Risk Assessment Toolkit

1
SN
Department
Process
Procurement Procurement Procurement Procurement Procurement Procurement Procurement Procurement Bills, Invoices Bills, Invoices Bills, Invoices Bills, Invoices IOU
Category
Credit Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk
Risk Description
I Risk of financial loss arising from advance payments to suppliers and vendors Services and assets are procured without appropriate approval Stockout resulting from delays in the internal procurement approval process The failure of suppliers to deliver supplies and projects to time, specification and contract terms Loss of bargaining power resulting from over reliance on key suppliers Inefficient bidding process results in major purchases being made at suboptimal combination of price, quality and service Unresolved disputes and financial losses arising from unclear terms and conditions in contracts Assets additions, disposals and other movements in the fixed asset register are recorded inappropriately Payment for unauthorised procurement of assets and services Payments may be made for the procurement of fictitious services, supplies or assets Delayed payment arising from inefficiencies in the payment process resulting in loss of reputaion Inefficiencies in the payment process resulting in the over or under payment of suppliers IOUs are issued without authorisation and necessary approval
Gross L 4 3 4 3 3 2 4 2 2 2 2 2 2 3 2 3 3 4 3 3 3 1 1 2 2 1
Control 2 2 2 3 3 4 4 3 4 4 3 4 4
1 Admin 2 Admin 3 Admin 4 Admin 5 Admin 6 Admin 7 Admin 8 Admin 9 Admin 10 Admin 11 Admin 12 Admin 13 Admin
14 Admin 15 Admin 16 Admin 17 Admin 18 Admin 19 Admin 20 FINCON
IOU Receipt Receipt/ issuance Issuance Issuance Disposal Tax
Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Compliance Risk
Approved IOUs may not be used for valid business purposes Supplies do not meet specification listed in LPO or other contractual documents Items and supplies are received/issued without appropriate approval or authorisation Items are not tracked on bin cards increasing the risk of stockouts Inefficiencies in the store management process resulting in delayed issurance of requested items Assets are dispossed without appropriate authorisation and approval The company may suffer fines and penalties because of noncompliance with applicable tax regulations Mismatch between the company's assets and liability leading to its inability to settle claims and meet its other financial obligations. The value of the company's investment portfolio may be eroded as a result of volatility in the prices of securities and interest rate General economic downturn (recessions etc.) leading to erossion in the value of the company's investment portfolio Unrealistic assumptions may be used to prepare budget for the company Standard MS Excel template used for preparing budget in the company may not be robust enough for monitoring and controling budget variances
2 3 3 4 3 3 4
2 3 3 3 4 3 3
21 FINCON
Investment
Liquidity Risk
22 FINCON
Investment
Market Risk
23 FINCON 24 FINCON
Investment Budgetting
Market Risk Operational Risk
4 4
2 5
2 2
25 FINCON
Budgetting
Operational Risk
26 FINCON
Financial Reporting Operational Risk
Errors and issues during the migration of financial information from other platforms to SIRIUS leading to incomplete or inaccurate financial reporting Standard MS Excel template used for preparing critical financial reports may be corrupt or compromised leading to incomplete or inaccurate financial reports Unauthorised adjustments may be made to financial statements leading to misstated financial reports Adjustments to financial statements may be recorded incorrectly thus leading to misstated financial statements Inadequate knowledge of the reporting module in SURIUS by FINCON personnel resulting in misstatment, inaccurate or incomplete financial statements Errors and issues around exporting financial information from SIRIUS to MS Excel leading to inaccurate or incomplete financial statements Delays in sending reports and returns to regulators leading fines and sanctions Errors and issues around tranferring fixed assets information from standard MS Excel template to SIRIUS resulting in misstated financial statements e.g misstated financial statements resulting from inconsistency in depreciation charged for assest purchased The fixed asset register may not be updated timely or properly because source documents relating to asset purchase are not provided timely.
27 FINCON
28 FINCON
29 FINCON
30 FINCON
31 FINCON 32 FINCON
Financial Reporting Operational Risk Financial Reporting Compliance Risk
3 5
4 4
4 2
33 FINCON
34 FINCON
35 FINCON
Missated financial statements resulting from wrong treatment and disclosure of financial information e.g. prepayments and accruals Tax liabilities may be wrongly computed resulting in inaccurate remittance to tax authority Transactions and other entries may be entered into the system without appropriate approval The company may suffer fines from its regulators or lose certain benefits because of its failure to deduct and timely remit NHF, PAYE, pension and other regulatory deductions Failure to develop and implement certain training plans (AML) may expose the company to fines from its regulators Advances and prepayments (leave allowance, cost of passage) may be bestowed on employees before they are earned, thus exposing the company to the risk that it may not recover such payments when employees employment are terminated The company may be unable to recover loans made to employees upon the termination of their employment or resignation Deductions and other monthly payroll inputs may not be inputted in the system properly resulting in inaccurate payments to employees Inadequacies in the company's talent management and performance appriaisal system may significantly affect its ability to retain talented employees
36 FINCON 37 FINCON
Financial Reporting Operational Risk Financial Reporting Operational Risk
5 4
4 4
2 3
38 Human Capital
Payroll
Compliance Risk
39 Human Capital
Training
Compliance Risk
40 Human Capital
Payroll
Credit Risk
41 Human Capital
Loans & Advances Credit Risk
42 Human Capital
Payroll
Operational Risk
43 Human Capital
Recruitment and Development
Operational Risk
44 Human Capital 45 Human Capital Information 46 Technology Information Technology
Recruitment and Development Recruitment and Development Information Technology Information Technology
Operational Risk Operational Risk Operational Risk
The company may be unable to attract, retain and place personnel with the necessary skills to achieve its business objectives Inadequate succession planning The manual tranfer of information from iGas to SIRIUS may not guarantee the integrity and completeness of tranferred information Overreliance on a single internet service provider exposes the company to the risk that its operations would be hampered by the failure of its service provider The lack of an off-site backup location exposes the company to the risk that it may be unable to restart its operations within a reasonable timeframe in the event of a disaster Inability of systems to receive anti-virus updates exposing the company's systems to the risk that it may be compromised by virus and other malwares Unauthorised logical access to the company's computer systems resulting in loss/modification of company data and information Inadequate segregation of duties on the company's computer system resulting in unathorised user access of sensitive company information Claims payments may be made to cover losses for client's with outstanding premium balances Claims may be settled for risk not covered in client's policy Policy excess may not be deducted from final claims settlement
3 4 4
3 5 4
4 4 2
47
Operational Risk
Information 48 Technology
Information Technology
Operational Risk
49
Information Technology Information Technology Information Technology Claims Claims Claims
Operational Risk
Information 50 Technology Information Technology
Operational Risk
51
Operational Risk
Technical Operations Technical 53 Operations Technical 54 Operations 52
Claims Risk Claims Risk Claims Risk
3 4 4
3 4 4
3 3 3
55 56 57 58
Technical Operations Technical Operations Technical Operations
Claims Claims Claims Claims Claims Claims
Claims Risk Claims Risk Claims Risk Claims Risk Claims Risk Claims Risk
Inefficiencies in the claims handling process leading to delayed payments and loss of reputation Claims settlement may be processed for the wrong class of business The company may be unable to repossess salvage items, in whole or parts, after final settlement The insured may connive with internal and external parties to defraud the company Claims payment may be made to settle non-existent losses The company may suffer fines and penalties from its regulators because of delays in sending reports and returns Outstanding premium may not be recovered by the company due to inadequate follow-up by marketers and credit control personnel. The company may be unable to recover its full premium because third parties (agents, brokers, coinsurers) deduct fees and commissions not previously agreed. The company may suffer fines and penalties because of failures to make adequate provisions for doubtful debt Inefficiencies and gaps in the bank reconciliation process may hamper efforts to effectively follow-up on outstanding premiums. The company may suffer fines and penalties from its regulators because of delays in sending reports and returns. Inability to recover claims from relevant counterparties such as reinsurers and coinsurers
5 4 5 5 4 5
4 3 5 5 4 5
3 3 1 1 1 3
Technical Operations Technical 59 Operations 60 Technical Operations Technical Operations
61
Credit Control
Credit Risk
Technical 62 Operations Technical Operations Technical Operations Technical Operations Technical Operations
Credit Control
Credit Risk
63
Credit Control
Compliance Risk
64
Credit Control
Operational Risk
65 66
Credit Control Reinsurance
Compliance Risk Reinsurance Risk
5 4
5 4
3 3
67
Technical Operations Technical Operations Technical Operations Technical Operations Technical Operations Technical Operations Technical Operations
Reinsurance
Reinsurance Risk
Failure to pay reinsurance premium exposing the company to the risk of being off-cover Delays and time-lags in the process for arranging and approving coinsurance or fac-out arrangement may expose the company to the risk of being off-cover The company may exceed its treaty capacity without adequate arrangements to transfer excess risk to third parties The company may fail to recover premiums from the lead insurer on coinsurance arrangement The company may suffer fines and penalties from its regulators because of delays in sending reports and returns Reinsurance personnel may not initiate actions to transfer risks above the company's treaty limits to relevant third parties Inability to place excess risks with relevant third party (reinsurers, coinsurers) because of inadequate premium or quality of risk insured The company may incept cover for risks that have not been surveyed The company may not charge adequate premiums to cover for the risks it is assuming Historically unprofitable businesses may be renewed because claims history and other relevant information are not reviewed as part of the policy renewal process Inadequate risk analysis in the underwriting process leading to mispricing or suboptimal pricing of risks
68
Reinsurance
Reinsurance Risk
69 70 71
Reinsurance Reinsurance Reinsurance
Reinsurance Risk Reinsurance Risk Reinsurance Risk
5 5 5
4 5 5
3 3 3
72
Reinsurance
Reinsurance Risk
73 74
Reinsurance Underwriting Underwriting
Reinsurance Risk Underwriting Risk Underwriting Risk
4 5 5
4 5 4
2 2 3
Technical Operations Technical 75 Operations Technical 76 Operations Technical Operations
Underwriting
Underwriting Risk
77
Underwriting
Underwriting Risk
78
Technical Operations Technical Operations Technical Operations Technical Operations Technical Operations Technical Operations
Underwriting
Underwriting Risk
79
Underwriting
Underwriting Risk
80
Underwriting
Underwriting Risk
The company may underwrite risks for which it does not have adequate and appropriate reinsurance coverage in place Inadequate communication of set limits leading to misalignment between underwriting activities and business plan Ineffective risk analysis and poor risk differentiation resulting in mispriced risks and loss of business to competitors Inability to obtain reliable and accurate information on clients leading to bad pricing decisions Competitive pressure (rate cutting) may result in the company charging suboptimal premiums for the risks it insures The company may suffer fines and penalties from its regulators because of delays in sending reports and returns The company may be unable to gather sufficient information about its clients to fulfil KYC requirements thus exposing it to fines and sanctions from its regulators Ineffective follow-up by marketers leading to the company's inability to recover outstanding premiums Inadequate follow-up and relationship management with agents, clients, brokers and other insurance companies resulting in the failure to retain existing business and/or win new business The company may be unable to gather reliable and accurate information on its customers leading to poor products development decisions
81
Underwriting
Underwriting Risk
82
Underwriting
Underwriting Risk
83
Underwriting
Underwriting Risk
84 Marketing
Marketing
Compliance Risk
85 Marketing
Marketing
Credit Risk
86 Marketing
Marketing
Operational Risk
87 Marketing
Marketing
Operational Risk
88 Marketing
Marketing
Operational Risk
Ineffective communication channels between technical operations (underwriting, reinsurance) personnel and marketers may result in the company accepting risks it ordinarily would not accept The failure of marketers to respond timely to proposal requests and other business inquires resulting in the loss of potentially profitable business Marketers may fail to notice changing trends in the markets leading to the companys inability to respond promptly to clients' needs Insufficient knowledge of the company's products significantly limiting the ability of marketers sell effectively Marketers may connive to devert the company's business The company may suffer fines and penalties from its regulators because of delays in sending reports and returns Inadequate pre-loss assessment by risk management personnel leading to mispricing or suboptimal pricing of risk Risk management personnel may not have the skills and wherewithal to effectively perform their functions (loss adjustment, pre-loss survey) Inaccurate claims adjustments resulting in the company paying more than it should in claims settlement Third party surveyors/risk adjustors may connive with the insured to defraud the company
89 Marketing
Marketing
Operational Risk
90 Marketing
Marketing
Operational Risk
91 Marketing 92 Marketing
Marketing Marketing
Operational Risk Operational Risk
4 4 4
4 3 4
1 2 2
93 Risk Management Risk Management Compliance Risk
94 Risk Management Risk Management Operational Risk
96 Risk Management Risk Management Operational Risk 97 Risk Management Risk Management Operational Risk
5 5
2 4
2 2
Inefficiencies in the market survey process leading to the company settling claims at amounts significantly higher than prevailing market rates Inefficiencies in the pre-loss survey process resulting in significant under or over valuation of assets The company may suffer fines and penalties from its regulators because of delays in sending reports and returns The company may be unable to recover its full premium from third parties (brokers, coinsurers, reinsurers) because they deduct fees and commissions not previously agreed Inadequate follow-up resulting in the company's inability to recover unpaid premiums contributions The company may settle claims for client's with outstanding premium balances or contributions Claims may be settled for life not initially covered by client's life policy Inefficiencies in the life claims handling process leading to delayed payments and loss of reputation The assured may connive with internal and external parties to defraud the company (e.g. money laundering) The company may fail to recover claims from relevant counterparties such as reinsurers and coinsurers Inadequate risk analysis in the life underwriting process leading to mispricing or suboptimal pricing of risks
100 Life Operations
Life Operations
Compliance Risk
101 Life Operations
Life Operations
Credit Risk
102 Life Operations 103 Life Operations 104 Life Operations 105 Life Operations
Life Operations Life Operations Life Operations Life Operations
Credit Risk Operational Risk Operational Risk Operational Risk
5 5 5 5
4 4 4 4
3 5 4 4
106 Life Operations
Life Operations
Operational Risk
107 Life Operations
Life Operations
Operational Risk
108 Life Operations
Life Operations
Operational Risk
109 Life Operations 110 Life Operations 111 Life Operations
Life Operations Life Operations Life Operations
Inadequate communication of set limits leading to misalignment between life underwriting activities and business plan Poor risk differentiation resulting in mispriced risks and loss of business to competitors Inability to obtain reliable and accurate information on clients leading to poor pricing decisions Competitive pressure (rate cutting) may result in the company charging suboptimal premiums for lifes it assures The company may fail to conduct additional medical examination for assured lifes above the free cover limit The company may be unable to properly assess substandard life cases thus resulting in suboptimal premiums for lifes it assures Failure to pay reinsurance or coinsurance premiums may expose the company to the risk of being off-cover Inadequate premiums or poor quality of assured life resulting in an inability to place excess risks with reinsurers or coinsurers Poor underwriting by life operations personnel leading to inadequate risk differentiation and risk management Personnel may not respond to business inquiries timely resulting in the loss of potentially profitable business to competitors Inadequate follow-up and relationship management with clients and brokers resulting in the failure to retain existing clients or gain new businesses
5 5 4
4 4 3
3 2 3
112 Life Operations
Life Operations
Operational Risk
113 Life Operations
Life Operations
Operational Risk
114 Life Operations
Life Operations
Operational Risk
115 Life Operations
Life Operations
Operational Risk
116 Life Operations
Life Operations
Operational Risk
117 Life Operations
Life Operations
Operational Risk
118 Life Operations
Life Operations
Operational Risk
119 Life Operations
Life Operations
Operational Risk
120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152
153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185
186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218
219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250
1 Residual I 3 2 3 2 2 1 1 2 1 1 1 1 1 L 2 3 2 2 1 1 2 2 1 1 2 1 1 I 3 2 1 4 3 3 3 3 2 2 2 2 2 Gross L 3 3 3 3 5 4 3 4 1 1 3 2 2
2 Control 2 3 3 3 2 3 2 3 4 4 3 4 4 Residual I 2 2 1 3 2 2 3 3 1 1 1 2 1 L 3 1 2 3 4 3 2 3 1 1 2 1 1 I 3 3 4 3 3 2 2 2 3 3 3 3 3 Gross L 3 3 5 3 4 2 1 3 1 1 4 2 3
3 Control Residual I 2 2 3 3 2 1 1 2 3 2 3 2 3 L 2 1 4 3 3 1 1 3 1 1 3 3 3 I 3 4 3 3 3 3 3 3 4 4 3 3 3 Gross L 1 2 4 3 4 5 2 4 3 3 3 4 5
2 3 3 3 3 3
2 3 3 3 4 3 3
3 2 3 3 2 3 4
1 2 1 3 2 3 4
2 1 2 2 2 1 2
3 3 2 3 2 3 4
1 4 4 5 4 3 3 4
3 3 2 3 2 3 4
1 4 4 4 3 1 2
3 3 3 2 2 3 4
3 3 3 3 3 3 3
2 3
2 2
4 4
2 3
2 2
3 4
2 3
5 4
3 4
3 3
4 4
2 2
5 4
3 4
2 3
1 3
2 4
3 3
4 4
1 4
1 1
3 4
2 2
4 4
3 4
1 1
3 3
2 3
3 3
4 4
2 3
2 5
3 2
1 3
2 2
4 3
4 3
4 3
3 3
2 2
3 3
3 2
3 2 4
3 2 4
3 4 4
3 3 5
4 3 2
2 3 4
1 2 5
4 4 2
3 3 3
3 3 3
4 4 2
2 1 2
4 4
3 3
1 3 3
1 2 3
3 3 3
1 2 1
3 3 3
2 3 2
1 1 1
3 4 3
1 1 3
3 3 3
2 4 3
1 1 3
4 2 2
3 1 2
5 3 3 3 3 4
3 2 4 3 3 2
3 3 2 3 2 4
3 1 3 3 1 3
3 3 3 3 4 4
2 3 2 2 1 4
2 1 3 3 1 3
4 3 3 4 5 4
3 2 3 2 1 1
3 3 3 3 3 3
3 3 3 4 5 4
2 2 3 2 1 1
4 3 2 2 4 4
3 1 3 1 1 1
4 3
2 3
3 3
3 4
3 3
3 3
2 3
5 5
4 3
2 2
5 5
3 3
4 4
1 2
3 4 4
3 3 3
3 3 3
4 4 4
3 3 3
2 2 3
1 1 3
5 5 4
3 3 3
3 3 3
5 5 4
2 2 1
4 3 4
2 3 2
4 4 3
4 4 3
3 2 2
2 3 3
3 3 3
2 2 2
1 2 1
4 4 3
3 3 2
3 2 3
3 4 3
1 3 1
3 2 3
4 4 3
4 4 3
4 3 2
5 4 5
5 3 4
2 2 3
4 4 4
3 3 3
5 4 4
5 4 3
4 3 4
3 2 2
3 2 2
5 5 5
5 5 5
4 4
2 3
5 5
3 5
4 2
4 3
3 5
4 3
4 3
3 3
2 2
2 2
5 5
5 4
2 2 3 2
2 1 1 1
5 5 5 5
4 3 5 4
3 4 2 1
5 3 5 5
4 3 5 5
4 4 3 4
4 4 3 4
4 4 4 4
2 2 2 3
2 2 2 3
5 5 5 4
5 4 5 4
1 3 2
2 3 1
3 4 3
3 4 3
4 3 4
2 2 2
2 1 2
4 5 5
4 5 5
5 Control 3 4 3 3 4 3 3 3 3 4 4 4 4 Residual I 3 3 2 3 2 3 3 3 3 3 2 2 2 L 2 1 2 2 1 1 1 2 1 1 2 1 1 I 2 4 2 4 3 2 2 3 2 2 2 2 2 Gross L 3 4 3 3 4 3 3 4 1 3 2 2 3
6 Control Residual I 1 1 2 1 2 1 2 2 1 2 1 1 1 L 2 1 1 1 2 1 1 2 1 1 1 1 1 I 4 4 3 4 3 3 4 2 3 3 3 3 3 Gross
2 3 3 2 2 3 3 3
1 1 1 3 2 1 3
2 3 2 2 2 3 3
2 3 3 3 3 2 3
3 4 4 3 3 4 3
2 3 2 2 2 3 3
1 1 1 2 1 1 2
2 2 2 2 3 2 3
2 2 3 2 2 2 3 3
2 1 1 1 1 1 2
1 1 1 1 1 1 2
3 3 3 2 2 3 3
2 4
5 4
3 2
3 4
3 3
3 3
3 4
2 2
3 4
3 4
4 3
1 2
2 2
4 3
3 3
3 3
1 1
2 3
3 3
3 3
2 3
1 2
2 4
2 4
4 3
1 3
1 3
2 3
3 4
3 3
3 1
3 2
3 3
3 4
3 2
2 1
3 3
3 3
4 4
2 1
2 1
3 3
3 3
4 4
2 3
3 3
3 4
3 3
3 3
2 3
3 4 4
3 3 3
3 4 2
2 2 3
3 1 3
3 4 3
3 4 4
2 2 2
1 1 1
3 3 2
2 3 1
3 2 2
3 3 2
1 2 1
3 4 2
5 3 3
3 3 3
2 4 2
1 1 1
4 5 3
3 4 3 3 4 4
2 3 2 4 3 4
1 1 1 1 1 1
4 4 3 4 3 4
4 1 3 3 1 3
3 2 2 1 2 3
3 3 2 4 3 4
2 1 2 2 1 1
5 4 2 5 3 2
4 2 3 4 3 3
3 3 3 3 3 3
4 4 2 5 2 2
3 1 3 2 1 3
4 5 3 4 4 4
4 3
4 4
1 1
4 3
3 3
3 2
4 3
1 2
3 4
5 4
3 3
3 2
3 2
4 5
3 3 3
4 3 4
2 3 1
3 3 4
2 3 3
3 3 3
2 2 4
1 2 1
5 2 2
4 3 3
3 3 3
5 3 1
1 1 1
5 4 4
3 3 3
3 2 3
4 2 2
4 4 4
1 3 2
3 2 3
4 4 2
1 3 1
3 3 3
3 3 3
3 3 3
3 3 2
3 3 2
5 4 4
1 1 3
3 4 3
3 5 3
3 4 4
3 5 4
2 1 3
2 4 3
2 5 3
4 4 3
4 4 4
3 3 3
2 2 2
2 2 2
3 3 2
3 3
3 3
3 4
4 4
3 4
3 2
3 3
3 3
4 4
4 4
4 3
1 2
1 2
3 3
2 3 3 3 3 3 3 2 2 3
3 1 2 2
2 1 2 2
3 4 3 3
2 1 1 1
2 1 1 1
4 4 4 4
4 5 5 4
4 4 4 3
2 2 1 2
2 2 1 2
3 3 3 3
3 2 2
3 3 3
3 4 4
2 4 4
3 4 5
3 2 1
2 4 4
2 4 5
5 5 4
4 5 5
2 2 2
3 3 3
3 4 4
2 3 3
7 Gross L 3 4 4 3 3 3 4 4 1 1 3 2 3 Control Residual I 3 2 2 2 2 3 3 2 2 3 3 3 3 L 3 3 3 3 3 3 3 4 1 1 1 1 1 I 3 4 3 3 3 3 4 4 4 4 4 4 4 Gross L 2 2 3 1 2 1 1 2 1 1 2 1 2
9 Control Residual I 2 3 4 4 4 4 3 4 4 4 3 3 3 L 2 4 4 3 4 4 3 5 1 1 3 2 3
4 4 5 3 3 4 3 3
3 3 3 2 2 3 3
1 2 2 2 3 1 2
2 4 4 2 3 3 4
2 2 2 2 2 1 2 3
1 2 2 2 2 1 3
1 1 1 1 2 1 2
3 3 3 3 3 4 5
3 3 4 3 4 4 5 3
3 3 2 3 3 4 5
2 4 2 3 3 2 3
2 3
2 3
4 3
2 2
4 4
2 3
4 4
1 1
1 1
5 4
5 5
3 2
5 4
3 4
1 3
4 3
2 3
1 2
2 4
1 2
4 3
1 2
1 1
3 4
3 4
3 3
3 4
2 4
3 3
3 4
3 3
2 1
2 3
3 2
3 3
1 2
2 1
5 3
5 3
3 3
5 3
3 3
2 3 3
4 4 3
3 4 3
1 2 2
3 4
2 3
3 4
2 3
1 2
4 4
4 4
4 4
4 4
3 2
1 1 1
3 3 3
3 4 3
1 1 1
4 5 4
4 4 2
3 3 3
2 2 2
1 1 1
4 3 3
2 2 3
4 4 4
3 1 2
1 1 2
1 1 2 1 1 1
3 4 2 3 3 3
3 4 3 3 4 4
2 1 3 1 1 1
4 4 4 3 4 5
3 3 4 4 4 5
3 3 3 3 3 3
3 2 3 2 2 4
2 1 4 1 1 3
4 2 4 4 4 4
3 4 3 3 3 3
3 4 3 3 3 3
2 3 2 3 3 3
4 2 4 1 2 2
1 1
3 3
3 4
1 1
4 4
4 4
3 3
3 2
2 2
4 4
3 4
3 3
3 3
2 2
1 2 1
3 3 3
5 4 4
2 4 1
4 4 4
4 4 4
3 3 3
2 3 2
1 3 2
4 4 4
3 4 3
3 3 3
3 3 3
2 2 2
1 2 1
3 2 3
5 4 4
2 3 2
4 5 4
4 5 4
3 3 3
2 3 3
2 3 2
3 4
3 4
3 3
3 3
2 3
2 3 2
1 2 3
2 3 1
1 3 1
3 3 3
3 5 2
1 1 3
2 3 3
1 3 2
4 3
3 3
2 2
2 2
2 3
2 2
3 2
2 2
2 1
4 4
4 4
3 3
3 3
3 3
2 1 2 1
3 3 3 3
1 1 2 2
1 1 2 2
3 3 3 3
3 1 2 3
3 3 3 2
3 3 2 2
3 2 2 2
4 4 3 3
3 3 2 4
3 4 4 4
3 2 2 2
3 1 1 2
2 4 4
3 2 3
1 3 2
1 3 2
2 2 3
2 2 3
3 2 2
2 2 3
1 1 2
3 4 4
4 4 4
3 2 3
2 3 3
2 3 3
10 Gross I 3 4 3 4 4 4 3 3 2 3 3 3 4 L 3 3 3 3 4 3 2 3 2 3 3 3 3 Control Residual I 2 2 2 2 3 2 2 2 2 2 2 2 2 L 2 1 1 2 2 1 2 3 2 2 2 2 2 I 3 3 3 2 3 3 2 2 2 3 2 2 1 1 1 1 3 3 Gross L 3 3 3 3 4 2 3
11 Control 3 4 3 4 3 3 2 3 4 4 3 3 3 Residual I 2 3 3 2 3 3 2 2 2 3 2 2 1 L 1 3 3 2 2 2 1 3 1 1 1 2 1 I Gross L
12 Control Residual I
3 2 3 3 3 4 4
3 2 3 4 3 3 3
2 2 2 2 2 3 4
1 1 3 3 3 2 3
2 2 2 2 3 3 4
2 2 2 2 1 3 3
2 3 2 2 3 4 3
2 2 1 2 3 3 4
1 1 2 2 1 1 3
3 4
3 3
3 3
2 3
3 3
3 3
2 4
3 3
3 3
3 3
3 3
3 3
2 3
1 2
3 3
2 3
3 3
3 3
2 3
3 3
3 3
3 4
3 2
2 2
3 3
3 4
3 3
3 3
3 4
3 3
4 3
3 3
3 3
3 3
3 4
3 3
3 4
5 2 2
2 2 3
3 3 3
2 1 1
2 1 2
4 4 3
3 3 3
3 3 3
3 2 2
1 1 2
3 3 3
2 1 2
3 3 4
2 2 1
5 5 3 5 4 5
4 3 3 4 3 3
3 3 3 3 3 3
1 4 3 4 3 4
2 3 2 4 2 2
4 3 3 4 3 4
3 3 3 3 3 3
3 3 3 3 3 3
3 2 2 3 2 4
3 1 2 3 1 2
3 2 3 3 2 3
3 2 3 3 1 2
3 3 2 3 4 3
2 1 1 2 1 1
5 5
3 3
3 2
4 4
2 4
4 3
3 3
3 3
3 3
2 2
3 3
2 2
3 3
1 1
5 5 5
4 3 3
2 1 3
4 4 4
2 3 2
4 3 3
3 3 3
3 3 3
3 3 3
2 3 2
3 3 2
2 3 2
3 3 4
1 1 1
5 5 5
4 4 3
1 3 3
5 5 4
5 3 3
4 4 4
4 4 4
3 3
3 3 3
3 3 3
4 4 4
2 3 2
3 3 3
2 2 2
4 4 3
5 4 2
1 1 2
4 4 2
4 1 2
4 3 3
3 3 3
2 2 2
2 2 2
2 1 1
3 4 4
2 2 2
2 1 3
2 4 3
4 4
3 4
4 4
2 2
2 2
3 3
3 3
3 3
2 2
2 2
4 4
3 3
3 2
3 3
4 4 3 4
4 3 3 3
3 4 3 3
3 3 3 3
3 1 1 2
4 3 3 4
3 3 3 4
2 4 4 3
3 2 2 3
3 1 1 3
3 4 3 4
3 3 3 3
3 4 4 3
2 1 1 2
4 4 3
3 4 3
2 2 1
3 3 3
3 3 3
3 4 3
3 4 3
2 2 2
2 3 3
2 3 3
3 4 3
3 3 3
3 2 3
1 3 2
13 Residual L I Gross L Control Residual I L I Gross L
14 Control Residual I L I Gross L
15 Control
1 1 1
1 1 1 2 1 1
1 1
1 1 1
1 2 1
2 4 2
2 4 4
1 2 3
3 2 3
1 2 2
1 2 2
3 4 4
3 3 3
4 2 3
2 3 3
1 2 2
2 2
5 5
4 4
3 3
2 3
2 2
5 5
4 3
3 2
1 2
2 2
3 1 1 2
4 4 4 4
3 2 1 2
2 4 4 4
3 2 1 2
3 2 1 2
3 4 4 3
3 1 2 2
3 3 3 3
3 1 1 2
2 1 1 1
1 2 2
4 5 5
4 4 4
1 1 2
4 4 3
4 4 3
3 3 3
3 3 3
2 2 2
2 2 2
2 2 2
15 Residual I L I Gross L
18
20 Control Residual I L I Gross
21
21 Gross L Control Residual I L I Gross L
23 Control Residual I L
24 Gross I L Control Residual I L I Gross L
26 Control Residual I
27 Residual L I Gross L Control Residual I L I Gross L
29 Control
29 Residual I L I Gross L
30 Control Residual I L
SN
1 Admin 2 Admin 3 Admin 4 Admin 5 Admin 6 Admin 7 Admin 8 Admin 9 Admin 10 Admin 11 Admin 12 Admin 13 Admin 14 Admin 15 Admin 16 Admin 17 Admin 18 Admin 19 Admin
Department
Process
Procurement Procurement Procurement Procurement Procurement Procurement Procurement Procurement Bills, Invoices Bills, Invoices Bills, Invoices Bills, Invoices IOU IOU Receipt Receipt/ issuance Issuance Issuance Disposal Tax Credit Risk
Category
Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Compliance Risk
20 FINCON
21 FINCON
Investment
Liquidity Risk
22 FINCON
Investment
Market Risk
23 FINCON 24 FINCON
Investment Budgetting
Market Risk Operational Risk
25 FINCON
Budgetting
Operational Risk
26 FINCON
Financial Reporting
Operational Risk
27 FINCON
Financial Reporting
Operational Risk
28 FINCON
Financial Reporting
Operational Risk
29 FINCON
Financial Reporting
Operational Risk
30 FINCON
Financial Reporting
Operational Risk
31 FINCON 32 FINCON
Financial Reporting Financial Reporting
Operational Risk Compliance Risk
33 FINCON
Financial Reporting
Operational Risk
34 FINCON
Financial Reporting
Operational Risk
35 FINCON
Financial Reporting
Operational Risk
36 FINCON 37 FINCON
Financial Reporting Financial Reporting
38 Human Capital
Payroll
Compliance Risk
39 Human Capital
Training
Compliance Risk
40 Human Capital
Payroll
Credit Risk
41 Human Capital
Loans & Advances
Credit Risk
42 Human Capital
Payroll
Operational Risk
43 Human Capital
Recruitment and Development Recruitment and Development Recruitment and Development Information Technology Information Technology
Operational Risk
44 Human Capital 45 Human Capital 46 Information Technology
47 Information Technology
Operational Risk
Operational Risk
Operational Risk
Operational Risk
Information Technology Claims Claims Claims Claims Claims Claims Claims Claims Claims
Operational Risk
52 Technical Operations 53 Technical Operations 54 Technical Operations 55 Technical Operations 56 Technical Operations 57 Technical Operations 58 Technical Operations 59 Technical Operations 60 Technical Operations
Claims Risk Claims Risk Claims Risk Claims Risk Claims Risk Claims Risk Claims Risk Claims Risk Claims Risk
61 Technical Operations
Credit Control
Credit Risk
Credit Control
Credit Risk
Credit Control
Compliance Risk
Credit Control
Operational Risk
Credit Control
Compliance Risk
66 Technical Operations 67 Technical Operations
Reinsurance Reinsurance
Reinsurance Risk Reinsurance Risk
Reinsurance
Reinsurance Risk
Reinsurance
Reinsurance Risk
Reinsurance
Reinsurance Risk
Reinsurance
Reinsurance Risk
Reinsurance
Reinsurance Risk
73 Technical Operations 74 Technical Operations 75 Technical Operations
Underwriting
Underwriting Risk
Underwriting
Underwriting Risk
Underwriting
Underwriting Risk
Underwriting
Underwriting Risk
Underwriting
Underwriting Risk
Underwriting
Underwriting Risk
Underwriting
Underwriting Risk
Underwriting
Underwriting Risk
84 Marketing
Marketing
Compliance Risk
85 Marketing
Marketing
Credit Risk
86 Marketing
Marketing
Operational Risk
87 Marketing
Marketing
Operational Risk
88 Marketing
Marketing
Operational Risk
89 Marketing
Marketing
Operational Risk
90 Marketing
Marketing
Operational Risk
91 Marketing 92 Marketing 93 Risk Management
Marketing Marketing Risk Management
Operational Risk Operational Risk Compliance Risk
94 Risk Management
Risk Management
Operational Risk
95 Risk Management
Risk Management
Operational Risk
96 Risk Management
Risk Management
Operational Risk
97 Risk Management
Risk Management
Operational Risk
98 Risk Management
Risk Management
Operational Risk
99 Risk Management
Risk Management
Operational Risk
100 Life Operations
Life Operations
Compliance Risk
101 Life Operations
Life Operations
Credit Risk
Credit Risk Operational Risk Operational Risk Operational Risk
106 Life Operations
Life Operations
Operational Risk
107 Life Operations
Life Operations
Operational Risk
108 Life Operations
Life Operations
Operational Risk
112 Life Operations
Life Operations
Operational Risk
113 Life Operations
Life Operations
Operational Risk
114 Life Operations
Life Operations
Operational Risk
115 Life Operations
Life Operations
Operational Risk
116 Life Operations
Life Operations
Operational Risk
117 Life Operations
Life Operations
Operational Risk
118 Life Operations
Life Operations
Operational Risk
119 Life Operations 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150
Life Operations
Operational Risk
151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200
201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250
Risk Description
Risk of financial loss arising from advance payments to suppliers and vendors Services and assets are procured without appropriate approval Stockout resulting from delays in the internal procurement approval process The failure of suppliers to deliver supplies and projects to time, specification and contract terms Loss of bargaining power resulting from over reliance on key suppliers Inefficient bidding process results in major purchases being made at suboptimal combination of price, quality and service Unresolved disputes and financial losses arising from unclear terms and conditions in contracts Assets additions, disposals and other movements in the fixed asset register are recorded inappropriately Payment for unauthorised procurement of assets and services Payments may be made for the procurement of fictitious services, supplies or assets Delayed payment arising from inefficiencies in the payment process resulting in loss of reputaion Inefficiencies in the payment process resulting in the over or under payment of suppliers IOUs are issued without authorisation and necessary approval Approved IOUs may not be used for valid business purposes Supplies do not meet specification listed in LPO or other contractual documents Items and supplies are received/issued without appropriate approval or authorisation Items are not tracked on bin cards increasing the risk of stockouts Inefficiencies in the store management process resulting in delayed issurance of requested items Assets are dispossed without appropriate authorisation and approval The company may suffer fines and penalties because of noncompliance with applicable tax regulations
I 3.09 3.45 3.00 3.45 3.18 2.91 3.00 2.82 2.82 3.00 2.73 2.73 2.64 2.45 2.82 2.73 2.55 2.64 3.09 3.82
Gross L 2.64 2.91 3.64 3.00 3.82 3.00 2.64 3.50 1.36 1.73 2.73 2.45 2.82 2.36 2.82 3.18 3.00 3.00 2.82 3.09
LR
Medium Medium Medium
Medium
Medium
Medium
Medium
Medium
Medium Medium
Medium
Medium Medium Medium Medium Medium Medium
Medium
Medium
High
Mismatch between the company's assets and liability leading to its inability to settle claims and meet its other financial obligations. The value of the company's investment portfolio may be eroded as a result of volatility in the prices of securities and interest rate General economic downturn (recessions etc.) leading to erossion in the value of the company's investment portfolio Unrealistic assumptions may be used to prepare budget for the company Standard MS Excel template used for preparing budget in the company may not be robust enough for monitoring and controling budget variances Errors and issues during the migration of financial information from other platforms to SIRIUS leading to incomplete or inaccurate financial reporting Standard MS Excel template used for preparing critical financial reports may be corrupt or compromised leading to incomplete or inaccurate financial reports Unauthorised adjustments may be made to financial statements leading to misstated financial reports Adjustments to financial statements may be recorded incorrectly thus leading to misstated financial statements Inadequate knowledge of the reporting module in SURIUS by FINCON personnel resulting in misstatment, inaccurate or incomplete financial statements Errors and issues around exporting financial information from SIRIUS to MS Excel leading to inaccurate or incomplete financial statements Delays in sending reports and returns to regulators leading fines and sanctions Errors and issues around tranferring fixed assets information from standard MS Excel template to SIRIUS resulting in misstated financial statements e.g misstated financial statements resulting from inconsistency in depreciation charged for assest purchased The fixed asset register may not be updated timely or properly because source documents relating to asset purchase are not provided timely.
3.55
3.00
High
3.82
3.36
High
3.91 3.82
2.82 3.64
High
High
3.45
3.91
Medium
3.55
3.64
High
3.27
3.18
Medium
3.36
2.91
Medium
3.18
3.18
Medium
3.09
2.91
Medium
2.55 3.64
2.36 3.09
Medium
High
2.91
2.91
Medium
3.09
3.36
Medium
Missated financial statements resulting from wrong treatment and disclosure of financial information e.g. prepayments and accruals Tax liabilities may be wrongly computed resulting in inaccurate remittance to tax authority Transactions and other entries may be entered into the system without appropriate approval The company may suffer fines from its regulators or lose certain benefits because of its failure to deduct and timely remit NHF, PAYE, pension and other regulatory deductions Failure to develop and implement certain training plans (AML) may expose the company to fines from its regulators Advances and prepayments (leave allowance, cost of passage) may be bestowed on employees before they are earned, thus exposing the company to the risk that it may not recover such payments when employees employment are terminated The company may be unable to recover loans made to employees upon the termination of their employment or resignation Deductions and other monthly payroll inputs may not be inputted in the system properly resulting in inaccurate payments to employees Inadequacies in the company's talent management and performance appriaisal system may significantly affect its ability to retain talented employees The company may be unable to attract, retain and place personnel with the necessary skills to achieve its business objectives Inadequate succession planning The manual tranfer of information from iGas to SIRIUS may not guarantee the integrity and completeness of tranferred information Overreliance on a single internet service provider exposes the company to the risk that its operations would be hampered by the failure of its service provider The lack of an off-site backup location exposes the company to the risk that it may be unable to restart its operations within a reasonable timeframe in the event of a disaster
3.18
3.18
Medium
3.27 3.00
3.27 3.18
Medium
Medium
3.45
2.82
Medium
3.45
3.45
Medium
3.09
3.73
Medium
3.09
3.91
Medium
2.64
2.73
Medium
3.27
3.27
Medium
3.27 3.73 3.40
3.00 3.45 3.60
Medium
High
Medium
3.64
3.55
High
4.36
4.18
High
Inability of systems to receive anti-virus updates exposing the company's systems to the risk that it may be compromised by virus and other malwares Unauthorised logical access to the company's computer systems resulting in loss/modification of company data and information Inadequate segregation of duties on the company's computer system resulting in unathorised user access of sensitive company information Claims payments may be made to cover losses for client's with outstanding premium balances Claims may be settled for risk not covered in client's policy Policy excess may not be deducted from final claims settlement Inefficiencies in the claims handling process leading to delayed payments and loss of reputation Claims settlement may be processed for the wrong class of business The company may be unable to repossess salvage items, in whole or parts, after final settlement The insured may connive with internal and external parties to defraud the company Claims payment may be made to settle non-existent losses The company may suffer fines and penalties from its regulators because of delays in sending reports and returns Outstanding premium may not be recovered by the company due to inadequate follow-up by marketers and credit control personnel. The company may be unable to recover its full premium because third parties (agents, brokers, coinsurers) deduct fees and commissions not previously agreed. The company may suffer fines and penalties because of failures to make adequate provisions for doubtful debt Inefficiencies and gaps in the bank reconciliation process may hamper efforts to effectively follow-up on outstanding premiums. The company may suffer fines and penalties from its regulators because of delays in sending reports and returns.
3.45
3.55
Medium
3.30
2.70
Medium
3.50
2.90
High
3.58 3.50 2.83 4.08 3.50 3.08 3.83 3.50 4.00
2.42 2.25 2.33 3.17 2.17 3.17 3.00 2.17 2.75
High High Medium
High
High
Medium
High High
High
3.75
3.33
High
3.58
3.67
High
3.67
2.83
High
3.50
3.08
High
4.00
3.08
High
Inability to recover claims from relevant counterparties such as reinsurers and coinsurers Failure to pay reinsurance premium exposing the company to the risk of being off-cover Delays and time-lags in the process for arranging and approving coinsurance or fac-out arrangement may expose the company to the risk of being off-cover The company may exceed its treaty capacity without adequate arrangements to transfer excess risk to third parties The company may fail to recover premiums from the lead insurer on coinsurance arrangement The company may suffer fines and penalties from its regulators because of delays in sending reports and returns Reinsurance personnel may not initiate actions to transfer risks above the company's treaty limits to relevant third parties Inability to place excess risks with relevant third party (reinsurers, coinsurers) because of inadequate premium or quality of risk insured The company may incept cover for risks that have not been surveyed The company may not charge adequate premiums to cover for the risks it is assuming Historically unprofitable businesses may be renewed because claims history and other relevant information are not reviewed as part of the policy renewal process Inadequate risk analysis in the underwriting process leading to mispricing or suboptimal pricing of risks The company may underwrite risks for which it does not have adequate and appropriate reinsurance coverage in place Inadequate communication of set limits leading to misalignment between underwriting activities and business plan Ineffective risk analysis and poor risk differentiation resulting in mispriced risks and loss of business to competitors Inability to obtain reliable and accurate information on clients leading to bad pricing decisions Competitive pressure (rate cutting) may result in the company charging suboptimal premiums for the risks it insures
3.92 4.08
3.08 3.08
High
High
3.92
3.08
High
4.17
3.00
High
3.67
3.33
High
3.67
3.00
High
4.08
3.08
High
3.83 3.83 3.73
2.92 3.58 2.82
High
High High
3.92
3.50
High
3.83
3.25
High
4.25
3.17
High
3.36
2.91
Medium
3.58
3.17
High
3.42
3.00
Medium
3.58
3.33
High
The company may suffer fines and penalties from its regulators because of delays in sending reports and returns The company may be unable to gather sufficient information about its clients to fulfil KYC requirements thus exposing it to fines and sanctions from its regulators Ineffective follow-up by marketers leading to the company's inability to recover outstanding premiums Inadequate follow-up and relationship management with agents, clients, brokers and other insurance companies resulting in the failure to retain existing business and/or win new business The company may be unable to gather reliable and accurate information on its customers leading to poor products development decisions Ineffective communication channels between technical operations (underwriting, reinsurance) personnel and marketers may result in the company accepting risks it ordinarily would not accept The failure of marketers to respond timely to proposal requests and other business inquires resulting in the loss of potentially profitable business Marketers may fail to notice changing trends in the markets leading to the companys inability to respond promptly to clients' needs Insufficient knowledge of the company's products significantly limiting the ability of marketers sell effectively Marketers may connive to devert the company's business The company may suffer fines and penalties from its regulators because of delays in sending reports and returns Inadequate pre-loss assessment by risk management personnel leading to mispricing or suboptimal pricing of risk Risk management personnel may not have the skills and wherewithal to effectively perform their functions (loss adjustment, pre-loss survey) Inaccurate claims adjustments resulting in the company paying more than it should in claims settlement
3.83
3.00
High
3.57
3.93
High
3.85
3.46
High
3.93
3.64
High
3.93
3.50
High
4.07
4.00
High
3.07
2.57
Medium
3.79
3.71
High
3.71 3.85 3.71
3.50 3.54 3.14
High
High
High
3.86
3.64
High
3.57
3.21
High
4.07
3.43
High
Third party surveyors/risk adjustors may connive with the insured to defraud the company Inefficiencies in the market survey process leading to the company settling claims at amounts significantly higher than prevailing market rates Inefficiencies in the pre-loss survey process resulting in significant under or over valuation of assets The company may suffer fines and penalties from its regulators because of delays in sending reports and returns The company may be unable to recover its full premium from third parties (brokers, coinsurers, reinsurers) because they deduct fees and commissions not previously agreed Inadequate follow-up resulting in the company's inability to recover unpaid premiums contributions The company may settle claims for client's with outstanding premium balances or contributions Claims may be settled for life not initially covered by client's life policy Inefficiencies in the life claims handling process leading to delayed payments and loss of reputation The assured may connive with internal and external parties to defraud the company (e.g. money laundering) The company may fail to recover claims from relevant counterparties such as reinsurers and coinsurers Inadequate risk analysis in the life underwriting process leading to mispricing or suboptimal pricing of risks Inadequate communication of set limits leading to misalignment between life underwriting activities and business plan Poor risk differentiation resulting in mispriced risks and loss of business to competitors Inability to obtain reliable and accurate information on clients leading to poor pricing decisions Competitive pressure (rate cutting) may result in the company charging suboptimal premiums for lifes it assures The company may fail to conduct additional medical examination for assured lifes above the free cover limit
4.07
3.57
High
3.57
3.14
High
3.86
3.71
High
4.21
3.71
High
4.00
3.57
High
3.86 3.79 3.57 3.71
3.36 2.71 3.00 3.14
High
High High
High
3.64
3.00
High
3.85
3.69
High
3.85
3.54
High
3.31 4.00 3.62
3.23 3.85 3.69
Medium
High
High
4.00
3.92
High
3.54
3.38
High
The company may be unable to properly assess substandard life cases thus resulting in suboptimal premiums for lifes it assures Failure to pay reinsurance or coinsurance premiums may expose the company to the risk of being off-cover Inadequate premiums or poor quality of assured life resulting in an inability to place excess risks with reinsurers or coinsurers Poor underwriting by life operations personnel leading to inadequate risk differentiation and risk management Personnel may not respond to business inquiries timely resulting in the loss of potentially profitable business to competitors Inadequate follow-up and relationship management with clients and brokers resulting in the failure to retain existing clients or gain new businesses
3.23
2.85
Medium
4.31
3.46
High
3.62
3.08
High
3.62
3.31
High
3.38
3.23
Medium
3.64
3.27
High
Control Fair Fair Fair Fair Fair Fair Fair Fair Good Good Fair Good Good Fair Fair Fair Fair Fair Good Fair
I 2.18 2.18 2.36 2.36 2.36 2.18 2.18 2.36 2.27 2.45 2.18 2.09 2.00 2.00 2.40 1.90 2.20 2.10 2.70 3.36
Residual L 1.91 1.91 2.36 2.27 2.45 2.09 1.73 2.82 1.09 1.09 1.91 1.64 1.64 1.18 1.70 1.90 2.30 2.10 1.20 2.27
LR
Medium Medium Medium
Medium
Medium
Medium
Medium
Medium
Low Low
Medium
Medium Medium Low Medium Medium Medium
Medium
Medium
Medium
Good
2.80
1.50
Medium
Fair
3.18
2.00
Medium
Fair Fair
3.09 3.18
2.18 2.36
Medium
Medium
Fair
3.18
3.09
Medium
Fair
3.00
2.45
Medium
Good
2.55
1.91
Medium
Fair
2.73
1.36
Medium
Fair
2.64
1.82
Medium
Good
2.36
1.45
Low
Good Fair
2.09 3.18
1.18 2.09
Low
Medium
Fair
2.45
2.00
Medium
Fair
2.64
2.64
Medium
Fair
2.73
2.55
Medium
Fair Fair
2.73 2.55
2.45 2.00
Medium
Medium
Good
3.00
1.55
Medium
Fair
2.91
2.27
Medium
Fair
2.82
3.09
Medium
Fair
2.73
3.45
Medium
Good
2.18
1.36
Low
Good
2.91
2.18
Medium
Fair Good Poor
3.00 3.18 3.20
2.18 2.27 3.20
Medium
Medium
Medium
Poor
3.36
3.27
Medium
Poor
4.09
3.55
High
Fair
3.45
3.09
Medium
Fair
3.10
1.70
Medium
Fair
2.70
1.70
Medium
Fair Fair Fair Fair Fair Fair Fair Fair Fair
2.25 2.58 2.08 2.75 2.92 2.33 3.25 2.67 3.50
1.08 1.17 1.58 2.25 1.42 2.67 2.08 1.33 1.83
Low Medium Medium
Medium
Medium
Medium
Medium Medium
High
Fair
3.08
2.67
Medium
Fair
3.00
2.58
Medium
Fair
2.83
1.75
Medium
Fair
2.67
2.33
Medium
Fair
3.33
1.83
Medium
Fair Fair
3.08 3.00
2.17 1.92
Medium
Medium
Fair
3.08
2.33
Medium
Fair
3.25
1.67
Medium
Fair
3.08
2.33
Medium
Fair
3.08
1.67
Medium
Fair
3.33
2.00
Medium
Fair Fair Fair
3.25 3.25 2.82
2.42 2.83 1.91
Medium
Medium Medium
Fair
3.08
2.33
Medium
Fair
2.92
2.08
Medium
Fair
3.08
1.92
Medium
Fair
2.64
1.91
Medium
Fair
2.58
2.42
Medium
Fair
2.67
2.17
Medium
Fair
2.92
2.50
Medium
Fair
3.17
1.92
Medium
Fair
2.15
2.36
Medium
Fair
2.31
2.31
Medium
Fair
2.71
2.50
Medium
Poor
3.43
3.21
Medium
Poor
2.93
2.93
Medium
Fair
2.14
1.93
Medium
Poor
2.93
2.79
Medium
Poor Poor Fair
2.57 3.15 2.57
2.29 2.77 2.07
Medium
Medium
Medium
Fair
2.64
2.43
Medium
Fair
2.36
2.14
Medium
Fair
2.43
2.21
Medium
Fair
2.57
2.50
Medium
Fair
2.07
2.14
Medium
Fair
2.86
2.86
Medium
Fair
2.57
2.14
Medium
Fair
2.29
2.36
Medium
Fair Good Fair Fair
2.62 2.00 2.07 2.43
2.54 1.50 1.57 2.21
Medium
Medium Medium
Medium
Fair
2.36
2.21
Medium
Poor
2.85
2.92
Medium
Fair
2.54
2.15
Medium
Fair Poor Poor
2.15 2.92 2.69
2.15 2.85 2.77
Medium
Medium
Medium
Fair
2.77
2.69
Medium
Fair
2.17
2.33
Medium
Fair
2.15
2.08
Medium
Fair
2.38
1.92
Medium
Fair
2.23
2.00
Medium
Fair
2.54
2.46
Medium
Poor
2.54
2.38
Medium
Fair
2.45
2.27
Medium
Distribution - Level of Risk (Gross)

Distribution - Gross Risk High 71 Medium 48 Low 0 0%
Distribution - Level of Risk (Gross)

Distribution - Control Effectiveness Excellent 0 Good 14 Fair 93 Poor 12 Very Poor 0
0% 10%
0%
12%
40%
High Medium
Excellent Good
60%
Fair
Low
78%
Poor Very Poor
Distribution - Residual Risk High 2 Medium 110 Low 7
Distribution - Level of Risk (Residual)

2% 6%
High Medium
Low
Distribution - Risk Category Claims Risk Compliance Risk Credit Risk Liquidity Risk Market Risk Operational Risk Reinsurance Risk Underwriting Risk
Distribution - Risk Category

9 9 8 1 2 72 8 10
7%
8% 7% 8% 7%
Claims Risk
1% 2%
Compliance Risk
Credit Risk Liquidity Risk
Market Risk 60%

Operational Risk Reinsurance Risk
92%
Underwriting Risk
SN
Department
Process Procurement Procurement Procurement Procurement Procurement Procurement Procurement Procurement Bills, Invoices Bills, Invoices Bills, Invoices Bills, Invoices IOU IOU Receipt Receipt/ issuance Issuance Issuance Disposal Tax
Category Credit Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Compliance Risk
1 Admin 2 Admin 3 Admin 4 Admin 5 Admin 6 Admin 7 Admin 8 Admin 9 Admin 10 Admin 11 Admin 12 Admin 13 Admin 14 Admin 15 Admin 16 Admin 17 Admin 18 Admin 19 Admin 20 FINCON
21 FINCON
Investment
Liquidity Risk
22 FINCON
Investment
Market Risk
23 FINCON 24 FINCON 25 FINCON
Investment Budgetting Budgetting
Market Risk Operational Risk Operational Risk
26 FINCON
27 FINCON
28 FINCON
29 FINCON
30 FINCON
31 FINCON 32 FINCON
Financial Reporting Operational Risk Financial Reporting Compliance Risk
33 FINCON
34 FINCON
35 FINCON 36 FINCON 37 FINCON
Financial Reporting Operational Risk Financial Reporting Operational Risk Financial Reporting Operational Risk
38 Human Capital
Payroll
Compliance Risk
39 Human Capital
Training
Compliance Risk
40 Human Capital
Payroll
Credit Risk
41 Human Capital
Loans & Advances
Credit Risk
42 Human Capital
Payroll
Operational Risk
43 Human Capital
Recruitment and Development Recruitment and Development Recruitment and Development Information Technology Information Technology
Operational Risk
44 Human Capital 45 Human Capital 46 Information Technology Information Technology
47
Operational Risk
48
Information Technology Information Technology Information Technology Information Technology Technical Operations
Information Technology Information Technology Information Technology Information Technology Claims
Operational Risk
49
Operational Risk
50
Operational Risk
51 52
Operational Risk Claims Risk
53 54 55 56 57 58 59 60
Technical Operations Technical Operations Technical Operations Technical Operations Technical Operations Technical Operations Technical Operations Technical Operations Technical Operations Technical Operations Technical Operations Technical Operations Technical Operations
Claims Claims Claims Claims Claims Claims Claims Claims
Claims Risk Claims Risk Claims Risk Claims Risk Claims Risk Claims Risk Claims Risk Claims Risk
61
Credit Control
Credit Risk
62
Credit Control
Credit Risk
63
Credit Control
Compliance Risk
64
Credit Control
Operational Risk
65 66
Credit Control Reinsurance Reinsurance
Compliance Risk Reinsurance Risk Reinsurance Risk
Technical Operations Technical 67 Operations 68 Technical Operations Technical Operations Technical Operations Technical Operations
Reinsurance
Reinsurance Risk
69 70 71
Reinsurance Reinsurance Reinsurance
Reinsurance Risk Reinsurance Risk Reinsurance Risk
72
Technical Operations Technical Operations
Reinsurance
Reinsurance Risk
73 74
Technical Operations Technical 75 Operations 76 Technical Operations Technical Operations Technical Operations Technical Operations Technical Operations Technical Operations Technical Operations Technical Operations
Underwriting
Underwriting Risk
77 78
Underwriting Underwriting
Underwriting Risk Underwriting Risk
79
Underwriting
Underwriting Risk
80 81 82
Underwriting Underwriting Underwriting
Underwriting Risk Underwriting Risk Underwriting Risk
83
Underwriting
Underwriting Risk
84 Marketing
Marketing
Compliance Risk
85 Marketing
Marketing
Credit Risk
86 Marketing
Marketing
Operational Risk
87 Marketing
Marketing
Operational Risk
88 Marketing
Marketing
Operational Risk
89 Marketing
Marketing
Operational Risk
90 Marketing
Marketing
Operational Risk
91 Marketing 92 Marketing 93 Risk Management Risk Management Risk Management Risk Management Risk Management Risk Management Risk Management
Marketing Marketing Risk Management
Operational Risk Operational Risk Compliance Risk
94
Risk Management
Operational Risk
95
Risk Management
Operational Risk
96 97 98
Risk Management Risk Management Risk Management
99
Risk Management
Operational Risk
100 Life Operations
Life Operations
Compliance Risk
101 Life Operations
Life Operations
Credit Risk
Credit Risk Operational Risk Operational Risk
105 Life Operations 106 Life Operations
Life Operations Life Operations
107 Life Operations
Life Operations
Operational Risk
108 Life Operations
Life Operations
Operational Risk
Operational Risk Operational Risk Operational Risk Operational Risk
113 Life Operations
Life Operations
Operational Risk
114 Life Operations
Life Operations
Operational Risk
115 Life Operations
Life Operations
Operational Risk
116 Life Operations
Life Operations
Operational Risk
117 Life Operations
Life Operations
Operational Risk
118 Life Operations
Life Operations
Operational Risk
119 Life Operations 120 121 122 123 124 125 126
Life Operations
Operational Risk
127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176
177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226
227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250
Risk Description Risk of financial loss arising from advance payments to suppliers and vendors Services and assets are procured without appropriate approval Stockout resulting from delays in the internal procurement approval process The failure of suppliers to deliver supplies and projects to time, specification and contract terms Loss of bargaining power resulting from over reliance on key suppliers Inefficient bidding process results in major purchases being made at suboptimal combination of price, quality and service Unresolved disputes and financial losses arising from unclear terms and conditions in contracts Assets additions, disposals and other movements in the fixed asset register are recorded inappropriately Payment for unauthorised procurement of assets and services Payments may be made for the procurement of fictitious services, supplies or assets Delayed payment arising from inefficiencies in the payment process resulting in loss of reputaion Inefficiencies in the payment process resulting in the over or under payment of suppliers IOUs are issued without authorisation and necessary approval Approved IOUs may not be used for valid business purposes Supplies do not meet specification listed in LPO or other contractual documents Items and supplies are received/issued without appropriate approval or authorisation Items are not tracked on bin cards increasing the risk of stockouts Inefficiencies in the store management process resulting in delayed issurance of requested items Assets are dispossed without appropriate authorisation and approval The company may suffer fines and penalties because of noncompliance with applicable tax regulations Mismatch between the company's assets and liability leading to its inability to settle claims and meet its other financial obligations.
I 3.09 3.45 3.00 3.45 3.18 2.91 3.00 2.82 2.82 3.00 2.73 2.73 2.64 2.45 2.82 2.73 2.55 2.64 3.09 3.82
Gross L
LR
Control Fair Fair Fair Fair Fair Fair Fair Fair Good Good Fair Good Good Fair Fair Fair Fair Fair Good Fair
2.64 Medium 2.91 Medium 3.64 Medium 3.00 Medium 3.82 Medium 3.00 Medium 2.64 Medium 3.50 Medium 1.36 Medium 1.73 Medium 2.73 Medium 2.45 Medium 2.82 Medium 2.36 Medium 2.82 Medium 3.18 Medium 3.00 Medium 3.00 Medium 2.82 Medium 3.09 High
3.55
3.00 High
Good
The value of the company's investment portfolio may be eroded as a result of volatility in the prices of securities and interest rate General economic downturn (recessions etc.) leading to erossion in the value of the company's investment portfolio Unrealistic assumptions may be used to prepare budget for the company Standard MS Excel template used for preparing budget in the company may not be robust enough for monitoring and controling budget variances Errors and issues during the migration of financial information from other platforms to SIRIUS leading to incomplete or inaccurate financial reporting Standard MS Excel template used for preparing critical financial reports may be corrupt or compromised leading to incomplete or inaccurate financial reports Unauthorised adjustments may be made to financial statements leading to misstated financial reports Adjustments to financial statements may be recorded incorrectly thus leading to misstated financial statements Inadequate knowledge of the reporting module in SURIUS by FINCON personnel resulting in misstatment, inaccurate or incomplete financial statements Errors and issues around exporting financial information from SIRIUS to MS Excel leading to inaccurate or incomplete financial statements Delays in sending reports and returns to regulators leading fines and sanctions Errors and issues around tranferring fixed assets information from standard MS Excel template to SIRIUS resulting in misstated financial statements e.g misstated financial statements resulting from inconsistency in depreciation charged for assest purchased The fixed asset register may not be updated timely or properly because source documents relating to asset purchase are not provided timely. Missated financial statements resulting from wrong treatment and disclosure of financial information e.g. prepayments and accruals Tax liabilities may be wrongly computed resulting in inaccurate remittance to tax authority Transactions and other entries may be entered into the system without appropriate approval
3.82
3.36 High
Fair
3.91 3.82 3.45
2.82 High 3.64 High 3.91 Medium
Fair Fair Fair
3.55
3.64 High
Fair
3.27
3.18 Medium
Good
3.36
2.91 Medium
Fair
3.18
3.18 Medium
Fair
3.09
2.91 Medium
Good
2.55 3.64
2.36 Medium 3.09 High
Good Fair
2.91
2.91 Medium
Fair
3.09
3.36 Medium
Fair
3.18 3.27 3.00
3.18 Medium 3.27 Medium 3.18 Medium
Fair Fair Fair
The company may suffer fines from its regulators or lose certain benefits because of its failure to deduct and timely remit NHF, PAYE, pension and other regulatory deductions Failure to develop and implement certain training plans (AML) may expose the company to fines from its regulators Advances and prepayments (leave allowance, cost of passage) may be bestowed on employees before they are earned, thus exposing the company to the risk that it may not recover such payments when employees employment are terminated The company may be unable to recover loans made to employees upon the termination of their employment or resignation Deductions and other monthly payroll inputs may not be inputted in the system properly resulting in inaccurate payments to employees Inadequacies in the company's talent management and performance appriaisal system may significantly affect its ability to retain talented employees The company may be unable to attract, retain and place personnel with the necessary skills to achieve its business objectives Inadequate succession planning The manual tranfer of information from iGas to SIRIUS may not guarantee the integrity and completeness of tranferred information Overreliance on a single internet service provider exposes the company to the risk that its operations would be hampered by the failure of its service provider The lack of an off-site backup location exposes the company to the risk that it may be unable to restart its operations within a reasonable timeframe in the event of a disaster Inability of systems to receive anti-virus updates exposing the company's systems to the risk that it may be compromised by virus and other malwares Unauthorised logical access to the company's computer systems resulting in loss/modification of company data and information Inadequate segregation of duties on the company's computer system resulting in unathorised user access of sensitive company information Claims payments may be made to cover losses for client's with outstanding premium balances
3.45
2.82 Medium
Good
3.45
3.45 Medium
Fair
3.09
3.73 Medium
Fair
3.09
3.91 Medium
Fair
2.64
2.73 Medium
Good
3.27
3.27 Medium
Good
3.27 3.73 3.40
3.00 Medium 3.45 High 3.60 Medium
Fair Good Poor
3.64
3.55 High
Poor
4.36
4.18 High
Poor
3.45
3.55 Medium
Fair
3.30
2.70 Medium
Fair
3.50 3.58
2.90 High 2.42 High
Fair Fair
Claims may be settled for risk not covered in client's policy Policy excess may not be deducted from final claims settlement Inefficiencies in the claims handling process leading to delayed payments and loss of reputation Claims settlement may be processed for the wrong class of business The company may be unable to repossess salvage items, in whole or parts, after final settlement The insured may connive with internal and external parties to defraud the company Claims payment may be made to settle non-existent losses The company may suffer fines and penalties from its regulators because of delays in sending reports and returns Outstanding premium may not be recovered by the company due to inadequate follow-up by marketers and credit control personnel. The company may be unable to recover its full premium because third parties (agents, brokers, coinsurers) deduct fees and commissions not previously agreed. The company may suffer fines and penalties because of failures to make adequate provisions for doubtful debt Inefficiencies and gaps in the bank reconciliation process may hamper efforts to effectively follow-up on outstanding premiums. The company may suffer fines and penalties from its regulators because of delays in sending reports and returns. Inability to recover claims from relevant counterparties such as reinsurers and coinsurers Failure to pay reinsurance premium exposing the company to the risk of being off-cover Delays and time-lags in the process for arranging and approving coinsurance or fac-out arrangement may expose the company to the risk of being off-cover The company may exceed its treaty capacity without adequate arrangements to transfer excess risk to third parties The company may fail to recover premiums from the lead insurer on coinsurance arrangement The company may suffer fines and penalties from its regulators because of delays in sending reports and returns
3.50 2.83 4.08 3.50 3.08 3.83 3.50 4.00
2.25 High 2.33 Medium 3.17 High 2.17 High 3.17 Medium 3.00 High 2.17 High 2.75 High
Fair Fair Fair Fair Fair Fair Fair Fair
3.75
3.33 High
Fair
3.58
3.67 High
Fair
3.67
2.83 High
Fair
3.50
3.08 High
Fair
4.00 3.92 4.08
3.08 High 3.08 High 3.08 High
Fair Fair Fair
3.92
3.08 High
Fair
4.17 3.67 3.67
Fair Fair Fair
Reinsurance personnel may not initiate actions to transfer risks above the company's treaty limits to relevant third parties Inability to place excess risks with relevant third party (reinsurers, coinsurers) because of inadequate premium or quality of risk insured The company may incept cover for risks that have not been surveyed The company may not charge adequate premiums to cover for the risks it is assuming Historically unprofitable businesses may be renewed because claims history and other relevant information are not reviewed as part of the policy renewal process Inadequate risk analysis in the underwriting process leading to mispricing or suboptimal pricing of risks The company may underwrite risks for which it does not have adequate and appropriate reinsurance coverage in place Inadequate communication of set limits leading to misalignment between underwriting activities and business plan Ineffective risk analysis and poor risk differentiation resulting in mispriced risks and loss of business to competitors Inability to obtain reliable and accurate information on clients leading to bad pricing decisions Competitive pressure (rate cutting) may result in the company charging suboptimal premiums for the risks it insures The company may suffer fines and penalties from its regulators because of delays in sending reports and returns The company may be unable to gather sufficient information about its clients to fulfil KYC requirements thus exposing it to fines and sanctions from its regulators Ineffective follow-up by marketers leading to the company's inability to recover outstanding premiums Inadequate follow-up and relationship management with agents, clients, brokers and other insurance companies resulting in the failure to retain existing business and/or win new business The company may be unable to gather reliable and accurate information on its customers leading to poor products development decisions
4.08
3.08 High
Fair
3.83 3.83 3.73
Fair Fair Fair
3.92
3.50 High
Fair
3.83 4.25
3.25 High 3.17 High
Fair Fair
3.36
2.91 Medium
Fair
3.58 3.42 3.58
3.17 High 3.00 Medium 3.33 High
Fair Fair Fair
3.83
3.00 High
Fair
3.57
3.93 High
Fair
3.85
3.46 High
Fair
3.93
3.64 High
Fair
3.93
3.50 High
Poor
Ineffective communication channels between technical operations (underwriting, reinsurance) personnel and marketers may result in the company accepting risks it ordinarily would not accept The failure of marketers to respond timely to proposal requests and other business inquires resulting in the loss of potentially profitable business Marketers may fail to notice changing trends in the markets leading to the companys inability to respond promptly to clients' needs Insufficient knowledge of the company's products significantly limiting the ability of marketers sell effectively Marketers may connive to devert the company's business The company may suffer fines and penalties from its regulators because of delays in sending reports and returns Inadequate pre-loss assessment by risk management personnel leading to mispricing or suboptimal pricing of risk Risk management personnel may not have the skills and wherewithal to effectively perform their functions (loss adjustment, pre-loss survey) Inaccurate claims adjustments resulting in the company paying more than it should in claims settlement Third party surveyors/risk adjustors may connive with the insured to defraud the company Inefficiencies in the market survey process leading to the company settling claims at amounts significantly higher than prevailing market rates Inefficiencies in the pre-loss survey process resulting in significant under or over valuation of assets The company may suffer fines and penalties from its regulators because of delays in sending reports and returns The company may be unable to recover its full premium from third parties (brokers, coinsurers, reinsurers) because they deduct fees and commissions not previously agreed Inadequate follow-up resulting in the company's inability to recover unpaid premiums contributions The company may settle claims for client's with outstanding premium balances or contributions Claims may be settled for life not initially covered by client's life policy
4.07
4.00 High
Poor
3.07
2.57 Medium
Fair
3.79
3.71 High
Poor
3.71 3.85 3.71
Poor Poor Fair
3.86
3.64 High
Fair
3.57
3.21 High
Fair
4.07 4.07 3.57
Fair Fair Fair
3.86
3.71 High
Fair
4.21
3.71 High
Fair
4.00
3.57 High
Fair
3.86 3.79 3.57
Fair Good Fair
Inefficiencies in the life claims handling process leading to delayed payments and loss of reputation The assured may connive with internal and external parties to defraud the company (e.g. money laundering) The company may fail to recover claims from relevant counterparties such as reinsurers and coinsurers Inadequate risk analysis in the life underwriting process leading to mispricing or suboptimal pricing of risks Inadequate communication of set limits leading to misalignment between life underwriting activities and business plan Poor risk differentiation resulting in mispriced risks and loss of business to competitors Inability to obtain reliable and accurate information on clients leading to poor pricing decisions Competitive pressure (rate cutting) may result in the company charging suboptimal premiums for lifes it assures The company may fail to conduct additional medical examination for assured lifes above the free cover limit The company may be unable to properly assess substandard life cases thus resulting in suboptimal premiums for lifes it assures Failure to pay reinsurance or coinsurance premiums may expose the company to the risk of being off-cover Inadequate premiums or poor quality of assured life resulting in an inability to place excess risks with reinsurers or coinsurers Poor underwriting by life operations personnel leading to inadequate risk differentiation and risk management Personnel may not respond to business inquiries timely resulting in the loss of potentially profitable business to competitors Inadequate follow-up and relationship management with clients and brokers resulting in the failure to retain existing clients or gain new businesses
3.71 3.64
3.14 High 3.00 High
Fair Fair
3.85
3.69 High
Poor
3.85
3.54 High
Fair
3.31 4.00 3.62 4.00
3.23 Medium 3.85 High 3.69 High 3.92 High
Fair Poor Poor Fair
3.54
3.38 High
Fair
3.23
2.85 Medium
Fair
4.31
3.46 High
Fair
3.62
3.08 High
Fair
3.62
3.31 High
Fair
3.38
3.23 Medium
Poor
3.64
3.27 High
Fair
I 2.18 2.18 2.36 2.36 2.36 2.18 2.18 2.36 2.27 2.45 2.18 2.09 2.00 2.00 2.40 1.90 2.20 2.10 2.70 3.36
Residual L
LR
Root Cause
1.91 Medium 1.91 Medium 2.36 Medium 2.27 Medium 2.45 Medium 2.09 Medium 1.73 Medium 2.82 Medium 1.09 Low 1.09 Low 1.91 Medium 1.64 Medium 1.64 Medium 1.18 Low 1.70 Medium 1.90 Medium 2.30 Medium 2.10 Medium 1.20 Medium 2.27 Medium
2.80
1.50 Medium
3.18
2.00 Medium
3.09 3.18 3.18
3.00
2.45 Medium
2.55
1.91 Medium
2.73
1.36 Medium
2.64
1.82 Medium
2.36
1.45 Low
2.09 3.18
1.18 Low 2.09 Medium
2.45
2.00 Medium
2.64
2.64 Medium
2.73 2.73 2.55
3.00
1.55 Medium
2.91
2.27 Medium
2.82
3.09 Medium
2.73
3.45 Medium
2.18
1.36 Low
2.91
2.18 Medium
3.00 3.18 3.20
3.36
3.27 Medium
4.09
3.55 High
3.45
3.09 Medium
3.10
1.70 Medium
2.70 2.25
1.70 Medium 1.08 Low
2.58 2.08 2.75 2.92 2.33 3.25 2.67 3.50
1.17 Medium 1.58 Medium 2.25 Medium 1.42 Medium 2.67 Medium 2.08 Medium 1.33 Medium 1.83 High
3.08
2.67 Medium
3.00
2.58 Medium
2.83
1.75 Medium
2.67
2.33 Medium
3.33 3.08 3.00
3.08
2.33 Medium
3.25 3.08 3.08
3.33
2.00 Medium
3.25 3.25 2.82
3.08
2.33 Medium
2.92 3.08
2.08 Medium 1.92 Medium
2.64
1.91 Medium
2.58 2.67 2.92
3.17
1.92 Medium
2.15
2.36 Medium
2.31
2.31 Medium
2.71
2.50 Medium
3.43
3.21 Medium
2.93
2.93 Medium
2.14
1.93 Medium
2.93
2.79 Medium
2.57 3.15 2.57
2.64
2.43 Medium
2.36
2.14 Medium
2.43 2.57 2.07
2.86
2.86 Medium
2.57
2.14 Medium
2.29
2.36 Medium
2.62 2.00 2.07
2.43 2.36
2.21 Medium 2.21 Medium
2.85
2.92 Medium
2.54
2.15 Medium
2.15 2.92 2.69 2.77
2.15 Medium 2.85 Medium 2.77 Medium 2.69 Medium
2.17
2.33 Medium
2.15
2.08 Medium
2.38
1.92 Medium
2.23
2.00 Medium
2.54
2.46 Medium
2.54
2.38 Medium
2.45
2.27 Medium
Mitigating Control
KRI
Risk Owner
Action Plan
Comment

Risk Assessment Toolkit

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Risk Assessment Toolkit

Uploaded by

Copyright:

Available Formats

1

14 Admin 15 Admin 16 Admin 17 Admin 18 Admin 19 Admin 20 FINCON

IOU Receipt Receipt/ issuance Issuance Issuance Disposal Tax

Market Risk Operational Risk

Financial Reporting Operational Risk

Financial Reporting Operational Risk

Financial Reporting Operational Risk

Financial Reporting Operational Risk

Financial Reporting Operational Risk

Financial Reporting Operational Risk Financial Reporting Compliance Risk

Financial Reporting Operational Risk

Financial Reporting Operational Risk

Financial Reporting Operational Risk

Financial Reporting Operational Risk Financial Reporting Operational Risk

Loans & Advances Credit Risk

Recruitment and Development

44 Human Capital 45 Human Capital Information 46 Technology Information Technology

Operational Risk Operational Risk Operational Risk

Information Technology Information Technology Information Technology Claims Claims Claims

Information 50 Technology Information Technology

Technical Operations Technical 53 Operations Technical 54 Operations 52

Claims Risk Claims Risk Claims Risk

Technical Operations Technical Operations Technical Operations

Claims Claims Claims Claims Claims Claims

Technical Operations Technical 59 Operations 60 Technical Operations Technical Operations

Credit Control Reinsurance

Compliance Risk Reinsurance Risk

Reinsurance Reinsurance Reinsurance

Reinsurance Risk Reinsurance Risk Reinsurance Risk

Reinsurance Underwriting Underwriting

Reinsurance Risk Underwriting Risk Underwriting Risk

Technical Operations Technical 75 Operations Technical 76 Operations Technical Operations

Operational Risk Operational Risk

93 Risk Management Risk Management Compliance Risk

94 Risk Management Risk Management Operational Risk

95 Risk Management Risk Management Operational Risk

98 Risk Management Risk Management Operational Risk

99 Risk Management Risk Management Operational Risk

100 Life Operations

101 Life Operations

Life Operations Life Operations Life Operations Life Operations

Credit Risk Operational Risk Operational Risk Operational Risk

106 Life Operations

107 Life Operations

108 Life Operations

109 Life Operations 110 Life Operations 111 Life Operations

Life Operations Life Operations Life Operations

Operational Risk Operational Risk Operational Risk

112 Life Operations

113 Life Operations

114 Life Operations

115 Life Operations

116 Life Operations

117 Life Operations

118 Life Operations

119 Life Operations

2 Control 2 3 3 3 2 3 2 3 4 4 3 4 4 Residual I 2 2 1 3 2 2 3 3 1 1 1 2 1 L 3 1 2 3 4 3 2 3 1 1 2 1 1 I 3 3 4 3 3 2 2 2 3 3 3 3 3 Gross L 3 3 5 3 4 2 1 3 1 1 4 2 3

3 Control Residual I 2 2 3 3 2 1 1 2 3 2 3 2 3 L 2 1 4 3 3 1 1 3 1 1 3 3 3 I 3 4 3 3 3 3 3 3 4 4 3 3 3 Gross L 1 2 4 3 4 5 2 4 3 3 3 4 5

4 Control Residual I 3 3 3 3 3 3 3 3 4 4 3 3 3 L 1 2 3 3 4 5 2 3 1 1 2 2 2 I 3 3 3 4 3 3 3 3 3 3 3 3 2 Gross L 3 2 4 4 3 2 3 3 2 3 3 3 2

5 Control 3 4 3 3 4 3 3 3 3 4 4 4 4 Residual I 3 3 2 3 2 3 3 3 3 3 2 2 2 L 2 1 2 2 1 1 1 2 1 1 2 1 1 I 2 4 2 4 3 2 2 3 2 2 2 2 2 Gross L 3 4 3 3 4 3 3 4 1 3 2 2 3

6 Control Residual I 1 1 2 1 2 1 2 2 1 2 1 1 1 L 2 1 1 1 2 1 1 2 1 1 1 1 1 I 4 4 3 4 3 3 4 2 3 3 3 3 3 Gross

7 Gross L 3 4 4 3 3 3 4 4 1 1 3 2 3 Control Residual I 3 2 2 2 2 3 3 2 2 3 3 3 3 L 3 3 3 3 3 3 3 4 1 1 1 1 1 I 3 4 3 3 3 3 4 4 4 4 4 4 4 Gross L 2 2 3 1 2 1 1 2 1 1 2 1 2

8 Control Residual I 1 1 1 1 1 1 1 1 2 2 3 2 2 L 1 1 1 1 1 1 1 1 1 1 2 2 2 I 3 4 4 4 4 4 3 4 4 4 3 3 3 Gross L 2 4 5 4 5 5 4 5 1 1 4 3 4

10 Gross I 3 4 3 4 4 4 3 3 2 3 3 3 4 L 3 3 3 3 4 3 2 3 2 3 3 3 3 Control Residual I 2 2 2 2 3 2 2 2 2 2 2 2 2 L 2 1 1 2 2 1 2 3 2 2 2 2 2 I 3 3 3 2 3 3 2 2 2 3 2 2 1 1 1 1 3 3 Gross L 3 3 3 3 4 2 3