GRC Tuesdays: Stark Contrasts in the Cost of Fraud and the Benefit of Risk Management Part Two
In last week’s blog, I examined the biggest governance, risk and compliance (GRC) story of the year—the fraud at Wells Fargo—and its repercussions. The unethical behavior was so pervasive, one could ask whether anything could have been done to prevent it. I believe the answer is an unequivocal “Yes.”
At SAP, we’ve seen many opposing examples of companies who exercise an ethical ‘tone at the top’ as a commitment to good governance. Such enterprises properly manage their risk and compliance responsibilities in the service of public, customer, and shareholder trust. These companies use GRC solutions to effectively manage a consistently ethical, risk aware, and compliant organization.
Exxaro—A Model of Good Corporate Governance
A good example of real corporate governance and ethics comes from SAP Risk Management customer—and second-largest coal producer in South Africa—Exxaro Resources Ltd. Granted, Exxaro represents a heavy resource extraction enterprise, producing about 40 million tons of coal a year. But the serious, risk data-managed corporate governance structure at Exxaro is a model for companies around the globe.
Exxaro is actually a manifestation of South Africa’s current development strategy as outlined in the National Development Plan (NDP). As a leading natural resources extractor, Exxaro focuses on aligning sustainable, long-term corporate objectives with national, regional, local, and internal stakeholder interests. Exxaro is formally committed to high standards of honesty, integrity, and fairness, and exercises a ‘zero tolerance’ policy with regard to fraudulent acts committed by employees, contractors, or suppliers. Evidence of this commitment is reflected in the fact that Exxaro won Ethical Boardroom magazine’s Best Corporate Governance Award in the mining category for the Africa region in 2015.
Exxaro has established a board-supervised Social and Ethics Committee, with management and oversight responsibility for monitoring and advising on relevant legislation, legal requirements, and best practices regarding:
- Social and economic development
- Good corporate citizenship
- Environmental protection
- Health and public safety, including the impact of Exxaro’s activities, products, and services
- Consumer relationships, including advertising, public relations, and compliance with consumer protection laws
- Labor and employment
- Anti-bribery and corruption
Exxaro uses SAP Risk Management to drive operational standardization, risk collaboration, and enterprise-level risk correlation. According to the company’s risk and compliance manager, before adopting a standardized approach to risk identification and assessment, corporate finance used high-level annual risk assessment to support Exxaro’s compliance with legislation and operating requirements. Their safety risk management area followed its own risk management methodology. Exxaro had an operations methodology that was again different, and separate project risk management standards and procedures, as well.
Examining Risks on Demand and in Near Real Time
Today, Exxaro can identify, evaluate, and mitigate risks on demand with their own version of a GRC-infused digital boardroom. SAP Risk Management gives their managers and corporate directors access to live risk reports, providing details on actual and potential hazards. Exxaro’s corporate executives and operations managers use their digital risk-management boardroom to map a particular risk (such as the inability to attract people with critical skills for specific areas) to its root causes and potential impacts. This customized digital boardroom also displays the controls the company has put in place to address each risk (on-the-job training and the use of contractors, for example). This advanced visualization also reveals the effectiveness of specific controls and tracks their application by those responsible for them.
Supported by SAP Risk Management, Exxaro’s risk management efforts are highly organized and collaborative. Across functions, departments, and business units, employees engage in well-informed discussions about risk impact and probability. When employees in each area see risks identified and evaluated in SAP Risk Management, they are on alert.
This precise awareness supports both the business units and corporate officers. Exxaro can compare and act on risks throughout the company in near real time. Staff can view a single risk across multiple business units and multiple projects—and vice versa.
SAP supports the true expression of enterprise risk management at Exxaro by helping the whole organization grow and evolve their risk intelligence. Exxaro provides a great example of the real power of advanced GRC solutions in the hands of skilled, responsible, and ethical organizations.
For More on Exxaro’s Story, Join the OCEG December 8 Webinar
- December 8th, 11:00 am EST – 12:00 pm EST
- Saret van Loggerenberg, Manager Risk and Compliance, Exxaro Resources Limited
- Bruce McCuaig, Director, Solution Marketing, Governance Risk and Compliance, SAP