Risk and Opportunity Management

Mr. Edward Senyonjo  


In the Fund, we consider risk management as an integral part of business activities that requires the participation of everyone, right from the boardroom to the mail room.


The financial year (FY) 2021/22, commencing at the climax of the ferocious Delta Variant of Covid-19, and later the effects of the diplomatic and trade sanctions on Russia by the West, has been one of the most challenging years, not only for businesses but for economies in general.

The main factors escalating the risk environment included, but are not limited to:


For the first half of the FY, the biggest threat to businesses remained Covid-19, particularly the Delta variant and later, the Omicron variant.

War on Ukraine

Trade and diplomatic sanctions on Russia by America and its allies for attacking Ukraine, disrupted global supply chains, leading to high inflation around the world.
  • Rwanda maintained border closure with Uganda most of the year until March 2022, when there was an easing of hostility and resumption of diplomatic relations.
  • The Allied Democratic Forces (ADF), with an operational base in the DRC, launched multiple terror attacks in Uganda in November 2021.
  • Consequently, in the same month, Uganda People’s Defence Force (UPDF) launched military operations in the DRC, in conjunction with the Congolese Army (FARDC), to eradicate the ADF.
  • Towards the end of the FY, the M23 rebels, also based in the DRC, attacked the Bunagana border post on the DRC side, leading to an influx of refugees into Uganda.
  • Kenya instituted trade restrictions on certain products from Uganda; it took diplomatic engagements between Uganda and Kenya to resolve the impasse.
  • Amendment of the NSSF Act increased the demand for cash withdrawals in the form of midterm access (MTA). In a bid to make cash available for MTA, the Fund had to forego investing in long-term instruments (treasury bonds – TB) with higher returns, in favour of fixed deposits, which are short-term. The highest interest rates on TBs were 17% while fixed deposits provided a return of 13%.
  • Admission of the DRC into the East African Community expanded the regional market from 200 million people to 277 million people, with a combined GDP of $294bn
  • Uganda signed the Final Investment Decision on oil and gas, worth $10 billion; with oil expected out of the ground in 2025.


Value creation through enterprise risk management

In execution of its mandate of providing social security to its members, the Fund operates in a dynamic environment, characterised by changing customer needs and technology, which continuously exposes its business to various risks.


The essence of risk management is therefore, to enable the Fund to attain its objectives – we manage risk to create and preserve value for our members. ISO 31000 Risk Management Guidelines define risk as the effect of uncertainty on an objective, whether positive or negative. But the main concern for risk management is to minimise the negative effect on an objective.


The most critical decision in any business is striking a balance between risk and reward/return because the risk-reward decision is an extremely delicate balance – the higher the return/reward, the higher the risk.

To manage risk systematically and comprehensively, we follow a structured process as described below.

The Fund cannot avoid taking risk because value comes from taking risk, good fish is not found at the shore.


Like Denis Waitley said, “Life is inherently risky. There is only one big risk you should avoid at all costs, and that is the risk of doing nothing.”


In the Fund, we consider risk management as an integral part of business activities that requires the participation of everyone, right from the boardroom to the mail room. 

Risk governance

There is clear accountability and ownership of risk through the Fund’s governance structures depicted below:

Board of Directors

The Board of Directors sets the tone for risk management and assumes ultimate accountability, but delegates oversight of risk management to the Board Audit and Risk Assurance Committee, and the day-to-day risk management activities to Management.

Executive Management

Management is charged with the responsibility for taking appropriate risk within the risk appetite framework approved by the Board to create value.


Numerous opportunities and risks exist in the environment, but as a Fund, we determine which kind of risks and opportunities, and the extent thereof, we should take on to attain our strategic objectives.


The Board receives quarterly reports on the status of existing as well as emerging risks and opportunities. Management is also responsible for ensuring that enterprise risk management is effective in addressing the risk profile of the Fund.

Enterprise Risk Management function

Establishes the policies and procedures for managing risk, as well as promoting a culture of risk awareness and control across the Fund.

Risk Owners

Risk owners are the staff who are directly accountable for ensuring risks are managed effectively, by implementing actions required to treat the risks.

Internal Audit

Provides assurance to the Board and Executive management on the adequacy and effectiveness of internal controls in mitigating the risks the Fund faces.

External Audit

External auditors provide an additional line of defence. Their role is to provide reasonable independent assurance on the integrity of financial statements, as well as the effectiveness of internal controls in mitigating risks.

Combined assurance through the three lines of defence

The three lines of defence play a complementary role to each other.


It is important to note that segregation of duties (lines of defence) does not mean working in silos. Enterprise Risk Management, Legal and Internal Audit, work collaboratively to provide combined assurance on risk, compliance, and internal controls. Combined assurance ensures that there is comprehensiveness in terms of coverage of risk exposures and avoids duplication of roles.


Our three lines of defence model is depicted below:

  • 1st Line of Defence

    Operational Management

  • 2nd Line of Defence

    Risk and Complaince

  • 3rd Line of Defence

    Internal Audit