Compliance Management and Enterprise Risk Management for ...

Vincent Knox (Chartered Secretary (FCIS), Professional Accountant (SA)), Practice Principal at PSG Konsult Corporate discusses identifying and implementing an effective programme to ensure you, as an SME are compliant with the new Companies Act and the impact of non-compliance.

?The hype surrounding the implementation of corporate governance must be very daunting for any small medium enterprise (SME) and ultimately the business owner. Just the jargon around legislation, codes of practice and internationally recognised standards can be confusing ? not to mention ensuring compliance.?

Firstly, business owners need to differentiate between and understand these:

1.? Legislation/Compliance

Compliance by entities with the New Companies Act no. 71 of 2008 is mandatory for all entities and non-compliance with the Act will have serious repercussions for SME?s and ultimately for the directors and officers of the entity.?

2.???Codes of practice

There are a number of codes by which business should operate.? These have been adopted by countries based on the best business practice and benchmarked in their country. They include the United Nations Code, the Global Business Standards Codex and the King Code.

In terms of acceptable codes of practice, the King III report released in 2009 is seen internationally as the forefront of corporate governance and in all likelihood will be deemed as the benchmark for best business practice by the courts in any cases presented to the courts in South Africa.

3.???Measurement

The ISO31000, set by the International Standards Organisation, is the standard measurement for compliance and risk management. ?This measurement standard needs to be applied in order to evaluate whether or not an entity complies with the parameters set as the benchmark for compliance.

In terms of the legislative process in South Africa, The New Companies Act has placed a greater emphasis on all companies to constantly review both their Compliance Management (CM) and Enterprise Risk Management (ERM) as an integral part of the continuity, sustainability and success of the enterprise. The Act has made legal many of the recommendations of the various King? reports. ?Compliance with the Act is mandatory and failure to comply may result in penalties and or prosecution of the guilty party.

Compliance Management

• Financial Controls Management, including audit management
• Compliance and Governance
• Survey, measurement and reporting
• Ongoing development

Enterprise Risk Management

• Operational Risk Management
• Information Security Risk Management
• Project Risk Management
• Risk Modeling Structure
• Continuity Management

The International Standards Organisation?s ISO 31000 is the global standardisation for implementation of risk management within an enterprise. It was published in 2009 with the main purpose of being the global standard in providing best practice guidance and structure for all operations concerned and affected by risk management.

In terms of implementing an acceptable program, an SME needs to focus on the two aspects in terms of complying with the Companies Act and the King III Code. The first being the legislative or compliance management (CM) aspect and secondly, the enterprise risk management (ERM). These two components may be included into a single process within the company, but will maintain specific accountable areas.

It is important to stress that the responsibility for creating a compliant culture within an enterprise cannot be delegated to management and staff. The accountability remains the responsibility of the board of directors.

Currently there are many suitable software programs which may be utilised to implement a CM and ERM program.? However, a comprehensive understanding of the requirements and components is needed first. Implementing a program without proper understanding could be costly and also ineffective for an SME.

It is not a prerequisite to have a specific type of program, but rather:

• That the person accountable? clearly understands their obligations
• Applies their mind to the implementation of an effective CM and ERM process
• Maintains the compliance once it has been? implemented
• Ensure the company lives the culture so that this permeates throughout the enterprise and is recognised by all staff as being the manner in which they operate and do business

Proper analysis, implementation and on-going application of the CM and ERM process will help protect the Directors against personal liability. They will not be protected in terms of liability as a result of their negligence and non-compliance of the Companies Act.

The law

In view of the requirement of the Act, all entities must comply. For this reason alone, it is preferential that SME?s take the trouble to understand and implement an integrated process within their entity which will be considered as complying with the corporate governance and best practice approach of the King III code.

Efficacy and Profit

• It has also been argued that entities which have applied a code of practice within their organisation are better perceived and more highly valued than those who do not
• While an independent CM and ERM are not mandatory, the implementation of such a process, albeit a simple system, may reduce the costs of identifiable transferrable risks within the SME, thus increasing profit
• Finally, the implementation of a process will definitely assist an SME in addressing aspects of the process properly and timeously thereby protecting the business and assuring continuity and sustainability for all of the business stakeholders.

PSG Konsult Corporate has, as part of its 360? business risk analysis process, partnered with internationally recognised audit, risk management and legal experts in order to provide the SME with an affordable and practical CM and ERM system. This process will be both compliant and beneficial to the SME in being proactive in their risk management approach. It may also have the added effect of reducing transferrable risk costs to the SME.

?Sources:

Government Gazette ? The Companies Act, 71 of 2008

Institute of Directors ? King Code of Governance for South Africa 2009

KPMG ? Toolkit for The Company Director ? 3rd Edition March 2012

PricewaterhouseCoopers ? King III and related legislative requirements ? Steering Point March 2010

?

occupy philadelphia occupy philadelphia conrad murray conrad murray jack del rio jack del rio heaven is for real