1 minute read
Enterprise Risk Management
BoFiNet operates in a highly volatile telecommunications industry, characterised by rapid changes in technology and market dynamics.
These changes create uncertainty and present potential risks that could impede the company from achieving its objectives. However, the company continues to review and execute a comprehensive annual Risk Management Plan (RMP). BoFiNet Risk Management initiatives are guided by the Policy and Framework recommended by the Committee of Sponsoring Organisations of the Treadway Commission (COSO) framework, along with the King III Report on Corporate Governance of 2009 and the Botswana Code of Corporate Governance.
Advertisement
BoFiNet manages risk by identifying, analysing and evaluating whether the risk should be tolerated, treated through the implementation of mitigation plans, transferred or terminated. BoFiNet communicates and consults with stakeholders throughout this process, monitors and reviews the controls/mitigation plans that modify the risk. This process ensures that the risk magnitude remains within acceptable levels and does not exceed BoFiNet’s predefined risk appetite and to ensure that it is between tolerance levels. The RMP is a tool that BoFiNet uses to communicate with its stakeholders on risk management processes and activities to be executed throughout the financial year. BoFiNet strives to achieve an appropriate balance between realising potential opportunities and minimising adverse effects in managing risk.
The Risk Management Oversight structure of the Board - Finance and Audit Committee (FAC) - bears the overall responsibility for overseeing the company’s risk management processes. The Committee also reviews the effectiveness of the company’s internal controls, including the systems established to identify, assess, manage and monitor risk.
The Risk Management Department and Divisional Risk Champions ensure that risk management processes implemented within operational and business units effectively encompass risk identification, assessment, mitigation, reporting and monitoring.
BoFiNet’s Risk Management Policy requires that all operating and business units identify and assess the risks to which they are exposed. Risk registers are used to document the identified risk events, their cause and the appropriate controls.
During the year under review, BoFiNet conducted risk Management Awareness Workshops for new employees to create a risk-conscious culture. This team approach to risk management empowers every member of staff to actively identify, assess, mitigate, monitor and report risks.
