Safaricom 2023 Sustainable Business Report

36 OUR BUSINESS OUR STAKEHOLDERS KPI SUMMARY SAFARICOM SUSTAINABLE BUSINESS REPORT 2023 OUR MATERIAL TOPICS OUR RISK MANAGEMENT PROCESS We cannot eliminate all the risks inherent in our operations. Consequently, we have a certain risk tolerance for some risks necessary to foster innovation, develop a sustainable business and maximise shareholder value. Our risk philosophy is aligned to best risk management practices and is aimed at supporting the realisation of our purpose, vision and mission by effectively balancing risk and reward. Our robust corporate governance framework ensures that we stay ahead of cyber threats, maintain data privacy and proactively manage fraud, particularly in the light of ever-changing social engineering schemes. REINFORCING OUR ETHICAL CULTURE Our mission during FY23 was to ensure the safety and security of our customers and business ecosystems to accelerate new growth areas while delivering a superior customer experience. Throughout the year, our focus was on assisting the business in safeguarding privacy and implementing secure systems and products. Accordingly, we conducted thorough risk assessments, subjecting all released products and services to assurance reviews, thereby ensuring the embedding of privacy and security measures into design and default configuration. This aligns with our aim of providing our customers with a worry-free experience. We maintained our commitment to empowering agile teams, enabling them to take on the responsibility of providing initial assurance. This approach supported our goal of fostering agility and expediting time-to-market while upholding security and privacy standards. IDENTIFY Bi-annual risk assessments with business units and other stakeholders. Ad-hoc risk assessment in response to changing environment. MEASURE Review against the risk appetite set by the Board. MANAGE Implement controls to reduce risk likelihood. Set scope and risk criteria. Test these controls across the three lines of defence. MONITOR & REPORT Iterative process enhances oversight. Ongoing report to Exco and the Board. ESTABLISH THE CONTEXT Define external risk factors including key stakeholders, socio-economic and geo-political developments and Internal risk factors including internal stakeholders, governance approach, contractual relationships, capabilities, cultures and standards.