Loading Events

« All Events

  • This event has passed.

Info Sharing Session: Risk Governance

28 February, 2019
8:00 am - 10:00 am


28 February, 2019 @ 8:00 am - 10:00 am

BarnOwl Info Sharing session: 28 February 2019

Risk Governance

Presented by Christelle Marais, Managing Director, Lucidum

Thank you very much Christelle for your enlightening presentation at our BarnOwl info sharing event held at the BarnOwl offices in Bryanston on the 28 February 2019.



Some of the largest corporate failures in both the public and private sectors have been laid at the door of Boards of Directors. At the same time, many Directors voice the concern that they are not able to provide adequate governance and oversight due to the disparate approach in which the various assurance providers submit information and reports to the Board.

In addition to this, there is also recognition of the need to pursue ethical and good governance outcomes as opposed to assurance providers ticking boxes in isolation. This session provides delegates with an overview of what each player in the “Risk Governance”-value chain should contribute in terms of the King IV outcomes of (i) ethical culture (ii) good performance (iii) effective control and (iv) legitimacy, and how these should all come together in a robust combined assurance model and transparent integrated reporting.


Risk managers cannot add value or demonstrate their “skin in the game” without understanding who they serve and what their expectations are. A key client of the risk manager is obviously the board of directors (or its equivalent), who owes its fiduciary duties to the organisation and must always act with due care and skill. Unfortunately, in most organisations, risk managers only have access to directors via executives (usually the CEO or the company secretary). In addition, directors receive their appointment and mandate from shareholders (who do not owe any fiduciary duty towards the organisation), failing which criminal and/ or civil action can be taken against them in their capacity as directors. It is in this complex environment that risk managers can contribute significantly to the success of their organisations, if they understand how the executive’s and the board’s expectations interlink and how they use risk-related information to execute their duties.

In South Africa, directors have to deliver on the following four duties: (i) steer set strategic direction, (ii) approve policy and planning, (iii) oversee and monitor and (iv) ensure accountability. While executing these duties, directors have to take into account the organisation’s triple context (“people, planet and prosperity”), the six capitals that the organisation uses and affects (financial, manufactured, intellectual, social & relationship, human and natural capital), the seventeen sustainable development goals and how the organisation contributes to these (or not) and lastly the five principles of responsible investment in South Africa. The King Report on Corporate Governance provides directors with a “text book” of seventeen principles based on the seven foundation stones of (a) ethical leadership, (b) the organisation in society, (c) corporate citizenship, (d) sustainable development, (e) stakeholder inclusivity, (f) integrated thinking and (g) integrated reporting. While keeping all of this in mind, directors’ ultimate duty is to ensure that their organisation achieve four key outcomes: (1) ethical culture, (2) good performance, (3) effective control and (4) legitimacy.

This context within which directors operate, is therefore the starting point for a good risk management framework. Whether an organisation uses ISO 31 000, COSO ERM or any other risk management standard, it should always be informed by and deliver on shareholders’, directors’ and executives’ expectations. One of the most important tools in this context is a comprehensive and properly understood risk appetite framework, bespoke to the specific organisation. Whereas many complex models for the formalisation of risk appetite have been suggested, the basic requirement should always be that it must be able to practically inform decisions. Sadly, many organisations have not been able to get this right and perhaps the reason for this is, that the formal “numbers” that they come up with is not compatible with what business leaders intuitively judge as appropriate for their organisations. This disconnect is a key challenge for risk managers and one of the most important ones to address.

Once an appropriate risk appetite framework is in place, organisations should understand how to govern risk (this goes beyond the steps included in standards such as ISO 31 000, COSO ERM, etc.). “Risk governance” encompasses the appropriate application of all that is required to ensure that risks and opportunities stemming from the organisation’s sustainability reality is appropriately addressed in its strategy, is then translated appropriately into the risk appetite statement, is then managed effectively during execution of operations, is then optimally assured in a good combined assurance model, is accurately and appropriately reported to the board and lastly, is honestly and transparently reflected in the organisation’s annual integrated reports.

In closing, the board’s view on the use of risk reports can be compared to a sport, such as football. While there are many risks that should be managed while selecting players, preparing for tournaments and playing matches, directors expect that management should be able to identify, manage and report on these risks as a matter of course (e.g. injuries, yellow cards, competition for players). In the broader context however, directors are worried about the “not so obvious” risks, i.e. spectator violence, societal/ government actions (e.g. sanctions), terrorism using matches as platforms, etc. The risks inherent to the game should be effectively managed by the executive with oversight from the board. In addition, those non-traditional and emerging risks that can derail the match should be identified early and mitigated as far as possible while keeping the board fully informed.

Presentation and Video links:

Please see attached presentation here as well as video link here for more information.


Associated articles:

The following are useful links relevant to Christelle’s presentation:

https://barnowl.co.za/event/information-sharing/ (The journey from King I to King IV: Why King IV is not another layer of regulation but creates add-on value presented by Michael Judin. (King IV is copyrighted to The Institute of Directors Southern Africa).




Once again thank you Christelle for your time and for your informative presentation and thank you to all those who braved today’s traffic and attended the info sharing session. We look forward to seeing you at our next info sharing session.

Kind regards

Jonathan Crisp

Director – BarnOwl GRC and Audit software

About Christelle Marais:

Since 1991, Christelle has been active in various roles within corporates such as Marsh, Department of Science & Technology, Sasol, South African Post Office and various clients across Africa in governance, company secretarial services, risk management, ethics, business continuity management, risk financing (insurance, cell captives, etc.), litigation, economic crime as well as asset and liability management. Christelle’s career has provided her with experience in various industries including financial services, manufacturing, healthcare, logistics, retail, agriculture, energy, mining and government entities.

 She has served in various capacities at subsidiary, joint venture and group levels and has often been co-opted to conduct risk management for major organisational change and restructuring projects. Christelle’s focus is to enable Boards, Risk Committees, Audit Committees, Social & Ethics Committees, EXCOs and divisional teams through risk intelligent programs to govern risk and make informed decisions. She has developed risk management frameworks (policy, strategy, standards, processes and risk maturity evaluations) for various entities and serves as independent Board or committee member.

About BarnOwl:

BarnOwl is a fully integrated governance, risk management, compliance and audit software solution used by over 200 organisations in Africa, Australasia, Europe and the UK. BarnOwl is a locally developed software solution and is the preferred risk management solution for the South African public sector supporting the National Treasury risk framework.

Please see www.barnowl.co.za  for more information.


Subscribe to BarnOwl's Information Portal

Subscribe to BarnOwl’s information portal today and receive our monthly newsletter with the latest GRC and audit insights, industry updates, priority access to exclusive events, tip of the month and more straight to your inbox!


GRCReady is the official provider of risk management content for the BarnOwl GRC software solution. GRCReady provides extensive risk libraries and risk maturity checklists/surveys which are integrated with BarnOwl.

GRCReady, based in Australia, offers a comprehensive and holistic library of products and associated services including templates, policies, procedures, guidelines, checklists etc.t to help owners and directors of SMEs, startups and corporates to satisfy their corporate governance, risk management and regulatory compliance needs.

By integrating GRCReady's rich content libraries into BarnOwl's GRC software, we are able to offer our clients a state of the art, turnkey GRC solution.

GRCReady provides, arguably, the most comprehensive risk and governance maturity assessment framework with detailed steps and artefacts. BarnOwl's survey and action plan portal provides a simple and effective way to monitor and report on your current state of risk maturity and suggest and drive remedial action plans to take you to your desired state of risk and governance and maturity.

By integrating GRCReady's risk libraries with the BarnOwl GRC software, means that you don't have to start from scratch. In addition, ongoing updates and insights keep you informed and up-to-date on best practices.



Season Rhyrhm is BarnOwl's preferred partner in Botswana assisting with BarnOwl implementations, support services and client relationship management.

Season Rhythm is an established and distinguished player in the ICT sector in Botswana, specialising in a range of cutting-edge solutions. Season Rhythm leverages BarnOwl to provide tailored GRC&A services to businesses in Botswana facilitating:

  • Governance: Enabling organisations to establish and uphold effective governance structures, ensuring transparency and accountability in decision making processes.
  • Risk Management: Equipping businesses with tools to identify, assess and mitigate risks, safeguarding against potential threats and ensuring continuity in a business environment.
  • Compliance: Ensuring adherence to regulatory frameworks and industry standards, protecting businesses from non-compliance penalties and fostering trust among stakeholders.
  • Audit: Streamling the audit process with comprehensive tools for planning, execution and reporting, driving efficiency and accuracy in internal audit and compliance assessments.
  • www.sr.co.bw/ict


BarnOwl works closely with NSA in the field of GRC and assurance.

NSA is an education and risk & assurance advisory services provider, consisting of a team of professional consultants and facilitators who have been hand-picked on experience and expertise. NSA services include:

  • Strategic intervention: 30 expert consultants facilitating strategic planning, combined assurance, effective governance and risk management assignments.
  • Continuous professional development: CPD training for internal auditors, external auditors, accountants, risk managers, government officials, and psychologists.
  • Online learning: accredited training for the local government sector, including the Municipal Financial Management Program and Supply Chain Management.
  • Online skills development: skills in demand for 2030, including cybersecurity, Protection of Personal Information, Artificial Intelligence, Robotics and programming.

BarnOwl and NSA work closely with our clients to align and enable best practice GRC and assurance framework & methodologies within BarnOwl. NSA regularly presents online information sharing sessions together with BarOwl.



Nico Technologies is BarnOwl's preferred partner in Malawi assisting with BarnOwl implementations, support services and client relationship management.

Nico Technologies Limited is an established IT products and services provider in Malawi, specialising in managed IT services, IT infrastructure services, IT project management, digital solutions, digital transformation and IT advisory.

Nico Technologies uses BarnOwl extensively within their own organisation to automate and manage their own risk and compliance functions.



Morgan Solus is BarnOwl's preferred business continuity specialist consulting firm with its 'BCM toolkit' software. BarnOwl GRC together with the BCM toolkit, provides a comprehensive risk management and BCM software solution.

Morgan Solus is a specialist consultancy firm focusing on risk, resilience and continuity. Morgan Solus's core services are centred on resilience, crisis management, business continuity (BCM), IT services continuity and disaster recovery (DRP) and training.

The BCM toolkit ensures a consistent approach to implementing BCM and IT disaster recover and cuts down implementation timelines by 60% whilst driving up successful outcomes.

BarnOwl's extensive GRC and assurance functionally coupled with Morgan Solus's BCM toolkit provide the ultimate risk management and BCM software solution.



Arbutus Analytics is Barnowl's preferred data analytics software. BarnOwl GRC integrated with Arbutus Analytics, provides the ultimate in continuous risk monitoring.

Arbutus Analyzer is a powerful data access and analysis solution specifically developed for auditors, business analysts, and fraud investigators. Its robust performance and user-friendly features offer you the ability to access and analyse data quickly and simply.

BarnOwl GRC, integrated with the real-time metrics from Arbutus provides a strategic early warning system driving preventative and predictive capability facilitating effective business decision making business improvement.

www.arbutussoftware.com with local sub-sahara African distributor www.betasoftware.co.za


Barnowl works closely with Pax Resilience in the field of GRC and sustainability.

Pax Resilience offers solutions in risk, resilience and cyber security. Pax Resilience strive to create peace of mind by assisting you to build the resilience in your organisation so essential to survive and thrive in the volatile, uncertain, complex and ambiguous world we live in.

Pax Resilience regularly presents online information sharing sessions together with Barnowl.



Paige Law is the official provider of compliance content for the Barnowl GRC software solution. Paige Law provides an extensive Library of South African acts including provisions [CRMPs] and checklists which are integrated with Barnowl.

Paige Law specialises in compliance, Commercial Law, Legal process consultancy, managed legal services and POPIA/ GDPR.


Registered Address

75 Malibongwe Drive
Linden Ext
South Africa

Postal Address

PO BOX 3009


+27 (0) 11 540 9100


More Information: info@barnowl.co.za
Product Support: support@barnowl.co.za

Let Us Contact You
Let Us Contact You
I grant BarnOwl permission to contact me for marketing purposes*
*You will receive BarnOwl monthly newsletters & invitations to online events. You can unsubscribe at any time.


If you need assistance with your BarnOwl software, there are three channels available to you:



You will be emailed a ticket number from our issue tracking system and your request will be managed in
this ticket until it is completed.


You can view all your existing tickets or create new ones.


+27 (0) 11 540 9112
to speak to a support consultant

Let Support Contact You
Let Support Contact You