Covid-19 Business Response Framework

Businesses are facing unprecedented uncertainty. Covid-19 has significantly disrupted our normal ways of thinking and operating. We need to radically transform our organisations now so that we are prepared for the ‘new normal’ and our ‘new reality’.

Strategic Risk Partners

The expectations of governance, risk, and compliance (GRC) activities such as internal audit, risk management, and compliance, from both internal and external stakeholders, have never been greater. ‘Backward-looking’ audit reports, and ‘paper-driven’ risk-assessments and compliance programmes are not always helpful and effective in identifying what is on the horizon.

Good Governance

I have no doubt that most (if not all) of these companies have well-documented ethics and compliance policies and value statements that are stressed to both new and existing employees as part of their ethics and compliance training programs.

Transitioning to the “new reality”: From crisis reaction to active success

During this time of crisis, leaders from SMEs to large corporates are having to navigate unchartered waters and an unprecedented business landscape. Decisions ranging from the wellbeing of people to business continuity, long-term sustainability, and strategic adjustment of the business model are having to be made quickly for a future fraught with uncertainty.

Current Business Trends

Pandemics, climate change, political uncertainty, and trade wars are just some of the risks that have raised the intensity and range of potential disruptions that companies are facing. Coupled with the pace of change, today’s business leaders are facing ever-increasing pressure to anticipate, prepare for and mitigate future shocks.

Combined Assurance

The Whole Truth, and Nothing but the Truth!

All too often Boards and management receive conflicting versions of the truth when it comes to assurance. This is partly due to the fact that some of the assurance functions such as risk management and compliance are interwoven into the management structure and report directly to management, whereas internal audit for instance is considered an independent and objective assurance function reporting, functionally at least, to the Board and the Audit Committee of the Board.

However navigating through and trying to make sense of conflicting information in their quest to find the real version of the truth is not always the best use of both management’s and the Board’s time and resources.

There should be a strong alignment in the relationship between these assurance functions with clear rules of engagement and a combined effort to ensure that management and the Board receive one version of the truth when it comes to risk assurance. This not only helps management and the Board get a clear understanding of the risks the business is facing and how well they are being managed, but it also helps them utilise their time and resources more effectively as well as avoiding duplication of effort across these assurance activities.

This does not imply that internal audit for example should abandon or dilute their independence and objectivity. They would also be expected to provide assurance on the adequacy and effectiveness of some of the other assurance functions such as risk management and compliance. Nevertheless there should be a good dialogue and agreement between these functions on the state of the business’ governance, risk, and control environment, an aligned opinion on what works and what does not, shared insights on (real)