Africa’s executives are increasingly concerned that risks to their companies are on the rise, according to PwC’s ‘Risk in review, 2015’ survey released today. However, Africa’s executives and boards are taking effective steps to address risk strategy and management, putting them ahead of their global peers when it comes to being leaders in managing risk.
Across the African continent ongoing political, economic and social developments are raising concerns among African businesses. The basic lack of infrastructure, concerns over access to healthcare and food security as well as the effects of climate change are accelerating significantly. Technology continues to disrupt, through innovations like cloud computing, social media and the Internet of Things and there is an increase in awareness by African businesses to manage cybercrime and cyber-terrorism.
Anton van Wyk, Head of Risk Assurance Services for PwC Africa, says: “Business risk is everywhere – external and internal, interconnected, growing and ever-changing. Executives and boards know it, and they are concerned.”
Despite all of this, African organisations remain optimistic about the outlook for their business over the next 18 months.
PwC surveyed more than 350 executives with operations across a broad spectrum of industries in 27 African countries. The purpose of the survey is to: examine which drivers of change have the biggest impact on organisations operating in Africa; highlight which global risks and opportunities organisations in Africa are responding to; explore how organisations are positioned to respond to these and other risks that impact growth; understand what are the specific risk exposures with respect to digital transformation and technology risks; understand where organisations perceive themselves to lie along the risk maturity spectrum and obtain a view on the changes they expect to make in the next 18 months.
According to the survey results, respondents expect that the top risks that will impact their companies in the following areas are: increasing regulatory complexity (84%); technological change and related IT risks (84%); government policy changes (81%) and inadequate infrastructure (74%).
To address these shifts, companies continue to undergo significant business transformation. A high 87% of respondents say their organisation has recently undergone a transformation initiative, is doing so, or will do so in the near future. Business transformation (98%), IT (84%) and innovation (81%) are the internal drivers of change expected to have the biggest impact over the next 18 months. “New” threats such as cyber-crime are requiring new and improved mitigation strategies. Changing consumer behavior is the top rated market opportunity in the survey and its significance has escalated substantially given the rise of social media, digital and mobile channels.
“It is of concern to note that our survey findings suggest that these shifts are opening capability gaps in risk management, particularly in the areas of regulation, data risk management and building organisational resilience,” says Carmen Le Grange, PwC Africa Business Resilience Leader.
“Typically, risk analysis remains anchored in historical data. To be more meaningful, risk needs to deal far more in the future, and there are no facts about the future. There needs to be a big shift into forward looking analysis built around scenarios, such stress and sensitivity analysis. And subjective judgement should be applied to a greater extent. This will be a challenge for some, as many risk professionals are reluctant to break away from data driven models and controls.
Risk professionals in some industries are changing risk management processes to be much more focused on incorporating the effect of uncertainty into business planning, performance management, investment appraisal and so on. For example, it sometimes feels like the approach in financial services is still very much about risk capital. More can be done to consider what a company’s risk exposures mean from a strategy and performance perspective, adds Keith Ackerman, PwC Risk Assurance Leader, Southern Africa.
Increasing risks and opportunities across Africa
Risks are increasing across the board with CEOs seeing more opportunities and more risks today than three years ago. A high percentage of respondents (89%) expect business transformation to have some impact or a significant impact on their businesses in the short-to-medium term. This impact is anticipated across all sectors, led by agriculture, technology and communications businesses and government and the public sector.
Le Grange says: “With business transformation changes being one of the main risks that organisations grapple with, risk management can no longer operate independently of strategy, it must be a part of strategic planning and implementation. Too much regulation and compliance is increasingly becoming a concern for business.”
Cyber-risks, including weak links in IT security systems, were also highlighted by a significantly higher proportion of African respondents (38%) than global (23%). Failure of new IT systems to deliver expected benefits (70%) and lack of technology skills to support new digital strategies (70%) are ranked among the top technological risks by respondents across all industry sectors. Also of concern is exposure created by the interconnectivity of IT systems, brand or reputational risks from social media and open web communication as well as more frequent and sophisticated cyber-attacks.
It is interesting to note that for African respondents, bribery, corruption and fraud did not feature as high up the list as we had expected. The survey suggests this may be attributable to organisations embracing the challenges of anti-bribery compliance and starting to build workable compliance programmes that mitigate bribery risks. Unsurprisingly inadequate infrastructure also ranked as a significant risk.
Levels of risk maturity across Africa
Three levels of maturity in organisations’ risk management practices emerged, according to the analysis: risk leaders, developing organisations, and early-stage organisations. Financial services organisations represented more than 20% of survey respondents, but only 13% rated themselves as risk leaders, while consumer and industrial products and services companies (CIPS) accounted for 62%, followed by telecoms, information and entertainment (TICE) at 33%, and the government sector at 20%.
Africa has a higher proportion of risk leaders (29%) compared to global organisations (17%) and a lower percentage of early stage organisations (16%) compared to their global counterparts (35%).
Risk management must align with other business functions
According to the survey, organisations report significant success in aligning risk functions with other areas to strengthen risk culture and strategy. However, there are concerns that collaboration among the three lines of defence (business units, risk and compliance, and internal audit) in identifying, monitoring and effectively managing critical risks is still not enough to protect the organisation from capability gaps. Almost 76% of African respondents (global: 60%) believe that a lack of collaboration among the three lines of defence could be exposing their organisation to capability gaps in the defence against risk. “There is still much to do around enterprise alignment and its part of moving up the risk maturity curve. Companies without a fully integrated view of risk across the three lines of defence are not positioned to optimise risk management efforts for efficiency,” adds Le Grange.
“The aim of risk management is twofold: To achieve sustainability – making sure the odds favour the organisation’s survival – and it has the ability to take advantage of change. This means continuing to look forward and becoming ever more sensitive to the complex interplay of risk and opportunity.
“Even for leaders in risk management, the journey to higher capability never ends,” concludes Le Grange.