1

SN

Department

Process
Procurement Procurement Procurement Procurement Procurement Procurement Procurement Procurement Bills, Invoices Bills, Invoices Bills, Invoices Bills, Invoices IOU

Category
Credit Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk

Risk Description
I Risk of financial loss arising from advance payments to suppliers and vendors Services and assets are procured without appropriate approval Stockout resulting from delays in the internal procurement approval process The failure of suppliers to deliver supplies and projects to time, specification and contract terms Loss of bargaining power resulting from over reliance on key suppliers Inefficient bidding process results in major purchases being made at suboptimal combination of price, quality and service Unresolved disputes and financial losses arising from unclear terms and conditions in contracts Assets additions, disposals and other movements in the fixed asset register are recorded inappropriately Payment for unauthorised procurement of assets and services Payments may be made for the procurement of fictitious services, supplies or assets Delayed payment arising from inefficiencies in the payment process resulting in loss of reputaion Inefficiencies in the payment process resulting in the over or under payment of suppliers IOUs are issued without authorisation and necessary approval

Gross L 4 3 4 3 3 2 4 2 2 2 2 2 2 3 2 3 3 4 3 3 3 1 1 2 2 1

Control 2 2 2 3 3 4 4 3 4 4 3 4 4

1 Admin 2 Admin 3 Admin 4 Admin 5 Admin 6 Admin 7 Admin 8 Admin 9 Admin 10 Admin 11 Admin 12 Admin 13 Admin

14 Admin 15 Admin 16 Admin 17 Admin 18 Admin 19 Admin 20 FINCON

IOU Receipt Receipt/ issuance Issuance Issuance Disposal Tax

Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Compliance Risk

Approved IOUs may not be used for valid business purposes Supplies do not meet specification listed in LPO or other contractual documents Items and supplies are received/issued without appropriate approval or authorisation Items are not tracked on bin cards increasing the risk of stockouts Inefficiencies in the store management process resulting in delayed issurance of requested items Assets are dispossed without appropriate authorisation and approval The company may suffer fines and penalties because of noncompliance with applicable tax regulations Mismatch between the company's assets and liability leading to its inability to settle claims and meet its other financial obligations. The value of the company's investment portfolio may be eroded as a result of volatility in the prices of securities and interest rate General economic downturn (recessions etc.) leading to erossion in the value of the company's investment portfolio Unrealistic assumptions may be used to prepare budget for the company Standard MS Excel template used for preparing budget in the company may not be robust enough for monitoring and controling budget variances

2 3 3 4 3 3 4

2 3 3 3 4 3 3

21 FINCON

Investment

Liquidity Risk

22 FINCON

Investment

Market Risk

23 FINCON 24 FINCON

Investment Budgetting

Market Risk Operational Risk

4 4

2 5

2 2

25 FINCON

Budgetting

Operational Risk

26 FINCON

Financial Reporting Operational Risk

Errors and issues during the migration of financial information from other platforms to SIRIUS leading to incomplete or inaccurate financial reporting Standard MS Excel template used for preparing critical financial reports may be corrupt or compromised leading to incomplete or inaccurate financial reports Unauthorised adjustments may be made to financial statements leading to misstated financial reports Adjustments to financial statements may be recorded incorrectly thus leading to misstated financial statements Inadequate knowledge of the reporting module in SURIUS by FINCON personnel resulting in misstatment, inaccurate or incomplete financial statements Errors and issues around exporting financial information from SIRIUS to MS Excel leading to inaccurate or incomplete financial statements Delays in sending reports and returns to regulators leading fines and sanctions Errors and issues around tranferring fixed assets information from standard MS Excel template to SIRIUS resulting in misstated financial statements e.g misstated financial statements resulting from inconsistency in depreciation charged for assest purchased The fixed asset register may not be updated timely or properly because source documents relating to asset purchase are not provided timely.

27 FINCON

Financial Reporting Operational Risk

28 FINCON

Financial Reporting Operational Risk

29 FINCON

Financial Reporting Operational Risk

30 FINCON

Financial Reporting Operational Risk

31 FINCON 32 FINCON

Financial Reporting Operational Risk Financial Reporting Compliance Risk

3 5

4 4

4 2

33 FINCON

Financial Reporting Operational Risk

34 FINCON

Financial Reporting Operational Risk

35 FINCON

Financial Reporting Operational Risk

Missated financial statements resulting from wrong treatment and disclosure of financial information e.g. prepayments and accruals Tax liabilities may be wrongly computed resulting in inaccurate remittance to tax authority Transactions and other entries may be entered into the system without appropriate approval The company may suffer fines from its regulators or lose certain benefits because of its failure to deduct and timely remit NHF, PAYE, pension and other regulatory deductions Failure to develop and implement certain training plans (AML) may expose the company to fines from its regulators Advances and prepayments (leave allowance, cost of passage) may be bestowed on employees before they are earned, thus exposing the company to the risk that it may not recover such payments when employees employment are terminated The company may be unable to recover loans made to employees upon the termination of their employment or resignation Deductions and other monthly payroll inputs may not be inputted in the system properly resulting in inaccurate payments to employees Inadequacies in the company's talent management and performance appriaisal system may significantly affect its ability to retain talented employees

36 FINCON 37 FINCON

Financial Reporting Operational Risk Financial Reporting Operational Risk

5 4

4 4

2 3

38 Human Capital

Payroll

Compliance Risk

39 Human Capital

Training

Compliance Risk

40 Human Capital

Payroll

Credit Risk

41 Human Capital

Loans & Advances Credit Risk

42 Human Capital

Payroll

Operational Risk

43 Human Capital

Recruitment and Development

Operational Risk

44 Human Capital 45 Human Capital Information 46 Technology Information Technology

Recruitment and Development Recruitment and Development Information Technology Information Technology

Operational Risk Operational Risk Operational Risk

The company may be unable to attract, retain and place personnel with the necessary skills to achieve its business objectives Inadequate succession planning The manual tranfer of information from iGas to SIRIUS may not guarantee the integrity and completeness of tranferred information Overreliance on a single internet service provider exposes the company to the risk that its operations would be hampered by the failure of its service provider The lack of an off-site backup location exposes the company to the risk that it may be unable to restart its operations within a reasonable timeframe in the event of a disaster Inability of systems to receive anti-virus updates exposing the company's systems to the risk that it may be compromised by virus and other malwares Unauthorised logical access to the company's computer systems resulting in loss/modification of company data and information Inadequate segregation of duties on the company's computer system resulting in unathorised user access of sensitive company information Claims payments may be made to cover losses for client's with outstanding premium balances Claims may be settled for risk not covered in client's policy Policy excess may not be deducted from final claims settlement

3 4 4

3 5 4

4 4 2

47

Operational Risk

Information 48 Technology

Information Technology

Operational Risk

49

Information Technology

Information Technology Information Technology Information Technology Claims Claims Claims

Operational Risk

Information 50 Technology Information Technology

Operational Risk

51

Operational Risk

Technical Operations Technical 53 Operations Technical 54 Operations 52

Claims Risk Claims Risk Claims Risk

3 4 4

3 4 4

3 3 3

55 56 57 58

Technical Operations Technical Operations Technical Operations

Claims Claims Claims Claims Claims Claims

Claims Risk Claims Risk Claims Risk Claims Risk Claims Risk Claims Risk

Inefficiencies in the claims handling process leading to delayed payments and loss of reputation Claims settlement may be processed for the wrong class of business The company may be unable to repossess salvage items, in whole or parts, after final settlement The insured may connive with internal and external parties to defraud the company Claims payment may be made to settle non-existent losses The company may suffer fines and penalties from its regulators because of delays in sending reports and returns Outstanding premium may not be recovered by the company due to inadequate follow-up by marketers and credit control personnel. The company may be unable to recover its full premium because third parties (agents, brokers, coinsurers) deduct fees and commissions not previously agreed. The company may suffer fines and penalties because of failures to make adequate provisions for doubtful debt Inefficiencies and gaps in the bank reconciliation process may hamper efforts to effectively follow-up on outstanding premiums. The company may suffer fines and penalties from its regulators because of delays in sending reports and returns. Inability to recover claims from relevant counterparties such as reinsurers and coinsurers

5 4 5 5 4 5

4 3 5 5 4 5

3 3 1 1 1 3

Technical Operations Technical 59 Operations 60 Technical Operations Technical Operations

61

Credit Control

Credit Risk

Technical 62 Operations Technical Operations Technical Operations Technical Operations Technical Operations

Credit Control

Credit Risk

63

Credit Control

Compliance Risk

64

Credit Control

Operational Risk

65 66

Credit Control Reinsurance

Compliance Risk Reinsurance Risk

5 4

5 4

3 3

67

Technical Operations Technical Operations Technical Operations Technical Operations Technical Operations Technical Operations Technical Operations

Reinsurance

Reinsurance Risk

Failure to pay reinsurance premium exposing the company to the risk of being off-cover Delays and time-lags in the process for arranging and approving coinsurance or fac-out arrangement may expose the company to the risk of being off-cover The company may exceed its treaty capacity without adequate arrangements to transfer excess risk to third parties The company may fail to recover premiums from the lead insurer on coinsurance arrangement The company may suffer fines and penalties from its regulators because of delays in sending reports and returns Reinsurance personnel may not initiate actions to transfer risks above the company's treaty limits to relevant third parties Inability to place excess risks with relevant third party (reinsurers, coinsurers) because of inadequate premium or quality of risk insured The company may incept cover for risks that have not been surveyed The company may not charge adequate premiums to cover for the risks it is assuming Historically unprofitable businesses may be renewed because claims history and other relevant information are not reviewed as part of the policy renewal process Inadequate risk analysis in the underwriting process leading to mispricing or suboptimal pricing of risks

68

Reinsurance

Reinsurance Risk

69 70 71

Reinsurance Reinsurance Reinsurance

Reinsurance Risk Reinsurance Risk Reinsurance Risk

5 5 5

4 5 5

3 3 3

72

Reinsurance

Reinsurance Risk

73 74

Reinsurance Underwriting Underwriting

Reinsurance Risk Underwriting Risk Underwriting Risk

4 5 5

4 5 4

2 2 3

Technical Operations Technical 75 Operations Technical 76 Operations Technical Operations

Underwriting

Underwriting Risk

77

Underwriting

Underwriting Risk

78

Technical Operations Technical Operations Technical Operations Technical Operations Technical Operations Technical Operations

Underwriting

Underwriting Risk

79

Underwriting

Underwriting Risk

80

Underwriting

Underwriting Risk

The company may underwrite risks for which it does not have adequate and appropriate reinsurance coverage in place Inadequate communication of set limits leading to misalignment between underwriting activities and business plan Ineffective risk analysis and poor risk differentiation resulting in mispriced risks and loss of business to competitors Inability to obtain reliable and accurate information on clients leading to bad pricing decisions Competitive pressure (rate cutting) may result in the company charging suboptimal premiums for the risks it insures The company may suffer fines and penalties from its regulators because of delays in sending reports and returns The company may be unable to gather sufficient information about its clients to fulfil KYC requirements thus exposing it to fines and sanctions from its regulators Ineffective follow-up by marketers leading to the company's inability to recover outstanding premiums Inadequate follow-up and relationship management with agents, clients, brokers and other insurance companies resulting in the failure to retain existing business and/or win new business The company may be unable to gather reliable and accurate information on its customers leading to poor products development decisions

81

Underwriting

Underwriting Risk

82

Underwriting

Underwriting Risk

83

Underwriting

Underwriting Risk

84 Marketing

Marketing

Compliance Risk

85 Marketing

Marketing

Credit Risk

86 Marketing

Marketing

Operational Risk

87 Marketing

Marketing

Operational Risk

88 Marketing

Marketing

Operational Risk

Ineffective communication channels between technical operations (underwriting, reinsurance) personnel and marketers may result in the company accepting risks it ordinarily would not accept The failure of marketers to respond timely to proposal requests and other business inquires resulting in the loss of potentially profitable business Marketers may fail to notice changing trends in the markets leading to the companys inability to respond promptly to clients' needs Insufficient knowledge of the company's products significantly limiting the ability of marketers sell effectively Marketers may connive to devert the company's business The company may suffer fines and penalties from its regulators because of delays in sending reports and returns Inadequate pre-loss assessment by risk management personnel leading to mispricing or suboptimal pricing of risk Risk management personnel may not have the skills and wherewithal to effectively perform their functions (loss adjustment, pre-loss survey) Inaccurate claims adjustments resulting in the company paying more than it should in claims settlement Third party surveyors/risk adjustors may connive with the insured to defraud the company

89 Marketing

Marketing

Operational Risk

90 Marketing

Marketing

Operational Risk

91 Marketing 92 Marketing

Marketing Marketing

Operational Risk Operational Risk

4 4 4

4 3 4

1 2 2

93 Risk Management Risk Management Compliance Risk

94 Risk Management Risk Management Operational Risk

95 Risk Management Risk Management Operational Risk

96 Risk Management Risk Management Operational Risk 97 Risk Management Risk Management Operational Risk

5 5

2 4

2 2

98 Risk Management Risk Management Operational Risk

Inefficiencies in the market survey process leading to the company settling claims at amounts significantly higher than prevailing market rates Inefficiencies in the pre-loss survey process resulting in significant under or over valuation of assets The company may suffer fines and penalties from its regulators because of delays in sending reports and returns The company may be unable to recover its full premium from third parties (brokers, coinsurers, reinsurers) because they deduct fees and commissions not previously agreed Inadequate follow-up resulting in the company's inability to recover unpaid premiums contributions The company may settle claims for client's with outstanding premium balances or contributions Claims may be settled for life not initially covered by client's life policy Inefficiencies in the life claims handling process leading to delayed payments and loss of reputation The assured may connive with internal and external parties to defraud the company (e.g. money laundering) The company may fail to recover claims from relevant counterparties such as reinsurers and coinsurers Inadequate risk analysis in the life underwriting process leading to mispricing or suboptimal pricing of risks

99 Risk Management Risk Management Operational Risk

100 Life Operations

Life Operations

Compliance Risk

101 Life Operations

Life Operations

Credit Risk

102 Life Operations 103 Life Operations 104 Life Operations 105 Life Operations

Life Operations Life Operations Life Operations Life Operations

Credit Risk Operational Risk Operational Risk Operational Risk

5 5 5 5

4 4 4 4

3 5 4 4

106 Life Operations

Life Operations

Operational Risk

107 Life Operations

Life Operations

Operational Risk

108 Life Operations

Life Operations

Operational Risk

109 Life Operations 110 Life Operations 111 Life Operations

Life Operations Life Operations Life Operations

Operational Risk Operational Risk Operational Risk

Inadequate communication of set limits leading to misalignment between life underwriting activities and business plan Poor risk differentiation resulting in mispriced risks and loss of business to competitors Inability to obtain reliable and accurate information on clients leading to poor pricing decisions Competitive pressure (rate cutting) may result in the company charging suboptimal premiums for lifes it assures The company may fail to conduct additional medical examination for assured lifes above the free cover limit The company may be unable to properly assess substandard life cases thus resulting in suboptimal premiums for lifes it assures Failure to pay reinsurance or coinsurance premiums may expose the company to the risk of being off-cover Inadequate premiums or poor quality of assured life resulting in an inability to place excess risks with reinsurers or coinsurers Poor underwriting by life operations personnel leading to inadequate risk differentiation and risk management Personnel may not respond to business inquiries timely resulting in the loss of potentially profitable business to competitors Inadequate follow-up and relationship management with clients and brokers resulting in the failure to retain existing clients or gain new businesses

5 5 4

4 4 3

3 2 3

112 Life Operations

Life Operations

Operational Risk

113 Life Operations

Life Operations

Operational Risk

114 Life Operations

Life Operations

Operational Risk

115 Life Operations

Life Operations

Operational Risk

116 Life Operations

Life Operations

Operational Risk

117 Life Operations

Life Operations

Operational Risk

118 Life Operations

Life Operations

Operational Risk

119 Life Operations

Life Operations

Operational Risk

120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152

153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185

186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218

219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250

1 Residual I 3 2 3 2 2 1 1 2 1 1 1 1 1 L 2 3 2 2 1 1 2 2 1 1 2 1 1 I 3 2 1 4 3 3 3 3 2 2 2 2 2 Gross L 3 3 3 3 5 4 3 4 1 1 3 2 2

2 Control 2 3 3 3 2 3 2 3 4 4 3 4 4 Residual I 2 2 1 3 2 2 3 3 1 1 1 2 1 L 3 1 2 3 4 3 2 3 1 1 2 1 1 I 3 3 4 3 3 2 2 2 3 3 3 3 3 Gross L 3 3 5 3 4 2 1 3 1 1 4 2 3

3 Control Residual I 2 2 3 3 2 1 1 2 3 2 3 2 3 L 2 1 4 3 3 1 1 3 1 1 3 3 3 I 3 4 3 3 3 3 3 3 4 4 3 3 3 Gross L 1 2 4 3 4 5 2 4 3 3 3 4 5

2 3 3 3 3 3

2 3 3 3 4 3 3

3 2 3 3 2 3 4

1 2 1 3 2 3 4

2 1 2 2 2 1 2

3 3 2 3 2 3 4

1 4 4 5 4 3 3 4

3 3 2 3 2 3 4

1 4 4 4 3 1 2

3 3 3 2 2 3 4

3 3 3 3 3 3 3

2 3

2 2

4 4

2 3

2 2

3 4

2 3

5 4

3 4

3 3

4 4

2 2

5 4

3 4

2 3

1 3

2 4

3 3

4 4

1 4

1 1

3 4

2 2

4 4

3 4

1 1

3 3

2 3

3 3

4 4

2 3

2 5

3 2

1 3

2 2

4 3

4 3

4 3

3 3

2 2

3 3

3 2

3 2 4

3 2 4

3 4 4

3 3 5

4 3 2

2 3 4

1 2 5

4 4 2

3 3 3

3 3 3

4 4 2

2 1 2

4 4

3 3

1 3 3

1 2 3

3 3 3

1 2 1

3 3 3

2 3 2

1 1 1

3 4 3

1 1 3

3 3 3

2 4 3

1 1 3

4 2 2

3 1 2

5 3 3 3 3 4

3 2 4 3 3 2

3 3 2 3 2 4

3 1 3 3 1 3

3 3 3 3 4 4

2 3 2 2 1 4

2 1 3 3 1 3

4 3 3 4 5 4

3 2 3 2 1 1

3 3 3 3 3 3

3 3 3 4 5 4

2 2 3 2 1 1

4 3 2 2 4 4

3 1 3 1 1 1

4 3

2 3

3 3

3 4

3 3

3 3

2 3

5 5

4 3

2 2

5 5

3 3

4 4

1 2

3 4 4

3 3 3

3 3 3

4 4 4

3 3 3

2 2 3

1 1 3

5 5 4

3 3 3

3 3 3

5 5 4

2 2 1

4 3 4

2 3 2

4 4 3

4 4 3

3 2 2

2 3 3

3 3 3

2 2 2

1 2 1

4 4 3

3 3 2

3 2 3

3 4 3

1 3 1

3 2 3

4 4 3

4 4 3

4 3 2

5 4 5

5 3 4

2 2 3

4 4 4

3 3 3

5 4 4

5 4 3

4 3 4

3 2 2

3 2 2

5 5 5

5 5 5

4 4

2 3

5 5

3 5

4 2

4 3

3 5

4 3

4 3

3 3

2 2

2 2

5 5

5 4

2 2 3 2

2 1 1 1

5 5 5 5

4 3 5 4

3 4 2 1

5 3 5 5

4 3 5 5

4 4 3 4

4 4 3 4

4 4 4 4

2 2 2 3

2 2 2 3

5 5 5 4

5 4 5 4

1 3 2

2 3 1

3 4 3

3 4 3

4 3 4

2 2 2

2 1 2

4 5 5

4 5 5

4 Control Residual I 3 3 3 3 3 3 3 3 4 4 3 3 3 L 1 2 3 3 4 5 2 3 1 1 2 2 2 I 3 3 3 4 3 3 3 3 3 3 3 3 2 Gross L 3 2 4 4 3 2 3 3 2 3 3 3 2

5 Control 3 4 3 3 4 3 3 3 3 4 4 4 4 Residual I 3 3 2 3 2 3 3 3 3 3 2 2 2 L 2 1 2 2 1 1 1 2 1 1 2 1 1 I 2 4 2 4 3 2 2 3 2 2 2 2 2 Gross L 3 4 3 3 4 3 3 4 1 3 2 2 3

6 Control Residual I 1 1 2 1 2 1 2 2 1 2 1 1 1 L 2 1 1 1 2 1 1 2 1 1 1 1 1 I 4 4 3 4 3 3 4 2 3 3 3 3 3 Gross

2 3 3 2 2 3 3 3

1 1 1 3 2 1 3

2 3 2 2 2 3 3

2 3 3 3 3 2 3

3 4 4 3 3 4 3

2 3 2 2 2 3 3

1 1 1 2 1 1 2

2 2 2 2 3 2 3

2 2 3 2 2 2 3 3

2 1 1 1 1 1 2

1 1 1 1 1 1 2

3 3 3 2 2 3 3

2 4

5 4

3 2

3 4

3 3

3 3

3 4

2 2

3 4

3 4

4 3

1 2

2 2

4 3

3 3

3 3

1 1

2 3

3 3

3 3

2 3

1 2

2 4

2 4

4 3

1 3

1 3

2 3

3 4

3 3

3 1

3 2

3 3

3 4

3 2

2 1

3 3

3 3

4 4

2 1

2 1

3 3

3 3

4 4

2 3

3 3

3 4

3 3

3 3

2 3

3 4 4

3 3 3

3 4 2

2 2 3

3 1 3

3 4 3

3 4 4

2 2 2

1 1 1

3 3 2

2 3 1

3 2 2

3 3 2

1 2 1

3 4 2

5 3 3

3 3 3

2 4 2

1 1 1

4 5 3

3 4 3 3 4 4

2 3 2 4 3 4

1 1 1 1 1 1

4 4 3 4 3 4

4 1 3 3 1 3

3 2 2 1 2 3

3 3 2 4 3 4

2 1 2 2 1 1

5 4 2 5 3 2

4 2 3 4 3 3

3 3 3 3 3 3

4 4 2 5 2 2

3 1 3 2 1 3

4 5 3 4 4 4

4 3

4 4

1 1

4 3

3 3

3 2

4 3

1 2

3 4

5 4

3 3

3 2

3 2

4 5

3 3 3

4 3 4

2 3 1

3 3 4

2 3 3

3 3 3

2 2 4

1 2 1

5 2 2

4 3 3

3 3 3

5 3 1

1 1 1

5 4 4

3 3 3

3 2 3

4 2 2

4 4 4

1 3 2

3 2 3

4 4 2

1 3 1

3 3 3

3 3 3

3 3 3

3 3 2

3 3 2

5 4 4

1 1 3

3 4 3

3 5 3

3 4 4

3 5 4

2 1 3

2 4 3

2 5 3

4 4 3

4 4 4

3 3 3

2 2 2

2 2 2

3 3 2

3 3

3 3

3 4

4 4

3 4

3 2

3 3

3 3

4 4

4 4

4 3

1 2

1 2

3 3

2 3 3 3 3 3 3 2 2 3

3 1 2 2

2 1 2 2

3 4 3 3

2 1 1 1

2 1 1 1

4 4 4 4

4 5 5 4

4 4 4 3

2 2 1 2

2 2 1 2

3 3 3 3

3 2 2

3 3 3

3 4 4

2 4 4

3 4 5

3 2 1

2 4 4

2 4 5

5 5 4

4 5 5

2 2 2

3 3 3

3 4 4

2 3 3

7 Gross L 3 4 4 3 3 3 4 4 1 1 3 2 3 Control Residual I 3 2 2 2 2 3 3 2 2 3 3 3 3 L 3 3 3 3 3 3 3 4 1 1 1 1 1 I 3 4 3 3 3 3 4 4 4 4 4 4 4 Gross L 2 2 3 1 2 1 1 2 1 1 2 1 2

8 Control Residual I 1 1 1 1 1 1 1 1 2 2 3 2 2 L 1 1 1 1 1 1 1 1 1 1 2 2 2 I 3 4 4 4 4 4 3 4 4 4 3 3 3 Gross L 2 4 5 4 5 5 4 5 1 1 4 3 4

9 Control Residual I 2 3 4 4 4 4 3 4 4 4 3 3 3 L 2 4 4 3 4 4 3 5 1 1 3 2 3

4 4 5 3 3 4 3 3

3 3 3 2 2 3 3

1 2 2 2 3 1 2

2 4 4 2 3 3 4

2 2 2 2 2 1 2 3

1 2 2 2 2 1 3

1 1 1 1 2 1 2

3 3 3 3 3 4 5

3 3 4 3 4 4 5 3

3 3 2 3 3 4 5

2 4 2 3 3 2 3

2 3

2 3

4 3

2 2

4 4

2 3

4 4

1 1

1 1

5 4

5 5

3 2

5 4

3 4

1 3

4 3

2 3

1 2

2 4

1 2

4 3

1 2

1 1

3 4

3 4

3 3

3 4

2 4

3 3

3 4

3 3

2 1

2 3

3 2

3 3

1 2

2 1

5 3

5 3

3 3

5 3

3 3

2 3 3

4 4 3

3 4 3

1 2 2

3 4

2 3

3 4

2 3

1 2

4 4

4 4

4 4

4 4

3 2

1 1 1

3 3 3

3 4 3

1 1 1

4 5 4

4 4 2

3 3 3

2 2 2

1 1 1

4 3 3

2 2 3

4 4 4

3 1 2

1 1 2

1 1 2 1 1 1

3 4 2 3 3 3

3 4 3 3 4 4

2 1 3 1 1 1

4 4 4 3 4 5

3 3 4 4 4 5

3 3 3 3 3 3

3 2 3 2 2 4

2 1 4 1 1 3

4 2 4 4 4 4

3 4 3 3 3 3

3 4 3 3 3 3

2 3 2 3 3 3

4 2 4 1 2 2

1 1

3 3

3 4

1 1

4 4

4 4

3 3

3 2

2 2

4 4

3 4

3 3

3 3

2 2

1 2 1

3 3 3

5 4 4

2 4 1

4 4 4

4 4 4

3 3 3

2 3 2

1 3 2

4 4 4

3 4 3

3 3 3

3 3 3

2 2 2

1 2 1

3 2 3

5 4 4

2 3 2

4 5 4

4 5 4

3 3 3

2 3 3

2 3 2

3 4

3 4

3 3

3 3

2 3

2 3 2

1 2 3

2 3 1

1 3 1

3 3 3

3 5 2

1 1 3

2 3 3

1 3 2

4 3

3 3

2 2

2 2

2 3

2 2

3 2

2 2

2 1

4 4

4 4

3 3

3 3

3 3

2 1 2 1

3 3 3 3

1 1 2 2

1 1 2 2

3 3 3 3

3 1 2 3

3 3 3 2

3 3 2 2

3 2 2 2

4 4 3 3

3 3 2 4

3 4 4 4

3 2 2 2

3 1 1 2

2 4 4

3 2 3

1 3 2

1 3 2

2 2 3

2 2 3

3 2 2

2 2 3

1 1 2

3 4 4

4 4 4

3 2 3

2 3 3

2 3 3

10 Gross I 3 4 3 4 4 4 3 3 2 3 3 3 4 L 3 3 3 3 4 3 2 3 2 3 3 3 3 Control Residual I 2 2 2 2 3 2 2 2 2 2 2 2 2 L 2 1 1 2 2 1 2 3 2 2 2 2 2 I 3 3 3 2 3 3 2 2 2 3 2 2 1 1 1 1 3 3 Gross L 3 3 3 3 4 2 3

11 Control 3 4 3 4 3 3 2 3 4 4 3 3 3 Residual I 2 3 3 2 3 3 2 2 2 3 2 2 1 L 1 3 3 2 2 2 1 3 1 1 1 2 1 I Gross L

12 Control Residual I

3 2 3 3 3 4 4

3 2 3 4 3 3 3

2 2 2 2 2 3 4

1 1 3 3 3 2 3

2 2 2 2 3 3 4

2 2 2 2 1 3 3

2 3 2 2 3 4 3

2 2 1 2 3 3 4

1 1 2 2 1 1 3

3 4

3 3

3 3

2 3

3 3

3 3

2 4

3 3

3 3

3 3

3 3

3 3

2 3

1 2

3 3

2 3

3 3

3 3

2 3

3 3

3 3

3 4

3 2

2 2

3 3

3 4

3 3

3 3

3 4

3 3

4 3

3 3

3 3

3 3

3 4

3 3

3 4

5 2 2

2 2 3

3 3 3

2 1 1

2 1 2

4 4 3

3 3 3

3 3 3

3 2 2

1 1 2

3 3 3

2 1 2

3 3 4

2 2 1

5 5 3 5 4 5

4 3 3 4 3 3

3 3 3 3 3 3

1 4 3 4 3 4

2 3 2 4 2 2

4 3 3 4 3 4

3 3 3 3 3 3

3 3 3 3 3 3

3 2 2 3 2 4

3 1 2 3 1 2

3 2 3 3 2 3

3 2 3 3 1 2

3 3 2 3 4 3

2 1 1 2 1 1

5 5

3 3

3 2

4 4

2 4

4 3

3 3

3 3

3 3

2 2

3 3

2 2

3 3

1 1

5 5 5

4 3 3

2 1 3

4 4 4

2 3 2

4 3 3

3 3 3

3 3 3

3 3 3

2 3 2

3 3 2

2 3 2

3 3 4

1 1 1

5 5 5

4 4 3

1 3 3

5 5 4

5 3 3

4 4 4

4 4 4

3 3

3 3 3

3 3 3

4 4 4

2 3 2

3 3 3

2 2 2

4 4 3

5 4 2

1 1 2

4 4 2

4 1 2

4 3 3

3 3 3

2 2 2

2 2 2

2 1 1

3 4 4

2 2 2

2 1 3

2 4 3

4 4

3 4

4 4

2 2

2 2

3 3

3 3

3 3

2 2

2 2

4 4

3 3

3 2

3 3

4 4 3 4

4 3 3 3

3 4 3 3

3 3 3 3

3 1 1 2

4 3 3 4

3 3 3 4

2 4 4 3

3 2 2 3

3 1 1 3

3 4 3 4

3 3 3 3

3 4 4 3

2 1 1 2

4 4 3

3 4 3

2 2 1

3 3 3

3 3 3

3 4 3

3 4 3

2 2 2

2 3 3

2 3 3

3 4 3

3 3 3

3 2 3

1 3 2

13 Residual L I Gross L Control Residual I L I Gross L

14 Control Residual I L I Gross L

15 Control

1 1 1

1 1 1 2 1 1

1 1

1 1 1

1 2 1

2 4 2

2 4 4

1 2 3

3 2 3

1 2 2

1 2 2

3 4 4

3 3 3

4 2 3

2 3 3

1 2 2

2 2

5 5

4 4

3 3

2 3

2 2

5 5

4 3

3 2

1 2

2 2

3 1 1 2

4 4 4 4

3 2 1 2

2 4 4 4

3 2 1 2

3 2 1 2

3 4 4 3

3 1 2 2

3 3 3 3

3 1 1 2

2 1 1 1

1 2 2

4 5 5

4 4 4

1 1 2

4 4 3

4 4 3

3 3 3

3 3 3

2 2 2

2 2 2

2 2 2

15 Residual I L I Gross L

16 Control Residual I L I Gross L

17 Control Residual I L I Gross L

18

18 Control Residual I L I Gross L

19 Control Residual I L I Gross L

20 Control Residual I L I Gross

21

21 Gross L Control Residual I L I Gross L

22 Control Residual I L I Gross L

23 Control Residual I L

24 Gross I L Control Residual I L I Gross L

25 Control Residual I L I Gross L

26 Control Residual I

27 Residual L I Gross L Control Residual I L I Gross L

28 Control Residual I L I Gross L

29 Control

29 Residual I L I Gross L

30 Control Residual I L

SN
1 Admin 2 Admin 3 Admin 4 Admin 5 Admin 6 Admin 7 Admin 8 Admin 9 Admin 10 Admin 11 Admin 12 Admin 13 Admin 14 Admin 15 Admin 16 Admin 17 Admin 18 Admin 19 Admin

Department

Process
Procurement Procurement Procurement Procurement Procurement Procurement Procurement Procurement Bills, Invoices Bills, Invoices Bills, Invoices Bills, Invoices IOU IOU Receipt Receipt/ issuance Issuance Issuance Disposal Tax Credit Risk

Category

Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Compliance Risk

20 FINCON

21 FINCON

Investment

Liquidity Risk

22 FINCON

Investment

Market Risk

23 FINCON 24 FINCON

Investment Budgetting

Market Risk Operational Risk

25 FINCON

Budgetting

Operational Risk

26 FINCON

Financial Reporting

Operational Risk

27 FINCON

Financial Reporting

Operational Risk

28 FINCON

Financial Reporting

Operational Risk

29 FINCON

Financial Reporting

Operational Risk

30 FINCON

Financial Reporting

Operational Risk

31 FINCON 32 FINCON

Financial Reporting Financial Reporting

Operational Risk Compliance Risk

33 FINCON

Financial Reporting

Operational Risk

34 FINCON

Financial Reporting

Operational Risk

35 FINCON

Financial Reporting

Operational Risk

36 FINCON 37 FINCON

Financial Reporting Financial Reporting

Operational Risk Operational Risk

38 Human Capital

Payroll

Compliance Risk

39 Human Capital

Training

Compliance Risk

40 Human Capital

Payroll

Credit Risk

41 Human Capital

Loans & Advances

Credit Risk

42 Human Capital

Payroll

Operational Risk

43 Human Capital

Recruitment and Development Recruitment and Development Recruitment and Development Information Technology Information Technology

Operational Risk

44 Human Capital 45 Human Capital 46 Information Technology

Operational Risk Operational Risk Operational Risk

47 Information Technology

Operational Risk

48 Information Technology

Information Technology

Operational Risk

49 Information Technology

Information Technology

Operational Risk

50 Information Technology

Information Technology

Operational Risk

51 Information Technology

Information Technology Claims Claims Claims Claims Claims Claims Claims Claims Claims

Operational Risk

52 Technical Operations 53 Technical Operations 54 Technical Operations 55 Technical Operations 56 Technical Operations 57 Technical Operations 58 Technical Operations 59 Technical Operations 60 Technical Operations

Claims Risk Claims Risk Claims Risk Claims Risk Claims Risk Claims Risk Claims Risk Claims Risk Claims Risk

61 Technical Operations

Credit Control

Credit Risk

62 Technical Operations

Credit Control

Credit Risk

63 Technical Operations

Credit Control

Compliance Risk

64 Technical Operations

Credit Control

Operational Risk

65 Technical Operations

Credit Control

Compliance Risk

66 Technical Operations 67 Technical Operations

Reinsurance Reinsurance

Reinsurance Risk Reinsurance Risk

68 Technical Operations

Reinsurance

Reinsurance Risk

69 Technical Operations

Reinsurance

Reinsurance Risk

70 Technical Operations

Reinsurance

Reinsurance Risk

71 Technical Operations

Reinsurance

Reinsurance Risk

72 Technical Operations

Reinsurance

Reinsurance Risk

73 Technical Operations 74 Technical Operations 75 Technical Operations

Reinsurance Underwriting Underwriting

Reinsurance Risk Underwriting Risk Underwriting Risk

76 Technical Operations

Underwriting

Underwriting Risk

77 Technical Operations

Underwriting

Underwriting Risk

78 Technical Operations

Underwriting

Underwriting Risk

79 Technical Operations

Underwriting

Underwriting Risk

80 Technical Operations

Underwriting

Underwriting Risk

81 Technical Operations

Underwriting

Underwriting Risk

82 Technical Operations

Underwriting

Underwriting Risk

83 Technical Operations

Underwriting

Underwriting Risk

84 Marketing

Marketing

Compliance Risk

85 Marketing

Marketing

Credit Risk

86 Marketing

Marketing

Operational Risk

87 Marketing

Marketing

Operational Risk

88 Marketing

Marketing

Operational Risk

89 Marketing

Marketing

Operational Risk

90 Marketing

Marketing

Operational Risk

91 Marketing 92 Marketing 93 Risk Management

Marketing Marketing Risk Management

Operational Risk Operational Risk Compliance Risk

94 Risk Management

Risk Management

Operational Risk

95 Risk Management

Risk Management

Operational Risk

96 Risk Management

Risk Management

Operational Risk

97 Risk Management

Risk Management

Operational Risk

98 Risk Management

Risk Management

Operational Risk

99 Risk Management

Risk Management

Operational Risk

100 Life Operations

Life Operations

Compliance Risk

101 Life Operations

Life Operations

Credit Risk

102 Life Operations 103 Life Operations 104 Life Operations 105 Life Operations

Life Operations Life Operations Life Operations Life Operations

Credit Risk Operational Risk Operational Risk Operational Risk

106 Life Operations

Life Operations

Operational Risk

107 Life Operations

Life Operations

Operational Risk

108 Life Operations

Life Operations

Operational Risk

109 Life Operations 110 Life Operations 111 Life Operations

Life Operations Life Operations Life Operations

Operational Risk Operational Risk Operational Risk

112 Life Operations

Life Operations

Operational Risk

113 Life Operations

Life Operations

Operational Risk

114 Life Operations

Life Operations

Operational Risk

115 Life Operations

Life Operations

Operational Risk

116 Life Operations

Life Operations

Operational Risk

117 Life Operations

Life Operations

Operational Risk

118 Life Operations

Life Operations

Operational Risk

119 Life Operations 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150

Life Operations

Operational Risk

151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200

201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250

Risk Description
Risk of financial loss arising from advance payments to suppliers and vendors Services and assets are procured without appropriate approval Stockout resulting from delays in the internal procurement approval process The failure of suppliers to deliver supplies and projects to time, specification and contract terms Loss of bargaining power resulting from over reliance on key suppliers Inefficient bidding process results in major purchases being made at suboptimal combination of price, quality and service Unresolved disputes and financial losses arising from unclear terms and conditions in contracts Assets additions, disposals and other movements in the fixed asset register are recorded inappropriately Payment for unauthorised procurement of assets and services Payments may be made for the procurement of fictitious services, supplies or assets Delayed payment arising from inefficiencies in the payment process resulting in loss of reputaion Inefficiencies in the payment process resulting in the over or under payment of suppliers IOUs are issued without authorisation and necessary approval Approved IOUs may not be used for valid business purposes Supplies do not meet specification listed in LPO or other contractual documents Items and supplies are received/issued without appropriate approval or authorisation Items are not tracked on bin cards increasing the risk of stockouts Inefficiencies in the store management process resulting in delayed issurance of requested items Assets are dispossed without appropriate authorisation and approval The company may suffer fines and penalties because of noncompliance with applicable tax regulations

I 3.09 3.45 3.00 3.45 3.18 2.91 3.00 2.82 2.82 3.00 2.73 2.73 2.64 2.45 2.82 2.73 2.55 2.64 3.09 3.82

Gross L 2.64 2.91 3.64 3.00 3.82 3.00 2.64 3.50 1.36 1.73 2.73 2.45 2.82 2.36 2.82 3.18 3.00 3.00 2.82 3.09

LR
Medium Medium Medium

Medium

Medium

Medium

Medium

Medium

Medium Medium

Medium

Medium Medium Medium Medium Medium Medium

Medium

Medium

High

Mismatch between the company's assets and liability leading to its inability to settle claims and meet its other financial obligations. The value of the company's investment portfolio may be eroded as a result of volatility in the prices of securities and interest rate General economic downturn (recessions etc.) leading to erossion in the value of the company's investment portfolio Unrealistic assumptions may be used to prepare budget for the company Standard MS Excel template used for preparing budget in the company may not be robust enough for monitoring and controling budget variances Errors and issues during the migration of financial information from other platforms to SIRIUS leading to incomplete or inaccurate financial reporting Standard MS Excel template used for preparing critical financial reports may be corrupt or compromised leading to incomplete or inaccurate financial reports Unauthorised adjustments may be made to financial statements leading to misstated financial reports Adjustments to financial statements may be recorded incorrectly thus leading to misstated financial statements Inadequate knowledge of the reporting module in SURIUS by FINCON personnel resulting in misstatment, inaccurate or incomplete financial statements Errors and issues around exporting financial information from SIRIUS to MS Excel leading to inaccurate or incomplete financial statements Delays in sending reports and returns to regulators leading fines and sanctions Errors and issues around tranferring fixed assets information from standard MS Excel template to SIRIUS resulting in misstated financial statements e.g misstated financial statements resulting from inconsistency in depreciation charged for assest purchased The fixed asset register may not be updated timely or properly because source documents relating to asset purchase are not provided timely.

3.55

3.00

High

3.82

3.36

High

3.91 3.82

2.82 3.64

High

High

3.45

3.91

Medium

3.55

3.64

High

3.27

3.18

Medium

3.36

2.91

Medium

3.18

3.18

Medium

3.09

2.91

Medium

2.55 3.64

2.36 3.09

Medium

High

2.91

2.91

Medium

3.09

3.36

Medium

Missated financial statements resulting from wrong treatment and disclosure of financial information e.g. prepayments and accruals Tax liabilities may be wrongly computed resulting in inaccurate remittance to tax authority Transactions and other entries may be entered into the system without appropriate approval The company may suffer fines from its regulators or lose certain benefits because of its failure to deduct and timely remit NHF, PAYE, pension and other regulatory deductions Failure to develop and implement certain training plans (AML) may expose the company to fines from its regulators Advances and prepayments (leave allowance, cost of passage) may be bestowed on employees before they are earned, thus exposing the company to the risk that it may not recover such payments when employees employment are terminated The company may be unable to recover loans made to employees upon the termination of their employment or resignation Deductions and other monthly payroll inputs may not be inputted in the system properly resulting in inaccurate payments to employees Inadequacies in the company's talent management and performance appriaisal system may significantly affect its ability to retain talented employees The company may be unable to attract, retain and place personnel with the necessary skills to achieve its business objectives Inadequate succession planning The manual tranfer of information from iGas to SIRIUS may not guarantee the integrity and completeness of tranferred information Overreliance on a single internet service provider exposes the company to the risk that its operations would be hampered by the failure of its service provider The lack of an off-site backup location exposes the company to the risk that it may be unable to restart its operations within a reasonable timeframe in the event of a disaster

3.18

3.18

Medium

3.27 3.00

3.27 3.18

Medium

Medium

3.45

2.82

Medium

3.45

3.45

Medium

3.09

3.73

Medium

3.09

3.91

Medium

2.64

2.73

Medium

3.27

3.27

Medium

3.27 3.73 3.40

3.00 3.45 3.60

Medium

High

Medium

3.64

3.55

High

4.36

4.18

High

Inability of systems to receive anti-virus updates exposing the company's systems to the risk that it may be compromised by virus and other malwares Unauthorised logical access to the company's computer systems resulting in loss/modification of company data and information Inadequate segregation of duties on the company's computer system resulting in unathorised user access of sensitive company information Claims payments may be made to cover losses for client's with outstanding premium balances Claims may be settled for risk not covered in client's policy Policy excess may not be deducted from final claims settlement Inefficiencies in the claims handling process leading to delayed payments and loss of reputation Claims settlement may be processed for the wrong class of business The company may be unable to repossess salvage items, in whole or parts, after final settlement The insured may connive with internal and external parties to defraud the company Claims payment may be made to settle non-existent losses The company may suffer fines and penalties from its regulators because of delays in sending reports and returns Outstanding premium may not be recovered by the company due to inadequate follow-up by marketers and credit control personnel. The company may be unable to recover its full premium because third parties (agents, brokers, coinsurers) deduct fees and commissions not previously agreed. The company may suffer fines and penalties because of failures to make adequate provisions for doubtful debt Inefficiencies and gaps in the bank reconciliation process may hamper efforts to effectively follow-up on outstanding premiums. The company may suffer fines and penalties from its regulators because of delays in sending reports and returns.

3.45

3.55

Medium

3.30

2.70

Medium

3.50

2.90

High

3.58 3.50 2.83 4.08 3.50 3.08 3.83 3.50 4.00

2.42 2.25 2.33 3.17 2.17 3.17 3.00 2.17 2.75

High High Medium

High

High

Medium

High High

High

3.75

3.33

High

3.58

3.67

High

3.67

2.83

High

3.50

3.08

High

4.00

3.08

High

Inability to recover claims from relevant counterparties such as reinsurers and coinsurers Failure to pay reinsurance premium exposing the company to the risk of being off-cover Delays and time-lags in the process for arranging and approving coinsurance or fac-out arrangement may expose the company to the risk of being off-cover The company may exceed its treaty capacity without adequate arrangements to transfer excess risk to third parties The company may fail to recover premiums from the lead insurer on coinsurance arrangement The company may suffer fines and penalties from its regulators because of delays in sending reports and returns Reinsurance personnel may not initiate actions to transfer risks above the company's treaty limits to relevant third parties Inability to place excess risks with relevant third party (reinsurers, coinsurers) because of inadequate premium or quality of risk insured The company may incept cover for risks that have not been surveyed The company may not charge adequate premiums to cover for the risks it is assuming Historically unprofitable businesses may be renewed because claims history and other relevant information are not reviewed as part of the policy renewal process Inadequate risk analysis in the underwriting process leading to mispricing or suboptimal pricing of risks The company may underwrite risks for which it does not have adequate and appropriate reinsurance coverage in place Inadequate communication of set limits leading to misalignment between underwriting activities and business plan Ineffective risk analysis and poor risk differentiation resulting in mispriced risks and loss of business to competitors Inability to obtain reliable and accurate information on clients leading to bad pricing decisions Competitive pressure (rate cutting) may result in the company charging suboptimal premiums for the risks it insures

3.92 4.08

3.08 3.08

High

High

3.92

3.08

High

4.17

3.00

High

3.67

3.33

High

3.67

3.00

High

4.08

3.08

High

3.83 3.83 3.73

2.92 3.58 2.82

High

High High

3.92

3.50

High

3.83

3.25

High

4.25

3.17

High

3.36

2.91

Medium

3.58

3.17

High

3.42

3.00

Medium

3.58

3.33

High

The company may suffer fines and penalties from its regulators because of delays in sending reports and returns The company may be unable to gather sufficient information about its clients to fulfil KYC requirements thus exposing it to fines and sanctions from its regulators Ineffective follow-up by marketers leading to the company's inability to recover outstanding premiums Inadequate follow-up and relationship management with agents, clients, brokers and other insurance companies resulting in the failure to retain existing business and/or win new business The company may be unable to gather reliable and accurate information on its customers leading to poor products development decisions Ineffective communication channels between technical operations (underwriting, reinsurance) personnel and marketers may result in the company accepting risks it ordinarily would not accept The failure of marketers to respond timely to proposal requests and other business inquires resulting in the loss of potentially profitable business Marketers may fail to notice changing trends in the markets leading to the companys inability to respond promptly to clients' needs Insufficient knowledge of the company's products significantly limiting the ability of marketers sell effectively Marketers may connive to devert the company's business The company may suffer fines and penalties from its regulators because of delays in sending reports and returns Inadequate pre-loss assessment by risk management personnel leading to mispricing or suboptimal pricing of risk Risk management personnel may not have the skills and wherewithal to effectively perform their functions (loss adjustment, pre-loss survey) Inaccurate claims adjustments resulting in the company paying more than it should in claims settlement

3.83

3.00

High

3.57

3.93

High

3.85

3.46

High

3.93

3.64

High

3.93

3.50

High

4.07

4.00

High

3.07

2.57

Medium

3.79

3.71

High

3.71 3.85 3.71

3.50 3.54 3.14

High

High

High

3.86

3.64

High

3.57

3.21

High

4.07

3.43

High

Third party surveyors/risk adjustors may connive with the insured to defraud the company Inefficiencies in the market survey process leading to the company settling claims at amounts significantly higher than prevailing market rates Inefficiencies in the pre-loss survey process resulting in significant under or over valuation of assets The company may suffer fines and penalties from its regulators because of delays in sending reports and returns The company may be unable to recover its full premium from third parties (brokers, coinsurers, reinsurers) because they deduct fees and commissions not previously agreed Inadequate follow-up resulting in the company's inability to recover unpaid premiums contributions The company may settle claims for client's with outstanding premium balances or contributions Claims may be settled for life not initially covered by client's life policy Inefficiencies in the life claims handling process leading to delayed payments and loss of reputation The assured may connive with internal and external parties to defraud the company (e.g. money laundering) The company may fail to recover claims from relevant counterparties such as reinsurers and coinsurers Inadequate risk analysis in the life underwriting process leading to mispricing or suboptimal pricing of risks Inadequate communication of set limits leading to misalignment between life underwriting activities and business plan Poor risk differentiation resulting in mispriced risks and loss of business to competitors Inability to obtain reliable and accurate information on clients leading to poor pricing decisions Competitive pressure (rate cutting) may result in the company charging suboptimal premiums for lifes it assures The company may fail to conduct additional medical examination for assured lifes above the free cover limit

4.07

3.57

High

3.57

3.14

High

3.86

3.71

High

4.21

3.71

High

4.00

3.57

High

3.86 3.79 3.57 3.71

3.36 2.71 3.00 3.14

High

High High

High

3.64

3.00

High

3.85

3.69

High

3.85

3.54

High

3.31 4.00 3.62

3.23 3.85 3.69

Medium

High

High

4.00

3.92

High

3.54

3.38

High

The company may be unable to properly assess substandard life cases thus resulting in suboptimal premiums for lifes it assures Failure to pay reinsurance or coinsurance premiums may expose the company to the risk of being off-cover Inadequate premiums or poor quality of assured life resulting in an inability to place excess risks with reinsurers or coinsurers Poor underwriting by life operations personnel leading to inadequate risk differentiation and risk management Personnel may not respond to business inquiries timely resulting in the loss of potentially profitable business to competitors Inadequate follow-up and relationship management with clients and brokers resulting in the failure to retain existing clients or gain new businesses

3.23

2.85

Medium

4.31

3.46

High

3.62

3.08

High

3.62

3.31

High

3.38

3.23

Medium

3.64

3.27

High

Control Fair Fair Fair Fair Fair Fair Fair Fair Good Good Fair Good Good Fair Fair Fair Fair Fair Good Fair

I 2.18 2.18 2.36 2.36 2.36 2.18 2.18 2.36 2.27 2.45 2.18 2.09 2.00 2.00 2.40 1.90 2.20 2.10 2.70 3.36

Residual L 1.91 1.91 2.36 2.27 2.45 2.09 1.73 2.82 1.09 1.09 1.91 1.64 1.64 1.18 1.70 1.90 2.30 2.10 1.20 2.27

LR
Medium Medium Medium

Medium

Medium

Medium

Medium

Medium

Low Low

Medium

Medium Medium Low Medium Medium Medium

Medium

Medium

Medium

Good

2.80

1.50

Medium

Fair

3.18

2.00

Medium

Fair Fair

3.09 3.18

2.18 2.36

Medium

Medium

Fair

3.18

3.09

Medium

Fair

3.00

2.45

Medium

Good

2.55

1.91

Medium

Fair

2.73

1.36

Medium

Fair

2.64

1.82

Medium

Good

2.36

1.45

Low

Good Fair

2.09 3.18

1.18 2.09

Low

Medium

Fair

2.45

2.00

Medium

Fair

2.64

2.64

Medium

Fair

2.73

2.55

Medium

Fair Fair

2.73 2.55

2.45 2.00

Medium

Medium

Good

3.00

1.55

Medium

Fair

2.91

2.27

Medium

Fair

2.82

3.09

Medium

Fair

2.73

3.45

Medium

Good

2.18

1.36

Low

Good

2.91

2.18

Medium

Fair Good Poor

3.00 3.18 3.20

2.18 2.27 3.20

Medium

Medium

Medium

Poor

3.36

3.27

Medium

Poor

4.09

3.55

High

Fair

3.45

3.09

Medium

Fair

3.10

1.70

Medium

Fair

2.70

1.70

Medium

Fair Fair Fair Fair Fair Fair Fair Fair Fair

2.25 2.58 2.08 2.75 2.92 2.33 3.25 2.67 3.50

1.08 1.17 1.58 2.25 1.42 2.67 2.08 1.33 1.83

Low Medium Medium

Medium

Medium

Medium

Medium Medium

High

Fair

3.08

2.67

Medium

Fair

3.00

2.58

Medium

Fair

2.83

1.75

Medium

Fair

2.67

2.33

Medium

Fair

3.33

1.83

Medium

Fair Fair

3.08 3.00

2.17 1.92

Medium

Medium

Fair

3.08

2.33

Medium

Fair

3.25

1.67

Medium

Fair

3.08

2.33

Medium

Fair

3.08

1.67

Medium

Fair

3.33

2.00

Medium

Fair Fair Fair

3.25 3.25 2.82

2.42 2.83 1.91

Medium

Medium Medium

Fair

3.08

2.33

Medium

Fair

2.92

2.08

Medium

Fair

3.08

1.92

Medium

Fair

2.64

1.91

Medium

Fair

2.58

2.42

Medium

Fair

2.67

2.17

Medium

Fair

2.92

2.50

Medium

Fair

3.17

1.92

Medium

Fair

2.15

2.36

Medium

Fair

2.31

2.31

Medium

Fair

2.71

2.50

Medium

Poor

3.43

3.21

Medium

Poor

2.93

2.93

Medium

Fair

2.14

1.93

Medium

Poor

2.93

2.79

Medium

Poor Poor Fair

2.57 3.15 2.57

2.29 2.77 2.07

Medium

Medium

Medium

Fair

2.64

2.43

Medium

Fair

2.36

2.14

Medium

Fair

2.43

2.21

Medium

Fair

2.57

2.50

Medium

Fair

2.07

2.14

Medium

Fair

2.86

2.86

Medium

Fair

2.57

2.14

Medium

Fair

2.29

2.36

Medium

Fair Good Fair Fair

2.62 2.00 2.07 2.43

2.54 1.50 1.57 2.21

Medium

Medium Medium

Medium

Fair

2.36

2.21

Medium

Poor

2.85

2.92

Medium

Fair

2.54

2.15

Medium

Fair Poor Poor

2.15 2.92 2.69

2.15 2.85 2.77

Medium

Medium

Medium

Fair

2.77

2.69

Medium

Fair

2.17

2.33

Medium

Fair

2.15

2.08

Medium

Fair

2.38

1.92

Medium

Fair

2.23

2.00

Medium

Fair

2.54

2.46

Medium

Poor

2.54

2.38

Medium

Fair

2.45

2.27

Medium

Distribution - Level of Risk (Gross)

Distribution - Level of Risk (Gross)

0% 10%

0%

12%

40%
High Medium

Excellent Good

60%

Fair

Low

78%

Poor Very Poor

Distribution - Residual Risk High 2 Medium 110 Low 7

Distribution - Level of Risk (Residual)

High Medium
Low

Distribution - Risk Category Claims Risk Compliance Risk Credit Risk Liquidity Risk Market Risk Operational Risk Reinsurance Risk Underwriting Risk

Distribution - Risk Category

Claims Risk
1% 2%

Compliance Risk
Credit Risk Liquidity Risk

Market Risk 60%

92%

Underwriting Risk

SN

Department

Process Procurement Procurement Procurement Procurement Procurement Procurement Procurement Procurement Bills, Invoices Bills, Invoices Bills, Invoices Bills, Invoices IOU IOU Receipt Receipt/ issuance Issuance Issuance Disposal Tax

Category Credit Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Compliance Risk

1 Admin 2 Admin 3 Admin 4 Admin 5 Admin 6 Admin 7 Admin 8 Admin 9 Admin 10 Admin 11 Admin 12 Admin 13 Admin 14 Admin 15 Admin 16 Admin 17 Admin 18 Admin 19 Admin 20 FINCON

21 FINCON

Investment

Liquidity Risk

22 FINCON

Investment

Market Risk

23 FINCON 24 FINCON 25 FINCON

Investment Budgetting Budgetting

Market Risk Operational Risk Operational Risk

26 FINCON

Financial Reporting Operational Risk

27 FINCON

Financial Reporting Operational Risk

28 FINCON

Financial Reporting Operational Risk

29 FINCON

Financial Reporting Operational Risk

30 FINCON

Financial Reporting Operational Risk

31 FINCON 32 FINCON

Financial Reporting Operational Risk Financial Reporting Compliance Risk

33 FINCON

Financial Reporting Operational Risk

34 FINCON

Financial Reporting Operational Risk

35 FINCON 36 FINCON 37 FINCON

Financial Reporting Operational Risk Financial Reporting Operational Risk Financial Reporting Operational Risk

38 Human Capital

Payroll

Compliance Risk

39 Human Capital

Training

Compliance Risk

40 Human Capital

Payroll

Credit Risk

41 Human Capital

Loans & Advances

Credit Risk

42 Human Capital

Payroll

Operational Risk

43 Human Capital

Recruitment and Development Recruitment and Development Recruitment and Development Information Technology Information Technology

Operational Risk

44 Human Capital 45 Human Capital 46 Information Technology Information Technology

Operational Risk Operational Risk Operational Risk

47

Operational Risk

48

Information Technology Information Technology Information Technology Information Technology Technical Operations

Information Technology Information Technology Information Technology Information Technology Claims

Operational Risk

49

Operational Risk

50

Operational Risk

51 52

Operational Risk Claims Risk

53 54 55 56 57 58 59 60

Technical Operations Technical Operations Technical Operations Technical Operations Technical Operations Technical Operations Technical Operations Technical Operations Technical Operations Technical Operations Technical Operations Technical Operations Technical Operations

Claims Claims Claims Claims Claims Claims Claims Claims

Claims Risk Claims Risk Claims Risk Claims Risk Claims Risk Claims Risk Claims Risk Claims Risk

61

Credit Control

Credit Risk

62

Credit Control

Credit Risk

63

Credit Control

Compliance Risk

64

Credit Control

Operational Risk

65 66

Credit Control Reinsurance Reinsurance

Compliance Risk Reinsurance Risk Reinsurance Risk

Technical Operations Technical 67 Operations 68 Technical Operations Technical Operations Technical Operations Technical Operations

Reinsurance

Reinsurance Risk

69 70 71

Reinsurance Reinsurance Reinsurance

Reinsurance Risk Reinsurance Risk Reinsurance Risk

72

Technical Operations Technical Operations

Reinsurance

Reinsurance Risk

73 74

Reinsurance Underwriting Underwriting

Reinsurance Risk Underwriting Risk Underwriting Risk

Technical Operations Technical 75 Operations 76 Technical Operations Technical Operations Technical Operations Technical Operations Technical Operations Technical Operations Technical Operations Technical Operations

Underwriting

Underwriting Risk

77 78

Underwriting Underwriting

Underwriting Risk Underwriting Risk

79

Underwriting

Underwriting Risk

80 81 82

Underwriting Underwriting Underwriting

Underwriting Risk Underwriting Risk Underwriting Risk

83

Underwriting

Underwriting Risk

84 Marketing

Marketing

Compliance Risk

85 Marketing

Marketing

Credit Risk

86 Marketing

Marketing

Operational Risk

87 Marketing

Marketing

Operational Risk

88 Marketing

Marketing

Operational Risk

89 Marketing

Marketing

Operational Risk

90 Marketing

Marketing

Operational Risk

91 Marketing 92 Marketing 93 Risk Management Risk Management Risk Management Risk Management Risk Management Risk Management Risk Management

Marketing Marketing Risk Management

Operational Risk Operational Risk Compliance Risk

94

Risk Management

Operational Risk

95

Risk Management

Operational Risk

96 97 98

Risk Management Risk Management Risk Management

Operational Risk Operational Risk Operational Risk

99

Risk Management

Operational Risk

100 Life Operations

Life Operations

Compliance Risk

101 Life Operations

Life Operations

Credit Risk

102 Life Operations 103 Life Operations 104 Life Operations

Life Operations Life Operations Life Operations

Credit Risk Operational Risk Operational Risk

105 Life Operations 106 Life Operations

Life Operations Life Operations

Operational Risk Operational Risk

107 Life Operations

Life Operations

Operational Risk

108 Life Operations

Life Operations

Operational Risk

109 Life Operations 110 Life Operations 111 Life Operations 112 Life Operations

Life Operations Life Operations Life Operations Life Operations

Operational Risk Operational Risk Operational Risk Operational Risk

113 Life Operations

Life Operations

Operational Risk

114 Life Operations

Life Operations

Operational Risk

115 Life Operations

Life Operations

Operational Risk

116 Life Operations

Life Operations

Operational Risk

117 Life Operations

Life Operations

Operational Risk

118 Life Operations

Life Operations

Operational Risk

119 Life Operations 120 121 122 123 124 125 126

Life Operations

Operational Risk

127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176

177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226

227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250

Risk Description Risk of financial loss arising from advance payments to suppliers and vendors Services and assets are procured without appropriate approval Stockout resulting from delays in the internal procurement approval process The failure of suppliers to deliver supplies and projects to time, specification and contract terms Loss of bargaining power resulting from over reliance on key suppliers Inefficient bidding process results in major purchases being made at suboptimal combination of price, quality and service Unresolved disputes and financial losses arising from unclear terms and conditions in contracts Assets additions, disposals and other movements in the fixed asset register are recorded inappropriately Payment for unauthorised procurement of assets and services Payments may be made for the procurement of fictitious services, supplies or assets Delayed payment arising from inefficiencies in the payment process resulting in loss of reputaion Inefficiencies in the payment process resulting in the over or under payment of suppliers IOUs are issued without authorisation and necessary approval Approved IOUs may not be used for valid business purposes Supplies do not meet specification listed in LPO or other contractual documents Items and supplies are received/issued without appropriate approval or authorisation Items are not tracked on bin cards increasing the risk of stockouts Inefficiencies in the store management process resulting in delayed issurance of requested items Assets are dispossed without appropriate authorisation and approval The company may suffer fines and penalties because of noncompliance with applicable tax regulations Mismatch between the company's assets and liability leading to its inability to settle claims and meet its other financial obligations.

I 3.09 3.45 3.00 3.45 3.18 2.91 3.00 2.82 2.82 3.00 2.73 2.73 2.64 2.45 2.82 2.73 2.55 2.64 3.09 3.82

Gross L

LR

Control Fair Fair Fair Fair Fair Fair Fair Fair Good Good Fair Good Good Fair Fair Fair Fair Fair Good Fair

2.64 Medium 2.91 Medium 3.64 Medium 3.00 Medium 3.82 Medium 3.00 Medium 2.64 Medium 3.50 Medium 1.36 Medium 1.73 Medium 2.73 Medium 2.45 Medium 2.82 Medium 2.36 Medium 2.82 Medium 3.18 Medium 3.00 Medium 3.00 Medium 2.82 Medium 3.09 High

3.55

3.00 High

Good

The value of the company's investment portfolio may be eroded as a result of volatility in the prices of securities and interest rate General economic downturn (recessions etc.) leading to erossion in the value of the company's investment portfolio Unrealistic assumptions may be used to prepare budget for the company Standard MS Excel template used for preparing budget in the company may not be robust enough for monitoring and controling budget variances Errors and issues during the migration of financial information from other platforms to SIRIUS leading to incomplete or inaccurate financial reporting Standard MS Excel template used for preparing critical financial reports may be corrupt or compromised leading to incomplete or inaccurate financial reports Unauthorised adjustments may be made to financial statements leading to misstated financial reports Adjustments to financial statements may be recorded incorrectly thus leading to misstated financial statements Inadequate knowledge of the reporting module in SURIUS by FINCON personnel resulting in misstatment, inaccurate or incomplete financial statements Errors and issues around exporting financial information from SIRIUS to MS Excel leading to inaccurate or incomplete financial statements Delays in sending reports and returns to regulators leading fines and sanctions Errors and issues around tranferring fixed assets information from standard MS Excel template to SIRIUS resulting in misstated financial statements e.g misstated financial statements resulting from inconsistency in depreciation charged for assest purchased The fixed asset register may not be updated timely or properly because source documents relating to asset purchase are not provided timely. Missated financial statements resulting from wrong treatment and disclosure of financial information e.g. prepayments and accruals Tax liabilities may be wrongly computed resulting in inaccurate remittance to tax authority Transactions and other entries may be entered into the system without appropriate approval

3.82

3.36 High

Fair

3.91 3.82 3.45

2.82 High 3.64 High 3.91 Medium

Fair Fair Fair

3.55

3.64 High

Fair

3.27

3.18 Medium

Good

3.36

2.91 Medium

Fair

3.18

3.18 Medium

Fair

3.09

2.91 Medium

Good

2.55 3.64

2.36 Medium 3.09 High

Good Fair

2.91

2.91 Medium

Fair

3.09

3.36 Medium

Fair

3.18 3.27 3.00

3.18 Medium 3.27 Medium 3.18 Medium

Fair Fair Fair

The company may suffer fines from its regulators or lose certain benefits because of its failure to deduct and timely remit NHF, PAYE, pension and other regulatory deductions Failure to develop and implement certain training plans (AML) may expose the company to fines from its regulators Advances and prepayments (leave allowance, cost of passage) may be bestowed on employees before they are earned, thus exposing the company to the risk that it may not recover such payments when employees employment are terminated The company may be unable to recover loans made to employees upon the termination of their employment or resignation Deductions and other monthly payroll inputs may not be inputted in the system properly resulting in inaccurate payments to employees Inadequacies in the company's talent management and performance appriaisal system may significantly affect its ability to retain talented employees The company may be unable to attract, retain and place personnel with the necessary skills to achieve its business objectives Inadequate succession planning The manual tranfer of information from iGas to SIRIUS may not guarantee the integrity and completeness of tranferred information Overreliance on a single internet service provider exposes the company to the risk that its operations would be hampered by the failure of its service provider The lack of an off-site backup location exposes the company to the risk that it may be unable to restart its operations within a reasonable timeframe in the event of a disaster Inability of systems to receive anti-virus updates exposing the company's systems to the risk that it may be compromised by virus and other malwares Unauthorised logical access to the company's computer systems resulting in loss/modification of company data and information Inadequate segregation of duties on the company's computer system resulting in unathorised user access of sensitive company information Claims payments may be made to cover losses for client's with outstanding premium balances

3.45

2.82 Medium

Good

3.45

3.45 Medium

Fair

3.09

3.73 Medium

Fair

3.09

3.91 Medium

Fair

2.64

2.73 Medium

Good

3.27

3.27 Medium

Good

3.27 3.73 3.40

3.00 Medium 3.45 High 3.60 Medium

Fair Good Poor

3.64

3.55 High

Poor

4.36

4.18 High

Poor

3.45

3.55 Medium

Fair

3.30

2.70 Medium

Fair

3.50 3.58

2.90 High 2.42 High

Fair Fair

Claims may be settled for risk not covered in client's policy Policy excess may not be deducted from final claims settlement Inefficiencies in the claims handling process leading to delayed payments and loss of reputation Claims settlement may be processed for the wrong class of business The company may be unable to repossess salvage items, in whole or parts, after final settlement The insured may connive with internal and external parties to defraud the company Claims payment may be made to settle non-existent losses The company may suffer fines and penalties from its regulators because of delays in sending reports and returns Outstanding premium may not be recovered by the company due to inadequate follow-up by marketers and credit control personnel. The company may be unable to recover its full premium because third parties (agents, brokers, coinsurers) deduct fees and commissions not previously agreed. The company may suffer fines and penalties because of failures to make adequate provisions for doubtful debt Inefficiencies and gaps in the bank reconciliation process may hamper efforts to effectively follow-up on outstanding premiums. The company may suffer fines and penalties from its regulators because of delays in sending reports and returns. Inability to recover claims from relevant counterparties such as reinsurers and coinsurers Failure to pay reinsurance premium exposing the company to the risk of being off-cover Delays and time-lags in the process for arranging and approving coinsurance or fac-out arrangement may expose the company to the risk of being off-cover The company may exceed its treaty capacity without adequate arrangements to transfer excess risk to third parties The company may fail to recover premiums from the lead insurer on coinsurance arrangement The company may suffer fines and penalties from its regulators because of delays in sending reports and returns

3.50 2.83 4.08 3.50 3.08 3.83 3.50 4.00

2.25 High 2.33 Medium 3.17 High 2.17 High 3.17 Medium 3.00 High 2.17 High 2.75 High

Fair Fair Fair Fair Fair Fair Fair Fair

3.75

3.33 High

Fair

3.58

3.67 High

Fair

3.67

2.83 High

Fair

3.50

3.08 High

Fair

4.00 3.92 4.08

3.08 High 3.08 High 3.08 High

Fair Fair Fair

3.92

3.08 High

Fair

4.17 3.67 3.67

3.00 High 3.33 High 3.00 High

Fair Fair Fair

Reinsurance personnel may not initiate actions to transfer risks above the company's treaty limits to relevant third parties Inability to place excess risks with relevant third party (reinsurers, coinsurers) because of inadequate premium or quality of risk insured The company may incept cover for risks that have not been surveyed The company may not charge adequate premiums to cover for the risks it is assuming Historically unprofitable businesses may be renewed because claims history and other relevant information are not reviewed as part of the policy renewal process Inadequate risk analysis in the underwriting process leading to mispricing or suboptimal pricing of risks The company may underwrite risks for which it does not have adequate and appropriate reinsurance coverage in place Inadequate communication of set limits leading to misalignment between underwriting activities and business plan Ineffective risk analysis and poor risk differentiation resulting in mispriced risks and loss of business to competitors Inability to obtain reliable and accurate information on clients leading to bad pricing decisions Competitive pressure (rate cutting) may result in the company charging suboptimal premiums for the risks it insures The company may suffer fines and penalties from its regulators because of delays in sending reports and returns The company may be unable to gather sufficient information about its clients to fulfil KYC requirements thus exposing it to fines and sanctions from its regulators Ineffective follow-up by marketers leading to the company's inability to recover outstanding premiums Inadequate follow-up and relationship management with agents, clients, brokers and other insurance companies resulting in the failure to retain existing business and/or win new business The company may be unable to gather reliable and accurate information on its customers leading to poor products development decisions

4.08

3.08 High

Fair

3.83 3.83 3.73

2.92 High 3.58 High 2.82 High

Fair Fair Fair

3.92

3.50 High

Fair

3.83 4.25

3.25 High 3.17 High

Fair Fair

3.36

2.91 Medium

Fair

3.58 3.42 3.58

3.17 High 3.00 Medium 3.33 High

Fair Fair Fair

3.83

3.00 High

Fair

3.57

3.93 High

Fair

3.85

3.46 High

Fair

3.93

3.64 High

Fair

3.93

3.50 High

Poor

Ineffective communication channels between technical operations (underwriting, reinsurance) personnel and marketers may result in the company accepting risks it ordinarily would not accept The failure of marketers to respond timely to proposal requests and other business inquires resulting in the loss of potentially profitable business Marketers may fail to notice changing trends in the markets leading to the companys inability to respond promptly to clients' needs Insufficient knowledge of the company's products significantly limiting the ability of marketers sell effectively Marketers may connive to devert the company's business The company may suffer fines and penalties from its regulators because of delays in sending reports and returns Inadequate pre-loss assessment by risk management personnel leading to mispricing or suboptimal pricing of risk Risk management personnel may not have the skills and wherewithal to effectively perform their functions (loss adjustment, pre-loss survey) Inaccurate claims adjustments resulting in the company paying more than it should in claims settlement Third party surveyors/risk adjustors may connive with the insured to defraud the company Inefficiencies in the market survey process leading to the company settling claims at amounts significantly higher than prevailing market rates Inefficiencies in the pre-loss survey process resulting in significant under or over valuation of assets The company may suffer fines and penalties from its regulators because of delays in sending reports and returns The company may be unable to recover its full premium from third parties (brokers, coinsurers, reinsurers) because they deduct fees and commissions not previously agreed Inadequate follow-up resulting in the company's inability to recover unpaid premiums contributions The company may settle claims for client's with outstanding premium balances or contributions Claims may be settled for life not initially covered by client's life policy

4.07

4.00 High

Poor

3.07

2.57 Medium

Fair

3.79

3.71 High

Poor

3.71 3.85 3.71

3.50 High 3.54 High 3.14 High

Poor Poor Fair

3.86

3.64 High

Fair

3.57

3.21 High

Fair

4.07 4.07 3.57

3.43 High 3.57 High 3.14 High

Fair Fair Fair

3.86

3.71 High

Fair

4.21

3.71 High

Fair

4.00

3.57 High

Fair

3.86 3.79 3.57

3.36 High 2.71 High 3.00 High

Fair Good Fair

Inefficiencies in the life claims handling process leading to delayed payments and loss of reputation The assured may connive with internal and external parties to defraud the company (e.g. money laundering) The company may fail to recover claims from relevant counterparties such as reinsurers and coinsurers Inadequate risk analysis in the life underwriting process leading to mispricing or suboptimal pricing of risks Inadequate communication of set limits leading to misalignment between life underwriting activities and business plan Poor risk differentiation resulting in mispriced risks and loss of business to competitors Inability to obtain reliable and accurate information on clients leading to poor pricing decisions Competitive pressure (rate cutting) may result in the company charging suboptimal premiums for lifes it assures The company may fail to conduct additional medical examination for assured lifes above the free cover limit The company may be unable to properly assess substandard life cases thus resulting in suboptimal premiums for lifes it assures Failure to pay reinsurance or coinsurance premiums may expose the company to the risk of being off-cover Inadequate premiums or poor quality of assured life resulting in an inability to place excess risks with reinsurers or coinsurers Poor underwriting by life operations personnel leading to inadequate risk differentiation and risk management Personnel may not respond to business inquiries timely resulting in the loss of potentially profitable business to competitors Inadequate follow-up and relationship management with clients and brokers resulting in the failure to retain existing clients or gain new businesses

3.71 3.64

3.14 High 3.00 High

Fair Fair

3.85

3.69 High

Poor

3.85

3.54 High

Fair

3.31 4.00 3.62 4.00

3.23 Medium 3.85 High 3.69 High 3.92 High

Fair Poor Poor Fair

3.54

3.38 High

Fair

3.23

2.85 Medium

Fair

4.31

3.46 High

Fair

3.62

3.08 High

Fair

3.62

3.31 High

Fair

3.38

3.23 Medium

Poor

3.64

3.27 High

Fair

I 2.18 2.18 2.36 2.36 2.36 2.18 2.18 2.36 2.27 2.45 2.18 2.09 2.00 2.00 2.40 1.90 2.20 2.10 2.70 3.36

Residual L

LR

Root Cause

1.91 Medium 1.91 Medium 2.36 Medium 2.27 Medium 2.45 Medium 2.09 Medium 1.73 Medium 2.82 Medium 1.09 Low 1.09 Low 1.91 Medium 1.64 Medium 1.64 Medium 1.18 Low 1.70 Medium 1.90 Medium 2.30 Medium 2.10 Medium 1.20 Medium 2.27 Medium

2.80

1.50 Medium

3.18

2.00 Medium

3.09 3.18 3.18

2.18 Medium 2.36 Medium 3.09 Medium

3.00

2.45 Medium

2.55

1.91 Medium

2.73

1.36 Medium

2.64

1.82 Medium

2.36

1.45 Low

2.09 3.18

1.18 Low 2.09 Medium

2.45

2.00 Medium

2.64

2.64 Medium

2.73 2.73 2.55

2.55 Medium 2.45 Medium 2.00 Medium

3.00

1.55 Medium

2.91

2.27 Medium

2.82

3.09 Medium

2.73

3.45 Medium

2.18

1.36 Low

2.91

2.18 Medium

3.00 3.18 3.20

2.18 Medium 2.27 Medium 3.20 Medium

3.36

3.27 Medium

4.09

3.55 High

3.45

3.09 Medium

3.10

1.70 Medium

2.70 2.25

1.70 Medium 1.08 Low

2.58 2.08 2.75 2.92 2.33 3.25 2.67 3.50

1.17 Medium 1.58 Medium 2.25 Medium 1.42 Medium 2.67 Medium 2.08 Medium 1.33 Medium 1.83 High

3.08

2.67 Medium

3.00

2.58 Medium

2.83

1.75 Medium

2.67

2.33 Medium

3.33 3.08 3.00

1.83 Medium 2.17 Medium 1.92 Medium

3.08

2.33 Medium

3.25 3.08 3.08

1.67 Medium 2.33 Medium 1.67 Medium

3.33

2.00 Medium

3.25 3.25 2.82

2.42 Medium 2.83 Medium 1.91 Medium

3.08

2.33 Medium

2.92 3.08

2.08 Medium 1.92 Medium

2.64

1.91 Medium

2.58 2.67 2.92

2.42 Medium 2.17 Medium 2.50 Medium

3.17

1.92 Medium

2.15

2.36 Medium

2.31

2.31 Medium

2.71

2.50 Medium

3.43

3.21 Medium

2.93

2.93 Medium

2.14

1.93 Medium

2.93

2.79 Medium

2.57 3.15 2.57

2.29 Medium 2.77 Medium 2.07 Medium

2.64

2.43 Medium

2.36

2.14 Medium

2.43 2.57 2.07

2.21 Medium 2.50 Medium 2.14 Medium

2.86

2.86 Medium

2.57

2.14 Medium

2.29

2.36 Medium

2.62 2.00 2.07

2.54 Medium 1.50 Medium 1.57 Medium

2.43 2.36

2.21 Medium 2.21 Medium

2.85

2.92 Medium

2.54

2.15 Medium

2.15 2.92 2.69 2.77

2.15 Medium 2.85 Medium 2.77 Medium 2.69 Medium

2.17

2.33 Medium

2.15

2.08 Medium

2.38

1.92 Medium

2.23

2.00 Medium

2.54

2.46 Medium

2.54

2.38 Medium

2.45

2.27 Medium

Mitigating Control

KRI

Risk Owner

Action Plan

Comment