Print Page   |   Contact Us   |   Sign In   |   Apply online
Community Search
Calendar

2018-02-05 » 2018-02-06
Cyber Security 5 & 6 February 2018

2018-02-07 » 2018-02-08
Operational Risk Management Training - 7 & 8 February 2018

2018-02-09
Audit & Risk Committee Training - 12 February 2018

2018-02-14 » 2018-02-15
Introduction to Risk Management - 14 & 15 February JHB

IRMSA Risk Chat
Blog Home All Blogs

Models of predicting insurance companies bankruptcy

Posted By Arthur T. Dzamatira, 08 November 2016

Dear Members,

 I am working on a dissertation about Models of predicting insurance companies bankruptcy. My particular focus is on the Zimbabwean insurance market as it is still being regulated based on the minimum capital requirements. These minimum capital requirements are being are being changed constantly resulting in some under performing insurers shutting down.

Currently, the minimum capital requirements for short term insurers is US$1.5 million. This has been way beyond reach for some insurance companies leaving only the big established companies to compete. Eventually, with the constant increase, this might lead to an Oligopoly insurance market.

Your thoughts and inputs will be greatly appreciated.

 

Arthur

 

 

Tags:  altman z score  bankruptcy  industry shock  models  prediction 

Share |
PermalinkComments (0)
 

From which perspective?

Posted By Futurerisk, 26 September 2016

It would be useful to know who the author of this article is please to be able to make any meaningful comment...

 

Thanks,

 

Kay

This post has not been tagged.

Share |
PermalinkComments (0)
 

The Use Of Best Practice In The Public Sector - Risk Chat - 26 September 2016

Posted By Administration, 26 September 2016

26 SEPTEMBER 2016

 

THE USE OF BEST PRACTICE IN THE PUBLIC SECTOR

 

According to the results of the Financial Management Capability Maturity Model that has been rolled out throughout the public sector, it has become evident that the majority of public sector institutions are still battling with integrating risk management with other institutional processes. It appears as if many of these institutions are more comfortable with adopting a “tick box” exercise as opposed to implementing best practice. As much as  complying with risk management prescripts is necessary, it is just as important to ensure that risk management is fully integrated so that there is a quantifiable  benefit to an institution’s performance. The structure of the risk management function is crucial and should address the considerations below:

  • Whether or not institutions should form a separate independent Risk Management Committee (RMC) vs. a combined one; and how to effectively measure whether or not the RMC does add value through the system of risk management within an institution.
  • Who the Chief Risk Officer (CRO) reports to.
  • The use of Risk Champions within institutions.

With the view that public sector institutions have been struggling, particularly in successfully embedding risk management, it is of important that we understand and identify where these hindrances could arise from.

Many institutions often attempt to implement every “risk management buzzword” without considering its suitability.  Below are examples of what could negatively influence progress in effectively embedding risk management:

Risk Management Not Given Priority

The CRO is an expert in risk management that operates at a senior level, and is employed to ensure that risk management is embedded within the institution. The Accounting Officer and Executive Management team expect that whatever the CRO introduces will bring value to the institution and will enhance performance.

Structural Roles Overlap

Institutions should be extra careful when addressing risk management responsibilities in order to avoid a duplication of effort.  For example, if existing structures within an institution already cater for risk management reporting and control, the institution could just work on strengthening and formalising these risk management structures, instead of introducing additional structures.

It is unfortunate that that the public sector is still stuck on ensuring that risk management prescripts are complied with.  Institutions appear to be more concerned about making sure that the Auditor – General places all of the ticks in the desired places following an audit. This does not suggest that compliance is not important.  However, it is also important that one should understand the underlying reasons for compliance and should assess how certain prescripts can be best implemented within the unique nature of the South African Public Sector.

Considering that institutions are unique, it is vital that the approach pertaining to system implementations, particularly related to risk management, should be equally unique. Therefore, before making a decision on how to best implement certain risk management processes, it is necessary for an institution to consider the following:

  • Whether the existing structures within the institution do not already play a role, and have responsibilities, in the management of risks; identifying the extent of involvement with regard to those roles and responsibilities.
  • Whether the considered prescripts bring value to institutions.
  • Whether the institution is actually ready for the considered risk management recommended prescripts.
  • The state of the institution, for example, whether the institution is in distress or whether it is business as usual.
  • Whether the implementation of the considered prescript would enhance or undermine the perception of the CRO by Executive Management and the Accounting Officer (as well as other relevant stakeholders).

Best practice pertaining to the embedding of risk management should not be followed blindly and requires an understanding of where the content is drawn from. In most cases, information that advises the recommended risk management prescript is drawn from corporate institutions, which are structured differently from the South African Public Sector.

As the saying goes, “A good CRO ultimately works himself out of a job”.  It is therefore important to remember that, ultimately, CROs should create a system of risk management that is designed for, and is compatible with, the institutional nature and culture. Going forward, public sector institutions would benefit tremendously by using the existing risk management frameworks and tailoring it in line with the nature of the organisation. In doing so, these institutions will uncover the benefit of having an effective risk management programme.



You are currently signed up to IRMSA's mailing list.
To unsubscribe click here.

IRMSA 
144 Katherine Street, Grayston Ridge Office Park, Block A, First Floor, Sandton
www.irmsa.org.za

0115551800

Copyright © 2016 IRMSA - All rights reserved.

This email was sent to '@@email@@' from The Institute of Risk Management South Africa. If you wish to stop receiving email from us, you can simply remove yourself by visiting: @@unsubscribe_url@@

This post has not been tagged.

Share |
PermalinkComments (1)
 

Managing Vendor Risks - Risk Chat - 29 August 2016

Posted By Administration, 29 August 2016

29 AUGUST 2016

 

MANAGING VENDOR RISKS

A supplier’s factory collapses killing hundreds of workers, some of them children. Thousands of customers’ credit card information and other personal financial records are hacked after a supplier is granted third-party access to the organisation’s network. A major product recall needs to be launched when the organisation discovers that a supplier used contaminated materials.

Concerns around vendor risk were once almost exclusively related to the quality of products or materials being provided by a supplier, or the risk that a vendor might be unable to meet delivery of supply quotas, thereby disrupting production. Today, organisations can increasingly be found liable for their suppliers’ behavior. Customers view the organisation as being the provider of a solution, and they don’t differentiate the organisation from its suppliers. If a problem occurs, they hold the organisation responsible and it is the organisation’s reputation that may suffer. Given this, organisations today need to broaden their risk focus to also include oversight of their suppliers’ health, safety and environmental practices, compliance with labour laws, use of intellectual property, practices around the sourcing of raw materials, corruption, and more. 

One of the biggest challenges facing organisations is gaining an understanding of the full extent of their supply chain relationships and the associated risks. Unlike risks within the organisation, which are comparatively easy to identify and mitigate, external risks—including economic and regulatory risks and other uncertainties—are much harder to quantify.

Organisations need to determine how and where suppliers and their activities could potentially expose the organization by developing a comprehensive view of the entire vendor risk universe, including where and how those risks are concentrated in terms of suppliers, products, commodities, geographies, and other factors. In areas of extreme concentration, organisations need to consider steps to diversify their supplier relationships.

Despite focusing on a wider range of vendor risks than they once did, many organisations’ methods of managing supplier risk still have yet to evolve. Some organisations, for example, continue to take a contract management approach to supplier risk, believing that the due diligence undertaken before a contract is signed with a supplier sufficiently mitigates the ongoing risks associated with that supplier. Often, no further risk assessments are undertaken, adopting a reactive approach to vendor risk management with problems often being identified and addressed only after they have occurred and the damage is done.

Taking this into consideration, risk managers need to carefully consider the risks associated with vendors:

  • Do you have a clear view of the key risks embedded in your supply chain?
  • Do you have a common standard of assessing the maturity and capability of vendors and suppliers in managing risk on your behalf?
  • Do you monitor and track vendor risk exposures and responses as part of vendor management and performance?
  • How prepared is your organisation to deal with risks that materialise, including the potential reputational; risk and stakeholder management to resolve?



You are currently signed up to IRMSA's mailing list.
To unsubscribe click here.

IRMSA 
144 Katherine Street, Grayston Ridge Office Park, Block A, First Floor, Sandton
www.irmsa.org.za

0115551800

Copyright © 2016 IRMSA - All rights reserved.

This post has not been tagged.

Share |
PermalinkComments (0)
 

Cyber Risk

Posted By Administration, 15 August 2016

15 AUGUST 2016

 

CYBER RISK

Cybercrimes

Increasingly sophisticated criminals are resorting to advanced techniques to attack and infiltrate networks, steal information and commit fraud using computers, networks and mobile devices in the act or commission of the fraud. Cybercrime or the criminal activity that flows from the use of such electronic equipment has evolved into a complex, regimented industry of skilled participants who exploit every opportunity to defraud victims and/or commit other online crimes.

Cybercriminals have also continued to adapt in order to evade traditional security defences so that they can defraud not only consumers but also various organisations, business and corporate entities through credential theft, cyber-attacks, data breaches, abuse of cloud services and online social and financial fraud.

The term cybercrime has also been expanded to embody a wide range of activities, including bank, financial and credit card account takeovers, downloading illegal content, creating or distributing viruses or unlawfully accessing and releasing company confidential or personal information onto the internet and/or in the public domain.

Data Breaches

Although strict governance of sensitive or personal data to avoid breaches is mandated through industry guidelines and government compliance regulations, cybercriminals continue to have great success with using malware, guesswork and deception to exploit networks for fraudulent purposes. Even a single breach or violation of government regulations or industry compliance standards could result in very serious outcomes, including steep fines and / or criminal or civil prosecution for the organisation. 

Although most cybercriminals are out to steal data, some are after system resources or may even aspire to tarnish a company’s brand or person’s reputation or simply to execute a hoax or scam. The evolving range of internet based strategies affecting companies’ and individuals’ security protocols are extensive. These include worms and viruses attached to emails, spoof emails to ‘phish’ for personal information, Trojan horses to launch spyware and key loggers to track typing strokes.

Stolen Credentials

Organisations have witnessed a dramatic increase in attacks using stolen account details, with new techniques consistently being used to evade fraud detection systems. It is anticipated that such attacks will continue to increase in number and functionality given evolving technologies and infrastructure such as cloud services.

Attackers can steal credentials in a number of different ways. The following examples are encountered the most:

  • Phishing – a form of social engineering, whereby a phishing email containing a link to a spoofed (fake) web or login page, where users are tricked into providing their credentials which attackers can steal.
  • Malware – a cybercriminal may send a user an email containing an attachment with malware. Once opened, it can download and execute a key logger that records and sends user credentials back to the criminal.

Once credentials have been obtained cybercriminals can steal other sensitive and confidential information, install viruses or other malicious code, disable or reconfigure security controls and cause irreparable damage to a company and its infrastructure. To this end companies promote a technique – deflection – to scramble website code, thereby confounding attackers and obscuring vulnerabilities.

Cyber-attacks: Cloud Computing

The “cloud” is a virtual, boundless facility for the storage and use of data online and comprises countless, unique, third-party services, all with differing and often undefined and untested security practices. Cloud computing and services have benefitted both personal users and businesses in many ways, including – but not limited to –the convenience of having on-demand data availability, high computing power and performance, reduced costs, improved information manageability and the flexibility to scale up or down as computing needs change. But, notwithstanding its success, it does have a shadowy side and is often exploited by cybercriminals for fraud and other illegal activities.

As the popularity of using cloud resources to store data increases, it is steadily gaining a reputation as the ‘fruit-bearing jackpot’. Cybercriminals have been quick off the mark to embrace the trend towards cloud computing and storage and are making concerted efforts to target these services to steal sensitive information or deliver malware. This is done through brute force (using numerous attempts to test multiple common credentials) or by tapping in to vulnerability scans (i.e. automated attempts to find and exploit security weaknesses). The reality is that, major cloud services are in fact at risk of ‘man-in-the-cloud’ (MITC) cyber-attacks that are becoming increasingly difficult to detect.

The convergence of cloud computing together with the emergence of powerful mobile devices and its incorporation into our daily work routine means that the goals of securing sensitive data and maintaining regulatory compliance have become serious risks for organisations and businesses and increasingly difficult to maintain. 

Stay Safe – Be Secure

Cyberspace is now abounds with unprecedented opportunities to deceive victims on-line with cybercriminals enjoying, instantaneous and direct access to millions of prospective victims around the world. To minimise the risk of losing personal and business confidential information ALWAYS exercise caution and use the following guidelines:

  • Do not respond to, or click on, any links in an email message requesting that you verify your personal details or login credentials or update, activate or reactivate online profiles. Following these links could expose you and /or your organisation to malware, spyware or viruses.
  • Never download files or content from sites that you don’t know or trust. Ensure that the operating system, applications, software, browser and anti-virus software on all your devices is always updated and that you have software or hardware firewalls.
  • Protect the information on your storage devices by either encrypting files or by hiding or disguising files containing sensitive and confidential information.
  • Refrain from using any device that you suspect may be infected and as far as possible do not use the same (one) password for all of your devices and applications.

Some questions for you as a Risk Manager:

  • Does your organisation have a process in place to protect the business against cyber threats?
  • Does your organisation create awareness pertaining to cyber threats?
  • Has your organisation conducted a cyber threat analysis to ensure that the organisation is protected?

 

 



You are currently signed up to IRMSA's mailing list.
To unsubscribe click here.

IRMSA 
144 Katherine Street, Grayston Ridge Office Park, Block A, First Floor, Sandton
www.irmsa.org.za

0115551800

Copyright © 2016 IRMSA - All rights reserved.

This email was sent to '@@email@@' from The Institute of Risk Management South Africa. If you wish to stop receiving email from us, you can simply remove yourself by visiting: @@unsubscribe_url@@

This post has not been tagged.

Share |
PermalinkComments (0)
 

Business Continuity Management - Is it Important?

Posted By Administration, 02 August 2016

1 August 2016

 

BUSINESS CONTINUITY MANAGEMENT 

IS IT REALLY IMPORTANT?


Do we understand the importance of business continuity planning?

Unplanned events and crises can have a devastating effect on any organisation. Crises can be derived from a variety of sources, such as weather, social, political or economic events. Common examples in a South African context include drawn out strike action, IT disruptions, electricity or water supply outages and cyber-attacks.

It is worth asking why, in spite of the growing threat, many organisations still don’t seem to plan, test or invest in business continuity programmes.

One report highlighted that only 18% of organisations are increasing their level of investment in business continuity programmes, while 11% are actively reducing theirs. The report further revealed that 22% of organisations conducted no trend analysis as part of their business continuity process, potentially failing to assess these threats altogether.

The time has come to ensure that your organisation prioritizes the work required to complete, improve or assess its business continuity planning and processes.

 

Read more on other related articles:

Guidance on Business Continuity

Top 10 Threats to Business Continuity


Some questions for you as a Risk Manager:

  • Does your organisation have a top ten list of business continuity threats coupled with plans to address them?
  • Does your organisation have a business continuity programme in place?
  • Has your business continuity framework/process been tested at all?
  • Has top management been made aware of the importance of business continuity as a discipline?






You are currently signed up to IRMSA's mailing list.
To unsubscribe click here.

IRMSA 
144 Katherine Street, Grayston Ridge Office Park, Block A, First Floor, Sandton
www.irmsa.org.za
0115551800


Copyright © 2016 IRMSA - All rights reserved.

This email was sent to '@@email@@' from The Institute of Risk Management South Africa. If you wish to stop receiving email from us, you can simply remove yourself by visiting: @@unsubscribe_url@@

This post has not been tagged.

Share |
PermalinkComments (0)
 

INTER-INDUSTRY COMPETITION

Posted By Administration, 18 July 2016

18 July 2016

 

INTER-INDUSTRY COMPETITION

ARE YOU BEING SMART OR ARE YOU BEING RISK-ADVERSE?... OR BOTH
 

Competitive pressures are forcing market players to cross industries in search of competitive advantage. Mobile operators for example, are crossing telecommunication boundaries in search of new revenues streams. Retailers are also in on the act by branching out of just selling commodities to offering value added services. It seems like a new trend has emerged but have we ever wondered why? It appears that a number of these industries are facing a challenge of their cash cows running out of “cash milk”. To name a few, voice revenues are declining for mobile operators - thanks to social media and enabling technologies such as wi-fi; IT integrators run the risk of being surpassed by cloud computing; auditing revenues are no longer derived from traditional sources as some of their services can now be done through technology.

It is suggested that one of the key drivers behind this challenge is that the once solid lines between industries are becoming blurred.

See more on: 

The Limits of Industry-Centered Strategic Thinking in an Era of Convergence


QUESTIONS:

As a risk manager in your industry:

1.  Are you considering an inter-industry strategy, and if you are already in it, what are the risks associated with inter-industry competition?

2.  The risk of failure is high especially if the capabilities and resources cannot scale up - what mitigation strategies is your organisation employing?

3.  Are you at the forefront of assisting your organisation with these risk/ reward decisions?













You are currently signed up to IRMSA's mailing list.
To unsubscribe click here.

IRMSA 
144 Katherine Street, Grayston Ridge Office Park, Block A, First Floor, Sandton
www.irmsa.org.za

0115551800

Copyright © 2016 IRMSA - All rights reserved.

This email was sent to '@@email@@' from The Institute of Risk Management South Africa. If you wish to stop receiving email from us, you can simply remove yourself by visiting: @@unsubscribe_url@@

This post has not been tagged.

Share |
PermalinkComments (0)
 

Data Protection -Risk Chat: 04 July 2016

Posted By IRMSAInsight, 04 July 2016

04 July 2016

 

DATA PROTECTION 

 

South African Bancassurance giants that have chosen UK prime listing will need to re-evaluate the UK’s propensity to abide by much stronger, precise and robust EU data protection laws after the Brexit vote. South Africans that have entrusted these companies with their personal data will need assurance that their digital privacy is guaranteed.

Numerous journals state that European data protection law is globally recognized as setting the highest standards of privacy and cybersecurity protection and the UK Government would be amiss not to fully comply. In order for South African companies to prosper outside of the UK, but within the EU, they have no option other than to adopt the European standard irrespective of what the UK government decides.

The Brexit vote has certainly raised critical questions not only pertaining to the security options for the protection of our personal data but also to the UK’s propensity to co-operate in combating cyber related crimes and incidents. It should be kept in mind that the UK will now enjoy the same status as any other country in the world to the Europol cyber-crime centre. Full unfettered access is now history.


Click here to read other related Articles: Five Big Data Trends That Will Impact South Africa In 2016   


Questions:

  • Have data privacy laws been embedded into your customer offering?
  • Are you aligned with data privacy regulations within the jurisdictions that your company operates in? 
  • Have you computed the financial implications of a potential data breach?
  • Is your cyber insurance tracking these dynamic cyber threats?

























You are currently signed up to IRMSA's mailing list.
To unsubscribe click here.

IRMSA Training Centre
144 Katherine Street, Grayston Ridge Office Park, Block A, First Floor, Sandton
events@irmsa.org.za
www.irmsa.org.za

0115551800

Copyright © 2016 IRMSA - All rights reserved.

This email was sent to '@@email@@' from The Institute of Risk Management South Africa. If you wish to stop receiving email from us, you can simply remove yourself by visiting: @@unsubscribe_url@@ This email was sent to '@@email@@' from The Institute of Risk Management South Africa. If you wish to stop receiving email from us, you can simply remove yourself by visiting: @@unsubscribe_url@@ This email was sent to '@@email@@' from The Institute of Risk Management South Africa. If you wish to stop receiving email from us, you can simply remove yourself by visiting: @@unsubscribe_url@@

This post has not been tagged.

Share |
PermalinkComments (0)
 

SOUTH AFRICA AVOIDS CREDIT DOWNGRADE FOR NOW

Posted By IRMSAInsight, 19 June 2016

20 June 2016

 

SOUTH AFRICA AVOIDS CREDIT DOWNGRADE FOR NOW

 

 

 

South Africa’s Finance Minister, Pravin Gordhan, was correct in his assessment at the start of the month - in relation to the country’s potential credit rating downgrading to junk by Standard and Poor’s (S&P) Global Ratings, Moody’s and Fitch Ratings Ltd. - stating that “I think we’ve done enough to pass the June hurdle.” This follows Fitch becoming the third agency on 8 June to reaffirm South Africa’s investment grade credit rating and maintained its stable outlook. Minister in the Presidency for Planning, Monitoring and Evaluation, Jeff Radebe, is positive that the country can avoid a junk status rating in future asserting that "South Africa is implementing programmes from the National Development Plan (NDP), which will ensure that the country remains an investment destination.” When looking at these credit ratings it is important to remember that South Africa has been given the lowest investment grade and that pacifying ratings agencies does not mask very real economic problems. These concerns include slow economic growth, political and social instability, protracted strikes, and political wrangling that prevents economic policy uncertainty. 

  

 As a Risk Manager:

  • Have you considered how emerging risks, such as the recent terror alert for South African malls and popular public areas, may affect the country’s economy?
  • Do you think that South Africa will successfully fend off a junk credit rating in six months’ time when the next review takes place?
  • Will you continue to analyse and report what the impact of potential downgrades for South Africa will be for your organisation up until the next review?

You are currently signed up to IRMSA's mailing list.
To unsubscribe click here.

IRMSA Training Centre
144 Katherine Street, Grayston Ridge Office Park, Block A, First Floor, Sandton
events@irmsa.org.za
www.irmsa.org.za

0115551800

Copyright © 2016 IRMSA - All rights reserved.

This email was sent to '@@email@@' from The Institute of Risk Management South Africa. If you wish to stop receiving email from us, you can simply remove yourself by visiting: @@unsubscribe_url@@ This email was sent to '@@email@@' from The Institute of Risk Management South Africa. If you wish to stop receiving email from us, you can simply remove yourself by visiting: @@unsubscribe_url@@ This email was sent to '@@email@@' from The Institute of Risk Management South Africa. If you wish to stop receiving email from us, you can simply remove yourself by visiting: @@unsubscribe_url@@

This post has not been tagged.

Share |
PermalinkComments (0)
 

The South African Insurance Market: Risk Chat - 6 June 2016

Posted By IRMSAInsight, 06 June 2016

06 June 2016

 

IS THE PRICE DRIVE OVER?


The South African insurance market has been primarily driven by price for years. There has been substantial insurer capacity, as well as strong insurer and broker competition and appetite to support it. Is the market changing and what does that mean for organisations?

In recent months there has been significant media attention on the South African economy, focusing on the weakening Rand, reduced foreign investment and political instability.  There have also been a number of insurers, brokers and other financial institutions reconsidering their footprint in Africa, withdrawing capacity, and with an appetite to only underwrite the cleanest risks.

If price is no longer the primary driver, what is? Information! Data is paramount! This means being able to accurately identify insured values; understand and articulate key exposures; provide evidence of strong risk management practices and corporate ethos; and the need to focus on greater collaboration between customer, broker and insurer.

The capacity and appetite is still there, we just might need to be more patient and work harder for it.


Click Below to View the Renewal Timelines


  

 

As a Risk Manager:

  • Best practice would suggest starting renewal discussions 6 months before renewal. Do you?
  • Have you considered the impact of rising insurance premiums and how you might mitigate this?
  • Can you clearly articulate your corporate Risk Management philosophy and do you act on it?




You are currently signed up to IRMSA's mailing list.
To unsubscribe click here.

IRMSA Training Centre
144 Katherine Street, Grayston Ridge Office Park, Block A, First Floor, Sandton
events@irmsa.org.za
www.irmsa.org.za

0115551800

Copyright © 2016 IRMSA - All rights reserved.
This email was sent to '@@email@@' from The Institute of Risk Management South Africa. If you wish to stop receiving email from us, you can simply remove yourself by visiting: @@unsubscribe_url@@ This email was sent to '@@email@@' from The Institute of Risk Management South Africa. If you wish to stop receiving email from us, you can simply remove yourself by visiting: @@unsubscribe_url@@

This post has not been tagged.

Share |
PermalinkComments (0)
 
Page 1 of 7
1  |  2  |  3  |  4  |  5  |  6  |  7
Sign In
Sign In securely