The COVID-19 pandemic has created immense risks to public and private sector organisations as they grapple with new business models, a suddenly-distributed workforce, and widespread uncertainty and disruption. For CFOs and public sector financial leaders, the new dynamic is creating risks to private and government institutions at a time when financial integrity is paramount.
Disruption challenging public, private sectors
For the private sector, the disruption from closing offices and suddenly relying on a mostly remote workforce has created new challenges. Employees are now working outside the boundaries of corporate firewalls and, in some cases, on unsecured devices. Enhanced cybersecurity is critical; the World Economic Forum has warned that cybercriminals have escalated their efforts to capitalise on the unfolding tragedy of Covid-19, putting companies, consumers and public sector organisations at immense risk.
In the public sector, government departments at national, provincial and municipal level are facing their own challenges. The response to Covid-19 has required a reprioritisation within various government functions to support the unprecedented large-scale coordinated effort at all levels of government to limit the impact of the disease.
For example, Treasury has announced it is centralising the sourcing of all personal protective equipment from suppliers. In the heavily regulated public sector, this centralising of sourcing can add additional complexity to procurement and public finance management practices to ensure finance teams functions within the bounds of good governance.
Add to this the disrupting effects of major budgetary constraints and poorly-performing state-owned enterprises and public sector finance teams are in for a challenging period.
Private sector companies, already dealing with a struggling economy and low consumer and business confidence and now battling with a major world event will similarly have to enhance their governance, risk and compliance efforts to ensure business integrity is upheld.
Three priorities for improved risk management
So what are public and private sector finance leaders to do to manage risk in such an uncertain and disruptive environment? Three immediate priorities stand out: protecting the business through better risk management, process control and audit planning; improved access control; and putting comprehensive security measures in place to protect critical data.
Protecting the business starts first and foremost with visibility. Managing risk during times of great uncertainty or disruption requires that finance leaders have a holistic view of risk. This requires them to have a single financial source of truth – an accurate, integrated source of data that can inform financial decision-making within all company or government functions.
Having a clear view of all risk elements gives finance leaders additional agility to adapt to changes in the operating environment and business model. Many organisations will need to reassess their business strategy to take into account the impact of the lockdown and continued disruption from the pandemic.
Using risk scenarios and modelling to understand the organisation’s exposure to risk gives organisations a clear view over the impact of emerging opportunities on the company’s risk profile. In addition, it helps finance leaders make better decisions by linking current and future risks to business value drivers.
With a single financial source of truth, companies should also seek a single platform for managing policies and compliance procedures. This enables streamlined processes that align controls and policies with business goals and risks.
Audit planning will also require a second look: tools for better managing scoping, risk assessment and project management of internal audits can save precious time and resources. Real-time analytics can play a hugely important supporting role by enabling companies to scan large volumes of data with increased accuracy in detecting and preventing fraud and errors.
However, with business models changing rapidly – most noticeably the rise of remote workforces as people are confined to their homes – effective access control is becoming even more important than before. Sudden changes in an organisation’s workforce as a result of the pandemic could lead to conflicts with segregation of duties and hamper access to critical authorisations. Without full visibility over user functions and permissions, companies will struggle to remediate issues or introduce mitigating controls.
CFOs and finance leaders should enforce a segregation of duties framework that avoids having a single user create, approve and monitor transactions. Where segregation of duties is not possible, management should be able to monitor users’ transactions and ensure users have appropriate authorisations to maintain accountability.
Organisations should strive to provide secure access to applications and data across cloud and on-premise solutions, and use predictive detection of fraud and errors in transactions to maintain business integrity. Interpol has warned that cybercriminals are taking advantage of the pandemic by attacking computer networks and systems while most of the world’s attention is on dealing with the coronavirus. The FBI has found that reports of cybercrime have quadrupled since the start of the pandemic.
Here, enterprise threat detection and other security measures play a vital role in identifying, analysing and neutralising the rising tide of opportunistic cyberattacks plaguing public and private sector organisations. CFOs and finance leaders need real-time intelligence into system vulnerabilities to ensure cybersecurity threats are mitigated before systems are compromised.
- Isabel Papadakis is head: Africa Industry Value Advisory at SAP Africa