Copy of Risk Register -Template - Final v2

RISK CATEGORY CAUSE INDICATOR. .Solvency PeopleEnvironmental ProcessStrategic SystemsOperational ExternalInsurance People, ProcessMarket Process, SystemCredit People,Process, SystemLiquidity External, ProcessReputationStrategic/OperationalStrategic/Operational/Insurance/Solvency

CONTROL TYPE NAMES. .Preventative Adam SamieDetective Adéle JoubertCorrective Adrian Baggot

Allan GovindasamyAlta Schwartz

STRATEGIC OBJECTIVES Amelia Isaac. Andrew SegaleProfitability Anthony JantjesCustomer Service Anwa AdamsGrowth Asiya SwalehReputation Athini PhiriFinancial Reporting Avikar RamithSolvency Ayesha Abbas

Belinda KanyamaBetty MahlanguBev SangsterBheki KhumaloBianca McGrathBongi DlaminiBonginkosi NyaqelaBrenda GroenewaldBridget AlexanderBuks HugnesCarmen PasqualleCavell LandroCecilia DanielsChandra-Jay DunnChantal BallaCharlene FortuneClaudette GoliathColly Mata

Cornelis Van Der MeerCynthia MukiwaDaan JacobsDavina NaidooDeepika JanaganiDenny JansenDeseri WoodsDiana MarcusElaine OakesFerowza MoosaFieez AbbassFraser BrownFreddy LamolaFungai ChitapiGanesh JanaganiGeorge JenningsGerhardt MohlapholiGodfrey HlongwaneGodwin ManzekeGrace RapetsoaGuigan van StadenGuinevere VosHabiba CoovadiaHank SwartIlse KrugerIsabel Van HeerdenIsmail HassimJabulani ChoncoJames SiegristJanine JohnsonJaquelene BenceJoe BizjakJohan FourieJohan NelJohannes KekanaJohn AndersonJuanita Du PlessisJudith Van Der VyverKalasipa MoenyaneKebarileng GabaroneKenneth PooeKeshnee NaidooKevin AshtonKim HendersonLauren JeffreyLazaros SibandaLebohang MehalaneLerato Manthoko

Lesego PhetlheLivhuwani NekhavhambeLlewellyn TitusLwandile NtwanaLynnette FosterMahommed KaraManuel ChikwandaMarcel De JagerMargaret Maloma-IgnatovMarianne MinnaarMark JacobsMartin GroveMary-Ann BouwerMashudu MamathubaMaxine OosterwykMervyn SingMlungisi TsindwaneMondy ThoobeMorris MhishiMpho SesokoNaas MaraisNaren RamburanNeo BogatsuNisha PurbhooNivesh MaharajNondumiso SibekoNonhlanhla MkhaliphiNoor OsmanNtombizodwa ZwanePeaceful GandanzaraPershni VencatsamyPhila MsizazwePhindile MaphalalaPravina PatelPride ChorumaPriscilla MahlalelaPriyen MoodleyRachel MohamedRahab MongaloRegan DuarteRene Van BiljonReshma GopeeRethabile MahumaRichard GeorgeRidah SolomonRobert BocciaRobin AdamsRobin Van Der Plank

Robyn BrooksRomeo MakgathoRonnie KubekaSajiv IssureeSally RobertsonSamantha NairSamuel MaropelaSbusiso TshumaShadrack HokonyaShahida NchinyaneShakeelah MentoorShelton SiwedzaShikha BasdeoSilindile NdimandeSimbongile KolobeniSonja De WetStacey JohnsonStephen CampbellSteven IsaacsStorm CanhamSusan GravettTafadza ZiteyaTahlita van der WattTamara MoutsatsosTebello MoloiTebogo MogaswaTendayi SengayiThembi NtuliThirshni RamruthanTony KellyTrisha MatadinTrust SitholeVourneen JenningsWalter MadavhaWarren KochWillem MarneweckWonderboy NdawondeYulentin ReddyYvette ClarkZach ShaikZainab SiebritzZanele KaiseZanele KubekaZiyaad Franciscus

CAUSE INDICATORImpact

.Catastrophic 100Critical 70Serious 50Significant 30Minor 10

People,Process, System

NAMES NAMES2.Adam Samie•Adéle Joubert•Adrian Baggot•

Allan Govindasamy Allan Govindasamy•Alta Schwartz•Amelia Isaac•Andrew Segale•Anthony Jantjes•Anwa Adams•Asiya Swaleh•Athini Phiri•Avikar Ramith•Ayesha Abbas•Belinda Kanyama•Betty Mahlangu•Bev Sangster•Bheki Khumalo•Bianca McGrath•Bongi Dlamini•

Bonginkosi Nyaqela Bonginkosi Nyaqela•Brenda Groenewald Brenda Groenewald•

Bridget Alexander•Buks Hugnes•Carmen Pasqualle•Cavell Landro•Cecilia Daniels•Chandra-Jay Dunn•Chantal Balla•Charlene Fortune•Claudette Goliath•Colly Mata•

Cornelis Van Der Meer Cornelis Van Der Meer•Cynthia Mukiwa•Daan Jacobs•Davina Naidoo•Deepika Janagani•Denny Jansen•Deseri Woods•Diana Marcus•Elaine Oakes•Ferowza Moosa•Fieez Abbass•Fraser Brown•Freddy Lamola•Fungai Chitapi•Ganesh Janagani•George Jennings•

Gerhardt Mohlapholi Gerhardt Mohlapholi•Godfrey Hlongwane Godfrey Hlongwane•

Godwin Manzeke•Grace Rapetsoa•Guigan van Staden•Guinevere Vos•Habiba Coovadia•Hank Swart•Ilse Kruger•

Isabel Van Heerden Isabel Van Heerden•Ismail Hassim•Jabulani Chonco•James Siegrist•Janine Johnson•Jaquelene Bence•Joe Bizjak•Johan Fourie•Johan Nel•Johannes Kekana•John Anderson•Juanita Du Plessis•

Judith Van Der Vyver Judith Van Der Vyver•Kalasipa Moenyane Kalasipa Moenyane•Kebarileng Gabarone Kebarileng Gabarone•

Kenneth Pooe•Keshnee Naidoo•Kevin Ashton•Kim Henderson•Lauren Jeffrey•Lazaros Sibanda•

Lebohang Mehalane Lebohang Mehalane•Lerato Manthoko•

Lesego Phetlhe•Livhuwani Nekhavhambe Livhuwani Nekhavhambe•

Llewellyn Titus•Lwandile Ntwana•Lynnette Foster•Mahommed Kara•

Manuel Chikwanda Manuel Chikwanda•Marcel De Jager•

Margaret Maloma-Ignatov Margaret Maloma-Ignatov•Marianne Minnaar•Mark Jacobs•Martin Grove•Mary-Ann Bouwer•

Mashudu Mamathuba Mashudu Mamathuba•Maxine Oosterwyk•Mervyn Sing•

Mlungisi Tsindwane Mlungisi Tsindwane•Mondy Thoobe•Morris Mhishi•Mpho Sesoko•Naas Marais•Naren Ramburan•Neo Bogatsu•Nisha Purbhoo•Nivesh Maharaj•Nondumiso Sibeko•

Nonhlanhla Mkhaliphi Nonhlanhla Mkhaliphi•Noor Osman•

Ntombizodwa Zwane Ntombizodwa Zwane•Peaceful Gandanzara Peaceful Gandanzara•Pershni Vencatsamy Pershni Vencatsamy•

Phila Msizazwe•Phindile Maphalala Phindile Maphalala•

Pravina Patel•Pride Choruma•Priscilla Mahlalela•Priyen Moodley•Rachel Mohamed•Rahab Mongalo•Regan Duarte•Rene Van Biljon•Reshma Gopee•

Rethabile Mahuma Rethabile Mahuma•Richard George•Ridah Solomon•Robert Boccia•Robin Adams•

Robin Van Der Plank Robin Van Der Plank•

Robyn Brooks•Romeo Makgatho•Ronnie Kubeka•Sajiv Issuree•Sally Robertson•Samantha Nair•Samuel Maropela•Sbusiso Tshuma•Shadrack Hokonya•

Shahida Nchinyane Shahida Nchinyane•Shakeelah Mentoor Shakeelah Mentoor•

Shelton Siwedza•Shikha Basdeo•Silindile Ndimande•

Simbongile Kolobeni Simbongile Kolobeni•Sonja De Wet•Stacey Johnson•Stephen Campbell•Steven Isaacs•Storm Canham•Susan Gravett•Tafadza Ziteya•

Tahlita van der Watt Tahlita van der Watt•Tamara Moutsatsos Tamara Moutsatsos•

Tebello Moloi•Tebogo Mogaswa•Tendayi Sengayi•Thembi Ntuli•

Thirshni Ramruthan Thirshni Ramruthan•Tony Kelly•Trisha Matadin•Trust Sithole•Vourneen Jennings•Walter Madavha•Warren Koch•

Willem Marneweck Willem Marneweck•Wonderboy Ndawonde Wonderboy Ndawonde•

Yulentin Reddy•Yvette Clark•Zach Shaik•Zainab Siebritz•Zanele Kaise•Zanele Kubeka•Ziyaad Franciscus•Sales•Underwriting•Human Resources•

Likehood Control Effectiveness. .Almost Certain 90% Very GoodLikely 65% GoodPossible 40% SatisfactoryUnlikely 20% WeakRare 10% Unsatisfactory

Control Effectiveness

0.90.8

0.650.40.2

Division Business Unit name

Funtion Division within Business Unit

Reference Function within the Division

Risk Category Select Risk Category from the drop down list

Risk Event / Description

Provide a clear description of the risk or event with regards to the following:• What is happening / What happened• Who is it happening to / Who has it happened to• Why is it happening / Why has it happened• When is it happening / When did it happen• Where is it happening / Where did it happen• How is it happening / How did it happen

• Provide the context/background under which the risk is happening/happened

Cause Indicator For risks with an operational element, select the appropriate cause indicator from the list

Risk owner Select the owners of the risk from the list, which allows for a maximum of five risk ownersIf the person or grouping does not appear on the list, kindly contact GRC

Inherent Risk

Select impact and Likelihood based on the tables below

ImpactImpact ranking

Catastrophic

Risk Context/Root Causes

• Detail the causes that are contributing or have contributed to the risk, specifically in relation to: ○ People ○ Process/Procedures/Practices/Policies/Business Rules ○ Systems ○ External parties ○ Strategic / Planning considerations

Risk Impact / Consequences

Describe (with specific details) what situations have been or maybe created by the risk in relation to:• Objectives / Goals - both for the Business Unit and the company• People• Process/Procedures/Practices/Policies/Business Rules• Systems• External parties• Strategic / Planning considerations

Inherent Risk

Catastrophic

Critical

Serious

Significant

Likelihood

Likelihood factor

Almost Certain

Likely

Possible

Unlikely

Controls

NB!Key Control Name and Description

How does the Control reduce the Inherent Risk

A control is any measure or action that modifies risk. Controls include any policy, procedure, practice, process, technology, technique, method, or device that manage/reduce the likelihood and/or impactof a risk. Risk treatments become controls, or modify existing controls, once they have been implemented.

A risk can be controlled through a number of controls (the worksheet allows for a maximum of ten), therefore, do not enter more than one control for the space allocated for a single control.

Provide the description of the control used, in terms of:• The control name• Whether the control is a policy, procedure, process, technique, person, grouping, ect.• How the control functions• When / How often the control functions

Controls

Provide a brief description of whether the control manages/reduces the likehood and/or the impact of the risk

Control TypePlease select the type of control from the list

Control Owner(s)

Assurance DateEnter the date of when assurance of the functioning of the control was provided to GRC

Control EffectivenessSelect the control effectiveness factor from the list which is based on the the table below

Effectiveness factor

Very Good

Satisfactory

Unsatisfactory

Control Comments

Should there be in issue that affects the contol, enter the comment along with the date the comment was made.

Residual Risk The residual risk will be calculated automatically when the control effectiveness is updated

There are ten actions allocated per risk and should there be more space required, contact GRC

Action Description

A control could either be:• Corrective - designed to limit the scope for loss and reduce any undesirable outcomes that have already materialised• Detective - designed to identify that a risk has materialised, so that actions can be taken to avoid further or greater losses• Preventative - designed to eliminate the possibility of a risk materialising

Select the people responsible for the control from the list (there is a maximum of five people per control - should there be more people or people/groups not on the list please contact GRC)

Risk Response - Action Plans

Provide a description of the actions to be taken in order to manage/reduce the risk, including the detail of how the action will manage/reduce the impact or likekihood of the risk

Actioning Person(s)

Target DateEnter the target date for when the action is expected to be completed.

Action Plan StatusUpdate DateDate of when the action plan status is/was providedStatus UpdateProgress of the action plan since the last update

Action Plan Comments

Enter any comments related to the action outside of the status update along with the date of the action

Risk Response - Action Plans

Select the persons who are responsible for the actions. There is space for five people per action (should there be more than five people responsible for an action, contact GRC)

Links ToStrategic Objectives

Management Comments

GRC Comments

Provide a clear description of the risk or event with regards to the following:

• Provide the context/background under which the risk is happening/happened

For risks with an operational element, select the appropriate cause indicator from the list

Select the owners of the risk from the list, which allows for a maximum of five risk ownersIf the person or grouping does not appear on the list, kindly contact GRC

Continuity of Supply Safety & EnvironmentalMajor environmental damage

Detail the causes that are contributing or have contributed to the risk, specifically in relation to:

Process/Procedures/Practices/Policies/Business Rules

Describe (with specific details) what situations have been or maybe created by the risk in relation to:Objectives / Goals - both for the Business Unit and the company

Process/Procedures/Practices/Policies/Business Rules

Risk event will result in widespread and lengthy reduction in continuity of supply to customers of greater than 48 hours

Serious injury (permanent disability) or death of personnel or members of the public

Major negative media coverage

Significant environmental damage

Significant negative media coverage

Negative media coverage

Limited negative media coverage

Likelihood

Qualification criteria

Could occur quite often

Small likelihood but could happen

Risk event will result in widespread and lengthy reduction in continuity of supply to customers of greater than 48 hours

Reduction in supply or disruption for a period ranging between 24 & 48 hours over a significant area

Significant injury of personnel or public

Reduction in supply or disruption for a period between 8 & 24 hours over a regional area

Lower level environmental, safety or health impacts

Brief local inconvenience (work around possible)

Little environmental, safety or health impacts

Loss of an asset with minor impact on operationsNo impact on business or core systems

No environmental, safety or health impacts and/or negative media coverage

The risk is almost certain to occur in the current circumstances

More than an even chance of occurring

Not expected to happen - Event would be a surprise

A control is any measure or action that modifies risk. Controls include any policy, procedure, practice, process, technology, technique, method, or device that manage/reduce the likelihood and/or impactof a risk. Risk treatments become controls, or modify existing controls, once they have

A risk can be controlled through a number of controls (the worksheet allows for a maximum of ten), therefore, do not enter more than one control for the space allocated for a single control.

Provide the description of the control used, in terms of:

Whether the control is a policy, procedure, process, technique, person, grouping, ect.How the control functionsWhen / How often the control functions

Provide a brief description of whether the control manages/reduces the likehood and/or the impact of the risk

Please select the type of control from the list

Enter the date of when assurance of the functioning of the control was provided to GRC

Select the control effectiveness factor from the list which is based on the the table below

Qualification criteria

There is room for some improvement

Control measures are ineffective

Should there be in issue that affects the contol, enter the comment along with the date the comment was made.

The residual risk will be calculated automatically when the control effectiveness is updated

There are ten actions allocated per risk and should there be more space required, contact GRC

Corrective - designed to limit the scope for loss and reduce any undesirable outcomes that have already materialisedDetective - designed to identify that a risk has materialised, so that actions can be taken to avoid further or greater lossesPreventative - designed to eliminate the possibility of a risk materialising

Select the people responsible for the control from the list (there is a maximum of five people per control - should there be more people or people/groups not on the list please contact GRC)

Risk exposure is effectively controlled and managed

Majority of risk exposure is effectively controlled and managed

Some of the risk exposure appears to be controlled, but there are major deficiencies

Enter the target date for when the action is expected to be completed.

Date of when the action plan status is/was provided

Progress of the action plan since the last update

Enter any comments related to the action outside of the status update along with the date of the action

Select the persons who are responsible for the actions. There is space for five people per action (should there be more than five people responsible for an action, contact GRC)

Technical Complexity Financial

Use of unproven technology for critical system / project components

Significant cost overruns of >20% over budget.

High level of technical interdependencies between system / project components

Affect on revenue / asset base of >10%.

Insignificant financial loss

Likelihood

High level of technical interdependencies between system / project components

Affect on revenue / asset base of >10%.

Use of new technology not previously utilised by the Department for critical systems / project components

Major cost overruns of between 10 % & 20 % over budget

Affect on revenue / asset base of between 5% & 10%

Use of unproven or emerging technology for critical systems / project components

Moderate impact on revenue and assets base

Use of unproven or emerging technology for systems / project components

Minor impact on revenue and assets base

Use of unproven or emerging technology for non-critical systems / project components

Corrective - designed to limit the scope for loss and reduce any undesirable outcomes that have already materialisedDetective - designed to identify that a risk has materialised, so that actions can be taken to avoid further or greater losses

Select the people responsible for the control from the list (there is a maximum of five people per control - should there be more people or

Business UnitDivision Key Risk IndicatorFuntion

Risk Category .

Cause Indicator People

Risk owner Llewellyn Titus• Adam Samie•

Inherent Risk Impact LikelihoodHigh

Critical Likely

ControlsControl Type Control Owner(s) Assurance Date

Control Comments

Date Comment

Corrective

Isabel Van Heerden•

Lack of input and buy in from Business Units during Project Initiation Phase of the migration Project.The migration project was not given the status it deseved as a priority 1 project within business units and this had an impact during the planning phase wherein some aspects of migration were missing from certain business units.

Not all affected business units were represented during workshops and meetings held and in cases where representative were present, they were not participative in discussions and decision making.There were no official sign off approval on the first Migration Approach that was intially to be taken.

An incomplete migration plan as a result of the gaps in the migration appraoch.The project will not be delivedred within the set timelines.

Key ControlName and Description

This project has a Project Onwer who is responsible to manage the daily operations of the migration project.In instances where the project owner is unable to resolve issues/risk escalated, the project owner will in turn escalate this to the project sponsor for intervention.

All Risks and Issues indentified during the Migration project are escalated to the Project owner and/or project Sponsor for resolution

Residual RiskPriority 1

Action Plan Status

Risk Response - Action PlansAction Description Actioning Person(s) Target Date Update Date Status Update

Action Plan CommentsDate Comment

Links ToStrategic Objectives Customer Service .

Profitability .. .. .

Management Comments Date Comment

GRC Comments Date Comment

Business UnitDivisionFuntion

Risk Category .

Risk owner Lebohang Mehalane• Mashudu Mamathuba•

Learners lack of Insurnace knowledge. Migration learners lack insurnace knowledge and are unable to distinguish the different types of products and Risk cover.This is a huge risk to the project because once the migration process begins it will impact on the qualitiy of data moved over to V2.The learners have begun with Insurance training every Monday for the next year but will not have all the knowledge required by the time Migration begins.

The Learners employed for the Migration Project are Fresh out of school not having a terciary Education and working experience.This impacts the project due to LoA providing a basic PC skills training and office training .

Due to the lack of Insurance knowledge a training program for a NQF level certification in Insurance Basic were put into place.Interanlly system training and underwriting training was conducted in order to have the learners ready for Migration Policies into the Leo V2 system.

Inherent Risk Impact LikelihoodInsignificant

Significant Possible

ControlsKey Control

Name and DescriptionHow does the Control reduce the

Inherent Risk

Head of Training and Development Lebohang Mehalane got an external vender to provide The learners with Insurance basic training.

The Learners will have a basic knowledge of Insurance and will be able to indentify and understand why Certain Risk cover and underwriting process is in Place.

Ridah Solomon provided the learners with system training and SME of underwriting conducted underwriting 101 Training.

This control in place provides the Learners with the Basic training the learners would require to be able to migrate the Polices from the V1 system to the V2 system.

Risk Response - Action PlansAction Description Actioning Person(s)

Links ToStrategic Objectives . .

Key Risk Indicator

Control Type Control Owner(s) Assurance DateControl Comments

Date Comment

Corrective

Lebohang Mehalane•

Preventative

Ridah Solomon•

GoodMahommed Kara•Tendayi Sengayi•

The Learners will have a basic knowledge of Insurance and will be able to indentify and understand why Certain Risk cover and underwriting process is in Place.

This control in place provides the Learners with the Basic training the learners would require to be able to migrate the Polices from the V1 system to

Action Plan Status

Actioning Person(s) Target Date Update Date Status UpdateAction Plan Comments

Date Comment

Control Comments

Comment

Action Plan CommentsComment

Risk Category .

Risk Context/Root Causes As a result of the Migration Plan being changed were quality is no longer a priority.

Cause Indicator Process

Risk owner Adam Samie• Llewellyn Titus•

Quality of v2 policy migration. As a result of the new migration plan the focus on data quality for the migration has been reviewed.Priority on migration is to focus on V1 to V2 data migration as is.

No addtional QA SME will be required from business to assist with the project.The Learners will be doing a self quality check on the policies they have migrated to V2.

The Data quality will no longer have that subject expert matter view or eyes to inspect for the important covers Risk covers are correct ,Premuim ,sasria ,Ri

Inherent Risk Impact LikelihoodHigh

Catastrophic Possible

ControlsKey Control

Inherent Risk

As part of the migration plan the learners will be divided into two groups One group allocated to the migration of the policies and the second group will be conducting the QA of the policies. Daily discrepancy reports will be developed and used to track the data accuracy.(Match v1 to v2)

Allowing there to still have a quality check even thou the data will not be checked by subject matter experts

Key Risk Indicator

Date Comment

Preventative

Adam Samie•

SatisfactoryLlewellyn Titus•

Allowing there to still have a quality check even thou the data will not be checked by subject

Action Plan Status

Date Comment

Control Comments

Comment

Risk Category .

Risk Context/Root Causes Data captured on V1 was not entered correctly

Cause Indicator Process, System

Risk owner Adam Samie• Llewellyn Titus•

V1 Data Accuracy for migration to be QA'd before migration . The SME's have identified that the Sirius V1 system holds policies that have poor qulaity standards. As a proposed proactiveness we will require pre-checks for the Learners to have accurate schedules upgraded

As a result this affect the migration as a copy of information from one system to another is not advisable.If the information is mirrored from V1 to v2 the data would be incorrect.

Inherent Risk Impact LikelihoodLow

Significant Likely

ControlsKey Control

Inherent Risk

As a proposed proactiveness we will require pre-checks for the Learners to have accurate schedules upgraded

The data from the broker schedules have the correct details and by using this the accuracy of data will be eliminated

Key Risk Indicator

Date Comment

Preventative

Adam Samie•

Very Good

The data from the broker schedules have the correct details and by using this the accuracy of data will be eliminated

Action Plan Status

Date Comment

Control Comments

Comment

Risk Category .

Risk Context/Root Causes Brokers forwarding the documentation late.

Risk Impact / Consequences The data stays the same on system without being amended at renewal because no documentation is received.

Cause Indicator External

Risk owner Ilse Kruger•

Lateness of Broker Schedules. Lateness of Broker Schedules and Renewal documentation sent to LoA is a huge risk to LoA because it impacts the data quality we have in our current and future systems and could have a financial impact on the business

Inherent Risk Impact LikelihoodModerate

Serious Likely

ControlsKey Control

Inherent Risk

Ilse Kruger to Draft a letters to notify all brokers requesting the latest updated broker schedules according to the LoA terms.

Otaining the broker schedules on time will not affect the project as we are doing a copy of v1 into v2.

Closed risk:At renewal the broker schedules will be required and this will be outside of the project.

By informationing/requesting documentation from broker before hand will allow a lag before we actually require the documents

Residual Risk#VALUE!

Key Risk Indicator

Date Comment

By informationing/requesting documentation from broker before hand will allow a lag before we actually require the documents

Action Plan Status

Date Comment

Control Comments

Comment

Risk Category .

Risk Context/Root Causes A gap in the Underwriting process

Risk Impact / Consequences Lion Of Africa financials and reporting (operational). Migration Project Impact - rework to update provisional policy.

Cause Indicator People, Process

Risk owner Adam Samie• Ilse Kruger•

Provisional Policies and reversal. Provisional Policies loaded and reversals made on the policies that are not renewed by brokers. As a result the business does not recognise reversals made on the Live Provisional policies causing Credit Control Issues.

Inherent Risk Impact LikelihoodExtreme

Catastrophic Likely

ControlsKey Control

Inherent Risk

Process of renewals must be amended so that the policies are captured correctly in V2 without any reversals. Therefore if there are no renewal policies no migration on V1 should take place. 2014/05/14: A chnage in process that Provisional Policies shall be loaded on the V2 system to above loss of Revenue] A notification to brokers and responsible Representatives to be sent from the desk of Llewellyn Titus for confirmation of provisional policies loaded

Key Risk Indicator

Date Comment

Corrective

Adam Samie•

Action Plan Status

Date Comment

Control Comments

Comment

Business Unit FinanceDivision Credit ControlFunction Collections

Risk Category .

Cause Indicator Systems

Risk owner Adam Samie•

Sirius Product development.As a result of the new migration deadline 30 June 2014 it has been identified that all products on V1 that have not yet been deveolped will need to be developed on V2 before end of May. Development is completed for all required products on V1.

v1 has been decommissioned end of June 2014 therefore any products not existing on v2 will need a manual work around

Defining the Product and the requirement took a long period of time and thereafter only development abd this sistuation of developing the products took place one at a time start of next product only commenced once previous product went live.

As a result if the Products do not exist in V2 this would affect the Projects Timelines pushing out until such time the products exist and there is a deadline of underwriting Migration at 30th June 2014

Serious Likely

ControlsKey Control

Inherent Risk

Requirements gathering and development on outstanding products to be completed by the end of 30 May allowing a gap to complete the migration of new Products that will be available.

Allowing all migration of policies to be completed and having one system will all products.

Key Risk Indicator

Date Comment

Preventative

Adam Samie•

Very Good

Allowing all migration of policies to be completed and having one system will all products.

Action Plan Status

Date Comment

Control Comments

Comment

Risk Category .

Cause Indicator .

Risk owner

Credit Control process delays. A credit Control resource contraint has been identified in the Credit Control Department.This was indentified in the Kick of the Migration project.This has a impact on the project due to credit control not been able to clear all outstanding credit control issues on policies on v2 in Quote status.We currently have a backlog of Policies sitting in Quote status waiting to be resolved

Inherent Risk Impact Likelihood. .

ControlsKey Control

Inherent Risk

Residual Risk

Key Risk Indicator

Date Comment

Action Plan Status

Date Comment

Control Comments

Comment

Risk Category .

Cause Indicator .

Risk owner

ControlsKey Control

Inherent Risk

Residual Risk

Key Risk Indicator

Date Comment

Action Plan Status

Date Comment

Control Comments

Comment

Risk Category .

Risk Event / Description Resignation of PMO Manager

Risk Impact / Consequences Knwoldege lost .the remaining team having to deal with stakeholders and managing projects without a managers guidance.

Risk owner Robert Boccia•

Inherent Risk Impact LikelihoodExtreme

Critical Almost Certain

Controls

Onboarding of a new PMO Manager

The team will now have a skilled and knowledable Manager to guid and assist with projects and with stakeholders.

Key Risk Indicator

Date Comment

Corrective

Lebohang Mehalane•

20150102

The team will now have a skilled and knowledable Manager to guid and assist with projects and with

Action Plan Status

Date Comment

Control Comments

Comment

Risk Category .

Risk Event / Description Lack of Project Management Importantance in the Organisation

Cause Indicator People, Process

Risk owner Adam Samie• Mashudu Mamathuba• Mpho Sesoko•

Business not having a full understanding of Project Management and the importance it has on the organisation.Business not taking project goverance seriously.

Incomplete project documentation.Lack of ownership on projects.Project sponsors not having a clear understanding of the project due to project owners not owning the projects.

Serious Likely

Controls

GRC inforcing Process and Procedure throughout business.

If processes are put in place then staff will have to adhere to them allowing project goverance to be followed.

Residual Risk#VALUE!

Key Risk Indicator

Date Comment

Corrective

Mpho Sesoko•

If processes are put in place then staff will have to adhere to them allowing project goverance to be

Action Plan Status

Date Comment

Control Comments

Comment

Risk Category .

Cause Indicator .

Risk owner

ControlsKey Control

Inherent Risk

Residual Risk

Key Risk Indicator

Date Comment

Action Plan Status

Date Comment

Control Comments

Comment

Risk Category .

Cause Indicator .

Risk owner

ControlsKey Control

Inherent Risk

Residual Risk

Key Risk Indicator

Date Comment

Action Plan Status

Date Comment

Control Comments

Comment

Risk Category .

Cause Indicator .

Risk owner

ControlsKey Control

Inherent Risk

Residual Risk

Key Risk Indicator

Date Comment

Action Plan Status

Date Comment

Control Comments

Comment

Risk Category .

Cause Indicator .

Risk owner

ControlsKey Control

Inherent Risk

Residual Risk

Key Risk Indicator

Date Comment

Action Plan Status

Date Comment

Control Comments

Comment

Risk Category .

Cause Indicator .

Risk owner

ControlsKey Control

Inherent Risk

Residual Risk

Key Risk Indicator

Date Comment

Action Plan Status

Date Comment

Control Comments

Comment

Risk Category .

Cause Indicator .

Risk owner

ControlsKey Control

Inherent Risk

Residual Risk

Key Risk Indicator

Date Comment

Action Plan Status

Date Comment

Control Comments

Comment

Risk Category .

Cause Indicator .

Risk owner

ControlsKey Control

Inherent Risk

Residual Risk

Key Risk Indicator

Date Comment

Action Plan Status

Date Comment

Control Comments

Comment

Risk Category .

Cause Indicator .

Risk owner

ControlsKey Control

Inherent Risk

Residual Risk

Key Risk Indicator

Date Comment

Action Plan Status

Date Comment

Control Comments

Comment

Risk Category .

Cause Indicator .

Risk owner

ControlsKey Control

Inherent Risk

Residual Risk

Key Risk Indicator

Date Comment

Action Plan Status

Date Comment

Control Comments

Comment

Risk Category .

Cause Indicator .

Risk owner

ControlsKey Control

Inherent Risk

Residual Risk

Key Risk Indicator

Date Comment

Action Plan Status

Date Comment

Control Comments

Comment

Risk Category .

Cause Indicator .

Risk owner

ControlsKey Control

Inherent Risk

Residual Risk

Key Risk Indicator

Date Comment

Action Plan Status

Date Comment

Control Comments

Comment

Risk Category .

Cause Indicator .

Risk owner

ControlsKey Control

Inherent Risk

Residual Risk

Key Risk Indicator

Date Comment

Action Plan Status

Date Comment

Control Comments

Comment

Risk Category .

Cause Indicator .

Risk owner

ControlsKey Control

Inherent Risk

Residual Risk

Key Risk Indicator

Date Comment

Action Plan Status

Date Comment

Control Comments

Comment

Risk Category .

Cause Indicator .

Risk owner

ControlsKey Control

Inherent Risk

Residual Risk

Key Risk Indicator

Date Comment

Action Plan Status

Date Comment

Control Comments

Comment

Risk Name/ Event / Description Risk Context / Root Causes Risk Impact / Consequences Risk Owner Impact Likelihood Inherent Risk Control Control Type Control Owner Action Plans Actioning Person Target Date

. People Critical Likely High

Corrective Isabel Van Heerden• Weak

Priority 1

. People Significant Possible Insignificant

Corrective Lebohang Mehalane• Good

Priority 5

Ridah Solomon provided the learners with system traPreventative Ridah Solomon• Good . . . . . . . . . . . . . . . .

. Process Catastrophic Possible High

Preventative Adam Samie• Satisfactory

Priority 3

. . . . . . . . . . . . . . . . . .

. Data captured on V1 was not entered correctly Process, System Significant Likely Low

Preventative Adam Samie• Very Good

Priority 5

. . . . . . . . . . . . . . . . . .

. Brokers forwarding the documentation late. External Ilse Kruger• Serious Likely Moderate

#VALUE!

. . . . . . . . . . . . . . . . . .

. A gap in the Underwriting process People, Process Adam Samie• Ilse Kruger• Catastrophic Likely Extreme

Corrective Adam Samie• Good

Priority 3

. . . . . . . . . . . . . . . . . .

. Systems Adam Samie• Serious Likely Moderate

Preventative Adam Samie• Very Good

Priority 5

. . . . . . . . . . . . . . . . . .

. . . .

Framework Indicator

Cause Indicator

Residual Rating

Lack of input and buy in from Business Units during Project Initiation Phase of the migration Project.The migration project was not given the status it

deseved as a priority 1 project within business units and this had an impact during the planning phase wherein some aspects of migration were missing

from certain business units.

Not all affected business units were represented during workshops and meetings held and in cases

where representative were present, they were not participative in discussions and decision making.

There were no official sign off approval on the first Migration Approach that was intially to be taken.

An incomplete migration plan as a result of the gaps in the migration appraoch.

The project will not be delivedred within the set timelines.

Llewellyn Titus• Adam Samie•

This project has a Project Onwer who is responsible to manage the daily operations of the migration project.In instances where the project owner is unable to resolve issues/risk escalated, the project owner will in turn escalate this to the project sponsor for intervention.

Learners lack of Insurnace knowledge.

Migration learners lack insurnace knowledge and are unable to distinguish

the different types of products and Risk cover.This is a huge risk to the project because once the

migration process begins it will impact on the qualitiy of data moved over to V2.The learners have begun with Insurance training every Monday for the

next year but will not have all the knowledge required by the time Migration begins.

The Learners employed for the Migration Project are Fresh out of school not having a terciary

Education and working experience.This impacts the project due to LoA providing a basic PC skills

training and office training .

Due to the lack of Insurance knowledge a training program for a NQF level certification in Insurance

Basic were put into place.Interanlly system training and underwriting training was conducted in order to have the learners ready for Migration Policies into

the Leo V2 system.

Lebohang Mehalane• Mashudu Mamathuba•

Head of Training and Development Lebohang Mehalane got an external vender to provide The learners with Insurance basic training.

Quality of v2 policy migration.

As a result of the new migration plan the focus on data quality for the migration has been reviewed.Priority on migration

is to focus on V1 to V2 data migration as is.

No addtional QA SME will be required from business to assist with the project.The Learners will

be doing a self quality check on the policies they have migrated to V2.

As a result of the Migration Plan being changed were quality is no longer a priority.

The Data quality will no longer have that subject expert matter view or eyes to inspect for the

important covers Risk covers are correct ,Premuim ,sasria ,Ri

Adam Samie• Llewellyn Titus•

As part of the migration plan the learners will be divided into two groups One group allocated to the migration of the policies and the second group will be conducting the QA of the policies. Daily discrepancy reports will be developed and used to track the data accuracy.(Match v1 to v2)

V1 Data Accuracy for migration to be QA'd before migration .

The SME's have identified that the Sirius V1 system holds policies that have poor qulaity standards. As a proposed proactiveness we will require pre-checks for the

Learners to have accurate schedules upgraded

As a result this affect the migration as a copy of information from one system to another is not

advisable.If the information is mirrored from V1 to v2 the data would be incorrect.

Adam Samie• Llewellyn Titus•

As a proposed proactiveness we will require pre-checks for the Learners to have accurate schedules upgraded

Lateness of Broker Schedules.

Lateness of Broker Schedules and Renewal documentation sent to LoA

is a huge risk to LoA because it impacts the data quality we have in our current and future systems and could have a financial impact on the business

The data stays the same on system without being amended at renewal because no documentation is

received.

Ilse Kruger to Draft a letters to notify all brokers requesting the latest updated broker schedules according to the LoA terms.

Otaining the broker schedules on time will not affect the project as we are doing a copy of v1 into v2.

Closed risk:At renewal the broker schedules will be required and this will be outside of the project.

Provisional Policies and reversal.

Provisional Policies loaded and reversals made on the policies that are not renewed by brokers. As a result the business

does not recognise reversals made on the Live Provisional policies causing Credit Control Issues.

Lion Of Africa financials and reporting (operational). Migration Project Impact - rework to update

provisional policy.

Process of renewals must be amended so that the policies are captured correctly in V2 without any reversals. Therefore if there are no renewal policies no migration on V1 should take place. 2014/05/14: A chnage in process that Provisional Policies shall be loaded on the V2 system to above loss of Revenue] A notification to brokers and responsible Representatives to be sent from the desk of Llewellyn Titus for confirmation of provisional policies loaded

Sirius Product development.As a result of the new migration deadline 30 June 2014 it has been

identified that all products on V1 that have not yet been deveolped will need to be developed on V2

before end of May. Development is completed for all required products on V1.

v1 has been decommissioned end of June 2014 therefore any products not existing on v2 will need

a manual work around

Defining the Product and the requirement took a long period of time and thereafter only

development abd this sistuation of developing the products took place one at a time start of next

product only commenced once previous product went live.

As a result if the Products do not exist in V2 this would affect the Projects Timelines pushing out until such time the products exist and there is a deadline of underwriting Migration at 30th June

Requirements gathering and development on outstanding products to be completed by the end of 30 May allowing a gap to complete the migration of new Products that will be available.

Credit Control process delays.

A credit Control resource contraint has been identified in the Credit Control Department.This was indentified in the Kick

of the Migration project.This has a impact on the project due to credit control not been able to clear all outstanding credit control issues on policies on v2 in Quote status.We currently have a backlog of

Policies sitting in Quote status waiting to be resolved

. . . .. . . . . . . . . . . .

. Resignation of PMO Manager People Robert Boccia• Critical Almost Certain Extreme

Onboarding of a new PMO Manager Corrective Lebohang Mehalane• Good

Priority 3

. . . . . . . . . . . . . . . . . .

. People, Process Serious Likely Moderate

Corrective Mpho Sesoko• .

#VALUE!

. . . .

Knwoldege lost .the remaining team having to deal with stakeholders and managing projects without a

managers guidance.

Lack of Project Management Importantance in the Organisation

Business not having a full understanding of Project Management and the importance it has on the

organisation.Business not taking project goverance seriously.

Incomplete project documentation.Lack of ownership on projects.Project sponsors not having a clear understanding of the project due to project

owners not owning the projects.

Adam Samie• Mashudu Mamathuba• Mpho Sesoko•

GRC inforcing Process and Procedure throughout business.

. . . .

INHERENT RISKLIKELIHOOD

Rare Unlikely Possible Likely Almost CertainIM

Catastrophic

Critical

Serious

Significant

CONTROL EFFECTIVENESS RESIDUAL RISK

Very Good

Priority 1

1 ###7

Priority 2

###6 10

Satifactory

Priority 3

3 ###6 10

Priority 4

Unsatisfactory Priority 5

2 4 ###7

Copy of Risk Register -Template - Final v2

Documents

Process guide template-20161310-(V2)

Draft MCC Action Plan Template v2€¦ · Web viewTitle Draft MCC Action Plan Template v2 Subject Action Plan Template Author dmilne Keywords Policy, Action Plan, Template Last modified

Srs Template v2

Corporate V2 Powerpoint Template (May update)

CRF Design Template v2

PPT US presentation template V2-0

Research template week 1 v2

Process guide template-20161013-(V2)

Template Word V2

SWMS Template Register - JS Easy

Edam Meeting Template v2

Web-Template-Favs 2009 V2

Crirsco Template v2

175820621 MHA Specifications Template v2

Jeopardy template v2 2

Pres Template, V2

Template Skripsi Agribisnis v2 2014

Template Trabalhos Oficina IV (V2)

2010 template v2 - GS-TD1 - Revised

Savior skin template v2