During the past financial year our focus was on improved risk methodologies and policies, embedding a robust risk culture within the Corporation, providing strategic support to other Development Finance Institutions (DFIs), institutional capacity building to other material subsidiaries, and development of a Risk Appetite Framework.
Risk Management Three Lines of Defence
Embedding a robust risk culture
The implementation of the Enterprise Risk Management Framework and Policy included an organisation-wide operational risk awareness campaign which led to increased Operational Risk Management, Enterprise Risk Management and Business Continuity Management visibility, and it set the foundation for embedding a robust risk culture within the Corporation. Through this focus area we endeavour to encourage a culture of risk identification, reporting and ensuring control effectiveness.
We conducted peer benchmarking to determine the validity of our operational risk functions and ensure alignment with best practice. The study confirmed that the management of IDC’s operational risk compares favourably with leading local and international DFIs and financial institutions.
Enterprise Risk Management (ERM)
The IDC’s enterprise-wide risk assessment process supports the identification, quantification, prioritisation and mitigation of material risks that could significantly impact our business. Another objective is to comply with legislative requirements. The IDC is required to assess risks annually in terms of the PFMA, the recommendations of King III and the Public Sector Risk Management Framework.
Risk assessment process
A workshop conducted with executive and line management in October 2014 reviewed the IDC’s Risk Register and identified emerging risks, taking into account potential changes in strategy and related risks as brought about by the Project Evolve process. Criteria set out in the IDC Risk Management Policy and Framework were used to assess the risks and in the result, 14 risks were identified and assessed on a residual basis.
The IDC’s key risks therefore are:
Macro-economic conditions that could affect the IDC’s business, such as weak domestic and/or export demand and overall fixed investment activity, as well as potential downgrades to South Africa’s credit rating. This risk is chiefly managed by the IDC’s Research and Information Department, which conducts regular analyses of economic, political and legal events and report potential implications to EXCO and the Board.
Proactive new business generation is the inability to proactively source new business and impedes the Corporation’s ability to implement its new strategy and deliver on its mandate. This risk is managed by way of monitoring by the Strategy Department, and by monitoring business unit project progress reports.
Delivery and execution is the risk of the Corporation failing to deliver against stakeholder expectations with resultant stakeholder complaints and adverse impact on reputation. This risk is mitigated, among others, through a robust Customer Relationship Management Programme.
Business continuity risk is when adverse events impact the organisation’s ability to operate during, or resume operations after, a major business disruption. This risk is mitigated by the practice of electronic storage and back-up of information and ongoing Disaster Recovery Plan testing.
Credit risk is the risk of non-payment by the IDC’s business partners (clients) and non-recoverability of investments, which would result in impairments and write-offs. This risk is managed by contractual agreements with business partners, consideration by Investment Committees and by Post Investment Monitoring Department policies and processes.
Winning organisational culture is the risk of culture, behaviour, values and change in mindset of staff not being aligned to deliver against mandate/strategy. This could lead to poor customer focus and low staff morale. The risk is mitigated by conducting cultural awareness sessions and constant employee engagement interventions.
Ethical conduct and behaviour consist of all forms of internally and externally conducted theft or fraudulent activities including unethical business practices and behaviour. This risk could result in financial losses to the IDC as well as reputational damage. This risk is alleviated by fraud and ethics awareness training as well as the activities of the Governance and Ethics committee, amongst others.
Legal and regulatory compliance is the risk of the IDC not meeting its legal and regulatory requirements across the various industries and countries of operation, which could lead to potential litigation. It is also described as the risk of not complying with applicable regulatory requirements. Some of the key controls in place to mitigate this risk include the Legal Department’s systems and procedures as well as the Compliance Manual and Policies.
Alignment of IDC processes and infrastructure to strategy is described as the risk of non-alignment of IDC processes and infrastructure to its strategy. This could lead to poor performance and non-achievement of strategic objectives. This risk is managed by existing documented processes and a review of systems and procedures in line with the Project Evolve strategy.
Financial sustainability is defined as the risk that the IDC’s financial strength can be impacted by funding availability, concentration risk, income dependence, pricing, equity pricing, and portfolio and investment performance. This risk could result in the IDC failing to meet its mandate and in turn its development objects. The risk is managed by adopting a prudent borrowing policy and quarterly analysis of IDC’s listed investments.
Human capital capacity is the risk of not having adequate human capital resources to deliver on IDC strategy, which could result in IDC not being able to execute its mandate. The risk is mitigated by a vigorous Knowledge Management Programme to retain “corporate memory” in addition to training and development programmes for staff.
Stakeholder expectations risk is the risk of IDC not responding to stakeholder needs, which could lead to loss of stakeholder support. However the risk is mitigated by stakeholder engagement as well as presentations to the relevant Parliament Portfolio Committees on IDC strategy.
Dependence on an enabling environment is described as the risk that factors in the external environment impact on the IDC’s ability to do business. This could lead to the IDC investments not achieving budgets. This risk is primarily mitigated by annual strategy review.
Subsidiary delivery and performance risk is the viability of subsidiaries and their ability to deliver effectively. If this risk materialises it could result in a financial loss for the IDC. This risk is mitigated by the appointment of directors to investee companies and monitoring by the Post Investment Monitoring Department.