Bidvest is unwavering in ensuring the highest standards of corporate governance and responsibility. There is a deeply entrenched functional governance structure that places significant reliance on the ethical behaviour of all Bidvest employees, which is firmly entrenched across the Group. There is a high hurdle of responsibility on everyone.
The Group board and its six sub-committees together with seven divisional boards and Audit committees, chaired by independent non-executives, provide robust oversight. Combined assurance receives deliberate and focused attention at Bidvest. The Audit committee ensures that our combined assurance model adequately addresses Bidvest’s risks and material matters through the aggregated efforts of assurance providers. Continually optimising our combined assurance model avoids duplication and rationalises collaboration efforts upstream amongst assurance providers. This enables an effective control environment and ensures the integrity of information used for reporting and decision making.
comes from the heart
Doing the right thing, even when no one is watching
dynamic and iterative risk assessment and mitigation actions;
strategic review and identification of opportunities; and
The IA function is an independent, value-adding, progressive and responsive service to Bidvest shareholders. Given the ever-increasing dependencies of the business on IT, specialised IT audit and consulting skills remain a necessity in the function. Intelligent automation and data analytics are well-entrenched into the mechanisms of the IA functions with further disruptive digital transformation initiatives fast becoming the reality of the IA function.
An example of such an initiative is ALICE, Bidvest’s digital auditor (see pages 60 and 61). She combines intelligent automation and cognitive services to provide audit-as-aservice to the Group companies. Much effort has been afforded to the digital assurance roadmap for Bidvest using the ALICE platform. The appetite for ALICE to connect remotely into data sources across the Group coupled with the uptake to build remote monitoring and continuous testing capabilities on ALICE continues to significantly increase.
Born from a dual need of 1) providing continuous and near real-time visibility to various stakeholders into the cybersecurity risks and remediation strategies across the Group; and 2) equipping a talented and highperforming team with the skills and opportunities to pioneer the future of the assurance space rather than being disrupted by it, the first piece if ALICE code was written in November 2016.
Fast forward to 2022, ALICE has become embedded in the operations of each of the environments across the Group. The Group's governance mindset has shifted from annual audit, risk and compliance reviews to continuous monitoring of their control environments.
The scope of ALICE has extended beyond basic security hygiene disciplines to testing of more sophisticated cybersecurity-related controls ranging from multifactor authentication to external threat monitoring. Given the evolving IT landscapes, the need to extend ALICE's scope to auditing cloud environments became necessary. Given that cloudrelated skill sets in the assurance space are a rare commodity, ALICE's cloud audit has augmented the skill sets of assurance functions, allowing them to mitigate the associated risk exposures.
ALICE now has reach beyond testing IT controls. Her scope has extended into financial, operational, risk, compliance and regulatory control testing too. Given Bidvest's employee base, payroll monitoring was introduced as a Group-wide initiative this quarter, the deployment and roll-out of which will continue over several quarters to follow.
Trading as Bidvest Advisory Services (Pty) Ltd, ALICE has commercial agreements in place with both local and global partners. ALICE is a technology enabler, and the purpose of these partnerships was to accelerate the distribution of both the ALICE technology and associated services into different markets.
The ALICE client base, beyond that of the Bidvest companies, has also extended. Recent client engagements involved digitalising the Sarbanes-Oxley 404 control testing at a very large mining client; and a client requiring assistance on their digital journey in the risk-monitoring space. Uncertain of where to start and which monitoring procedures and/or control tests to intelligently automate, ALICE’s automatability assessment prioritised which ones were eligible to digitalise.
The demand for ALICE development exceeding the ALICE Team’s capacity and ability to deliver in the required timeframes led to the development of the ALICE Lab – initiated over one year ago. We are pleased to announce the recent launch of the ALICE Lab to the Group, our partners and clients.
The ALICE Lab expedites processes around planning, functional specifications, development, testing and production releases by democratising these processes – allowing the different audit, risk and compliance functions the opportunity to get involved at their own pace and as their skill, capacity and digital demands allow. In turn, the dependency on ALICE Team’s capacity and ability to deliver in the required timeframes lessens.
The ALICE Team continues to growth and attracts resources that want to be relevant and successful in a disrupted future. The second Bidvest Technology Internship started on 1 February 2022 and will run for a period of ten months, with 12 interns. The aim of the internship continues to be around improving and increasing the pool of technology skills across the Group as well uplifting such skill sets of the country.
The internship kicked started with a Data Bootcamp (online training programme) developed by the ALICE Team to assess the skillset and capability of the interns. Much time and skills investment are made by the ALICE Team into the interns throughout the internship.
ALICE means something different to her differing audiences. ALICE herself ascribes to the Open Data Initiative and values the power of sharing both within the organisation and beyond.
To those charged with governance, she provides aggregated visibility into the risks and remediation strategies across environments. To management, she provides continuous monitoring on their environments and alerts them to risks in a near real-time way. To the audit community, she augments skill sets and capacity to deliver on the ever-increasing demands of assurance functions. To our partners, she allows them to scale and have global reach in delivering the services they used to perform manually in an intelligent and automated manner. To the intern, she represents an opportunity to upskill and position themselves for a successful future. And, finally to the ALICE Team, she has allowed them to innovate beyond the realms of a textbook in the assurance space.
To find out what ALICE can mean to you or to partner with the ALICE Team to create shared value, please email: email@example.com
"We have a business culture that has readily adapted ALICE and now relies heavily on her abilities in unexpected directions. In our highly entrepreneurial and performance‑driven environment it is exciting to have been an early pioneer of AI in the governance space. Many companies speak about 4IR technology and innovation, but have yet to see it. And here we are, ALICE is deployed across multiple businesses in the Group and also externally. We're really excited about the future and how AI can shape our business for the better."