Risk Management for South African SMEs: Essential Corporate Governance Pillar

SME Corporate Governance Best Practices: How to manage risk

No video on the topic

Enhance your business's longevity and adaptability by implementing a comprehensive risk management strategy. Identify potential internal and external risks through thorough assessments covering financial, operational, and strategic facets. Establish robust risk management frameworks, including preventive measures like strong internal controls and contingency plans.

Corporate Governance: Managing Risk for Sustainable Growth

Explore the pivotal role of corporate governance in risk management and sustainable growth. Understanding corporate governance empowers organizations to establish robust frameworks for decision-making, accountability, and transparency. Learn how to navigate regulatory compliance, mitigate risks effectively, and foster stakeholder trust. Discover essential strategies for implementing best practices in corporate governance, ensuring resilience and long-term viability in today's dynamic business landscape. Gain insights into risk assessment, mitigation techniques, and the alignment of risk management with strategic objectives. Elevate your business performance and safeguard its reputation by mastering the principles of corporate governance and effective risk management.

Understanding Corporate Governance and Effective Risk Management

How to manage risk

Corporate Governance Image

Written by: Malose Makgeta

MBA with 20+ years experience in SME development and funding. LinkedIn Profile

Navigating Risk in Business Environment: McDonald's, Oakland A's and War Dogs


How to improve your corporate governance is about Identifying and mitigating numerous risks associated with a project.  Managers who anticipate and plan for common business risks are more likely to avoid pitfalls. This skills programme covers the King IV in the context of SMMEs, as well as how to improve corporate governance in terms of defining roles, reporting and disclosure, corporate social responsibility, and risk governance. This skills programme provides entrepreneurs and business managers with a platform and tools for identifying and managing business risks.


Risk management is about the process of identifying potential business hazards and taking steps to reduce


Be able to identify and control risks of all types. To manage them, they must act on those recommendations. They must notify all parties involved about the existence and status of risks.


Risk management is essential for good corporate governance because it bridges the gap between strategic initiatives and day-to-day operational results.

Key Lessons

Integrating Risk Management into Corporate Governance: Contrasting Ray, Ephraim, and Billy

Ray Kroc: The Franchise Pioneer

Ray Kroc, portrayed by Michael Keaton in "The Founder," tackled risk by embracing the franchise model for McDonald's. His approach was methodical, emphasising standardisation and consistency. Ray believed in spreading the risk among franchisees, creating a vast network of entrepreneurs who shared the burden of success and failure. The calculated risk for Ray was in the expansion, and the franchise model allowed him to scale without bearing the full weight of individual store performance.

Ephraim Diveroli: The Arms Dealer Maverick

In "War Dogs," Jonah Hill's character, Ephraim Diveroli, approaches risk with audacity and a willingness to navigate the unpredictable arms market. Ephraim's high-risk strategy involves exploiting loopholes and pursuing lucrative government contracts. However, his cavalier attitude toward legality and ethics introduces a different set of risks. The film illustrates how Ephraim's risk appetite, while initially rewarding, eventually leads to legal troubles and jeopardises the sustainability of his arms dealing venture.

Billy Beane: The Data-Driven Baseball Maestro

In "Moneyball," Brad Pitt's portrayal of Billy Beane showcases a unique approach to managing risk in baseball. Billy relies on statistical analysis and data-driven decision-making to challenge conventional scouting methods. His risk lies in defying tradition and trusting untested methodologies. While this approach revolutionises the game, it also invites skepticism and resistance from traditionalists. Billy's risk management involves navigating the tension between data-driven innovation and the resistance to change deeply ingrained in baseball culture.

What is Risk Management: Understanding Corporate Governance and Effective Risk Management

Risk management refers to the systematic process of identifying, assessing, and mitigating risks that may impact an organisation's objectives and operations. It involves implementing strategies, policies, and controls to effectively manage risks and optimise opportunities while ensuring compliance with laws, regulations, and ethical standards.

The key elements of risk management include:

Effective risk management enables organisations to proactively identify and address potential threats and opportunities. It helps safeguard the organisation's financial stability, reputation, and long-term sustainability. By managing risks effectively, organisations can make informed decisions, allocate resources efficiently, and enhance stakeholder confidence.

Risk Management Objectives

Risk Management Strategies

Factors such as company type, structure, complexity, resource availability, and team talents collectively influence the selection of the most suitable entity or function responsible for identifying, appraising, and implementing a risk management strategy. The task of formulating strategies to address threats may fall upon individuals from the risk management team, audit team, project manager, risk expert, or even an external consultant.

Four primary risk management strategies are available for consideration:

The chosen strategy will determine whether an organisation can effectively manage each risk or face potentially disastrous consequences.

Different risk management strategies serve different purposes and provide various benefits:

Positive Risk Management Strategies

Negative Risk Management Strategies

Contingent Risk Response Strategies

Implied strategies come into play only when specific events occur, and they are implemented under certain predefined conditions. Prior to implementation, a wait is observed for sufficient warning signals. These signals may manifest as missing milestones, work items, or deadlines, among other indicators. The strategies encompass the utilisation of financial reserves, reallocating staff, and implementing workarounds to minimise loss, repair damage to the greatest extent possible, and prevent a recurrence.

The Responsibility on Risk Management

Risk management should be implemented by various key stakeholders within the organisation, including:

Implementing risk management requires collaboration and coordination among these stakeholders. It should be a collective effort that involves clear roles and responsibilities, effective communication, and a shared commitment to managing risks to achieve the organisation's objectives.

Mastering the Game: Billy Beane's Risky Business in Moneyball

In the cinematic world of Moneyball, Billy Beane emerges as a maverick risk-taker, challenging the conventions of baseball scouting. Billy's risk management strategy wasn't about avoiding risks; it was about redefining them. The conventional approach to player selection relied heavily on subjective judgments and traditional scouting methods. However, Billy, armed with a data-driven mindset, took the plunge into the uncharted waters of sabermetrics. This radical shift in strategy was a gamble, but it was a calculated one.

Billy's risk-taking had a profound impact on the game of baseball. By embracing sabermetrics, he shifted the focus from intuition to statistical analysis. This bold move not only challenged the status quo but also paved the way for a new era in player evaluation. While the traditionalists scoffed at the unconventional approach, the results spoke for themselves. The Oakland Athletics, with limited financial resources, managed to compete against teams with much larger budgets. The impact of Billy's risk management was a paradigm shift that resonated far beyond the baseball diamond.

However, Billy's journey was not without its setbacks. The resistance from traditionalists, skepticism from the baseball establishment, and even internal conflicts within the team presented significant challenges. The risk of alienating key stakeholders and disrupting established norms was a tangible negative consequence. Additionally, the human element, often overlooked in statistical models, led to moments of frustration and doubt. The movie does not shy away from portraying the rough edges of Billy's risk management approach, adding depth to the narrative.

In the end, Billy Beane's risk management style in Moneyball wasn't just about wins and losses; it was about challenging the norm, embracing innovation, and redefining success. The impact of his calculated risks reverberates through the sports world, inspiring a shift towards data-driven decision-making. Entrepreneurs, take note: sometimes, the greatest risks lead to the most profound transformations.

Understanding the Essential Steps in Risk Management

Risk Identification

Being aware of potential hazards is the only way to deal with them effectively. The first stage is to describe the events that may have an impact on your organisation's ability to achieve its goals and assign responsibility for dealing with them. At this point, the four primary areas of risk to consider are:

Risk Assessment

The potential severity of the identified risks must be assessed. It is necessary to evaluate the likelihood and impact of the risks, as some have the potential to destroy the company while others may be minor annoyances.

It is now common practice to use risk matrices as visual aids to evaluate the likelihood of hazards occurring and the severity of their potential consequences. It is critical to determine which hazards require additional attention and how quickly you must act to limit the damage.

Risk Treatment

Your risk management strategy is your plan for dealing with potential threats. You can do this in one of four ways:

The level of specificity in your response plan for each risk should be equal to the magnitude of the issue and thus prioritised.

Risk Monitoring

Risk management should be viewed as an iterative rather than a linear process. Whoever accepts the risk will be responsible for monitoring it and informing the rest of the company of any developments. An issue that appears unlikely to have an impact on your company one month may become a major concern the next. The key is to keep lines of communication open at all times to avoid unpleasant surprises down the road.

Risk Reporting

Reporting at each of the four stages mentioned above is critical for effective risk management and decision-making. Furthermore, in order to better understand whether current techniques are adequate, this exercise should help to justify any changes or revisions. Early in the risk management process, you should define the reporting framework by deciding on the type and format of reports to be generated, as well as how frequently they will be generated.

McDonalds's Risk Management Journey

In the intricate ballet of entrepreneurship portrayed in "The Founder," Ray Kroc emerges as a risk management maestro. His journey is a rollercoaster of calculated gambles and strategic moves. Ray's ability to navigate the turbulent waters of business risk is evident in his early decision to take on the franchise model. However, this wasn't without its challenges. While the franchise model offered rapid expansion, it also exposed the brand to the complexities of decentralized operations and varying management styles. Ray's risk appetite, though, proved instrumental in the widespread success of McDonald's, transforming it from a local gem to a global giant.

Yet, this risk-taking journey wasn't without its shadows. The movie sheds light on the strain it placed on Ray's relationships, particularly with the original McDonald brothers. The tension arising from differences in business philosophies and the impact of decentralized franchising revealed the darker side of risk. Ray's bold choices strained the bonds that initially held the golden arches together. The movie portrays the inevitable clash between entrepreneurial ambition and the preservation of the original vision, emphasising the high stakes involved in managing risk.

Additionally, Ray's risk management prowess also toes the ethical tightrope. The movie hints at instances where his pursuit of success overrides ethical considerations, particularly in his dealings with the McDonald brothers. This duality of risk-taking, both admirable in its business acumen and questionable in its ethical dimensions, adds complexity to Ray's character. It prompts viewers to ponder the moral cost of entrepreneurial success and the fine line between calculated risk and ethical compromise.

As the credits roll, the impact of Ray's risk management strategy unfolds. McDonald's stands as an enduring symbol of success, but not without scars from the battles fought. The franchise model, while a key driver of growth, brought both prosperity and challenges. Ray's legacy is one of triumph and tribulation, showcasing the dynamic interplay between risk and reward in the tumultuous world of entrepreneurship.

The Importance of Risk Management in Corporate Governance

A risk management strategy can benefit any business, regardless of size or industry. Instead of viewing risk management strategy as a series of discrete tasks, consider it as an iterative process in which new and existing risks must be continuously detected, analyzed, managed, and monitored. It enables continuous assessment and response, ensuring that the company's people, property, and resources are always safe.

Implementing risk management is crucial for organisations due to the following reasons:

Overall, implementing risk management is essential for protecting stakeholder interests, preserving reputation, making informed decisions, ensuring financial stability, complying with regulations, and fostering resilience. It contributes to the organisation's long-term success and sustainability in an increasingly complex and uncertain business environment.

Implementing Risk Management in Corporate Governance

To implement risk management effectively, organisations can follow these steps:

  1. Establish a Risk Management Framework: Develop a risk management framework that outlines the organisation's approach to identifying, assessing, and managing risks. This framework should define roles, responsibilities, and reporting structures for risk management activities.
  2. Identify and Assess Risks: Conduct a comprehensive risk assessment to identify potential risks that may affect the organisation's objectives. This involves analysing internal and external factors, engaging relevant stakeholders, and using appropriate risk assessment tools and techniques.
  3. Set Risk Appetite: Define the organisation's risk appetite, which represents the level of risk the organisation is willing to accept in pursuit of its objectives. This helps guide decision-making and establishes boundaries for risk-taking within the organisation.
  4. Develop Risk Mitigation Strategies: Based on the identified risks, develop strategies to mitigate, avoid, transfer, or accept them. This may involve implementing controls, developing contingency plans, and establishing monitoring mechanisms to track the effectiveness of risk mitigation efforts.
  5. Integrate Risk Management into Decision Making: Embed risk management into the organisation's decision-making processes. Ensure that risk assessments and considerations are systematically integrated into strategic planning, project management, and operational activities.
  6. Implement Controls and Policies: Establish robust internal controls and policies to mitigate identified risks. This includes implementing procedures, guidelines, and protocols that address specific risk areas and ensure compliance with applicable laws, regulations, and industry standards.
  7. Monitor and Review: Continuously monitor and review the effectiveness of risk management measures. Regularly assess the status of identified risks, evaluate control effectiveness, and update risk profiles as new risks emerge or existing risks evolve.
  8. Communicate and Report: Communicate risk management information to relevant stakeholders. This includes providing regular updates on the organisation's risk profile, risk mitigation efforts, and any significant changes or incidents. Transparent and timely communication helps stakeholders understand the organisation's risk landscape.
  9. Training and Awareness: Provide training and raise awareness among employees about risk management practices and their roles in managing risks. Foster a risk-aware culture where employees are encouraged to report potential risks and contribute to risk management initiatives.
  10. Continuous Improvement: Foster a culture of continuous improvement in risk management. Regularly evaluate the effectiveness of the risk management framework, learn from past experiences, and incorporate lessons learned into future risk management activities.

By implementing these steps, organisations can establish a robust risk management framework within their corporate governance structure. This helps mitigate risks, enhance decision-making, and safeguard the organisation's long-term success and stakeholder interests.

Risk Mismanagement: The Downfall of AEY and Ephraim

In the chaotic world of arms dealing portrayed in "War Dogs," AEY, led by the charismatic yet reckless Ephraim Diveroli, embarked on a perilous journey marked by a series of risk mismanagement. The duo's failure to adequately assess and mitigate risks stemmed from their overconfidence and the allure of quick profits. Ephraim's audacious approach, while initially successful, lacked a comprehensive risk management strategy. They underestimated the complexities of the arms industry, leading to a cascade of challenges that ultimately shook the foundation of AEY.

The repercussions of AEY and Ephraim's risk mismanagement were profound. What initially seemed like a golden opportunity turned into a house of cards. In their pursuit of lucrative government contracts, they became entangled in a web of legal, ethical, and logistical challenges. The impact rippled through their business, tarnishing its reputation and leading to financial and legal woes. The lack of a robust risk management framework not only jeopardized AEY's existence but also left a trail of consequences for those involved, including damaged relationships and a tainted legacy.

AEY and Ephraim's story in "War Dogs" serves as a cautionary tale for entrepreneurs. It highlights the importance of meticulous risk management in volatile industries. Overlooking risks, driven by the desire for quick success, can lead to a catastrophic downfall. The impact goes beyond financial losses; it extends to the very fabric of the business and the lives of those involved. Aspiring entrepreneurs, take note: the allure of high rewards should always be tempered with a strategic and comprehensive approach to risk management to navigate the turbulent waters of business.

How to Enhance Corporate Governance Through Proactive Risk Management

In summary, effective risk management is a critical component for businesses aiming to secure their longevity and navigate the complexities of the dynamic business landscape. The first key takeaway emphasises the importance of thorough risk assessments. By analysing internal and external factors, including financial, operational, and strategic considerations, businesses can identify potential vulnerabilities and challenges. This proactive approach enables organisations to develop strategies for mitigating risks before they escalate, fostering resilience and adaptability.

The second takeaway underscores the significance of establishing robust risk management processes and frameworks. This involves implementing preventive measures, such as internal controls and contingency plans, to minimise the impact of identified risks. Creating a risk-aware culture within the organisation is equally crucial. When employees at all levels are encouraged to stay vigilant and report potential risks promptly, it creates a proactive environment that enhances the organisation's ability to address challenges effectively.

The third takeaway highlights the need for ongoing monitoring and adaptation. Given the ever-evolving nature of the business environment, regular reassessment of risks is essential. Businesses should integrate risk management seamlessly into their decision-making processes, ensuring that it becomes a fundamental aspect of strategic planning. By doing so, organisations empower themselves to make informed decisions, navigate uncertainties with confidence, and ultimately position themselves for sustained success in the long term.

Join the Conversation: Share Your Thoughts on This Article

  • No comments yet.

Add Your Comment Now!

Entrepreneur? Start-up or early-stages?
Entrepreneur? Ready to scale your business?
Investor or Funder? Looking for targeted SME investment opportunities aligned with your mandate?
Business Consultant? Wish to start or expand your business and management consulting business?
Enterprise Development Division and Institution? Are you looking for tailor-made SMEs for strategic development or procurement?