TechCentral’s CxO Insights is a fresh look at the roles and careers that define the technology industry today. In this series, we’ll interview some of South Africa’s most successful, interesting and prominent individuals to find out how their roles evolved, the skills they need to succeed in these roles, and what has influenced or shaped their careers. These interviews provide an in-depth look into how technology is redefining the boundaries of career, skills and growth within the digitally transformed organisation.
In the third profile in the series, we speak to Emmerentia du Plooy, head of information risk governance at Standard Bank. A holistic thinker, team player and detail-orientated leader, du Plooy is driven by the need to ensure that every layer of the business is completely understood from a risk perspective. She believes that risk management is the key to unlocking the data and enabling the business. Du Plooy, who started her career as a teenager helping her mother as a financial advisor for a leading financial institution, has always been detail orientated and committed to her work.
When times are going well, governance and compliance are easy. Implementing new systems, introducing new procedures, managing the onboarding of new employees – these processes are all great when the world is working as it should.
However, when everything changes, as it has in the Covid-19 lockdown, then suddenly these systems and procedures aren’t as easy to implement or maintain.
In fact, according to Emmerentia du Plooy, head of information risk governance at Standard Bank, the challenge is to create good governance and policies that can adapt to uncertainty and support the organisation through adversity, so it isn’t left with a pile of complexity when the crisis is over.
“We found that pre-pandemic, business-as-usual policies were difficult and cumbersome to implement once lockdown started,” she says. “If a new employee needed to be onboarded and they couldn’t go into the office to tick the boxes and follow the process, they would probably have had to use their own device and e-mail address to get the job done, which is categorically against policy. This raised a very important business question – how can governance hold up in times that are unexpected and uncertain without introducing unnecessary risk?”
In addition, business is notorious for circumventing governance because it is inconvenient or introduces a bottleneck – and this is a problem. This, however, provides us with an opportunity. When business is butting up against policy, it’s time to review our practices, determine what can be relaxed, where strict control must be maintained, and how to ensure that policy and governance are not the factors hampering progress, but rather enabling innovation and progress while mitigating risk.
“The litmus test is whether or not you will look back at the decisions made around policy in the pandemic and feel that you followed due diligence and did your duty,” says du Plooy. “In many cases, rushing into sudden changes or making rash policy decisions is what causes things to go horribly wrong. When it comes to information and IT, the controls you put in place have to be flexible but remain rigorous enough to keep risk at bay.”
>> CxO: Emmerentia du Plooy
>> Title: Head of information risk governance at Standard Bank
>> Role: Governance, risk and compliance
>> Windows or Mac: Windows
>> Android or iPhone: Android
>> Best tech purchase: Tablet
If the controls that the company currently has in place can’t fit in with remote working, then they need to be adapted. After all, it’s unlikely that every organisation will simply slip back into the old ways of working now that many have seen the benefits of remote workers and increased productivity. It’s also unlikely that another crisis won’t come along to test organisational defences again in the future.
“These situations are testing our processes and our commitment to these processes,” says du Plooy. “It’s an opportunity to take governance to a leaner methodology and to give it the flex it needs to evolve with changing circumstances. Stick to the paperwork, the regulation, the process, but allow for change to happen in ways that allow for improved working and business capabilities.”
For du Plooy, the pandemic has highlighted how important it is to sharpen controls and follow good governance while learning from mistakes. Instead of looking at the new world of work as a threat, see it as a chance to create governance approaches that may be significantly better than those used in the past.
“King IV has set the scene for good corporate governance but it’s so often interpreted by enterprise risk or governance teams who don’t see how it manifests on a practical level, with those on the ground,” she adds. “If we can use the current situation to refine governance, risk and procedure while still adhering to the rules, then we’re building resilience into the company and its outcomes.”
Emmerentia du Plooy’s recommended reads:
The 5am Club
By Robin Sharma
90 Rules for Entrepreneurs
By Marnus Broodryk
Official ISC(2) Guide to the CISSP exam
By Susan Hansche, John Berti and Chris Hare
Governance is far-reaching and the implications of failure can be significant. Changing policy and process shouldn’t mean throwing the rule book out with the office chair. It should be about introducing flexibility within good governance that allows for uncertainty to the point where that very uncertainty can help refine it.
“It feels a lot like governance needs to become sexy again, like big data and cloud,” concludes du Plooy. “We need to bring it back as that must-have business accessory that’s properly embedded into the business framework so that the post-coronavirus corporate landscape isn’t one littered with risk.”
Q&A with Emmerentia du Plooy
What’s the most important part of your job?
“If you don’t stay head of the latest trends and news, you’re not going to make the right decisions.”
I firmly believe that you need to keep your ear to the ground in this role. If you have a comprehensive and holistic view of what’s happening in the information risk field, then you can make the right decisions based on the right information. This holistic view is key to understanding all the layers of technology risk or data management and it allows you to bring all these elements together to enable the business.
What’s your top tip for staying ahead in your field?
“Read, ask, voice opinions and never stop thinking.”
You need to read articles and books and blogs – as much as you can about the subject matter. Then you need to use these insights to ask questions. Reach out to the blog authors, speak to other people in the industry and ask questions so you can get a deeper understanding of what you’ve just read. In this, don’t disregard or forget your own opinions. Voice these respectfully, listen to other views, and have robust conversations. I hope that my views differ from others, it stimulates thinking, and you should never stop thinking.
What’s the biggest trend impacting on your field in the decade ahead?
This pandemic is teaching us everything. This is a game changer in the IT space as we’re being forced to think in new ways. In the past it was SLAs and infrastructure and now it’s enablement on the move and an entirely different way of business thinking. It has become essential for us to acknowledge the full impact of the virus and for IT to balance the urgency of adoption with solid, good governance. While times demand rapid decision making, it’s important not to throw risk and governance out the window at the same time. The two can work together – this is true business resilience.
What was your first job?
“My first job shaped my career.”
I helped my mother in her office in the holidays and she was an example to me of a strong and independent woman. She was a financial advisor for a leading financial institution, and she taught me the value of hard work and what good customer service look like.
What advice would you give to young people interested in pursuing a career in IT management?
“The decision you make about your career today doesn’t have to shape the rest of your life.”
In my day you had to make life-changing decisions early on. I don’t agree with this. You could see a job description like “coding” and think it sounds exciting only to discover you don’t enjoy it. If your chosen career fascinates you and inspires you, fantastic. If not, don’t let the first decision you make dictate the rest of your life. Have a bigger vision.
How do you cope with stress?
“Recalibrate and come back.”
The ocean and horses. I try and visit my horses as much as I can. The calm they bring to my soul is so important. Just sitting with them or riding them brings a smile to my face. – © 2020 NewsCentral Media