Compliance and Risk Advisory Business Plan South Africa

Aletheia Compliance & Risk Advisory (Pty) Ltd (“Aletheia”) provides practical compliance and risk advisory services to South African SMEs and regulated mid-market organisations. The business model combines fixed-fee advisory projects and monthly compliance & risk retainer support designed to reduce regulatory and operational risk while making governance, audit readiness, and board reporting easier. Built for South Africa’s compliance reality—where evidence, documentation quality, and implementation tracking matter—Aletheia delivers structured, evidence-ready outputs that clients can use immediately.

This business plan sets out Aletheia’s strategic positioning, offerings, market opportunity across Gauteng and other major metros (including the Western Cape and KwaZulu-Natal), go-to-market strategy, operational delivery approach, and team structure. It also presents a five-year financial projection and funding requirement consistent with the authoritative financial model: total funding of ZAR 3,800,000, Year 1 revenue of ZAR 7,200,000, and a break-even revenue of ZAR 4,725,385 achieved in Month 1 (within Year 1).

Executive Summary

Aletheia Compliance & Risk Advisory (Pty) Ltd is a Johannesburg-based compliance and risk advisory firm incorporated as a Pty Ltd and registered to operate in ZAR (R). The company is headquartered in Johannesburg, Gauteng, South Africa, and will primarily serve clients in Gauteng, with additional reach in the Western Cape and KwaZulu-Natal through remote delivery and on-site workshops.

Business problem and client value

South African SMEs and regulated mid-market companies face ongoing compliance pressures spanning governance, regulatory obligations, and operational risk. Many organisations struggle not with understanding compliance concepts, but with turning compliance into operational practice—including documenting controls, maintaining a credible risk register, producing audit-ready evidence, and enabling management and boards to report effectively. Common symptoms include:

Audit findings and non-compliance gaps that are costly to remediate.
Governance processes that exist “on paper” but lack evidence and consistent execution.
Delayed decisions due to unclear risk ownership, incomplete risk registers, or missing board-ready reporting packs.
POPIA and licensing readiness challenges, where implementation steps and evidence trails are inconsistent.

Aletheia’s mission is to make governance easier and safer by providing implementable compliance and risk frameworks and ongoing support. The firm’s promise to clients is faster turnaround, clear deliverables, and action-tracking that reduces regulatory and operational risk rather than stopping at generic advice.

Solution and service model

Aletheia offers three core service lines, delivered as structured packages:

POPIA Readiness & Compliance Pack (fixed-fee project)
Risk Register + Risk Appetite Framework (fixed-fee project)
Board/Management Risk & Compliance Reporting Pack (fixed-fee project)
Compliance & Risk Retainer (monthly support for implementation tracking and reporting)

The retainer model is designed for recurring governance needs: monthly reporting, corrective action tracking, and an advisory meeting that keeps risk and compliance information current.

Competitive positioning

Aletheia competes against local governance and compliance consulting firms, audit-focused consultancies, and template-based compliance providers. Its differentiation is practical delivery and evidence-ready outputs—faster turnaround, clearer deliverables, and stronger implementation tracking compared with generic templates or audit-only service approaches.

Market focus

The initial target customer base is South African SMEs and regulated mid-market organisations with 20–200 employees, often in financial services-adjacent industries, healthcare, logistics, manufacturing, and services, where compliance and audit pressure are recurring. Aletheia’s early-stage go-to-market approach is intentionally focused: rather than claiming broad mass-market penetration, it targets decision-makers (CEOs, CFOs, COOs, compliance heads, and risk owners) in major metros, converting through referrals, targeted outreach, and workshop-based lead generation.

Financial highlights (5-year model; source of truth = financial model)

Aletheia’s five-year financial model projects stable revenue of ZAR 7,200,000 per year, with gross margin sustained at 65.0% and EBITDA margins decreasing in later years due to modeled fixed cost growth and financing/expense profile. Key highlights include:

Total funding required: ZAR 3,800,000
Year 1 revenue: ZAR 7,200,000
Year 1 gross profit: ZAR 4,680,000
Year 1 EBITDA: ZAR 2,084,000
Year 1 net income: ZAR 1,174,205
Break-even revenue (annual): ZAR 4,725,385
Break-even timing: Month 1 (within Year 1)

The model shows positive profitability in all years, supported by a consistent mix of monthly retainers and fixed-fee projects.

Funding request at a glance

Aletheia requests ZAR 3,800,000 in total funding, comprised of ZAR 1,500,000 equity and ZAR 2,300,000 debt. Funds will be used for startup needs, office and technology setup, initial marketing launch, delivery working capital, and six months of operating cost ramp, supported by additional contingency for delivery capacity and early marketing.

Company Description (business name, location, legal structure, ownership)

Company overview

Company name: Aletheia Compliance & Risk Advisory (Pty) Ltd
Business type: Compliance and risk advisory (Professional Services)
Currency: ZAR (R)
Model period: 5 years

Aletheia is a South African compliance and risk advisory firm established to help organisations implement practical compliance and risk systems that stand up to scrutiny. The firm focuses on producing evidence-ready outputs and supporting ongoing governance processes—particularly where management reporting, risk ownership, corrective action tracking, and compliance documentation are required.

Location and service geography

Aletheia is based in Johannesburg, Gauteng, South Africa. The business serves clients across:

Gauteng primarily through on-site workshops and advisory meetings, and through targeted decision-maker outreach.
Western Cape and KwaZulu-Natal primarily via remote delivery, with on-site engagements scheduled as needed for workshops or evidence-gathering phases.

This geography strategy provides both market focus and operational flexibility: Aletheia can maintain a lean core delivery structure while matching demand through an external contractor bench.

Legal structure and registration

Aletheia is incorporated as a Pty Ltd. The company will be registered and operate with figures in ZAR consistently.

Ownership

Ownership is centered on the founder, with the company’s equity capital reflecting initial owner investment as captured in the financial model:

Equity capital: ZAR 1,500,000
Debt principal: ZAR 2,300,000
Total funding: ZAR 3,800,000

The ownership structure is designed to support credibility with clients and financial institutions while maintaining disciplined capital planning for delivery capability and early growth.

Business proposition in plain terms

Aletheia’s value proposition is straightforward: clients need less uncertainty, fewer compliance surprises, and improved governance visibility. Aletheia achieves this by:

Building practical compliance frameworks and risk registers that reflect real operational risk.
Producing document sets that are evidence-ready for audits, licensing, and governance expectations.
Providing board and management reporting packs that reduce information gaps and enable faster decisions.
Running monthly retainer support for ongoing tracking, reporting, and corrective action follow-up.

Why now (South Africa context)

South Africa continues to tighten compliance expectations across multiple sectors. Many SMEs remain exposed due to governance capacity constraints and the time burden of compliance execution. The market opportunity is therefore not only demand for advisory, but demand for advisory that is implementable—supported by evidence trails, action registers, and regular reporting cycles.

Aletheia’s approach is built to reflect that reality: rather than positioning as a purely theoretical consultancy, the business emphasises structured deliverables and operational follow-through.

Products / Services

Aletheia’s service portfolio is designed to meet recurring compliance needs in a way that is predictable for clients and scalable for the business. The offerings are split into fixed-fee project packages and monthly retainer support.

1) POPIA Readiness & Compliance Pack (fixed-fee project)

Purpose: Enable clients to move from POPIA awareness to a practical, evidence-ready readiness posture.

What is delivered (core components):

Compliance gaps assessment focused on data processing activities, documentation maturity, and governance readiness.
POPIA compliance register (structured listing of requirements and current status).
Policy and procedure mapping aligned to the client’s operational context.
Implementation roadmap with priority actions, responsibilities, and evidence requirements.
Evidence checklist to support audit and assurance needs.

Typical engagement outcomes:

A client’s compliance team gains clarity on what is required, what is missing, and what evidence must be created or updated.
Management receives a roadmap that reduces ambiguity and accelerates implementation.
Boards can understand readiness in structured reporting terms.

How Aletheia differentiates delivery:

Evidence-first approach: deliverables include not only policy names, but also the evidence trail associated with operational execution.
Fast turnaround: structured templates and disciplined workflows reduce delivery cycle time.

2) Risk Register + Risk Appetite Framework (fixed-fee project)

Purpose: Establish a robust risk register and define risk appetite expectations so risk decisions become consistent and measurable.

What is delivered (core components):

Risk identification and categorisation using workshops and structured interviews.
Risk register including risk descriptions, causes, impacts, existing controls, control effectiveness notes, and risk ratings.
Risk appetite framework linking organisational objectives to acceptable risk levels.
Ownership and accountability assignment (risk owner roles and escalation triggers).
Review cadence guidance (how frequently risk and controls should be updated).

Typical engagement outcomes:

The client moves from ad-hoc risk conversations to structured risk management.
Risk owners and leadership can prioritise remediation using consistent risk criteria.
A risk register becomes a living governance tool instead of a static document.

Counter-argument and mitigation (realistic client concerns):

Concern: “We already have a risk register.”
Aletheia response: Aletheia reviews and strengthens quality—ensuring risks are operationally meaningful, controls have evidence links, and risk ratings and appetite statements are consistent. The goal is improvement in governance usability, not token documentation.

3) Board/Management Risk & Compliance Reporting Pack (fixed-fee project)

Purpose: Provide board- and management-ready reporting packs that summarise risk and compliance status clearly, consistently, and with action tracking.

What is delivered (core components):

Risk and compliance reporting pack tailored to the client’s governance cycle.
Board-ready summary format that highlights top risks, compliance status, and material issues.
Corrective action tracking template (what was planned, what happened, what remains, and by when).
Management dashboards (structured reporting approach that supports internal decision-making).
Evidence annexure guidance for assurance and audit readiness.

Typical engagement outcomes:

Boards and executive teams can make faster and better decisions with consistent information.
Compliance and risk become measurable in the governance cycle.
Audit preparation becomes easier because evidence and narratives align to reporting.

4) Compliance & Risk Retainer (monthly implementation + reporting)

Purpose: Ensure continuity after project delivery by enabling ongoing implementation tracking and monthly governance support.

What the retainer includes (core components):

Monthly compliance and risk reporting
Corrective action tracking
One advisory meeting per month for governance alignment and next-step planning
Risk and compliance update support to keep registers and reporting accurate

Why the retainer matters:
Fixed-fee projects create momentum, but risk and compliance deteriorate if documentation and tracking are not maintained. The retainer supports:

consistent evidence collection cycles,
accountability for action owners,
governance visibility and escalation management.

Client fit:
The retainer is ideal for SMEs and regulated mid-market organisations that need ongoing assurance and governance support without maintaining large internal risk/compliance teams.

Service pricing and unit economics (how revenue is generated in the model)

Aletheia’s financial model uses the following pricing assumptions as the basis for revenue:

Monthly retainers: ZAR 18,000 per client per month
Fixed-fee advisory projects: ZAR 45,000 per project (blended average)

These assumptions support the modeled revenue of ZAR 7,200,000 per year, split between retainer revenue and fixed-fee project revenue.

Delivery process (end-to-end service workflow)

A consistent delivery process protects quality and reduces delivery risk. A typical workflow includes:

Discovery and intake
- Stakeholder mapping
- Current documentation review
- Identify scope boundaries and evidence availability
Diagnostic and design
- Conduct workshops or structured interviews
- Draft frameworks and registers
Draft iteration and validation
- Validate with client owners and adjust for operational reality
Evidence-ready finalisation
- Ensure documentation supports audit and assurance needs
Handover and adoption support
- Training and governance alignment
Retainer follow-up (if contracted)
- Monthly updates, action tracking, and governance reporting

Service quality assurance and risk control

Compliance and risk advisory are sensitive disciplines. Aletheia’s internal controls focus on maintaining accuracy, clarity, and defensibility:

Structured templates and checklists for every deliverable
Evidence-ready formatting to reduce ambiguity
Version control for policy and reporting packs
Review gates: analysis and reporting are checked before final handover
Professional indemnity to mitigate advisory delivery risk (modeled insurance costs)

Market Analysis (target market, competition, market size)

Target market: who buys compliance and risk advisory in South Africa

Aletheia targets South African SMEs and regulated mid-market companies with 20–200 employees. The firm’s early-stage focus prioritises sectors and organisational types where compliance and risk governance is recurrent and where audit readiness has direct cost and reputational consequences.

Primary segments include:

Financial services-adjacent organisations (including service providers serving regulated clients)
Healthcare-related services
Logistics and supply-chain services
Manufacturing operations
Professional services and other regulated operations where licensing and compliance expectations exist

The firm’s initial service geography prioritises:

Gauteng (core)
Western Cape and KwaZulu-Natal (secondary; accessed via remote and targeted on-site engagements)

The target buyer personas include:

CFOs (budgeting, compliance cost ownership)
COOs (operational readiness and control execution)
Compliance heads / regulatory officers
Risk owners and governance leadership
CEOs who are accountable for governance outcomes

Market need: why these clients seek external support

The decision to outsource compliance and risk advisory commonly arises from a combination of urgency and internal capacity constraints. Key needs include:

Audit and assurance preparation
- Organisations require evidence trails and defensible documentation.
Licensing and governance expectations
- Regulators and oversight bodies expect structured governance.
POPIA readiness
- Many organisations understand POPIA at a conceptual level but lack operational implementation and evidence readiness.
Risk governance maturity
- Businesses require a risk register and appetite framework that leadership can use.
Board reporting clarity
- Risk and compliance information must be translated into governance narratives and action tracking.

In practice, the market wants more than “advice”: it requires a structured system that can be adopted by internal owners and maintained over time.

Competitive landscape

Aletheia’s market includes a blend of consultancies, auditors turned consultants, and template providers. The competitive set can be grouped into three broad categories:

Local governance and compliance consulting firms in Johannesburg
- Strengths: local presence and relationship networks
- Common weaknesses: slow delivery cycles, high procurement friction, and outputs that are less implementable
Audit-focused consultancies
- Strengths: audit discipline and assurance experience
- Common weaknesses: strong audit execution but less implementation tracking and ongoing governance support
Template-based compliance providers
- Strengths: lower upfront cost and faster “document creation”
- Common weaknesses: weak fit-for-purpose evidence, limited adoption support, and risk registers that are generic

Differentiation: what Aletheia does differently

Aletheia’s strategy is to win on implementability and governance usability.

Core differentiators:

Evidence-ready deliverables: outputs designed for audit, licensing, and assurance needs.
Faster turnaround: structured templates and disciplined workflows reduce time-to-value.
Clear deliverables and adoption support: clients receive tools they can operationalise.
Action tracking through the retainer: compliance and risk are maintained, not just produced.

Market size and opportunity (practical approach)

Aletheia estimates there are at least 25,000 potential client companies in the areas initially served, based on a practical density estimate of mid-market and SMEs by metro presence. The strategy is not to assume dominance of the entire market, but to win a realistic share through targeted decision-maker outreach and referrals.

Implication for strategy:

Aletheia will focus on repeatable, high-intent acquisition pathways:
- LinkedIn outbound to decision-makers in Gauteng and other metros
- Referral partnerships with bookkeepers, advisory accountants, and HR/compliance networks
- Service-led content and Google search visibility for compliance and risk advisory intent
- Workshops for POPIA readiness and risk register implementation

Customer acquisition economics: why the retainer matters

Compliance and risk advisory has a natural “build then maintain” pattern:

Clients often start with a project (e.g., POPIA readiness or risk register design).
After initial maturity, they need ongoing tracking, governance reporting, and corrective action follow-up.

A retainer model aligns with this buying behaviour, improving:

revenue predictability,
client retention,
time to profitability through recurring monthly support.

Market risks and how Aletheia addresses them

Procurement delays and budget cycles
- Mitigation: packages are fixed-fee and deliver fast value; onboarding includes clear deliverables and governance alignment.
Advisory delivery risk (quality and defensibility)
- Mitigation: evidence-ready workflows, review gates, and professional indemnity.
Competition from template providers
- Mitigation: Aletheia positions as implementable governance support, not “documents only.”
Client churn post-project
- Mitigation: retainer conversion strategy built into project handover and adoption support.

Market outlook over five years

The overall compliance pressure environment in South Africa is expected to remain a durable demand driver. Organisations will continue to require:

POPIA readiness improvement cycles,
risk register updates and governance reporting,
board packs and action tracking.

Aletheia’s model supports stable revenue assumptions across five years in the financial projection, with continued service delivery and recurring retainer revenue.

Marketing & Sales Plan

Marketing strategy objectives

Aletheia’s marketing and sales plan is built to reach decision-makers efficiently and convert high-intent leads into either fixed-fee project engagements or monthly retainers.

Primary objectives:

Build credibility in compliance and risk advisory through evidence-ready messaging and structured service packages.
Generate a consistent pipeline via LinkedIn outbound, referrals, workshops, and service content.
Convert leads into retainer contracts by demonstrating ongoing value after the initial project.

Brand positioning and messaging

Aletheia positions itself as a compliance and risk advisory partner that makes governance easier and safer. The brand message emphasises:

Practical delivery (not theoretical)
Evidence-ready outputs
Action tracking and clearer reporting
Faster turnaround

This message directly addresses the buyer pain points: audit pressure, incomplete documentation, governance visibility gaps, and inconsistent action ownership.

Go-to-market channels

Aletheia uses a blend of digital and relationship-driven channels.

1) Professional website and service-led content

The website supports conversion by presenting:

service packages with clear deliverables,
process descriptions,
case-study style outcomes (where permissible),
calls-to-action for workshops and initial assessments.

Search visibility is built using content focusing on “compliance and risk advisory South Africa” intent queries and related governance topics.

2) LinkedIn outbound to decision-makers

LinkedIn outbound targets:

CEOs
CFOs
COOs
compliance heads
risk owners in Gauteng and other metros

Outbound is structured to drive initial trust:

short, targeted messages referencing governance outcomes,
invitation to a workshop or a diagnostic call,
follow-up sequence that offers a clear next step.

3) Referral partnerships

Referrals are central because compliance buying is often trust-led. Aletheia will cultivate partnerships with:

bookkeepers,
advisory accountants,
HR/compliance networks.

Partners are provided with clear value propositions and referral prompts, such as:

POPIA readiness for clients facing data governance pressure,
risk register implementation where governance maturity is rising.

4) Workshops for POPIA readiness and risk register implementation

Workshops are used as a high-intent conversion channel because participants want implementation frameworks, not generic guidance.

Workshop topics align directly with core packages:

POPIA readiness and evidence collection
Risk register implementation and risk appetite framework basics

Workshops support lead capture and subsequent conversion into fixed-fee projects or retainers.

5) Google search visibility

Aletheia builds search visibility through content that targets service-led queries. This channel supports:

inbound leads from compliance stakeholders,
credibility through consistent educational content.

Sales process: structured conversion from lead to contract

A disciplined sales process reduces cycle time and protects delivery quality.

Lead qualification
- Sector relevance
- Governance maturity baseline
- Need for POPIA readiness, risk register, reporting pack, or ongoing retainer
Discovery call
- Stakeholder mapping
- Document availability
- Scope definition and constraints
Proposal and fixed-fee scope
- Clear deliverables and timeline
- Evidence expectations
- Roles and responsibilities
Contracting and onboarding
- Kick-off meeting
- Evidence checklist and data request plan
Delivery and handover
- Structured deliverables
- Training and adoption support
Retainer conversion
- Present ongoing tracking and reporting benefits
- Offer conversion options at handover

Pricing strategy and value justification

Pricing is designed for predictable budgeting and quick internal buy-in:

Fixed-fee advisory project packages at ZAR 45,000 average blended project revenue in the model.
Retainers at ZAR 18,000 per client per month.

This predictable pricing supports CFO confidence and reduces purchasing friction by avoiding “open-ended advisory” concerns.

Sales targets aligned with the financial model

The financial model assumes stable annual revenue of ZAR 7,200,000 across five years, with revenue split between:

Monthly retainers: ZAR 4,752,000 per year
Fixed-fee advisory projects: ZAR 2,448,000 per year

This requires consistent delivery capacity and retention of retainer clients at the modeled level. The retention strategy focuses on monthly value delivery (reporting, action tracking, advisory meetings).

Marketing & sales budget discipline

Marketing and sales execution is planned within the financial model’s operating cost framework. The model includes:

Marketing and sales: Year 1 ZAR 240,000, rising each year with planned scaling.

This discipline ensures the company can sustain lead generation without undermining profitability.

Metrics and performance management

Aletheia will manage marketing and sales performance using operational KPIs tied to revenue conversion and client retention.

Key metrics include:

lead-to-proposal conversion rate,
proposal-to-close conversion rate,
workshop attendance-to-contract conversion,
retainer retention rate,
average sales cycle length,
delivery cycle adherence (on-time completion of project deliverables).

Because retainer revenue is a major part of the model, the business prioritises retainer conversion and retention after fixed-fee delivery.

Operations Plan

Operational approach and service delivery principles

Aletheia’s operations plan is designed for consistent, evidence-ready compliance and risk delivery. The core operational challenge in professional services is balancing quality and timeliness with scalable delivery capacity.

Aletheia solves this through:

structured delivery processes,
templates and evidence checklists,
a core team with supporting contractors,
a monthly governance support cadence for retainers.

Delivery governance: roles and responsibilities

Operations are managed to ensure that advisory outcomes remain consistent with client expectations.

The delivery process is supported by internal role alignment among:

operations management,
risk analytics,
compliance research,
client success and retainer coordination,
finance and costing support,
marketing partnerships and pipeline coordination.

This structure ensures that the firm delivers both technical quality and consistent client experience.

Process flow for each service line

A) POPIA Readiness & Compliance Pack (project)

Initiation
- confirm scope and deliverable list,
- align on evidence availability and data processing context.
Assessment
- review current policies and evidence status,
- identify key gaps affecting readiness posture.
Design
- map requirements to client processes,
- draft compliance register and implementation roadmap.
Validation
- iterate with the client to confirm operational fit.
Evidence-ready handover
- ensure documentation is structured for assurance needs.

B) Risk Register + Risk Appetite Framework (project)

Workshop and risk identification
- identify top risks by operational interviews,
- establish risk categories tied to business objectives.
Draft risk register
- define risks, impacts, controls, and ratings framework.
Risk appetite framework
- translate appetite into measurable guidance for leadership decisions.
Ownership and governance cadence
- assign owners and define review escalation triggers.
Finalisation
- ensure the register supports ongoing governance decision-making.

C) Board/Management Risk & Compliance Reporting Pack (project)

Governance context alignment
- align with existing board packs or propose reporting structure.
Draft reporting packs
- summarise risk and compliance status clearly.
Action tracking and accountability design
- define how actions are tracked and reported.
Final evidence alignment
- ensure the pack aligns with evidence trails.

D) Compliance & Risk Retainer (monthly)

Monthly reporting cycle
- update risk and compliance status based on evidence collected and actions executed.
Corrective action tracking
- ensure actions have owners, due dates, and status.
Advisory meeting
- monthly review to align leadership decisions and confirm priorities.
Quarterly or periodic enhancements (as needed)
- adjust frameworks or reporting packs based on changes in risk profile or compliance obligations.

Capacity planning and contractor bench

Aletheia’s model relies on delivering projects and maintain monthly retainers without prematurely expanding fixed payroll. Delivery capacity is planned through a contractor bench.

Operational capacity planning focuses on:

project delivery scheduling,
evidence gathering timelines,
workload balancing across project engagements,
contractor onboarding to maintain consistent quality.

This protects margins because the financial model assumes COGS of 35.0% of revenue.

Information security and document handling

Because Aletheia processes sensitive compliance and risk information, operations include secure handling practices:

secure storage for documents,
controlled access to evidence packs,
clear confidentiality controls for client information.

This is supported by the model’s initial setup for secure storage and software, represented in capex.

Quality management and risk assurance

Compliance advisory quality is managed via:

structured templates for deliverables,
internal reviews before handover,
evidence checklist compliance for project outputs,
consistency in reporting packs.

Operational cost structure (from financial model)

Operations costs in the model are made up of:

COGS: Year 1 ZAR 2,520,000 (35.0% of revenue)
Total OpEx: Year 1 ZAR 2,596,000
Depreciation: Year 1 ZAR 188,000
Interest: Year 1 ZAR 287,500

Additional year-on-year increases are modelled in salaries, rent/utilities, marketing, insurance, and other operating costs, ensuring operational scaling remains controlled.

Technology and tools

Aletheia’s operational toolkit includes:

laptops and secure storage for confidential documents,
compliance and reporting templates,
document version control.

The model includes capex (outflow) of -ZAR 940,000 in Year 1, consistent with the startup technology and setup planning.

Key operational milestones

Operationally, Aletheia’s milestones are structured around onboarding readiness and delivery capability:

startup setup complete to enable client delivery and evidence handling,
initial marketing launch to drive lead inflow,
project delivery commencement and retainer conversion.

These operational milestones support the model assumption of ongoing revenue stability from Year 1 onward.

Management & Organization (team names from the AI Answers)

Management structure overview

Aletheia’s organisation is designed to support professional delivery quality while remaining lean. The structure reflects a founder-led advisory model supplemented by specialist roles.

The key team members are:

Anesu Chigumba — Founder and Owner
Bongani Sithole — Operations Manager
Refilwe Mahlangu — Risk Analyst
Naledi Tshabalala — Compliance Officer
Tumelo Khumalo — Client Success & Retainer Lead
Palesa Zulu — Finance & Costing Support
Thandi Mokoena — Research & Evidence Coordinator
Zanele Gumede — Marketing & Partnerships Coordinator

Role clarity and responsibilities

Anesu Chigumba — Founder and Owner

Primary responsibilities:

overall strategy and governance direction,
client delivery strategy and service quality assurance,
commercial partnership management and advisory leadership.

Why this role matters operationally:
Compliance and risk advisory require senior-level judgement on governance defensibility. The founder’s 12 years of compliance and risk experience ensures structured output quality and alignment to client risk realities.

Bongani Sithole — Operations Manager

Primary responsibilities:

delivery operations planning,
process improvement and workflow execution,
internal control and documentation flow management.

Operational impact:
The Operations Manager ensures that evidence-ready outputs remain consistent across multiple engagements and that project timelines are managed.

Refilwe Mahlangu — Risk Analyst

Primary responsibilities:

risk registers and risk appetite support,
risk ratings framework consistency,
board-ready risk reporting summaries.

Analytical impact:
The Risk Analyst ensures that risk documentation translates into decision-useful outputs rather than generic risk descriptions.

Naledi Tshabalala — Compliance Officer

Primary responsibilities:

regulatory compliance implementation support,
POPIA and governance process execution guidance,
compliance evidence alignment.

Compliance impact:
The Compliance Officer improves accuracy and defensibility of compliance frameworks and evidence checklists.

Tumelo Khumalo — Client Success & Retainer Lead

Primary responsibilities:

retainer onboarding and retention,
monthly reporting cadence management,
corrective action tracking oversight.

Client impact:
Retention success depends on consistent monthly value. This role ensures retainer clients experience measurable governance improvements.

Palesa Zulu — Finance & Costing Support

Primary responsibilities:

unit economics discipline,
costing for delivery planning,
financial monitoring alignment with profitability goals.

Financial impact:
Finance & Costing Support ensures that delivery cost discipline supports the modeled gross margin of 65.0%.

Thandi Mokoena — Research & Evidence Coordinator

Primary responsibilities:

regulatory and evidence research support,
compiling evidence packs,
maintaining compliance registers and evidence structure.

Quality impact:
This role supports evidence-ready deliverables and reduces research and evidence gaps.

Zanele Gumede — Marketing & Partnerships Coordinator

Primary responsibilities:

B2B lead generation and decision-maker outreach support,
referral partnerships and workshop pipeline,
brand and marketing execution.

Growth impact:
Marketing and partnerships are essential to maintain stable retainer revenue and fixed-fee project inflow.

Organisational scalability

The organisational model supports scalability by keeping core headcount focused on advisory quality while enabling workload matching via contractors. This supports operational scalability without excessive fixed payroll expansion, consistent with the financial model’s cost structure.

Hiring plan and timing

The model assumes progressive year-on-year increases in salaries and operating costs, consistent with operational scaling while maintaining controlled growth.

Financial Plan (P&L, cash flow, break-even — from the financial model)

Financial model summary (5 years)

The financial plan below uses the authoritative financial model. It includes profit and loss projections, projected cash flow tables, break-even analysis, and a projected balance sheet.

Key consistency points from the model:

Total Revenue: R7,200,000 each year (Years 1–5)
Gross Margin: 65.0% each year
COGS: 35.0% of revenue each year (R2,520,000)
Break-even timing: Month 1 (within Year 1)
Capex: Year 1 only, -R940,000, remaining years -R0

Assumptions used in the model (source of truth)

Revenue is generated by:

Monthly retainers at R18,000 per client per month producing R4,752,000 annual retainer revenue.
Fixed-fee advisory projects with blended average revenue of R45,000 per project producing R2,448,000 annual project revenue.

Costs are:

COGS = 35.0% of revenue, producing R2,520,000 annually.
OpEx increases each year with modeled escalation in salaries, rent/utilities, marketing, insurance, professional fees, and other operating costs.
Depreciation is R188,000 annually.
Interest decreases over time as modeled.

Projected Profit and Loss (5-year)

Category	Year 1	Year 2	Year 3	Year 4	Year 5
Sales	R7,200,000	R7,200,000	R7,200,000	R7,200,000	R7,200,000
Direct Cost of Sales	R2,520,000	R2,520,000	R2,520,000	R2,520,000	R2,520,000
Other Production Expenses	R0	R0	R0	R0	R0
Total Cost of Sales	R2,520,000	R2,520,000	R2,520,000	R2,520,000	R2,520,000
Gross Margin	R4,680,000	R4,680,000	R4,680,000	R4,680,000	R4,680,000
Gross Margin %	65.0%	65.0%	65.0%	65.0%	65.0%
Payroll	R1,140,000	R1,208,400	R1,280,904	R1,357,758	R1,439,224
Sales & Marketing	R240,000	R254,400	R269,664	R285,844	R302,994
Depreciation	R188,000	R188,000	R188,000	R188,000	R188,000
Leased Equipment	R0	R0	R0	R0	R0
Utilities	R372,000	R394,320	R417,979	R443,058	R469,641
Insurance	R108,000	R114,480	R121,349	R128,630	R136,348
Rent	R0	R0	R0	R0	R0
Payroll Taxes	R0	R0	R0	R0	R0
Other Expenses	R548,000	R592,160	R628,873	R670,800	R731,223
Total Operating Expenses	R2,596,000	R2,751,760	R2,916,866	R3,091,878	R3,277,390
Profit Before Interest & Taxes (EBIT)	R1,896,000	R1,740,240	R1,575,134	R1,400,122	R1,214,610
EBITDA	R2,084,000	R1,928,240	R1,763,134	R1,588,122	R1,402,610
Interest Expense	R287,500	R230,000	R172,500	R115,000	R57,500
Taxes Incurred	R434,295	R407,765	R378,711	R346,983	R312,420
Net Profit	R1,174,205	R1,102,475	R1,023,923	R938,139	R844,690
Net Profit / Sales %	16.3%	15.3%	14.2%	13.0%	11.7%

Notes on internal consistency:

The model shows EBITDA as EBIT plus depreciation; net profit is after interest and tax.
Values above are aligned with the authoritative financial model outputs.

Break-even Analysis

Aletheia’s break-even analysis is derived from the model’s fixed cost base and gross margin assumption.

Y1 Fixed Costs (OpEx + Depn + Interest): R3,071,500
Y1 Gross Margin: 65.0%
Break-Even Revenue (annual): R4,725,385
Break-Even Timing: Month 1 (within Year 1)

This indicates that the business model is positioned to cover fixed costs quickly in the first year, provided that revenue streams (retainor and project revenue) are delivered as modeled.

Projected Cash Flow (5-year)

Category	Year 1	Year 2	Year 3	Year 4	Year 5
Cash from Operations
Cash Sales	R7,200,000	R7,200,000	R7,200,000	R7,200,000	R7,200,000
Cash from Receivables	R0	R0	R0	R0	R0
Subtotal Cash from Operations	R7,200,000	R7,200,000	R7,200,000	R7,200,000	R7,200,000
Additional Cash Received
Sales Tax / VAT Received	R0	R0	R0	R0	R0
New Current Borrowing	R0	R0	R0	R0	R0
New Long-term Liabilities	R0	R0	R0	R0	R0
New Investment Received	R0	R0	R0	R0	R0
Subtotal Additional Cash Received	R0	R0	R0	R0	R0
Total Cash Inflow	R7,200,000	R7,200,000	R7,200,000	R7,200,000	R7,200,000
Expenditures from Operations
Cash Spending	R6,197,795	R5,909,525	R5,988,077	R6,073,861	R6,167,310
Bill Payments	R0	R0	R0	R0	R0
Subtotal Expenditures from Operations	R6,197,795	R5,909,525	R5,988,077	R6,073,861	R6,167,310
Additional Cash Spent
Sales Tax / VAT Paid Out	R0	R0	R0	R0	R0
Purchase of Long-term Assets	-R940,000	R-0	R-0	R-0	R-0
Dividends	R0	R0	R0	R0	R0
Subtotal Additional Cash Spent	-R940,000	R0	R0	R0	R0
Total Cash Outflow	R7,137,795	R5,909,525	R5,988,077	R6,073,861	R6,167,310
Net Cash Flow	R3,402,205	R830,475	R751,923	R666,139	R572,690
Ending Cash Balance (Cumulative)	R3,402,205	R4,232,680	R4,984,603	R5,650,743	R6,223,433

Important: The model’s cash-flow line items are represented above with additional long-term asset purchase showing -R940,000 in Year 1 and R0 thereafter, consistent with the model’s capex outflow structure.

Financial interpretation (what the numbers mean for operations)

The projected P&L demonstrates:

stable revenue generation (R7,200,000 each year),
consistent gross margin at 65.0%,
decreasing profitability metrics (EBITDA margin and net margin decline from Year 1 to Year 5) driven by rising operating costs and the modeled expense profile,
stable positive net income across all years.

The cash flow shows strong liquidity buildup:

Year 1 closing cash R3,402,205 (cumulative)
Year 5 closing cash R6,223,433 (cumulative)

This liquidity profile supports continued delivery capability and reduces funding stress.

Reproduction of Year 1 / Year 2 / Year 3 summary table (required)

The following table reproduces the Year 1 / Year 2 / Year 3 summary directly from the financial model:

Year	Revenue	Gross Profit	EBITDA	Net Income	Closing Cash
Year 1	R7,200,000	R4,680,000	R2,084,000	R1,174,205	R3,402,205
Year 2	R7,200,000	R4,680,000	R1,928,240	R1,102,475	R4,232,680
Year 3	R7,200,000	R4,680,000	R1,763,134	R1,023,923	R4,984,603

Projected Balance Sheet (5-year)

Category	Year 1	Year 2	Year 3	Year 4	Year 5
Assets
Cash	R3,402,205	R4,232,680	R4,984,603	R5,650,743	R6,223,433
Accounts Receivable	R0	R0	R0	R0	R0
Inventory	R0	R0	R0	R0	R0
Other Current Assets	R0	R0	R0	R0	R0
Total Current Assets	R3,402,205	R4,232,680	R4,984,603	R5,650,743	R6,223,433
Property, Plant & Equipment	R0	R0	R0	R0	R0
Total Long-term Assets	R0	R0	R0	R0	R0
Total Assets	R3,402,205	R4,232,680	R4,984,603	R5,650,743	R6,223,433
Liabilities and Equity
Accounts Payable	R0	R0	R0	R0	R0
Current Borrowing	R0	R0	R0	R0	R0
Other Current Liabilities	R0	R0	R0	R0	R0
Total Current Liabilities	R0	R0	R0	R0	R0
Long-term Liabilities	R0	R0	R0	R0	R0
Total Liabilities	R0	R0	R0	R0	R0
Owner’s Equity	R3,402,205	R4,232,680	R4,984,603	R5,650,743	R6,223,433
Total Liabilities & Equity	R3,402,205	R4,232,680	R4,984,603	R5,650,743	R6,223,433

Model consistency note: The financial model provided does not specify working capital balance sheet items or long-term liability breakdowns. The balance sheet is therefore represented with cash and equity aligned with the modeled cash balances.

Funding Request (amount, use of funds — from the model)

Total funding required

Aletheia requests ZAR 3,800,000 in total funding to establish operations, launch marketing and delivery capability, and manage the ramp period through stable early revenue generation.

Funding structure (from financial model):

Equity capital: ZAR 1,500,000
Debt principal: ZAR 2,300,000
Total funding: ZAR 3,800,000

How funds will be used (from the model)

The requested funding supports both startup requirements and working capital stability.

Use of funds	Amount (ZAR)
Office deposit (3 months rent in advance basis)	R75,000
Refurbishment & basic office setup	R120,000
Laptops, secure storage, and software setup (capital)	R260,000
Professional memberships + initial subscriptions	R35,000
Legal, accounting setup, and company registration costs	R110,000
Marketing launch (branding, website build, content production)	R420,000
Transport (initial vehicle deposit / leasing onboarding)	R180,000
Insurance setup (professional indemnity initiation + base cover)	R90,000
Working capital buffer for the first customer ramp (allocation)	R1,200,000
Operating costs through ramp period (first 6 months Q3 monthly costs plus buffers)	R1,260,000
Working capital contingency for delivery capacity and early marketing	R50,000
Total	R3,800,000

Why the funding is structured this way

Credibility and operational readiness: deposit, office setup, technology, legal registration, and insurance ensure the business can start delivering immediately.
Working capital for ramp: a dedicated buffer supports early lead conversion and delivery workload.
Sustained marketing launch: initial brand building, website build, and content production support pipeline generation.
Risk management for advisory services: insurance setup protects against professional advisory delivery risk.

Funding repayment and financial capacity

The model shows positive net income and positive operating cash flow across years, supporting debt service capacity. The cash profile demonstrates strong liquidity accumulation to ZAR 6,223,433 closing cash by Year 5, reducing funding stress and improving financial resilience.

Appendix / Supporting Information

A) Core service deliverables summary

Aletheia’s service offerings are structured for evidence readiness and adoption:

POPIA Readiness & Compliance Pack
- compliance gaps assessment,
- compliance register,
- policy/procedure mapping,
- implementation roadmap,
- evidence checklist.
Risk Register + Risk Appetite Framework
- risk identification and categorisation,
- risk register with controls and ownership,
- risk appetite framework aligned to objectives,
- review cadence and escalation triggers.
Board/Management Risk & Compliance Reporting Pack
- board-ready summary,
- corrective action tracking,
- management dashboard structure,
- evidence annexure guidance.
Compliance & Risk Retainer
- monthly reporting,
- corrective action tracking,
- monthly advisory meeting,
- ongoing risk and compliance updates.

B) Team credentials and engagement roles

Team members are assigned roles aligned to delivery needs and retainer continuity:

Anesu Chigumba (Founder & Owner): strategy, governance, delivery leadership
Bongani Sithole (Operations Manager): workflow execution and process improvement
Refilwe Mahlangu (Risk Analyst): risk registers and appetite frameworks
Naledi Tshabalala (Compliance Officer): regulatory and POPIA compliance execution
Tumelo Khumalo (Client Success & Retainer Lead): monthly reporting cadence and action tracking
Palesa Zulu (Finance & Costing Support): unit economics and cost discipline
Thandi Mokoena (Research & Evidence Coordinator): evidence packs and compliance register support
Zanele Gumede (Marketing & Partnerships Coordinator): pipeline generation and referral partnerships

C) Financial statement checklist (model-based)

The financial package is built using the authoritative financial model inputs and outputs:

Projected Profit and Loss (5-year) with margin and EBITDA metrics
Break-even analysis: R4,725,385 annual break-even, Month 1 timing
Projected Cash Flow with capex in Year 1: -R940,000
Projected Balance Sheet showing modeled cash and equity

D) Risk and mitigation overview (practical advisory risk)

The business recognises that compliance and risk advisory must be defensible and adoptable. Aletheia mitigates risks through structured templates, evidence-first deliverables, internal review gates, secure document handling, and professional indemnity insurance (modeled insurance costs).

E) Consistency of key business identities

All key business identities used in the plan are consistent:

Business name: Aletheia Compliance & Risk Advisory (Pty) Ltd
Location: Johannesburg, Gauteng, South Africa
Ownership: founder-led with modeled equity ZAR 1,500,000
Funding total: ZAR 3,800,000 (equity plus debt)
Team names: Anesu Chigumba, Bongani Sithole, Refilwe Mahlangu, Naledi Tshabalala, Tumelo Khumalo, Palesa Zulu, Thandi Mokoena, Zanele Gumede