems against future wrongdoing. By empowering those who seek to do good we build stronger organisations. And by refusing to accommodate the 1% who want to disenfranchise or cut corners we empower the majority with moral authority.

This has personal resonance given where the EOH group of companies once was. In 2018, when Stephen van Coller joined as CEO, he found the group hobbled by the actions of a few unethical individuals, and the resulting inefficiencies. His initial priorities ran in parallel: understanding the extent and nature of the problem, and re-energising and restructuring the governance, risk & compliance function to renew company culture and prevent any recurrence of illegality.

Understanding the extent of the problem was not an easy task in a group that had been so acquisitive on the one hand, and so resistant to oversight on the other. There were 272 companies under the EOH umbrella in 2018, and a single compliance officer. To gauge the extent of the problem we relied on a forensic audit conducted by ENSafrica, which was given unfettered access to the business, alongside our internal investigations business unit XTND, to determine what went wrong. The audit found a lack of basic controls, including antibribery, anti-money-laundering and conflict-of-interest management, as well as weaknesses around bid management, tendering and the basic processes expected to exist in a listed entity.

Our approach to strengthening governance, risk & compliance at EOH has been to appoint a small team of committed, experienced people, provide them with an ecosystem of digital tools that give them exponential reach and effectiveness, and then use those tools to inculcate a culture of ownership, engagement and responsibility across the organisation.

Since the company had also been saddled with debt, we did not have the luxury of building a GRC function by immediately appointing several large teams. In the end this proved a valuable opportunity and became one of our strengths. Because we were a small team we had to be able to work across silos, which meant we were able to identify issues more readily than if we were narrowly focused. And because we could not possibly handle all the data processing manually, we had to find technological solutions.

Our distinct advantage in this regard was that we had the capacity to do all of this for ourselves. At EOH our technology and solutioning mindset, embedded within a business framework, is focused on using technology to solve business problems, which in turn has a positive effect on the business by introducing greater efficiency, optimisation, transparency and more. The tool box the developers and system engineers across EOH created allowed the technology to do what it does best: gather information, record, consolidate and simplify, which then freed us to do what humans do best: think, engage, analyse and plan. This exemplified how humans and technology are able to work in harmony for the best output in the best interests of the company.

This toolbox has evolved into a GRC-as-a-service ecosystem: a suite of solutions that together enable and empower governance, risk & compliance processes to run more efficiently, effecting compliance as an outcome rather than an exercise. Our GRC ecosystem today comprises “Code”, which describes the framework, processes and controls; “Core”, which is our IT-procurement platform; “Cerebro”, an effective training, onboarding and compliance tool; “Impressions”, our digital signature system; “iBot”, a rigorous bid-optimisation tool; and “ExposeIT”, our digital whistleblowing solution app, which allows users the ability to report issues and incidences securely, confidentially and anonymously.

The benefits of this GRC ecosystem have been substantial. First, we have been given a single view of what’s happening across a large and diverse group of companies. From gifts and entertainment processing to bids, tenders and conflicts of interest: everything that affects our GRC capability is available through a single dashboard and consolidated reporting mechanism. This allows for effective decision-making with a clear audit trail capability.

Second, we have managed to embed a deep sense of accountability, both at a leadership level and at an employee level. With legally binding attestations, outlining daily risk-based decision-making in a top-down/bottom-up approach ensures yet again an outcome of compliance driving accountability, actions and assurance and advice.

Governance, risk & compliance includes components of regulatory and statutory compliance, but it has to go beyond that to include adherence to a rigorous ethical and moral framework that speaks to the priorities and aspirations of society as a whole. GRC should not be about a limited, circumscribed tick-box exercise: it should be seen as a leading force in shaping company culture, strategy and action.

As we picked up the pieces and rebuilt a proud EOH, people and technology came together in a unique and distinctive way to create a GRC platform that can serve the government and companies to empower and protect people. With this new framework, guidelines, tools and controls in place we have witnessed a fundamental change in the way the company is being run at every level.

GRC has become an enabler and protector of people, and a foundation for business growth. EOH 2.0 is now firmly on the “Road to Green”, which is what we call our journey towards verifiable, meaningful, lived compliance with high ethical standards at every level of the organisation. I am proud to be a part of this critical journey at EOH and to see what else we can achieve as a team. I invite corporate SA, the public sector and small, medium-sized and micro enterprises (SMMEs) to commit to increasing ethical accountability at every level in their organisations so together, as partners, we can repair the torn (but not yet broken) moral fabric of our country.

If you are interested in understanding how a

small team with deep tech

solved the governance crisis, complete the form for a chat with Fatima Newman, Chief Risk Officer, EOH