Currently viewing: Methodology and approach to enterprise risk management

Methodology and approach to enterprise risk management

FRAMEWORK AND MODEL

The Group has in place an Enterprise Risk Management framework which is based on a combined assurance model comprising: management, external auditors and Support Centre oversight (including the internal audit function). This model and its related activities are structured to ensure that the Group’s risks are adequately addressed by formulating the Group’s strategic imperatives on such.

IDENTIFICATION OF RISKS

Identification of risks is based on:

  • The Group’s risk bearing capacity (the capacity to absorb losses arising from risks without an immediate threat to the Group’s continued existence based on its current business model);
  • Risk appetite (the amount and type of risk the Group is willing to accept in pursuit of its business objectives); and
  • Risk tolerance (the acceptable levels of variation relative to the achievement of the Group’s objectives).

QUANTIFICATION OF RISKS

Certain financial measures form the basis on which these risks are quantified.

RESIDUAL RISK HEATMAP – COMBINED

RESIDUAL RISK HEATMAP – COMBINED

CATEGORISATION OF RISKS

Identified risks are categorised according to:

  • Inherent risk (a function of their potential impact and probability); and
  • Residual risk (based on the effectiveness of mitigating controls or responses to address the inherent risk).

The identified risks are encompassed in the following risk categories:

  • IT infrastructure and network vulnerability;
  • Supply Chain disruptions;
  • Loss of quality earnings/revenue/profitability/future growth;
  • Talent attraction/development/retention;
  • Brand identity and corporate image; and
  • Regulatory compliance.

Click for a summary of the Group’s top risks and/or material issues based on their residual risk ratings. A summary of the strategic imperatives related to each risk is provided.