OUR MATERIAL MATTERS

| GOVERNANCE, RISK & REGULATION |

NETWORK QUALITY | ENVIRONMENTAL RESPONSIBILITY | INNOVATION |

26

ROBUST RISK MANAGEMENT

We use a combination of risk assessments, audit and fraud reviews to monitor

and manage risk throughout the company. We also benchmark ourselves against

other leading telecommunications operators and independent assurance is

provided through both internal and external audit functions. As a company, we

also endeavour to apply the Precautionary Principle to all our activities to help

ensure that we continue to act as a responsible corporate citizen.

Monitoring corruption and fraud

Anti-corruption monitoring measures

FY17 FY16 FY15

Risk Assessments (bi-annual cycle)

8

9

7

Audit Reviews

33

20

19

Fraud Reviews

13

11

6

Special Request Reviews

1

11

11

Eight risk assessments were conducted across the organisation and these

were supported by in-depth audit reviews of specific internal controls within

the organisation and fraud reviews of processes that are suspected of having

become compromised.

Each of the risk assessments encompassed the following categories: enterprise

risk management, operational risks, strategic risks and ethics risks per strategic

objective. Some of the key risk items identified during the year included: insecurity,

regulatory risk, market disruption and inadequate capacity on key systems.

Thirty-three audit reviews were also carried out during the reporting period. The

objective of the reviews was to obtain assurance on the adequacy, design and

operating effectiveness of internal controls. One additional review was carried out

during the year that was a special request by management.

We also continue to take proactive steps to identify cases of fraud. These steps

include using the fraud management system to identify possible cases of fraud

and to carry out in-depth fraud reviews to determine whether fraud had occurred

within key processes. Thirteen fraud reviews were carried out during the year. The

fraud reviews led to uncovering fraud and to identification of control weaknesses.

Control recommendations were made for the control weaknesses.

Addressing corruption and fraud

Anti-corruption corrective measures

FY17 FY16 FY15

Fraud cases investigated

33

31

29

Outcomes of investigations

Disciplinary warnings

14

12

13

Dismissals

52

16

58

Cases reported to law enforcement agencies

3

2

4

While the number of investigations carried out during the year was substantively

the same as FY16, the number of staff dismissed for fraudulent behaviour

increased to 52. This was primarily due to an enhanced review process, which

targeted a single area of concern and unearthed fraud schemes that were

previously concealed. The types of fraud that led to dismissals included:

theft; asset misappropriation (cash collections and devices); policy breaches

(unauthorised access to data systems); and fraudulent SIM swap/M-PESA Start

Key issuance. While we are disappointed by the number of people who have

been involved in fraudulent activities, it is encouraging to note the increasing

effectiveness of our investigations and the clear illustration of a ‘no tolerance’

approach from management.

Helping customers tackle fraud

During the year, we continued to help customers safeguard themselves from

social engineering attacks and the criminal syndicates that target M-PESA users.

SDG 16

SDG 16

SDG 16