Risk management
Introduction
Eqstra has an established system of internal controls to manage risk. A centralised risk management tracking system is in place and risks are tracked at a strategic and operational level.
Key risks and their status are reported to the risk committee. The committee is assisted by the group risk executive and divisional risk management officials or champions who coordinate the risk assessment process within the divisions. Key risks, as identified by the group, form part of the internal audit plan for the ensuing financial year. The group’s internal audit also assists the committee to evaluate the risk management process.
The group’s active risk management processes align risk management with the group’s strategic direction and ensures:
| • |
Proactive identification and management of key risks |
| • |
Implementation of effective risk mitigating processes |
| • |
Resource allocation based on risk assessments |
| • |
Effective consideration of risks in decision making |
| • |
Active board involvement, which guides management in managing risk issues |
High-level overview of the risk reporting and communications structure
The risk committee’s responsibilities include formalising, standardising and monitoring the group’s risk process by guiding management and assessing the effectiveness in terms of managing risks.
The management of risk substantially takes place at a divisional level. The divisional risk management process is monitored by the divisional financial and risk review committees as well and considered at each divisional board meeting. During the latter part of the year, the risk reporting process was further refined by appointing dedicated divisional risk officers who functionally report to exco through the group risk executive in addition to divisional management. This has added an independent governance check from a group level and ensures early and proactive identification and assessment of risks.
Risks are assessed in terms of the impact and probability of occurrence, with a rating applied based on the effectiveness of relevant internal controls. This ensures that risks are ranked and risk mitigation priorities set. The top risks are elevated to a group level and are addressed through action plans with assigned responsibilities.
The group strategic risk register is reviewed regularly by exco, with divisional risk registers reviewed quarterly by divisional boards.
The group strategic risk register and divisional risk registers are reviewed at each risk committee meeting.
Key focus areas for the 2012 financial year:
| • |
The group will focus on finalising a formal enterprise-wide risk management framework; |
| • |
The expansion of risk registers to focus on both operational and strategic risks; |
| • |
Defining group and divisional risk appetite and tolerance; |
| • |
Allocate risk owners to identified risks; |
| • |
Continue to establish the root causes and consequences of risks; and |
|
