The most important question in any business is how to strike a balance between risk and reward. This is an extremely delicate balance because the higher the risk, the higher the return/reward. Over the years, the Fund has been able to answer that question appropriately, as exhibited by its stellar performance every year.
At the Fund, we believe that risks need to be managed in a holistic manner, because besides being present in every activity we undertake, risks are interlinked. For instance, system failure results in delay in service delivery, which results in customer dissatisfaction, and eventually creates a reputation risk.
Risk management is, therefore, an integral part of our business activities, and not a separate process. We dedicate our resources and efforts to undertake comprehensive risk identification, assessment and control, so as to create value for our members and make their lives better.
How we create value through risk management
The risk appetite statement guides every key decision we make, such as investment, operational, financial, and technology decisions. It is, therefore, no surprise that our asset allocation is skewed towards fixed income, which is considered low risk.
Our risk appetite,
a guide to our
decision-making
Numerous opportunities and risks exist in the environment, but as a Fund we determine which kind of risks and opportunities, and the extent thereof, we should take on to attain our strategic objectives.
This is guided by our risk appetite statement; which states that, “The Fund exercises prudence in pursuit of opportunities and does not accept any risks that can significantly erode member value and/or damage its reputation”.
This statement is communicated to all our stakeholders through our website and displayed in all our offices. The purpose of communicating it is to provide assurance to our stakeholders that we are committed to creating and preserving value for our members, and not eroding it.
Our risk governance structure
Board and Committees
The Board of trustees is mandated to ensure good corporate governance and effective risk management in the Fund. To exercise this mandate effectively, the Board established various committees that handle different matters. But the Committee that is specifically mandated to handle Enterprise Risk Management (ERM) matters is the Audit and Risk Assurance Committee.
Executive management
The Board delegates the day-to-day management of risk and opportunities to Executive management. The Board receives quarterly reports on the status of existing, as well as emerging risks and opportunities. At the Executive management level, the Head of Risk is responsible for developing risk management frameworks, as well as coordinating risk management activities and promoting a risk-aware culture, through regular training and sensitisation.
Lines of defence
We are cognizant of the fact that, although all functions work towards achieving the same strategic objectives, operationally, there are conflicting objectives, and therefore, a need for segregation of duties. We embrace the concept of distinct lines of defence, which are complementary to each other.
External auditors provide an additional line of defence. Their role is to provide reasonable independent assurance on the integrity of financial statements, as well as the effectiveness of internal controls in mitigating risks.
Combined assurance
It is important to note that segregation of duties (lines of defence) does not mean isolation or silos; the three lines of defence play a complementary role to each other. Enterprise Risk Management, Legal and Internal Audit, work collaboratively to provide combined assurance on risk, compliance and internal controls. Combined assurance ensures that there is comprehensiveness in terms of coverage, and avoidance of duplication.
How we manage risk
Risk Management Process
Our enterprise risk management is aligned to the ISO 31000, Risk Management – Guidelines, that provides a framework and process for managing risk. Risk management is an integral part of management, embedded in the culture and practices of the Fund, and tailored to the business processes.
Risk Assessment
Risk Heat Map
Risk Trend Analysis
The risk trend analysis is based on our judgement, informed mainly by qualitative factors observed over the period.
The top ten risks and opportunity in 2020/2021 and future outlook
| Low Risk | Medium Risk | High Risk | Increasing Risk | Reducing Risk | Stable Risk |
|---|---|---|---|---|---|
| Risk 1 | Risk Driver | Organisational capital affected | Opportunity | Risk Response | Trend | Outlook |
|---|---|---|---|---|---|---|
|
Covid-19 Although the business attained all its strategic performance objectives, as at 30/06/2021, the risk of Covid-19 infection remains the greatest threat to staff and other stakeholders |
It is an opportunity for the Fund to demonstrate its relevance to its stakeholders to make their lives better. | We anticipate that Covid-19 will continue to pose a threat to busineses as well as the economy in general, in the short, medium and longer term. |
| Risk 2 | Risk Driver | Organisational capital affected | Opportunity | Risk Mitigation | Trend | Outlook |
|---|---|---|---|---|---|---|
|
Cyber-attack Increasing cases of cyber-attack globally and locally |
The Pension Administration System(PAS), which is going to be rolled out in the financial year, 2021/2022, is expected to greatly enhance the Fund’s security infrastructure | The PAS is expected to have a robust security infrastructure, which is expected to significantly reduce any existing vulnerabilities in the systems |
| Risk 3 | Risk Driver | Organisational capital affected | Opportunity | Risk Mitigation | Trend | Outlook |
|---|---|---|---|---|---|---|
|
Pension Admin System (PAS). The Fund expects to roll out a new system, the PAS, in the first half of 2021-2022 for its core processes. If this project is not successful, the Fund’s business and reputation could be significantly affected. |
The PAS is expected to tremendously enhance the Fund’s technology capability in terms of service delivery | We have made all the necessary preparations to ensure a successful roll out of the PAS. However, we cognizant of the fact that even a carefully crafted plan can fail, and as such, we have established an alternative plan – Plan B. |
| Risk 4 | Risk Driver | Organisational capital affected | Opportunity | Risk Mitigation | Trend | Outlook |
|---|---|---|---|---|---|---|
|
Multiplicity of laws and regulations Besides the NSSF Act, the Fund is subject to a multitude of laws and regulations, and the possibility of non-compliance with some of the provisions of the law is a reality. |
Laws and regulations offer the opportunity to do business in a transparent and accountable manner. | Legislation is a continuous process, new laws and regulations are likely to come up from time to time. However, our compliance frameworks enable us to effectively mitigate the risk of non-compliance. |
| Risk 5 | Risk Driver | Organisational capital affected | Opportunity | Risk Mitigation | Trend | Outlook |
|---|---|---|---|---|---|---|
|
Appreciation of the shilling Market risk was driven mainly by the appreciation of the Uganda Shilling (UGX) against the Kenyan shilling (KES), which resulted in unrealised FX loss of UGX 322.3bn- net, as at 30/06/2021. |
The appreciation of the UGX offers opportunity to increase investment in Shilling-denominated assets e.g government of Uganda treasury bonds. | We expect market risk to escalate in the short and medium term, mainly on account of the appreciating UGX, particularly against the KES. |
| Risk 6 | Risk Driver | Organisational capital affected | Opportunity | Risk Mitigation | Trend | Outlook |
|---|---|---|---|---|---|---|
|
Covid-19 The Fund has a legal obligation to collect contributions from all eligible persons. However, employer compliance rate stood at 51% against a target of 60%, as at 30/06/2021, mainly attributable to the effects of Covid-19. |
The Fund has the opportunity to collect more contributions from the 9% who did not contribute, and from new contributors. | As long as Covid-19 remains prevalent, many employers will struggle to comply with the NSSF obligations to remit contributions for their employees. |
| Risk 7 | Risk Driver | Organisational capital affected | Opportunity | Risk Mitigation | Trend | Outlook |
|---|---|---|---|---|---|---|
|
Changes in tax laws Changes in tax laws such as rental tax, VAT, and a number of others, are likely to increase the Fund’s tax burden. |
The six-month period before the tax changes become effective, provides the Fund with an opportunity to plan effectively to minimise the tax burden. | Taxes are a function of government fiscal policy, which is likely to change from time to time. However, we don’t anticipate new taxes in the short and medium term. |
| Risk 8 | Risk Driver | Organisational capital affected | Opportunity | Risk Mitigation | Trend | Outlook |
|---|---|---|---|---|---|---|
|
Covid-19 The onslaught of Covid-19 threatened the continuity of many businesses. The usual routine of working from office was totally disrupted by Covid-19 |
Covid-19 provided opportunities for use of online resources such as video-conferencing, zoom meeting, etc, which minimise costs associated with physical meetings. | We do not anticipate major challenges regarding our ability to continue operations, because have built a robust BCM & DRP. |
| Risk 9 | Risk Driver | Organisational capital affected | Opportunity | Risk Mitigation | Trend | Outlook |
|---|---|---|---|---|---|---|
|
Legal constraints Legal impediments within the NSSF Act, especially on the number of products that the NSSF can offer to its members, creates a challenge of limited product range. |
Amendment of the National Social Security Fund (NSSF) Act created opportunities to expand the product offering to members. | The NSSF Amendments bill provides for additional benefits (products). If the President assents to it, the issue of a limited product range will be addressed. |
| Risk 10 | Risk Driver | Organisational capital affected | Opportunity | Risk Mitigation | Trend | Outlook |
|---|---|---|---|---|---|---|
|
Covid-19 Covid-19 has caused serious economic hardship to businesses as well as individuals, to the extent that the temptation to commit fraud is high. |
This gives the Fund the opportunity to review and strengthen its internal controls. | We anticipate an increase in attempts to commit fraud, as the effects of Covid-19 continue to impact the economy. |
Risk Awareness
At the Fund, we consider risk and opportunity management an integral part of business activities, and everyone at the Fund is accountable for risk management. It is, therefore, important that everyone has a good understanding of the risks and opportunities associated with the activities one undertakes and how to mitigate the risks, while exploiting the opportunities.
We have an annual risk sensitisation programme, which involves face-to-face training, online sensitisation, and most importantly through a new awareness initiative, our risk and opportunity management publication, called The Risk Echo magazine.
The Risk Echo is an insightful publication, covering a wide range of risk and opportunities management topics, published for internal and external audiences. The magazine enjoys overwhelming approval from our readers based on the recent survey as per the results below.
OVERALL IMPRESSION
What were the reader's
overall impression of the
magazine?
Excellent
OVERALL IMPRESSION
What were the reader's overall
impression of
the magazine?
Good
RECOMMENDATIONS
Would the reader recommend the magazine to another
reader?
highly likely
UNDERSTANDING
To what extent has the magazine improved your understanding of risk and risk management?
Moderate
UNDERSTANDING
To what extent has the magazine improved your understanding of risk and risk management?
Great Extent
Resilience
The business continuity and disaster recovery capabilities the Fund has built over the years has enabled it to remain resilient in carrying out its operations, despite the challenges posed by Covid-19. (refer risk # 8).
There is a substantive Crisis Management Committee, chaired by the Deputy Managing Director, that convenes on a weekly basis to review the Covid-19 situation and the measures put in place from time to time to address the impacts of the pandemic on the operations of the Fund.
The Committee makes recommendations to the Executive Committee on the best way to respond, taking into account the impact on the staff and operations of the Fund.
The Fund has a comprehensive disaster recovery plan, which is subject to annual tests. With the recent Disaster Recovery Plan (DRP) test conducted on June 11, 2021, we exceeded our Recovery Time Objectives (RTOs) on all applications by 34% on average.