Overall responsibility for the Group’s Enterprise Risk Management lies with the Board of Directors (BoD). The BoD has delegated responsibility to the Audit, Finance, Risk, Quality and Compliance Committee (AFRQCC) for evaluating the Group’s risk and control environment.
The Group Risk Management and the Internal Audit teams support these bodies in identifying, prioritizing and reporting key risks affecting the Group’s strategic objectives and the evaluation of the effectiveness of risk mitigation activities.These include regular assessment of internal control procedures. Regional and functional management ensures that risks are managed appropriately, that existing measures and controls are operating effectively and mitigation actions are implemented.
Ongoing monitoring of the Group’s key risks and its referring risk management activities are embedded in regular management information channels and dedicated committees.
The AFRQCC meets as often as necessary to deal with any significant issues reported by Management, Internal Audit, Group Risk Management and / or External Regulators.
Group Risk Management, together with Internal Audit, facilitates the annual enterprise risk assessment process and presents the key risks to the Executive Committee (ExCo) and the AFRQCC. To ensure the Group achieves its strategic objectives, these bodies consider the appropriateness of the strategy and actions taken to mitigate these risks.
While it is acknowledged that the Group faces many risks, the BoD has identified the key inherent risks that could potentially impact the achievement of the Group’s objectives. These are outlined in the table below.