printer friendly version

A crash course in bollards, barriers and barricades

The aftermath of 11 September continues to have strong repercussions throughout the world. Security is top of mind as governments, corporations and even non-profit organisations continue to protect themselves from an increase in terrorist threats. But you do not need to be in charge of security for an embassy in a hostile foreign country, or even the US Capitol, to seek protection. Even before September 2001, a high demand for physical property protection existed at the perimeter.

According to recent global research, 90% of financial organisations lose more than R70 million a year each because of poor risk management. The comprehensive survey, conducted by Waters Group and SAS, surveyed 400 corporate risk managers at 300 financial institutions.

Despite massive annual losses, the survey reflected that one-fifth of all financial institutions have no operational risk programme. Although failure or downtime of IT systems was identified as a key concern, while the company's ability to retain key employees was less of a concern, the survey revealed that many companies have been slow to identify where their business is most at risk.

"Despite the focus on compliance and the litigation many financial organisations are facing because of poor risk management, many companies are at a loss to know what to do about this threat to their businesses," says Peyman Mestchian, head of risk management for SAS UK.

"In terms of corporate governance and the King II report it is unacceptable for financial institutions not to have a sound operational risk management programme in place," says Paul Skivington, director of enterprise-wide risk at Alexander Forbes Risk Services.

"Understandably, it can be difficult for organisations to get to grips with the less apparent or 'softer' operational risks such as the effect of dissatisfied customers, lack of client retention or the resignation of a key employee, which could result in client losses and consequently financial losses. Since these losses are easy to measure and operational in nature, the true impact of the loss is likely to be less apparent immediately after the loss and only realised months after it occurred," he says.

Skivington illustrates the effect of operational or enterprise-wide risks by likening them to an 'iceberg effect'. "In many instances, operational risks may not appear to be significant but an accumulation over time of hidden losses that occur gradually erode away the organisation's profits. It is the little inefficiencies that add up to a much greater cost and lead to diminished profits. For example, poor services levels rendered is a risk that is very often overlooked and unaccounted for and could be as detrimental to a company bottom line as unplanned downtime of an IT system.

"Companies need to consider how much more profitable they could be if they tackled these softer risk issues," says Skivington. "Shareholders should be no less concerned if a company suffered a substantial once-off loss of R120 million than if it lost R120 million over a 12 month period.

"In addition, companies need to be honest and ask themselves whether they are allocating risk management costs appropriately or passing them on to their customers."

A sound operational risk management programme is imperative for every organisation in order to facilitate the identification of where losses could be occurring - which is probably the greatest operational risk management challenge for any company, according to Skivington. Once it has been established where the losses are emanating from it is easier to determine what to do about them. Guidelines for risk management are stipulated in the King II report, however operational risk management should be as much of a concern to shareholders as are corporate risks.

Skivington is of the opinion that most South African financial institutions do not follow the trend of their global counterparts when it comes to risk management. "Generally speaking, most South African financial organisations do have a risk management programme, but closer attention needs to be given to operational risk management," he concludes.

Share this article:

Further reading: