South Africa has an excellent corporate governance regime, with a raft of laws, codes and guidelines designed to enforce compliance with the highest global ethical standards.

 

“At its heart, ethical business practice is about accountability,” says Kevin Phillips, MD of idu Software. If I am the director of a business, I am in effect managing the money of the shareholders in that business – and I have a duty to manage it with care, skill and honesty, and to account for my actions. That is what a “fiduciary duty” is – to uphold the trust people place in us when they give us charge of their cash. The principle is ancient (the word “fiduciary” comes from the Latin), but nowadays it is also enshrined in statutory as well as common law. Directors who fail in this duty now face criminal prosecution and even prison time.

The latest report investigating individuals at UK-based Barclays Bank regarding the rigging of the LIBOR rate (London interbank offered rate), which controls the rate of home loans, credit cards and other financial transactions, cites the company’s flawed culture as a primary reason for its demise.

 

The report reveals that the subsequent high-earnings paid to top executives was only possible if management ignored the culture of its workforce.  Bob Diamond, the star investment banker and CEO of the bank worth over an estimated $350 trillion globally, was forced to resign after being implicated in the scandal.

 

According to Tjaart Minnaar, MD of OIM International, a leading business consultancy firm, an organisation’s culture is now more relevant than ever to ensure sound risk and performance management. This is in light of the scale of global woes experienced against the backdrop of the financial crisis.

 

“An organisation’s culture relies on high levels of transparency, corporate governance and accountability – all standards required by investors and society in order for a business to function effectively. This puts pressure on boards and executives to take and create responsibility for the organisational culture that reflects a company’s values and ethics.

 

“The test of how serious a company is about maintaining its values occurs when a key player does not live or adhere to the values of an organisation.  Are we happy to make an exception to the values of our organisation to not lose a key player’s contributions, or just turn a blind eye in order to reap the profits without adherence to the ethics and culture depicted by our business?”

 

Minnaar argues that it’s easy to use an organisation’s values as part of a conversation to steer a poor performer in the right direction.

 

“The problem comes in when a star performer does not adequately reflect an organisation’s culture, which comes about when there is something to gain and a person is tempted. The collective ethos of a business is more important than the individual and so tough decisions are required when star players don’t live the organisation’s values. Sound leadership requires the values of an organisation to be upheld, and calls for transparency when poor decision-making leads a star performer to misrepresent the organisation,” he says.

 

A company should consider such a situation as part of its risk management portfolio.  Company management should be able to identify the internal risks their company faces, and properly evaluate, communicate and address them, as part of a preventable risk category. A preventable risk exists within a company as, for example, fraud, corruption or bribery. This can be best managed through active prevention, putting monitoring operational mechanisms in place and guiding people’s behaviours towards that which fits the company’s culture. 

 

Minnaar believes a good example of responsible leadership includes the decision by the English cricket team to drop its best performer, Kevin Pietersen, from its team. Pietersen, a South African-born English cricketer, was implicated in a texting scandal when he messaged South African Proteas players, criticising his own team mates and coaching staff. He was subsequently dropped, but will be starting a reintegration process back into the English cricketing team.

 

Minnaar explains that an organisation’s values are set by the standards upheld by the organisation’s leaders, and that regular, consistent and constant communication and feedback will allow for transparency and accountability to occur at top level management. 

 

Senior management, as the custodians of an organisation's culture, need to clearly communicate the values and its meaning. By unpacking the values and practices and ensuring consistent application thereof, instilling regular feedback mechanisms and providing channels for transparency and accountability, leaders will exemplify the culture of the organisation.

 

Minnaar points to a recent example whereby BHP Billiton executive, Marius Klopper, decided to forfeit his bonus due to poor investment decisions made by the company, demonstrated a leader willing to set the example of accountability. In political circles, the ANC expelled the ANC Youth League leader Julius Malema after criticising its parent-body, the ANC. These moves, Minnaar adds, demonstrate sound leadership, as the leaders upheld the values of their organisations. 

 

Minnaar believes that entrenching an organisation’s values is a vital cog in the wheel that will enable a company to guard against a flawed culture.

 

“Business managers need to understand that an organisation’s culture and brand is to be upheld in order to protect its integrity.  Companies need to ensure that the values reflecting its brand personality are defined and clearly communicated throughout a participative process involving internal and external stakeholders.  

 

“The second tier to communicating and defining the values involves making sure that all stakeholders understand and are able to apply them in their respective roles. By unpacking the values in behaviours relevant to the type and level of work people do, as well as ensuring regular conversation about the company’s code of conduct and how this plays out in each person’s role in teams and in one-on-one meetings, will empower each employee to live the company’s values. 

 

Minnaar adds that regular communication, assessments and continuous feedback ensure the entrenchment of an organisation’s values.

“Assessment can occur through individual and team feedback and also through culture surveys. Other feedback channels such as an ethics telephone hotline where irregular behaviour can be reported by employees have also proven to be very useful.

 

“Lastly, developing the organisation’s values means taking feedback into account and building it into the leadership development of the organisation. Incorporating constructive criticism and appropriate comments when hiring and making succession decisions, will go far in safeguarding the values, and the culture, of an organisation.

 

The Information Technology Infrastructure Library (ITIL) is the most widely adopted best practice approach for IT Service Management (ITSM) in the world. It provides a practical, no-nonsense framework for identifying, planning, delivering and supporting IT services to the business. However, ITIL is simply a framework for service lifecycle management and improvement. ITIL practices, tools and software can be harnessed for many other areas of business. Leveraging the true value of ITIL means taking it beyond IT, creating a culture of service improvement throughout the organisation.

The ITIL framework and software designed to support ITIL practices are simply tools that can be adopted, adapted and improved. They can help manage collections of items that have certain dependencies and relationships. The IT department fits this bill, being a network of computers that are interlinked and interact with each other, but this definition can be adapted to include many other aspects and areas of any organisation. Any industry, organisation or environment that relies on processes; or resolves incidents; that require the management of risk and the impact of change, can also benefit from ITIL. By the same token, any organisation that is already using ITIL in the IT department can leverage greater value from the tools by applying ITIL in different areas of the organisation.

Public transport services is one area where ITIL can be harnessed beyond IT, with trains, bus routes and even airports being regarded as large networks. The challenge with these networks is that they are geographically dispersed. Using the ITIL framework and a good ITSM tool, it is possible to develop solutions that highlight stations, bus stops or airports as hotspots or important entities held in the Configuration Management Database (CMDB). Users can then expand or search each hotspot to find out more information. For example, problems that could disrupt transport as well as what equipment is currently located at which station, who is responsible for it, the equipment's history and what might be wrong with it, just like it could if it was a computer in a network.

Effectively this equipment, its relationships and dependencies are no different to a computer network, and the fact that the components of the network are not necessarily a computer, but a ticket machine, a gate, an air conditioner or anything else, is irrelevant. The system is still capable of managing these 'incidents' relating to this equipment in the same way as it would if this was a computer network. Using the ITIL framework, public transport service companies are able to manage services, processes and their interactions that typically are not related to IT.

Health services is another area where the ITIL framework can be exploited. Hospitals need to manage many things, often from a central service desk, most of which are not traditionally related to IT. From fleets of ambulances to surgeries, life support machines to laundry services, and understanding the condition of equipment, scheduling maintenance and making sure everything is running cost-effectively and trouble free is vital to the smooth running of any hospital or clinic.

There are many other industries and examples of ITIL being leveraged outside of IT. In the hospitality industry, ITIL can be used to manage room bookings as well as conferencing facilities and more. Other areas include casinos to manage various gambling machines, fire brigades and emergency services to ensure that equipment is managed and maintained, and even at ports to manage ships, offloading and docking.

Any service provider will need to make sure their services are stable, provide value for money, are fit for purpose and support their customer strategy. This is the same for IT services and non-IT services. Consideration needs to be given to planning, designing and managing incidents, events, problems and requests; new or changed services, accountability, risk; making sure there is sufficient capacity, security and agreed availability of services for current and future needs. All of the above and more are underpinned by Continual Service Improvement.

Ultimately, ITIL is a service lifecycle and process control mechanism, and ITIL process compliant software will follow set workflows or procedures no matter what the process is. Service management can be applied across departments and environments, which mean that service management tools and software based on the ITIL framework have multiple applications outside of IT. Taking ITIL beyond IT will enable organisations to leverage true value and efficiency from service management solutions.

Identifying and implementing an effective programme to ensure you, as an SME are compliant with the new Companies Act and the impact of non-compliance.

The hype surrounding the implementation of corporate governance must be very daunting for any small medium enterprise (SME) and ultimately the business owner. Just the jargon around legislation, codes of practice and internationally recognised standards can be confusing – not to mention ensuring compliance.

Understanding the concepts

Firstly, business owners need to differentiate between and understand these:

1. Legislation/Compliance

Compliance by entities with the New Companies Act no. 71 of 2008 is mandatory for all entities and non-compliance with the Act will have serious repercussions for SME’s and ultimately for the directors and officers of the entity.

2. Codes of practice

There are a number of codes by which business should operate. These have been adopted by countries based on the best business practice and benchmarked in their country. They include the United Nations Code, the Global Business Standards Codex and the King Code.

In terms of acceptable codes of practice, the King III report released in 2009 is seen internationally as the forefront of corporate governance and in all likelihood will be deemed as the benchmark for best business practice by the courts in any cases presented to the courts in South Africa.

3. Measurement

The ISO31000, set by the International Standards Organisation, is the standard measurement for compliance and risk management. This measurement standard needs to be applied in order to evaluate whether or not an entity complies with the parameters set as the benchmark for compliance.

Why the new legislative requirements?

In terms of the legislative process in South Africa, The New Companies Act has placed a greater emphasis on all companies to constantly review both their Compliance Management (CM) and Enterprise Risk Management (ERM) as an integral part of the continuity, sustainability and success of the enterprise. The Act has made legal many of the recommendations of the various King reports. Compliance with the Act is mandatory and failure to comply may result in penalties and or prosecution of the guilty party.

What is Compliance Management and Enterprise Risk Management?

Compliance Management

• Financial Controls Management, including audit management
• Compliance and Governance
• Survey, measurement and reporting
• Ongoing development

Enterprise Risk Management

• Operational Risk Management
• Information Security Risk Management
• Project Risk Management
• Risk Modeling Structure
• Continuity Management

What are the recognized standards and measurement?

The International Standards Organisation’s ISO 31000 is the global standardisation for implementation of risk management within an enterprise. It was published in 2009 with the main purpose of being the global standard in providing best practice guidance and structure for all operations concerned and affected by risk management.

How do SME’s ensure they comply?

In terms of implementing an acceptable program, an SME needs to focus on the two aspects in terms of complying with the Companies Act and the King III Code. The first being the legislative or compliance management (CM) aspect and secondly the enterprise risk management (ERM). These two components may be included into a single process within the company, but will maintain specific accountable areas.

Who is responsible for compliance?

It is important to stress that the responsibility for creating a compliant culture within an enterprise cannot be delegated to management and staff. The accountability remains the responsibility of the board of directors.

How does an SME implement this?

Currently there are many suitable software programs which may be utilised to implement a CM and ERM program. However, a comprehensive understanding of the requirements and components is needed first. Implementing a program without proper understanding could be costly and also ineffective for an SME.

It is not a prerequisite to have a specific type of program, but rather:

• That the person accountable clearly understands their obligations
• Applies their mind to the implementation of an effective CM and ERM process
• Maintains the compliance once it has been implemented
• Ensure the company lives the culture so that this permeates throughout the enterprise and is recognized by all staff as being the manner in which they operate and do business

Why is it so important?

Proper analysis, implementation and on-going application of the CM and ERM process will help protect the Directors against personal liability. They will not be protected in terms of liability as a result of their negligence and non-compliance of the Companies Act.

Is it beneficial for an SME to implement such a process and program?

The law

In view of the requirement of the Act, all entities must comply. For this reason alone, it is preferential that SME’s take the trouble to understand and implement an integrated process within their entity which will be considered as complying with the corporate governance and best practice approach of the King III code.

Efficacy and Profit

• It has also been argued that entities which have applied a code of practice within their organisation are better perceived and more highly valued than those who do not
• While an independent CM and ERM are not mandatory, the implementation of such a process, albeit a simple system, may reduce the costs of identifiable transferable risks within the SME, thus increasing profit
• Finally, the implementation of a process will definitely assist an SME in addressing aspects of the process properly and timeously thereby protecting the business and assuring continuity and sustainability for all of the business stakeholders.

Those without financial forecasting or investment expertise easily liken the skill to being nothing short of clairvoyance – probably because so many wealthy and well-published business people have credited their “gut instincts” as the source of their success. The truth of the matter is far less mystical. I believe that there are 5 key steps to improving your company’s financial health.