BBS has adopted a multi-faceted approach to assessing and managing the risks associated with its business activities.

Risk can be defined as the uncertainty that surrounds future events and outcomes of those events.  The term refers to the likelihood and impact of an event that has the potential to influence the achievement of an organisation’s objectives. Examples of risk include a disastrous infection of the computer system with a virus, the perpetration of internal or external fraud resulting in a substantial loss of funds, or a health and safety risk whose outcome is serious injury or loss of life. Other risks may be of reputation: for instance, negative perceptions about the way a company does business. All these factors, depending on the severity or number of them, may have dire implications for an organisation’s very survival.

Risk management is thus, the identification and evaluation of actual and potential areas of risk in a company, followed by a process in which the risk is eliminated, transferred tolerated or mitigated. The process utilises internal controls as a measure to mitigate risk.  Internal controls are procedural and other measures that are put in place to close loop holes that pose risks.

The implementation of a Risk Management System will assist the Society to manage the potential risks and unplanned events that may affect the Society. It is geared at safeguarding the interests of its key stakeholders, and protecting the reputation and brand of the Society.  Proper management of risk will help to ensure that the Society successfully meets its business objectives.

A further objective of the Risk Management System is to ensure that the Society complies with regulatory and corporate governance requirements. In this regard, the system is aligned to the Bank of Botswana requirements for risk management and conforms to the requirements of the COSO “Organisational Risk Management – Integrated Framework”, the Basel II Capital Accord, and the King II Corporate Governance Guidelines.

In terms of the risk management programme, a culture will be instilled amongst the Society’s staff and managers to –

• have regard for all forms of risk in the decisions they make in the normal course of work
• create and evaluate departmental level and Organisational level risk inventories
• support the Executive Management’s creation of an Organisation level portfolio of risk
• retain ownership and accountability for risk management at their respective levels within the Organisation
• strive to achieve best practices in the management of risk
• ensure and monitor compliance with policies and procedures
• document and report all significant risks
• accept that risk management is mandatory and not optional

From the foregoing, one can surmise that the programme confers on all employees the responsibility to learn to recognise risk in their day-to-day activities. In particular, employees must adhere to laid down policies and procedures. Embedded in the policies and procedures themselves, must be tight controls to ensure that they are effective and meaningful enough to minimise risk, and keep it at an acceptable level.

The Society’s approach to risk management also makes provision for building the organisational capacity needed for the effective management of uncertainty and risk. To this end, managers from branch manager level upwards, recently participated in a series of workshops whose objective was to train them on the identification of risks. The other purpose of the workshops was to undertake the exercise of identifying risks and their corresponding mitigating measures, and then listing them in risk registers for each department, in a prescribed format.  These risks were then plotted on a risk matrix. The individual department risk registers will be consolidated into one document for consideration by the Executive Management.

Following the workshops a risk management committee will be established to regularly evaluate progress in the implementation of risk mitigators.  Depending on the level of risk, in terms of the potential loss or other damage, some risks will be escalated to Senior Management for action.