Enterprise Risk Management (ERM) at Strate comprises:
- The Risk Management function
- Business Continuity Management (including Disaster Recovery);
- Information Security; and
- The Internal Audit program, which uses a combination of external (inter alia Pricewaterhouse Coopers) and independent internal resources (Process Assurance).
The ERM Division effectively co-ordinates and manages the overall risk management program for Strate by:
Assisting each division within the company to identify, assess and measure risks according to the probability (or likelihood) of occurrence and the potential impact that the identified risk may have. A process-based ERM framework, which is linked to Strate's strategic objectives, has been defined for this purpose;
Assisting divisions in undertaking an initial assessment of the effectiveness of relevant controls identified to mitigate the specific risks. These assessments drive regular risk reporting through the Management Team to the Audit, Risk and Compliance Committee and ultimately the Board of Directors who measure risk exposure against pre-determined risk tolerances and the management actions being taken to bring specific risk exposures back to within acceptable levels of tolerance;
Identifying risk-based focus areas for independent review in terms of the Internal Audit plan;
Co-ordinating a comprehensive risk review in respect of each and every new product/service under development by Strate; and
Ensuring that all system enhancements/changes are channelled through an effective Change Advisory Board and that the underlying Change Control and Release Management processes are followed in accordance with a defined and documented System Development Life Cycle (SDLC). A risk review is undertaken of each change/enhancement to ensure a comprehensive understanding of the likely impact and that the necessary/appropriate controls have been incorporated prior to implementation.
- Establishing appropriate links with stakeholders with a view to increasing risk awareness and the focus on introducing best-practice initiatives across the market. This could contribute to the overall reduction of risk for South African FMIs as a whole.