2022 Sustainable Business Report

39 PARTNERING FOR GROWTH: TRANSFORMING LIVES | KPI SUMMARY OUR STAKEHOLDERS OUR BUSINESS OUR MATERIAL TOPICS Our focus is on identifying and embedding mitigation actions for material risks that could impact our current or future performance, and/or our reputation. Our approach is holistic and integrated, bringing together risk management, internal controls and business integrity. This ensures we prioritise risks with the greatest potential impact on the business. We regularly review and refresh our principal risks, appetite, and approach to risk management. Our aim is to ensure that we have taken all reasonable steps to mitigate, but not eliminate, our main risks. Our framework is a blend of both the ISO 31000 Risk Management Standard and COSO (Committee of Sponsoring Organizations) Enterprise Risk Management framework. This blend allows us to identify, measure, manage and monitor strategic and operational risks across the business. TRAINING OUR PEOPLE AND OUR BUSINESS PARTNERS ON ETHICS Our strong ethical culture creates awareness and understanding of the negative impacts of non-compliance, enhances trust and creates a sense of accountability and transparency. It also empowers staff to address any potential risks in their respective roles. We reinforce our culture through ongoing annual ethics awareness and employee anti-corruption training programmes. An independent ethics perception survey monitors the effectiveness of these programmes. In FY22, we reached our ethics training target, with 98% of our staff covered. The training was conducted via webinars supplemented by e-learning for those who did not manage to attend. As our business partners – suppliers, dealers and M-PESA agents – play a key role in upholding our brand and our reputation, we continued to promote ethical business practices through ethics sessions and fraud training. Topics covered included: ethics and risk management best practices, regulatory requirements regarding key elements, common fraud types and fraud prevention tips, reporting obligations and channels, cyber and information security, as well as physical security for businesses. ETHICS AND ANTI-CORRUPTION STAFF TRAINING (% of total staff) FY19 FY20 FY21 FY22 % of total staff attending ethics and anti-corruption training 96% 98% 98.5% 98% OUR RISK MANAGEMENT PROCESS IDENTIFY • Conduct risk assessments twice a year in conjunction with business units and other stakeholders. • Ad-hoc risk assessments in response to a constantly changing operating environment. MEASURE • Standardised risk measurement process considers the probability of occurrence and references risk appetite set by the Board. MANAGE • Implement the appropriate mitigations and controls to mitigate risk and reduce risk likelihood. • Test effectiveness of risk controls and oversight across the three lines of defence. MONITOR AND REPORT • Iterative process helps to monitor risks and effectiveness of controls. • Continuous reporting to the Board and Exco on effectiveness of risk management. ESTABLISH THE CONTEXT • Define the external and internal parameters that impact risk • Set the scope and risk criteria for the risk management policy. • External context: our external stakeholders; local, national and international operating environment and other external factors that influence our objectives. • Internal context: our internal stakeholders, governance approach, contractual relationships and our capabilities, culture and standards. Establish the context Identify Manage Measure Monitor & Report