Tuesday, August 11, 2009

King III and Corporate Governance from 2010

I am sure we are all aware of the King II report and its impact on the approach to Risk Management in South Africa. The draft King III report was published for comment in April this year and will more than likely be legislated early next year. The following key issues stand out in the King III report as opposed to the King II report: 1.It has adopted an "apply or explain" basis instead of the previous "comply or explain". This in part is because the report has been expanded to include all entities and not only JSE listed ones. This will allow medium to small entities to apply the principles selectively, but with an explanation as to why certain principles have not been met or implemented. It thus has a more self regulatory basis. 2. The code will be legislated, whereas the previous report merely served as a code of best practice. 3. It has a risk based approach rather than a pure legal compliance concept. KPMG have summarized the Risk Management portion of the report as follows: Risk Management Risk management is inseparable from company’s strategic and business processes. The Board is responsible for the risk management process (including company’s risk appetite,capacity and tolerance limits) and may delegate risk management to a Risk Committee. The Risk Committee: Can be comprised of executive, nonexecutive directors, management and independent risk management experts with a minimum of three members - Should be chaired by a non-executive director and meet at least twice per annum - Consider risk maturity, risk management activities, significant risks, material losses or changes in risks, due diligence activities, IT risks and risk reporting. Management is responsible for implementing the risk management process and risk management should be embedded in the company, practised daily by staff, and risks should be assessed on an ongoing basis. The Board should: - Ensure regular (at least annual),comprehensive risk assessments and must review the risk register - Ensure risk identification is directed towards company objectives - Ensure quantification, appropriate response to key risks and validation with stakeholders - Adopt a risk management plan and approve the company’s chosen risk philosophy - Approve key risk indicators and tolerance levels. (Internal audit to provide independent assurance on the risk management process) - Disclose risk tolerance and report on the effectiveness of risk management in the annual report - Ensure the company’s reputational risk is protected - Determine the extent sustainability issues are addressed and reported (e.g. through stakeholder risk assessment, ethics risk assessment, environmental risk assessment and human capital considerations) - Take ownership of IT governance including IT security.

Wednesday, August 5, 2009

Why fire risk assessment is important for your business

Fire poses a major threat to all businesses and should be of prime importance to any managing director or boss. The consequences of a fire can be far reaching and can even leave a business in the same state as the burnt out premises; ruined. If operating in a single premises the effects can be even more devastating, hence the importance of fire risk assessment procedures are an essential component of any health and safety protocol. For companies who house supplies and other integral business elements in their premises the effects of fire can be even more damaging. In terms of continuity of supply and relationships with buyers, the effects can sometimes never be recouped. An efficient assessment of the risk that fire may pose to your business should be regularly carried out to ensure not only the safety of your staff members, but also to protect your business. An employer's own conscience should force them to undertake a thorough fire risk assessment, although legal requirements for employers are extensive in ensuring staff safety. The process of fire risk assessment involves identifying the various sources of ignition that may be present in your business. Not only should an assessment identify the ignition points but also the levels of combustible materials in a workplace. Such materials include soft furnishings and elements of the structure such as a timber frame or desks. The purpose of a fire risk assessment is to minimise the potential for fire in your business premises. The risk assessment should involve the identification and if possible the elimination of hazards in the workplace. If these elements cannot be eliminated from the day to day uses of the business, fire risk assessment should advise ways in which the hazards can be dealt with and avoided. Usually safe working methods can be developed that put hazardous practises as far away from combustible materials and ignition sources as possible. This may mean that your risk assessment will take a few days to get a true understanding of the patterns of work in your business. Also, as part of the assessment, the people who work in your premises will be examined. This may include assessing the risk staff members, customers and other members of the public that may have access to your premises. The number of people present in the premises in the event of a fire will also be estimated by the assessment of visitor numbers over a few days. As a result of this information escape routes and fire safety protocol will be part of the risk assessment to ensure evacuation is carried out efficiently and effectively in the event of fire. As well a the means of escape, fire fighting apparatus and equipment will be assessed as well as the number of people who are able to operate this apparatus in an emergency. Considerations of age, health and agility in terms of the people present on the premises will also be part of the risk assessment. These factors are important especially when considering different working environments such as nurseries, factories or care homes. As a result action plans can vary immensely. The risk assessment report will ensure that there are sufficient staff members present to cope with a fire should it break out. Also the action plan should focus upon minimising the risk of fire in the first place, by understanding the causes of fire and elements involved, prevention should be more effective. Assessment will also include an appraisal of the current action plan and the working order of the various fire fighting equipment in a business premises. Fire is a risk that worries most employers, an assessment can inform bosses where they are with ensuring the safety of there staff and how much they need to do to increase this safety. As a legal requirement, following the recommendations of the report is a vital legislative requirement.