GOVERNANCE REPORT RISK REPORT REMUNERATION REPORT
  Main risk types applicable to the Group have been identified and are called principal risks. Each principal risk is mitigated through a Risk Management Framework. Risk management frameworks are developed with a systemic approach to risk and control framework design to ensure that our risk management practices support and sustain the system’s performance objectives.
GRICAF objectives
At a strategic level, the objectives of the GRICAF are to:
• Optimise efficiency by effectively using risk resources in the Group
• Directly contribute to the creation of end-customer value by eliminating unnecessary tasks in the process
• Build standard risk management accountability, principles and processes into the business management process
• Ensure that risks are understood and managed proactively within acceptable risk capacity, appetite and tolerance
Risk management and strategy
The GRICAF is directed by the Group’s strategic choices which frame the long-term direction for risk management infrastructure, key skills and risk management capabilities. The implications of the strategic choices, shown below, inform the strategic focus areas for risk and compliance management in the Group.
Strategic choices AsOne2020
Focus on building our foundation in Namibia, Zambia and Botswana to get to a position of market leadership.
Win in Namibia, Zambia and Botswana through operational excellence (lean, efficient, fast) and effective execution.
Compete in Namibia, Botswana and Zambia through strategic relationships and partnerships in insurtech, fintech, mobile and telco, and education.
In considering other African countries beyond 2020, target technological/ borderless/cyber opportunities above bricks and mortar entry. Evaluate opportunities, whether cyber or bricks and mortar, on a case-by-case basis.
Implications for ERM
ERM supports this choice by using financial analytics, scenario testing, merger and acquisition risk assessment and an intentional drive to mature our modelling and analytics capabilities towards prediction and prescription.
ERM supports this choice by fostering efficiencies and lean but safe control frameworks built into the business process, analytics and management information.
ERM supports these choices through risk assessment of new ventures, vigilance of cyber risk and measures to address it, and development of new skill sets while maintaining awareness of fast-changing business operations and the need to achieve scale quickly and easily.
ERM recognises that to support this choice, it is necessary to be cognisant of cyber risk, new regulations and legal requirements. Quick response to threats and sharp sensing mechanisms are required. The increased use of technology such as the GRC system will allow for better risk outcomes through scalable, enterprise-wide data gathering, analysis and insight.
              70