The top ten risks companies will face in 2009

As global and local markets weaken and South African companies are forced to confront the economic slowdown, the temptation may be to cut corners when it comes to enterprise risk management (ERM) in an effort to control costs. The reality is this is the time to increase risk management processes and tighten controls.

"Tough economic times do not only affect businesses, but also individuals within these businesses, some of whom will see their employers as a means to resolve their own credit and cash flow crises," says Amir Lubashevsky, executive director of Magix Integration. "Business leaders therefore need to exercise more control over the areas of risk within their organisations in 2009 to ensure internal and external threats are pre-empted and shut down before they can wreak havoc."

The following are the top ten enterprise risks Lubashevsky believes business will face in 2009.

Poor enforcement of corporate governance Failing to enforce corporate governance policies and procedures will carry serious consequences in 2009. Firstly, legislation is being passed to make directors accountable for governance failures; secondly, customers observing a lack of good governance will be unwilling to trust that business.

Increased usage of mobile devices to steal data Mobile devices are more common, cheaper and easier to use than ever before and circulation of these gadgets is bound to increase by next year. Very few companies have bothered to analyse their networks and systems to identify where they are vulnerable to mobile devices. Compounding the threat posed by these devices is the fact that there is more mobile technology in the hands of people who don`t know how to use it, making them ideal targets for exploitation.

No investment in enterprise risk management During 2008, a significant number of businesses rolled out superficial levels of risk management and the vast majority of companies and organisations made no effort to implement integrated ERM solutions. Until enterprise risk management is a board-level issue it will remain peripheral and not receive the attention or budget it requires. Risk management is a priority you ignore at your peril.

Increase in corporate vulnerability to internal threats A company`s single biggest asset is its employees and unfortunately the threat posed by staff ranging from the CEO right down to casual labour is underestimated. Considering that the cost of living has soared lately and employees are under pressure, it is a matter of time before some will look for easy relief from their troubles by stealing from their employers.

Poor monitoring of employees With the ongoing decline of local business confidence and a business climate that is expected to continue cooling down in 2009, employee trust levels should be lower than ever. Companies are urged to consider non-invasively monitoring what employees in medium- to high-risk areas are doing across the corporate network. It is only through effective staff monitoring that crime can be thwarted.

Growth in organised crime and syndicates 2009 will see organised crime syndicates targeting an increasing number of companies and organisations to obtain privileged data and records. Poor employees are great targets for these syndicates as they promise huge rewards for minimal effort to their ignorant victims. Often they do not actively recruit people, but use social engineering to gain access to restricted physical and virtual areas.

Poor asset control Many companies purchase expensive computer and office equipment but make no effort to monitor its usage or track its movement around the office. Companies must be aware that if they don`t look after virtual and physical assets, someone will be willing to buy it and someone who appears trustworthy will be willing to sell it.

Ostrich mentality by management "The best thing to do is nothing," is a common attitude in South Africa because you can`t be punished for doing nothing. Whether as a result of incompetence or ignorance, local executives tend to spurn proactive processes in favour of reacting after the fact. It`s an attitude that is already changing to match international norms, but it is still very prevalent in management and companies are cautioned against adopting this thought process in 2009 as it can prove costly.

Poor attempts to close loopholes Companies can not close loopholes and vulnerabilities in isolation or in a haphazard manner as they will always leave something open or unguarded. Risk needs to be addressed as an all-encompassing ERM process, not as an exercise to fix one or two problems. A multi-dimensional approach will deliver the best results.

Increased identity theft Identity is a commodity today and there are many people dealing profitably in it. Identity theft will continue to increase in 2009 and people will still fail to learn how to manage their identities properly and securely. To protect their human capital across the board from identity theft, company directors need to roll out an integrated identity management strategy and solution.

"There will very few new and unexpected risks to face in 2009," concludes Lubashevsky, "simply intensified efforts to exploit the ones we are already ineffectively dealing with."