Currently viewing: Key material risks, controls and strategic imperatives

Key material risks, controls and strategic imperatives

first book

RISK CATEGORY RISK RISK DESCRIPTION MITIGATING CONTROLS STRATEGIC IMPERATIVES
infrastracture 1. Network penetration
  • External penetration of our networks (including hacking, phishing, etc). Probability intensified due to increased web traffic to webstores which are integrated into SAP, occurrence of recent high profile hacking incidents internationally (related to malware), and roll-out of wifi solution for customers in stores.
  • Website cloning and rerouting of online payments gateway via webstores.
  • External penetration of Android-based handheld scanners used in the stores (including hacking, phishing, etc).
  • Increased usage and access points with roll-out of new local stores; East Africa stores and webstores.
  • Prevented with use of firewalls, network data security keys and antivirus software which is continually updated.
  • User passwords regularly updated.
  • Penetration testing performed by external service providers.
  • Segregation of wireless network; integration into Active directory no longer requires a pre-shared key.
  • Handheld scanners moved to hidden network.
  • Cyber insurance in place through reputable provider.
  • A payment card industry compliance project is currently underway to evaluate all network policies and procedures and network and router configurations to assess risks in order to mitigate them.
  • A Protection of Personal Information (“POPI”) gap analysis and compliance project has commenced to assess areas of risk in order to mitigate them and ensure compliance when the POPI Act comes into effect.
  • Improved encryption on Point of Sale (“POS”) computers is being explored with the integrated POS provider.
2. Pace of innovation and agility inadequate
  • Pace of innovation with smart scanners and functionality in stores and online is not sufficient or fast enough to keep pace with the market and competitors.
  • The Group’s Digital Forum meets regularly to discuss and analyse trends and disruptive technologies to ensure that the business is positioned to respond to or introduce innovation into its operations.
  • Ongoing research and development ensuring involvement of key stakeholders will promote relevance of technology/application to the needs of the business.

network
RISK CATEGORY RISK RISK DESCRIPTION MITIGATING CONTROLS STRATEGIC IMPERATIVES
loss quality earnings 3. Loss of profitability and/or market share if products do not remain fashionable
  • Not remaining fashionable is the Group’s single biggest risk, and has significant influence on the market share enjoyed by the business.
  • Customer expectations not satisfied with product offering.
  • Regular regional meetings and strategy sessions held to source insight into markets, receive product feedback and communicate fashion trends, product innovation, merchandise and store improvements, market analysis and opportunities for growth.
  • There are experienced brand/
    divisional/supply chain managers in the business, who focus on key products and areas.
  • Attendance at international trade fairs.
  • Ongoing cost/pricing adjustments and expansion of distribution channels implemented (eg e-commerce).
  • Store displays and trading space are continually refreshed, and ideas shared across the Group via various mediums (eg operations newsletter).
  • Ongoing “competitor shopping” undertaken.
  • New inventory provisioning process implemented in stores to ensure improved product life cycles.
  • BOP utilised to improve in-stock levels of business critical items, and management/exit of slow moving inventory.
  • Work with suppliers and leading experts to ensure ‘wow’ factor of products and merchandising.
  • Use business information tools to train and motivate operators to innovate and pioneer.
  • BOP will improve product lifecycles, thereby ensuring constant responsiveness to evolving fashion.
  • Optimal range/pricing structures will remain a priority.

staff inadequately
RISK CATEGORY RISK RISK DESCRIPTION MITIGATING CONTROLS STRATEGIC IMPERATIVES
talent attraction 4. Staff inadequately trained
  • Individuals are not adequately trained/developed, and succession planning may be inadequate.
  • The Group conducts various training courses and operates an established Tiling and Plumbing Academy. Training spend is significant.
  • Divisional management and the executive directors of the Group are closely involved in the operations of the business and regular regional meetings are held, as well as other regular interactions.
  • The business implements Career Advancement Training which comprises its Leadership Development Programme, Operator Training Programme (“OTP”) and other university-affiliated courses.
  • The Group has a culture of developing and promoting from within, and various initiatives and programmes are in place to foster this (eg Management and Leadership Development Programmes, CTM Academy, etc).
  • Employee engagement surveys are conducted and reviewed by Group management.
  • Instil greater retail-specific focus in training and development programmes; attract and retain key talent through promoting business partnerships; and encourage commitment to business success through development programmes and remuneration and reward strategies.
  • OTP will continue to serve as an important mechanism to build leadership capacity in the Group.
  • Enhanced e-learning initiatives will improve training in outlying and rural areas.