Tool Icon
  • Print Icon
  • Search Icon
  • Mail Icon
  • Left arrow Icon
  • Right arrow Icon
arrow Icon

Viewing: Strategic risk management / Next: Chair's review

Strategic risk management

Risk management at Datatec is not viewed as a task that is performed in isolation. It is part of the day-to-day practices and staff at all levels are familiar with Datatec's risk policy. The Board is responsible for Datatec's strategy, leadership and decision-making which are all impacted by risk. Risk-based leadership is therefore fundamental to Datatec.

Board

  • The Board determines the level of risk tolerance and limits of risk appetite are set as part of the strategic direction of the Group
  • The Board is ultimately responsible for the governance of risk

ARCC

  • Monitors risk management activities at the Group and subsidiary level on an ongoing basis

Group Chief Risk Officer

  • Ensures that the risk management framework is operating effectively in the divisions
  • Chairs bi-annual inter-divisional risk forum

Divisions - divisional boards and executive committees

  • Regularly review strategic and emerging risks and identify and prioritise high-risk areas on risk maps based on impact and likelihood
  • Analyse high-risk areas to identify potential root causes
  • Identify mitigating controls and associated monitoring/ assurance activities for each high-risk area

Divisional chief risk officers

  • Ensure divisional risk procedures are in accordance with and support the Group's risk management framework
  • Oversee management's response to matters identified as requiring improvement

The Board is responsible for approving Datatec's risk appetite and when the risk tolerance is exceeded, it is management's responsibility to implement remedial action.

Datatec's aim is for the risk register to be a management tool driving the following two critical areas:

  • Business-driven goals via strategic planning
  • Compliance-driven goals via risk managers and internal audit

Risk-based leadership with the Board at its apex is fundamental to Datatec's approach to its operations. In line with the King IV Code, the Board governs risk in a way that supports the organisation in setting and achieving its strategic objectives.

Our risk management process

The Group's risk management process has three key steps:

How do we identify risks?

Our risks are identified as threats that can impact the Group's ability to deliver its objectives and its strategy. Our risks are regularly reviewed in the context of our operating environment.

How do we respond to our risks?

Our risks are assessed and prioritised. The relationship between the impact and likelihood of risks is recorded in risk registers. Key risk responses are identified and reviewed to ensure that our process continually improves and evolves.

Risk oversight

R I S K  M A N A G E M E N T  F R A M E W O R K

ORGANISATION

Datatec Board

Datatec Group Audit, Risk and Compliance Committee
Divisional audit, risk and compliance committees
Chief risk officers forum
Datatec and divisional chief risk officers
Finance and IT staff, compliance officers

POLICY AND PROCEDURES

Risk policy

Risk management procedures

DELIVERABLES

Risk registers

Risk maps

Assurance plans

ASSURANCE AND GUIDANCE

Internal audit

Organisation

Policy and procedures

Deliverables

Assurance and guidance

Our key risks

Key

  1. Technological market disruption
  2. Dependence on key vendors
  3. Internal technological risks - cyber security
  4. Risk of failure to fund working capital needs sufficiently
  5. Risk of overdependence on key personnel

As an ICT group with operations and activities across both established and emerging markets, we face challenging risks as well as numerous opportunities. The strategic objectives affected by each key risk are illustrated using our strategic objectives icons.

Datatec Group

Key risk   Our strategic response
Technological market disruption
   
The Group’s operations focus on the higher-value, faster growing products and services in the ICT supply chain. It is essential to anticipate the impact of the rapid technological change including AI, which is a feature of the sector.  
  • Careful partner selection in terms of vendors
  • Work closely with our vendor partners
  • Employ qualified staff at operating divisions who can pre-empt market changes resulting from new technology
  • Provide products and services ahead of competitors
Dependence on key vendors
   
The Group is dependent on certain vendors, particularly Cisco, whose products and services accounted for a significant proportion of the Group’s revenue. If any one of the Group’s principal vendors terminates, fails to renew or adversely changes its agreement or arrangements with the Group materially, it could significantly reduce the Group’s revenue and operating profit, and thereby seriously harm the Group’s business, financial condition and results of operations.  
  • Maintain strong and transparent relationships
  • Diversify vendor portfolio to reduce reliance on any one specific vendor
Internal technological risks – cyber security
   
The Group’s internal systems are at risk, both from planned changes leading to business interruption and disruption by external “cyber” threats. The Group continued to face the threat of financial crime attempted by “phishing” emails, “social engineering” and ransomware attacks. The Group has high dependence on its key information systems.  
  • Deploy significant resources on its own information security defences
  • Utilise enhanced data privacy policies and procedures
  • Utilise technological means such as anti-virus and anti-phishing software as well as the expertise of IT experts
  • Continuously enhance threat prevention and detection policies, tools, procedures, and internal controls
  • Actively monitor and address threats
  • Education/awareness campaigns among employees
Risk of failure to fund working capital needs sufficiently
   
The Group’s business is working capital intensive; this is particularly relevant for Westcon International. Westcon International’s financing facilities are utilised to finance accounts receivable and inventories. The availability of these facilities and any material changes thereto may affect the business’s ability to fund its working capital requirements.  
  • Manage working capital through inventory control and effective accounts receivable management
  • Regularly monitor funding availability, sales and collection forecasts
  • Engage in regular communication with providers of funding
  • Working capital is a key focus area of management
  • Working capital is a key focus area of the review processes in the risk management framework
  • Ensure sufficient liquidity available
Risk of overdependence on key personnel
   
The Group’s future success depends largely on the continued employment of its executive directors, senior management and key sales, technical and marketing personnel. Certain key employees have relationships with principal vendors and customers which are particularly important to the business of the Group. The executive directors, senior management team and key technical personnel would be difficult to replace and the loss of any of these key employees could harm the business and prospects of the Group.  
  • Maintain a high standard of employment conditions and working environment
  • Provide benefits and share incentive schemes
  • Ensure proper succession planning is in place
Strategic objectives key
Improving shareholder returns Business development Enhancing competitiveness and profitability Responsible business