Loading Events

« All Events

  • This event has passed.

Info Sharing Session: Risk Management Maturity (RMM)

11 April, 2019
8:00 am - 10:00 am


11 April, 2019 @ 8:00 am - 10:00 am

BarnOwl Info Sharing session: 11 April 2019

Risk Management Maturity (RMM)

Presented by Dr Arthur Linke, University of Stellenbosch Business School, turricula risk advisory and member of the IRMSA Risk Intelligence Committee


Thank you very much Arthur for your enlightening presentation at our BarnOwl info sharing event held at the BarnOwl offices in Bryanston on the 11 April 2019.


In the BarnOwl Info Sharing Session on the 11th April 2019, Dr Arthur Linke of the University of Stellenbosch Business School, turricula risk advisory and member of the IRMSA Risk Intelligence Committee presented on Enterprise Risk Management (ERM) and Risk Management Maturity (RMM).  Based on Arthur’s experience with these topics in industry and academia, Arthur covered the concept of risk maturity and expounded on several risk maturity models. The session utilised the “Titanic” as a familiar theme and case study for examples of low risk management maturity and the detrimental and even catastrophic effects low risk management maturity can have on an organisation and its stakeholders.


ERM frameworks and RMM models

After providing a background on what ERM is and discussing the updates to the ISO 31000 (2018) (https://theirm.org/media/3513119/IRM-Report-ISO-31000-2018-v3.pdf) and COSO (2017) (https://coso.org/Documents/2017-COSO-ERM-Integrating-with-Strategy-and-Performance-Executive-Summary.pdf) ERM frameworks, Arthur gave examples of critical success factors for risk management maturity within ERM framework themes.  Within risk assessment, there was an example of guessing the speed of the fastest steam train to demonstrate the role of biases in risk quantification, such as over-confidence, which can be averted by calibration and the use of risk experts (for example, see the work of Hubbard – https://hubbardresearch.com) .  Furthermore a Risk Management Information System (RMIS) comprised of a software suite which mirrors the ERM framework allows for tools to drive systematic and enhanced risk maturity.  Examples of RMM models examined in the session include the RIMS risk maturity model (https://rims.org/resources/erm/pages/riskmaturitymodel.aspx) which is also being used by IRMSA and the RMM model that Arthur developed locally as part of his PhD (http://scholar.sun.ac.za/handle/10019.1/103651) .


In summary, an organisation’s Risk Management Maturity is one of the most critical aspects of its overall risk management programme, because the organisation’s entire risk management implementation is assessed and reported on holistically, based on best practice and the critical success factors of each aspect of the programme. RMM assessments cover the ERM framework of the organisation holistically, and ultimately give direction to specific, tailored interventions to fine-tune and improve the organisation’s risk management programme and risk culture.

Top Ten Risk Maturity Critical Success Factors:

  • Tone at the top
  • Clearly defined and communicated objectives
  • Understanding of internal & external context
  • Portfolio view of organisation – no silos
  • Appropriate calibration and use of experts for risk identification / assessment and mitigation
  • BCM in place – Scenario planning
  • Effective KRIs and Action Plans
  • Clear lines of accountability and escalation
  • All employees take accountability for risk and continual improvement
  • Holistic – the organisation is only as good as its weakest link


Presentation and Video links:

Please see attached presentation here as well as video link here for more information.

Associated articles:

The following are useful links relevant to Arthur’s presentation:





The role of the risk manager brings many challenges and opportunities.  In Arthur’s recent thought piece on risk maturity in the Institute of Risk Management of South Africa (IRMSA) 2019 Risk Report (https://irmsa.org.za/page/2019_Risk_Report?&hhsearchterms=%22riskreport%22 ), Arthur and other contributors such as Minister Pravin Gordhan, highlighted the critical importance of improving risk maturity within industry, our country and our profession – ‘connecting the dots’ and ‘thinking big’ which represents a key facet within IRMSA’s initiative towards a year of risk activism – ‘#impact’.  All risk managers can commit to this initiative and develop themselves in the required competencies presented.  There were a number of good questions at the end of the session regarding these issues, for example, around how a risk manager can deal with challenges from inside the organisation.

Once again thank you Arthur for your time and for your informative presentation and thank you to all those who attended our info sharing session. We look forward to seeing you at our next info sharing session.

Kind regards

Jonathan Crisp

Director – BarnOwl GRC and Audit software



About Dr. Arthur Linke:

2018 – Present: Managing Principal turricula risk advisory – Focus areas: ERM, risk maturity, strategy, due diligence, telecoms

Academic qualifications and associations

  • PhD in Enterprise Risk Management University of Stellenbosch Business School (USB), South Africa – 2018
  • MBA in International Management (Risk Specialisation) Thunderbird School of Global Management (ASU), Arizona, USA – 2002
  • BA (Cum Laude) University of New Hampshire, USA – 1995
  • Associate Member of the Institute of Risk Management South Africa (IRMSA) since 2013
  • Member of the Institute of Directors Southern Africa (IoDSA) since 2018
  • Member of RIMS since 2019

Academic experience:

  • Lecturer, facilitator and designer of management courses including Enterprise Risk Management, Perspectives of African Frontiers, General Management, Strategy, Price Theory, Doing Business In Africa, Country & Political Risk Analysis and International Management at universities including Thunderbird (ASU), the University of Ghana, Stellenbosch University (USB) and the University of Cape Town (GSB) at Master’s level.
  • Supervisor of Master’s theses: University of Stellenbosch and University of Cape Town
  • Research Fellow at the USB; research topics include risk management, international management, technology and digitalisation

Business experience:

Arthur is highly experienced in global business, client and sales management having developed this capability through roles encompassing leadership of > R1 billion capital value telecoms portfolios at companies such as Aurecon and Ericsson. Risk management responsibility was one of the many aspects addressed in these roles encapsulating business unit / client management with P&L accountability. Clients represented feature in various sectors and include large multinational companies such as Ericsson, Huawei, MTN, France Telecom/Orange, Vodafone, the SPAR Group, Transnet, Lafarge and Vale. In managing executive C– Level relationships within these clients, a consultative approach is critical, and Arthur is intimately involved in developing strategy and building business cases involving all functions within the client organisation including marketing, finance, operations and technical. A strong interest in technology, specifically topics comprising digitalisation, IOT, Industry 4.0 and Digital Cities, has been applied in the telecoms and engineering sectors where Arthur has spent much of his career. This side of Arthur’s professional experience provides a contrast to his Enterprise Risk Management (ERM) consulting and academic experience. In the classroom, Arthur brings his practical experience to the fore, utilising case studies and facilitating an interactive learning approach to lectures.

Arthur believes having contributed at all sides of the table with regards to risk mitigation of the downside perspective, addressing governance & compliance issues, whilst also driving the upside and strategic advantage gives him special insight into the relationship between risk and reward. Arthur is a certified trainer of risk management facilitators and works with a number of organisations to assist them in developing their risk management strategies and risk maturity as well as risk culture. This role is an embodiment of a long-term interest in risk management piqued during his MBA studies, carried forth through experience in the mining, aggregate, telecoms and other industries, and culminating in his PhD and consulting in ERM.

Arthur has travelled extensively in Africa, visiting almost every country on the continent during the course of his client engagements, and also having taken a long-term assignment of two years in Ghana, West Africa to lead and develop a client’s telecommunications portfolio in the region. Whilst in Ghana he also lectured at the University of Ghana Business School. These experiences have given him plenty of first-hand understanding of the Continent and all categories of risk in the African context. The concept of “Integrated Thinking”, linking strategy, ERM, performance management and Integrated Reporting as presented within the King Codes of Governance is a personal interest of Arthur’s, and he has several client and academic engagements around these topics.

Aside from work, Arthur enjoys family life with his wife son and two daughters. He played rugby for many years and his hobbies include mountain biking, golf and sailing. He and his family are based in the Boland, Western Cape.

About BarnOwl:
BarnOwl is a fully integrated governance, risk management, compliance and audit software solution used by over 200 organisations in Africa, Australasia, Europe and the UK. BarnOwl is a locally developed software solution and is the preferred risk management solution for the South African public sector supporting the National Treasury risk framework.

Please see www.barnowl.co.za  for more information.

Subscribe to BarnOwl's Information Portal

Subscribe to BarnOwl’s information portal today and receive our monthly newsletter with the latest GRC and audit insights, industry updates, priority access to exclusive events, tip of the month and more straight to your inbox!


GRCReady is the official provider of risk management content for the BarnOwl GRC software solution. GRCReady provides extensive risk libraries and risk maturity checklists/surveys which are integrated with BarnOwl.

GRCReady, based in Australia, offers a comprehensive and holistic library of products and associated services including templates, policies, procedures, guidelines, checklists etc.t to help owners and directors of SMEs, startups and corporates to satisfy their corporate governance, risk management and regulatory compliance needs.

By integrating GRCReady's rich content libraries into BarnOwl's GRC software, we are able to offer our clients a state of the art, turnkey GRC solution.

GRCReady provides, arguably, the most comprehensive risk and governance maturity assessment framework with detailed steps and artefacts. BarnOwl's survey and action plan portal provides a simple and effective way to monitor and report on your current state of risk maturity and suggest and drive remedial action plans to take you to your desired state of risk and governance and maturity.

By integrating GRCReady's risk libraries with the BarnOwl GRC software, means that you don't have to start from scratch. In addition, ongoing updates and insights keep you informed and up-to-date on best practices.



Season Rhyrhm is BarnOwl's preferred partner in Botswana assisting with BarnOwl implementations, support services and client relationship management.

Season Rhythm is an established and distinguished player in the ICT sector in Botswana, specialising in a range of cutting-edge solutions. Season Rhythm leverages BarnOwl to provide tailored GRC&A services to businesses in Botswana facilitating:

  • Governance: Enabling organisations to establish and uphold effective governance structures, ensuring transparency and accountability in decision making processes.
  • Risk Management: Equipping businesses with tools to identify, assess and mitigate risks, safeguarding against potential threats and ensuring continuity in a business environment.
  • Compliance: Ensuring adherence to regulatory frameworks and industry standards, protecting businesses from non-compliance penalties and fostering trust among stakeholders.
  • Audit: Streamling the audit process with comprehensive tools for planning, execution and reporting, driving efficiency and accuracy in internal audit and compliance assessments.
  • www.sr.co.bw/ict


BarnOwl works closely with NSA in the field of GRC and assurance.

NSA is an education and risk & assurance advisory services provider, consisting of a team of professional consultants and facilitators who have been hand-picked on experience and expertise. NSA services include:

  • Strategic intervention: 30 expert consultants facilitating strategic planning, combined assurance, effective governance and risk management assignments.
  • Continuous professional development: CPD training for internal auditors, external auditors, accountants, risk managers, government officials, and psychologists.
  • Online learning: accredited training for the local government sector, including the Municipal Financial Management Program and Supply Chain Management.
  • Online skills development: skills in demand for 2030, including cybersecurity, Protection of Personal Information, Artificial Intelligence, Robotics and programming.

BarnOwl and NSA work closely with our clients to align and enable best practice GRC and assurance framework & methodologies within BarnOwl. NSA regularly presents online information sharing sessions together with BarOwl.



Nico Technologies is BarnOwl's preferred partner in Malawi assisting with BarnOwl implementations, support services and client relationship management.

Nico Technologies Limited is an established IT products and services provider in Malawi, specialising in managed IT services, IT infrastructure services, IT project management, digital solutions, digital transformation and IT advisory.

Nico Technologies uses BarnOwl extensively within their own organisation to automate and manage their own risk and compliance functions.



Morgan Solus is BarnOwl's preferred business continuity specialist consulting firm with its 'BCM toolkit' software. BarnOwl GRC together with the BCM toolkit, provides a comprehensive risk management and BCM software solution.

Morgan Solus is a specialist consultancy firm focusing on risk, resilience and continuity. Morgan Solus's core services are centred on resilience, crisis management, business continuity (BCM), IT services continuity and disaster recovery (DRP) and training.

The BCM toolkit ensures a consistent approach to implementing BCM and IT disaster recover and cuts down implementation timelines by 60% whilst driving up successful outcomes.

BarnOwl's extensive GRC and assurance functionally coupled with Morgan Solus's BCM toolkit provide the ultimate risk management and BCM software solution.



Arbutus Analytics is Barnowl's preferred data analytics software. BarnOwl GRC integrated with Arbutus Analytics, provides the ultimate in continuous risk monitoring.

Arbutus Analyzer is a powerful data access and analysis solution specifically developed for auditors, business analysts, and fraud investigators. Its robust performance and user-friendly features offer you the ability to access and analyse data quickly and simply.

BarnOwl GRC, integrated with the real-time metrics from Arbutus provides a strategic early warning system driving preventative and predictive capability facilitating effective business decision making business improvement.

www.arbutussoftware.com with local sub-sahara African distributor www.betasoftware.co.za


Barnowl works closely with Pax Resilience in the field of GRC and sustainability.

Pax Resilience offers solutions in risk, resilience and cyber security. Pax Resilience strive to create peace of mind by assisting you to build the resilience in your organisation so essential to survive and thrive in the volatile, uncertain, complex and ambiguous world we live in.

Pax Resilience regularly presents online information sharing sessions together with Barnowl.



Paige Law is the official provider of compliance content for the Barnowl GRC software solution. Paige Law provides an extensive Library of South African acts including provisions [CRMPs] and checklists which are integrated with Barnowl.

Paige Law specialises in compliance, Commercial Law, Legal process consultancy, managed legal services and POPIA/ GDPR.


Registered Address

75 Malibongwe Drive
Linden Ext
South Africa

Postal Address

PO BOX 3009


+27 (0) 11 540 9100


More Information: info@barnowl.co.za
Product Support: support@barnowl.co.za

Let Us Contact You
Let Us Contact You
I grant BarnOwl permission to contact me for marketing purposes*
*You will receive BarnOwl monthly newsletters & invitations to online events. You can unsubscribe at any time.


If you need assistance with your BarnOwl software, there are three channels available to you:



You will be emailed a ticket number from our issue tracking system and your request will be managed in
this ticket until it is completed.


You can view all your existing tickets or create new ones.


+27 (0) 11 540 9112
to speak to a support consultant

Let Support Contact You
Let Support Contact You