annual report 2009

risk management

Risk management review

Risk management is an integral component of the group’s governance framework which enables the group to manage business and industry threats and capitalise on potential opportunities.

The risk management principles outlined in King ll are embedded into key processes to ensure the business remains sustainable and continues to create wealth for shareholders.

The board retains accountability for risk management and responsibility is delegated to the Audit and Risk Committee to ensure the group has adequate risk and internal controls (refer to Diagram 1).

Risk management process

The group’s risk management and internal audit functions are integrated. Risk management is the responsibility of operational management, with internal audit acting as a facilitator in quantifying, measuring and reporting on the status of business risks to the Risk Working Group.

Senior executives and management undertake a control self-assessment exercise twice a year to formally evaluate risks facing the business. This process is facilitated by internal audit. The results are reported to the Risk Working Group to identify significant risks to the group and to recommend strategies for monitoring, managing or mitigating these risks.

Ownership of each risk is assigned by the Risk Working Group to specific executives or business units who are accountable for managing the risk.

A profile of the major risks facing the group is presented to the Audit and Risk Committee twice a year by the Risk Working Group.

Changes in risk profile

There were no significant changes in the overall risk profile of the group during the year. While the potential impact of HIV/AIDS on the group’s customer base and staff cannot be underestimated, the current assessment of the risk is considered to be low, based on the death claims experience of the group’s insurer. The major risks are detailed in the accompanying table (refer to table 1).

Diagram 1: Risk management process

Table 1: Major risks facing the group

Risk Significance   Definition Management action
Credit management     The risk of not being able to maintain the optimal credit quality of the debtors book and manageable levels of bad debt.
  • Centralised credit-granting process
  • Technology-based credit-scoring systems
  • Credit scorecards regularly reviewed to maintain credit risk levels
  • Store-based collections process provides early warning of payment difficulties
  • Continuous assessment of quality of credit granted and collection performance
Market/ currency exposure     The impact of foreign exchange movements, interest rate hikes and fluctuations in the equity market on the group’s profits.
  • Forward-cover contracts to mitigate exchange rate fluctuations
  • Treasury policy
  • Monthly management meetings with Monarch’s investment advisers and quarterly review by the Monarch board
Information technology     The risk of being dependent on the information technology platforms to support the operations of the company.
  • Software development and services outsourced
  • Service level agreements with service providers
  • Alternatives identified for sourcing of technical support
  • Continual review of existing systems and service arrangements by IT Steering Committee
  • Disaster Recovery Plan tested regularly
 
   
   
Supply base     The risk of not being able to satisfy customer demand as a result of the group’s procurement strategies and supply chain management.
  • Continuous identification of vendors to maintain exclusive, differentiated merchandise
  • Appropriate diversification of supply
  • Balance between imported and local supply
  • Monitoring performance of logistics providers
 
   
Human capital     The risk of not managing the group’s human resources in such a way that it supports the objectives of the business.
  • Retention of key executives
  • Fast Track management programme
  • Training and development
  • Succession planning
  • Salary surveys
  • Share incentive schemes
  • Collective bargaining with unions
 
   
Regulatory     The impact of regulations and legislation on the operations of the group.
  • Monitoring legal publications
  • Implementation of a legal compliance system
  • Membership of industry associations provide contact with regulators
  • Services of advisers are retained for key areas of the business
 
Crime     The risk of financial loss or loss of human life as a result of crime, employee dishonesty or fraud.
  • Strong focus on internal control environment
  • Internal audit coverage
  • Reinforcement of the “Lewis behavioural code”
  • Toll-free confidential hotline
  • Security guards at high-risk branches
  • Drop safes and cash-in-transit procedures
  • Alarm systems and physical security
 
Reputation     The risk of damaging the group’s brand name which could impair its ability to retain and generate business and/or impact on the share price.
  • Regular briefings and interaction with analysts and shareholders
  • Financial statement compliance review
  • Regular compliance reviews
  • Customer Service Excellence campaign
  • Staff training and awareness
  • Customer care line
  • Corporate social investment
 
Business Continuity Planning (BCP)     The potential impact on the group’s profitability as a result of its inability to sustain operations in the event of the head office being incapacitated.
  • BCP reviewed on an annual basis
  • Regular BCP Steering Committee meetings
  • BCP tested every year

 
  High likelihood of occurrence with fundamental impact on business model
  Medium likelihood of occurrence with material impact on business model
  Low likelihood of occurrence with moderate impact on business model