In order to support effective implementation of our Enterprise Risk Management framework we have adopted the three lines of
defense model as illustrated below;
|Three Lines of Defense|
|First line of defense||Second line of defense||Third line of defense|
|Primary Risk Owners:
||Independent Assurance provider:
Internal and External Auditors
|Reports to management||Reports to CEO and Board Audit Committee||Reports to Board Audit Committee|
Our risk identification and mitigation processes have been designed to be responsive to the ever-changing environment that we operate in
Our risk identification and mitigation processes have been designed to be responsive to the ever-changing environment that we operate in. We classify our risks into two categories; Strategic and Operational.
The following are Safaricom’s principal risks and mitigation strategies. The fact that we disclose details of these risks means that each receives the requisite and considerable management attention.
The Regulatory environment that Safaricom operates in is
increasingly becoming complex and it continues to be one of the
key areas of focus.
The nature of products and services that we provide requires that
we comply with a wide range of laws and regulations from our
|While we comply with all laws and regulations, we continue to build constructive relationships with the regulators as well as contribute to discussions on emerging legislation and regulations as we prepare to comply with the same.
Our products and services are carefully and continuously
|Economic Growth ProspectsKenya has continued to experience challenges from a volatile
currency, increased inflation and a reduction of FOREX earnings.
The prolonged electioneering period in 2017 also caused
uncertainty among investors thereby shying away from local
investment opportunities.Other factors such as crippling drought, floods and the regulatory
cap on lending rates also contributed to a reduction in consumer’s
|We continue to proactively monitor and mitigate these challenges to cushion both our business and customers.|
The industry has become increasingly competitive in terms of
|Our strategies to manage market disruption focus on growing and retaining our customers by offering quality services as well as and leveraging on strategic partnerships within different sectors
to ensure we provide our customers with relevant products and services and customer experience.
We continue to be innovative and adopt an agile operating model to be able to respond rapidly to the ever changing customer needs.
|Political uncertainties and unrestThe last year has seen the country experience an extended period of political quagmire which has had adverse impact on the economic, social and business environments. Insecurity and or terrorism in some parts of the country may result in increased costs of operations.||The business continues to monitor the political situation keenly while taking appropriate business measure to safeguard our operations. To manage these security risks, we have invested
heavily to ensure our staff, contractors and assets are protected and we continue to work closely with Law enforcement authorities to ensure our customers’ interests are well protected.
Further we carry out proactive intelligence gathering, screening and security surveillance. We will continue to invest in security training and awareness as well as maintenance and improvement
of our security infrastructure and tools.
|Information and cyber threats
Cyber-attacks, hacking, insider threat or supplier breach
|Safaricom has enhanced its capacity to handle cybercrime incidents and technology related crime. Of particular note are robust cyber security controls complemented by the 24/7 Security Operations Centre to ensure we safeguard the services that we offer.
Our ISO 27001 Information Security Certification is an
To ensure excellence in operations we aslo hold the following certification by a reputable firm from UK: