The financial year (FY) 2021/22, commencing at the climax of the ferocious Delta Variant of Covid-19, and later the effects of the diplomatic and trade sanctions on Russia by the West, has been one of the most challenging years, not only for businesses but for economies in general.
The main factors escalating the risk environment included, but are not limited to:
In execution of its mandate of providing social security to its members, the Fund operates in a dynamic environment, characterised by changing customer needs and technology, which continuously exposes its business to various risks.
The essence of risk management is therefore, to enable the Fund to attain its objectives – we manage risk to create and preserve value for our members. ISO 31000 Risk Management Guidelines define risk as the effect of uncertainty on an objective, whether positive or negative. But the main concern for risk management is to minimise the negative effect on an objective.
The most critical decision in any business is striking a balance between risk and reward/return because the risk-reward decision is an extremely delicate balance – the higher the return/reward, the higher the risk.
To manage risk systematically and comprehensively, we follow a structured process as described below.
The Fund cannot avoid taking risk because value comes from taking risk, good fish is not found at the shore.
Like Denis Waitley said, “Life is inherently risky. There is only one big risk you should avoid at all costs, and that is the risk of doing nothing.”
In the Fund, we consider risk management as an integral part of business activities that requires the participation of everyone, right from the boardroom to the mail room.
There is clear accountability and ownership of risk through the Fund’s governance structures depicted below:
The Board of Directors sets the tone for risk management and assumes ultimate accountability, but delegates oversight of risk management to the Board Audit and Risk Assurance Committee, and the day-to-day risk management activities to Management.
Management is charged with the responsibility for taking appropriate risk within the risk appetite framework approved by the Board to create value.
Numerous opportunities and risks exist in the environment, but as a Fund, we determine which kind of risks and opportunities, and the extent thereof, we should take on to attain our strategic objectives.
The Board receives quarterly reports on the status of existing as well as emerging risks and opportunities. Management is also responsible for ensuring that enterprise risk management is effective in addressing the risk profile of the Fund.
Establishes the policies and procedures for managing risk, as well as promoting a culture of risk awareness and control across the Fund.
Risk owners are the staff who are directly accountable for ensuring risks are managed effectively, by implementing actions required to treat the risks.
Provides assurance to the Board and Executive management on the adequacy and effectiveness of internal controls in mitigating the risks the Fund faces.
External auditors provide an additional line of defence. Their role is to provide reasonable independent assurance on the integrity of financial statements, as well as the effectiveness of internal controls in mitigating risks.
The three lines of defence play a complementary role to each other.
It is important to note that segregation of duties (lines of defence) does not mean working in silos. Enterprise Risk Management, Legal and Internal Audit, work collaboratively to provide combined assurance on risk, compliance, and internal controls. Combined assurance ensures that there is comprehensiveness in terms of coverage of risk exposures and avoids duplication of roles.
Our three lines of defence model is depicted below: