Safaricom - 2021 Sustainable Business Report

35 SAFARICOM SUSTAINABLE BUSINESS REPORT 2021 / STANDING TOGETHER: GOING BEYOND //// OUR MATERIAL TOPICS / OUR STAKEHOLDERS / KPI SUMMARY EMBEDDING A POSITIVE RISK CULTURE The environment in which we operate is dynamic and the nature of the products and services we provide, particularly mobile money, requires that we comply with a wide range of laws and regulations. Our risk identification and mitigation processes have been designed to pro-actively respond to our ever-changing operating environment. We classify our risks into two categories; strategic (regulatory, economic, market and political) and operational (data privacy and cyber threats). Our framework is a blend of both the ISO 31000 Risk Management Standard and the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Enterprise Risk Management (ERM) framework. We have integrated COSO control activities into the ISO 31000 Risk Management Standard in order to have a blend of both and embed a positive risk culture across the organisation. This integrated Governance Risk and Compliance (GRC) system has the advantage of enhanced reporting with a central repository for all our risks and controls. During the year we also conducted Enterprise Risk Management training for our Board and increased the scope of our business continuity tests. The constitution of a Risk Management committee has improved oversight risk management initiatives by ensuring our top risks are well-articulated and quantified. We have also successfully implemented the ISO 45001 Occupational and Health & Safety Management System Standard which is risk based and demonstrates that we have implemented a framework and processes for safeguarding the health and safety of our stakeholders. In a significant step forward on our road to becoming a net zero carbon emitting company by 2050, we were certified to the ISO 50001 energy management standard. PROMOTING A STRONG INTERNAL ETHICAL CULTURE A strong ethical culture creates awareness and understanding of the negative impacts of noncompliance, enhances trust and creates a sense of accountability and transparency. We promote ethics through ongoing ethics awareness and employee anti-corruption training programmes, the effectiveness of which are monitored by an independent ethics perception survey. Despite the challenges of COVID-19, we implemented changes in content and maintained high levels of engagement in our internal ethics training across all departments, seeing a slight improvement in our target. In FY21, emphasis was on due care, focusing on department-specific processes and the associated risks and the individual responsibility in ensuring adherence to the prescribed business procedures. On policies, there was emphasis on data privacy given the regulatory requirements for adherence to data privacy. We achieved the higher coverage through online channels including webinars and e-learning. Fraud within our Customer Obsession strategy encompasses pillars such as customer awareness, technical controls and processes where gaps may be exploited to defraud customers. In the year under review, our approach to risk assessments changed to divisional level and enhanced fraud monitoring squads led to increased awareness. ETHICS AND ANTI-CORRUPTION STAFF TRAINING FY18 FY19 FY20 FY21 % of total staff 98% 96% 98% 98.5% GOVERNANCE RISK AND COMPLIANCE SYSTEM SUSTAIN & CONTINUOUSLY IMPROVE AGREED BUSINESS STRATEGY IDENTIFY RISKS ASSESS & MEASURE RISK DESIGN & TEST CONTROLS MITIGATIONS MONITOR, ASSURE & ESCALATE RISK INTELLIGENCE TO CREATE & PRESERVE VALUE G O V E R N A N C E P R O C E S S T E C H N O L O G Y P E O P L E EXTERNAL FACTORS EXTERNAL FACTORS EXTERNAL FACTORS EXTERNAL FACTORS