How to plan the future while focusing on what matters. The last three years have been challenging years for global economics and organisations at large. The continued changes have increased operating risk and forced management to have an outlook to the future that is adaptive in nature while focusing on day-to-day operating changes.
The first quarterly has come and gone with limited time to reflect on the challenges and changes that have taken place. This is a clear indication that every organisation plan and outlook for the future has to be constantly evaluated, reviewed and agile to the changes in environment in which the organisation operates.
Transforming challenges to opportunities by being agile to change
Most people will describe the times we are living in with one word: a VUCA world. VUCA is an acronym composed of four terms: volatility, uncertainty, complexity and ambiguity. The question then arises as to what role should audit committees play in this new world in order to provide oversight on the assurance process to increase investors’ confidence regarding the ability of the organisation to stay afloat in the mist of these economic changes.
Looking at the markets it is clear that no two days are the same, so what should audit committees be aware of regarding the changes in their environments, regulatory developments, tax developments and how do they assist firms to stay above and most importantly ahead of the changes?
Audit committee members should consider VUCA in respect of the following: digital transformation, ESG reporting, inflation risks, enterprise risk management and cyber security. The above list of items are important aspects of business and require some level of understanding by audit committee members. Let’s first define each concept:
Digital transformation
The way in which we work has undergone a complete transformation in the past decade. Digital transformation is the integration of digital technology into all areas of a business, fundamentally changing how you operate and deliver value to customers. It’s also a cultural change that requires organisations to continually challenge the status quo, experiment, and get comfortable with failure. (Digital means using a system of receiving and sending information as a series of the numbers one and zero, showing that an electronic signal is there or is not there.)
Digital transformation is therefore the process of changing how an enterprise leverages technology, people and processes to improve business performance and embrace new business models. This transformation is cultural in nature and affects all elements of the business including sales, marketing, operations and customer service and is typically accompanied by a move to modern cloud technologies. Examples are implementing automated customer service and using AI-driven insights to improve sales efficiency.
Cyber security
To protect information and keep networks running, organisational governance need to address achievable goals: identity and access control, secure remote access, data centre and cloud security measures, and advanced threat defence throughout the enterprise.
Digital transformation and cyber security are not new concepts. They are currently necessary for any organisation to stay in business and be able to engage in new opportunity to grow in the near future. In this new world that we have entered, organisations need to be digitally transformed in order to be sustainable and to have a competitive edge.
Organisations that don’t change with time end up disappearing from the consumer’s mind. COVID-19 has demonstrated the importance of organisations to be knowledgeable and aware with regard to technological changes and also to be master the ability to use technology to incorporate their business goals in order to achieve the desired results.
As explained above, digital transformation involves combining technology in different phases of the organisation in order to be more efficient and with the view of achieving some of the business’s strategic goals. An organisation can’t be digitally transforming without an investment in cyber security. Protecting the organisation’s data from falling into the wrong hands is as important as driving the business strategy.
Suitable business in the currently environment understand that to stay in business you need to look out for your customer’s needs and then developing sustainable solutions to meet that need. This also means being able to protect customer private data once you branch out to provide services using the internet.
ESG (environmental, social and governance) reporting
An ESG report deals with the disclosure of data about a company’s environmental, social and corporate governance initiatives. The report is meant to provide a snapshot of how sustainable and responsible the company is.
In the business environment there has been a move from different stakeholders requesting for a more formalised and regulated manner to report on ESG matters on the financial statements.
Some countries are so adamant about it that it is a legally regulated requirement for certain types of industries. This seems to be a move of some economic markets to get all ESG required reporting regulated.
There is also a move from financial standard sectors to develop certain standards that will assist in formalised way of reporting.
Inflation risks
Inflationary risk refers to the risk that inflation will undermine the performance of an investment, the value of an asset, or the purchasing power of a stream of income. Inflation is the general increase in prices and fall in the purchasing value of money over time. The main measures of inflation are the CPI (consumer price index), RPI (retail price index) and CPIH (consumer price index including housing costs). The CPI is made up of a basket of commonly purchased goods and services such as food, clothes, airfares and postage.
Effects of inflation
The effects of inflation are the following:
- Negative effects:
° Money loses its value
° Inequality
° Exchange rate fluctuations
° Impact on the cost of borrowing
° Increased cost of living - Positive effect:
° Increased spending and investment
Inflation risks affects the value of cash, and the higher the inflation rate the lower the spending ability of customers and the higher the cost of lending which may sometimes be accompanied by low returns of investments. This also needs to be kept in mind by audit committees, as it has an impact on investors’ and borrowers’ decision-making, as well as on the cash strength of an organisation and its customers.
Enterprise risk management (ERM)
ERM is a company’s approach to managing risk. It is the practices, policies, and framework for how a company handles a variety of risks its business faces. ERM is important because it helps prevent losses or unexpected negative outcomes. ERM is also important because it helps a company set the plans in place to strategically approach risk and garner employee buy-in.
ERM often summaries the risks a company faces into operational, financial, and strategic risks. Operational risks impact day-to-day operations, while strategic risks impact long-term plans. Financial risks impact the general financial standing and health of a company.
Compliance risk threatens a company due to a violation of external law or requirement. Legal risk threatens a company should the company face a lawsuit or penalty for contractual, dispute. Strategic risk threatens a company’s long-term plan. For example, new market participants in the future may supplant the company as the lowest-cost provider of a good.
Operational risk threatens the day-to-day activities required for the company to operate. An example of operational risk is a natural disaster that damages a company’s warehouse where inventory is stored. Security risk threatens the company’s assets if physical or digital assets are misappropriated. Financial risk threatens the debt or financial standing of a company. An example of financial risk is translation losses by holding foreign currency.
ERM is about managing and accessing the different risks affecting the organisations, whether as an internal or external risk factor, and implementing measures to reduce the risk to a level that is acceptable in a cost-effective way by applying effective controls to address the risks. Organisations know that there are inherent risks due to the nature of the organisation and there are those risks that cannot be mitigated to an acceptable level.
The responsibility for identifying and assessing the risk should be an enterprise-wide process, involving all business units or sections of the organisation, with designing and implementing of controls to mitigate the risks.
The role of the audit committee in this regard is to review this ERM process of the organisation and consider if management has considered all significant risks and inquire whether or not the controls are designed in an effective manner to reduce the risk. Where the risk can’t be reduced, determine what is management doing to monitor such a risk and what is the impact on the organisation’s operating strategy and future.
It is crucial that the audit committee understands its role as an oversight body over the ERM process. This is because the audit committee is a form of line of defence and part of creating shareholder value through ensuring good governance process withing the organisation.
Conclusion
In conclusion, while we can’t provide a step-based approach that will work for every organisation, it helps for audit committee members to keep the above in mind when making decisions around the organisation’s internal or external factors that affect the overall strategy of the organisation.
From the type of individual hired at top positions in terms of HR policies to those within the operational structures providing support to top management – there is no one size fits all but planning to incorporate the above in some audit committee meetings will assist in ensuring a successful role for audit committee members.
AUTHOR
Angel Sithole CA(SA), SAICA Project Director: Assurance