Reducing risks from Covid-19 commotion
The Covid-19 pandemic has created immense risks to organisations, both in the public and private sectors. Isabel Papadakis, head of SAP Africa’s industry value advisory division for Africa, highlights how these organisations can deal with the new business models, distributed workforce and widespread uncertainty and disruption.
For the private sector, the disruption from closing offices and a new reliance on a mostly remote workforce have created major challenges. Employees are now working outside the boundaries of corporate firewalls and, in some cases, on unsecured devices. Enhanced cybersecurity is critical; the World Economic Forum has warned that cybercriminals have escalated their efforts to capitalise on the unfolding tragedy of Covid-19, putting companies, consumers and public sector organisations at immense risk.
In the public sector, government departments at national, provincial and municipal level are facing their own challenges. The response to Covid-19 has required a reprioritisation within various government functions to support the unprecedented large-scale coordinated effort at all levels of government to limit the impact of the disease.
For example, Treasury has announced that it is centralising the sourcing of all personal protective equipment from suppliers. In the heavily regulated public sector, this measure can add additional complexity to procurement and public finance management practices to ensure that finance teams functions within the bounds of good governance.
Add to this the disrupting effects of major budgetary constraints and poorly performing state-owned enterprises, and public sector finance teams are in for a difficult period.
So how can public and private sector finance leaders manage risk in such an uncertain and disrupted environment?
Three immediate priorities stand out:
• Protecting the business, through better risk management, process control and audit planning;
• Improved access control; and
• Comprehensive security measures, which will have to be put in place to protect critical data.
Business protection starts first with visibility. Managing risk during times of great uncertainty, or disruption, requires that finance leaders take a holistic view of risk. This requires them to have a single financial source of truth – an accurate, integrated source of data that can inform financial decision-making within all company or government functions.
Having a clear understanding of all risk elements gives finance leaders additional agility to adapt to changes in the operating environment and business model. Many organisations will need to reassess their business strategy to take into account the impact of the lockdown and continued disruption from the pandemic.
Using risk scenarios and modelling to understand an organisation’s exposure to risk helps the organisation assess the impact of emerging opportunities on its risk profile. In addition, finance leaders can make better decisions by linking current and future risks to business value drivers.
With one financial source of truth, companies should also seek a single platform for managing policies and compliance procedures. This enables streamlined processes that align controls and policies with business goals and risks.
Audit planning will also require a second look: tools for better managing scoping, risk assessment and project management of internal audits can save precious time and resources. Real-time analytics can play a hugely important supporting role by enabling companies to scan large volumes of data with increased accuracy to detect and prevent fraud and errors.
However, with business models changing rapidly – most noticeably the rise of remote workforces as people are confined to their homes – effective access control is becoming more important than ever before.
Sudden changes in an organisation’s workforce as a result of the pandemic could lead to conflict over segregation of duties and hamper access to critical authorisations. Without full visibility over user functions and permissions, companies may struggle to remediate issues or introduce mitigating controls.
Chief financial officers and finance leaders should enforce a segregation-of-duties framework that avoids the situation where a single user creates, approves and monitors transactions. Where segregation of duties is not possible, management should be able to monitor users’ transactions and ensure they have appropriate authorisations to maintain accountability.
Interpol has warned that cybercriminals are taking advantage of the pandemic by attacking computer networks and systems while most of the world’s attention is on dealing with the coronavirus. Organisations should therefore strive to provide secure access to applications and data across cloud and on-premise solutions, and use predictive detection of fraud and errors in transactions to maintain business integrity.
Threat detection and other security measures play a vital role in identifying, analysing and neutralising the rising tide of opportunistic cyberattacks plaguing public and private sector organisations. CFOs and finance leaders need real-time intelligence on system vulnerabilities to ensure cybersecurity threats are mitigated before systems are compromised.