Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
www.summitcl.com
Why care?
#1
What do you think is the impact to the economy when a business collapses?
#2
Image credit, ACFE.com
Keynote Agenda
www.summitcl.com
Perspective
Case 1: The rise and fall of SOMEDI Microfinance. Started in 1996, in Masindi Expanded regionally. Was no more by 2012
www.summitcl.com
Perspective impact
Case 1: The rise and fall of SOMEDI Microfinance. Lost donor goodwill Lots of people lost livelihood Bad reputation of the industry
www.summitcl.com
Joseph Businge, who used to own three shops, lost it all. He now lives in poverty in Masindi
www.summitcl.com
Perspective
Case 2: The rise and fall of Victoria Basin Savings & Microfinance Cooperative Trust Ltd (VBS). Started in 1990, in Rakai as building society Transformed into a SACCO. Off the radar by 2013!
www.summitcl.com Forensic. Advisory. Fraud.
Perspectiveimpact.
9,854
56% women.
www.summitcl.com Forensic. Advisory. Fraud.
www.summitcl.com
Perspective lessons
Timely supervision
www.summitcl.com
Status of Microfinance RM
1. Perspective
www.summitcl.com
www.summitcl.com
S o u r c e : A M F I U p u b lic a t io n s .
Regulatory framework Should address the key failings: Avoid mission drift Address fraud risk Monitor key business indicators
www.summitcl.com Forensic. Advisory. Fraud.
Regulatory framework
MoPED provides policy and oversight of the financial sector through Rural Finance Services Program (RFSP) Department of Cooperatives in MTIC registers & supervises SACCOs
www.summitcl.com
Regulatory framework
Tier 4 regulatory framework underway SACCOs to be classified Large ones to be under prudential regulations, e.g. under amended MDI Act
www.summitcl.com
Regulatory framework
Microfinance is a business for social impact and economic return. It supports the people at the bottom of the pyramid to change their lives in a sustainable way.
www.summitcl.com
Risk is the probability that an investments actual return will be different than expected
Forensic. Advisory. Fraud.
Regulatory framework
Microfinance is not about making a lot of profits or becoming a bank. It is about expanding scale and capacity to extend very low cost microloans to as many poor people as possible and enabling their enterprises to grow,
Mustapha B. Mugisa, 2013.
www.summitcl.com
www.summitcl.com
Status on ground
Best practices are just on paper There is the Board, Auditors, etc but these are for cosmetic purposes Institutions want to just be seen to be ok because they have the Board.
www.summitcl.com Forensic. Advisory. Fraud.
Status on ground
Risk management is not structured. Majority of staff dont know their roles in risk management!
www.summitcl.com
Status on ground
Generic risks exits e.g. credit, liquidity, technology, governance. Few people, if any, know how those risks are identified, assessed, managed and continuously reviewed
www.summitcl.com Forensic. Advisory. Fraud.
Status on ground
Although cases of SOMEDI, VBS and PEARL have shown fraud, IT & staff are big challenges, few institutions have recognized this. Why?
www.summitcl.com
1.94/-
Trillion
Ugx. 4
billion annually!
Forensic. Advisory. Fraud
Your Institution
For institutions 65% of security breaches are internal 35% of security breaches are external.
www.summitcl.com
1. Perspective
3. Way forward
A low-end business woman with merchandise.
Credit: Internet photo.
www.summitcl.com
XY Microfinance RM model
Case 4: XY Microfinance risk management model is good. Risk management is part of their business Process owners identify the risks and monitor them Eight questions are asked and answered
www.summitcl.com Forensic. Advisory. Fraud.
XY RM model awareness
#1: Do the Board, management and staff all understand how the risk register is developed?
F ig u r e 1 : R is k m a n a g e m e n t p r o c e s s a t X Y
4.
M o n it o r a n d C o n t in u o u s R e v ie w
1.
I d e n t if y
W h a t c o u ld g o w r o n g ?
A r e t h e c o n t r o ls e f f e c t iv e ? H a s t h e r is k c h a n g e d ?
X Y O b je c t iv e s / KRAs
2. Assess
3. C o n t r o l/ M it ig a t e
H o w lik e ly is it t o h a p p e n ? W h o w o u ld c o m m it f r a u d ? W h a t w o u ld b e t h e im p a c t if it h a p p e n e d
W h a t s h o u ld b e d o n e t o r e d u c e t h e r is k ? W h o o w n s t h e r is k ? W h a t m o r e t o d o a b o u t it ?
www.summitcl.com
www.summitcl.com
XY RM impact/likelihood
#3, for each identified event, are likelihood and impact clearly defined and assessed by process owners? XY uses the likelihood and impact guide by the Institute of Risk Management (IRM), specifically follows the ISO 31000:2009 guidelines as in tables 2 & 3 below.
www.summitcl.com
XY RM modellikelihood
R a t in g F re q u e n t S co re 5 T h rea t > 7 5 % ch a n c e o f o c c u rre n c e V e r y r e g u la r o c c u r r e n c e L ik e ly 4 > 5 0 % < 7 5 % ch a n ce o f o ccu rre n ce C ir c u m s t a n c e s f r e q u e n t ly e n c o u n te re d P o s s ib le 3 > 2 5 % < 5 0 % ch a n ce o f o ccu rre n ce L ik e ly t o h a p p e n a t s o m e p o in t in th e n e x t 2 y e a rs . C ir c u m s t a n c e s o c c a s io n a lly e n c o u n te re d . U n lik e ly 2 > 5% < 25% chance of o ccu rre n ce O n ly lik e ly t o h a p p e n o n c e in 3 y e a rs. C ir c u m s t a n c e s r a r e ly e n c o u n t e r e d . R e m o te 1 L e s s th a n 5 % c h a n c e o f o ccu rre n ce . H a s n e v e r h a p p e n e d b e fo re C ir c u m s t a n c e s n e v e r e n c o u n t e r e d . www.summitcl.com L e s s th a n 5 % c h a n c e o f o c c u rre n c e . S o m e c h a n c e s o f f a v o u r a b le o u t c o m e in t h e m e d iu m t e r m 5 % to 2 5 % c h a n c e o f o c c u rre n c e O p p o r t u n ity F a v o u r a b le a n d f r e q u e n t o c c u r r e n c e lik e ly. F a v o u r a b le o u t c o m e is lik e ly t o b e a c h ie v e d in o n e y e a r. M o re th a n 5 0 % ch a n c e o f o c c u rre n c e . R e a s o n a b le p r o s p e c t s o f f a v o u r a b le r e s u lt s in o n e y e a r. 2 5 % to 5 0 % ch a n c e o f o c cu rre n ce
XY RM modelimpact
R a t in g D e f in it io n M o n e ta ry Im p a ct ( U g x m ) 5 V e r y h ig h ( c a t a s t r o p h ic ) > 50 L e a d s to t e r m in a t io n o f p ro je c ts o r w it h d ra w a l o f fin a n c in g a n d is u n d a m e n ta l to s e r v i c e d e l iv e r y 4 H i g h ( C r i t i c a l) > 1 0 < 50 E v e n t w h ic h m a y h a v e a p r o lo n g e d n e g a t iv e im p a c t a n d e x t e n s iv e consequences 3 M o d e ra te > 5 < 10 E v e n t w h ic h c a n be m anaged, but r e q u ir e s a d d it io n a l re so u rce s a n d m anagem ent e ffo rt 2 M in o r > 0 .5 < 5 Event can be m anaged under n o r m a l o p e ra t in g c o n d it io n s 1 I n s ig n ific a n t < 0 .5 C onsequences can e a s ily b e a b so rb e d u n d e r n o r m a l o p e ra t in g c o n d it io n s L it t le im p a c t S ig n ific a n t d e la y s ; p e rfo rm a n c e s ig n ific a n tly u n d e r ta rg e t M a t e r ia l d e la y s , m a r g in a l under a c h ie v e m e n t of ta rg e t p e rfo rm a n c e I n c o n v e n ie n t d e la y s N o n - h e a d lin e e x p o su re , fa u lt q u i c k ly ; n e g l i g i b l e im p a c t N o n - h e a d lin e e x p o su re , n o t a t fa u lt , n o im p a c t In n o ce n t b re a ch ; im p a c t p r o c e d u ra l e v id e n c e of c le a r s e tt le d B re a ch ; c o m p la in t m in o r h a rm in v e s t ig a t io n o b je c t io n / lo d g e d ; w it h H e a d lin e re p e a te d e x p o su re ; r e g u la t o r y e n q u ir y R e p e a te d h e a d lin e e x p o su re ; r e s o lu t io n ; P a r lia m e n t a r y e n q u ir y / b r ie fin g s lo w non N e g lig e n t la c k of b re a ch ; good fa it h B o a rd in v o lv e m e n t ; p r o f il e ; D e li b e r a t e g ro ss fo rm a l b re a ch or n e g lig e n c e ; in v e s t ig a t io n ; a c t io n ; C onsequence Im p a ct X Y s o b j e c t iv e s Non a c h ie v e m e n t of o b j e c t iv e s ; p e rfo rm a n c e f a il u r e M a x im u m h e a d lin e e x p o su re ; ce n su re ; c r e d i b i li t y B o a rd lo s s of h ig h S e r io u s b re a ch ; n e g lig e n c e p r o s e c u t io n ; ce n su re . or w i lf u l c r im in a l a c t; B o a rd on R e p u t a t io n event per N o n c o m p lia n c e
d i s c i p li n a r y
B o a r d in v o lv e m e n t
e v id e n t ; p e r fo r m a n c e r e v ie w in it ia te d
www.summitcl.com
5 4 3
IM P A C T
5 4 3 2 1 1
10 8 6 4 2 2
15 12 9 6 3 3
20 16 12 8 4 4
25 20 15 10 5 5
2 1
LIK ELIH O O D
www.summitcl.com
Non Compliance to statutory requirements Dynamic legal regime / Non compliance to Best practices
Corporate governance
Compliance
Unclear Performance Indicators
Procurement frauds
Strategic
Fraud
Risk Universe
High staff turnover
Financial
Asset misappropriation
Liquidity
Over indebtedness
Operational
Stakeholder risks; concealment of Malpractices Fraud. Compromise of XY Credit / fieldStaff Weak contract Management Governance constraints low Anti-fraud funding
Information Technology
Im p a c t
1
L ik e lih o o d
5 1
2 # 3 P re co n tro l # 4
Post c o n tro l
5 5
XYs strategy is to move risks from the red category to the Green one, on an on-going basis
Forensic. Advisory. Fraud.
www.summitcl.com
XY RM risk reporting
#5, are risk reporting processes effective?
R o le
B oard
Q u a r t e r ly
A u d it /R is k C o m m it t e e
A p p ro v e S tr a te g y. O v e rse e s
th e
R is k
M anagem ent
d e v e lo p m e n t, and m a in te n a n c e o f
T o p 1 0 s tr a te g ic r is k s . T o p r is k s o f th e d e p a r t m e n ts . a u d it a s s u r a n c e . e ff e c tiv e n e s s o f r is k m a n a g e m e n t. c o s t / v a lu e o f r is k m a n a g e m e n t. b e n c h m a r k in g r is k m a n a g e m e n t.
i m p le m e n ta ti o n
r is k m a n a g e m e n t a c r o s s th e A u th o r ity.
D ep a rtm en t / S e c t io n h e a d s
o w n r is k s . d e s ig n a n d o w n c o n tr o ls .. r u n th e b u s in e s s
www.summitcl.com
r is k
a p p e t it e
fo r
in a d e q u a t e ly fo r a n y
t r a in e d ,
in e x p e r ie n c e d a n d u n s k ille d s t a f f. o p e r a t io n a l r is k a p p e t it e in t e r n a l p r o c e s s f a ilu r e s .
XY RM top 10 risks
#7, are top 10 risks identified and clearly monitored? XY has operates a risk management software which provides a dashboard or a Risk Register for easy risk monitoring on-going.
www.summitcl.com
XY RM risk reporting
#8, Is the Risk Register up to date? XY has operates a risk management software which provides a dashboard or a Risk Register for easy risk monitoring on-going.
www.summitcl.com
www.summitcl.com
i. Fraud risk management strategy e.g. PAPEMO toolkit & on-going awareness training to all staff ii. Effective whistleblowing solution
Microfinance fraud prevention
www.summitcl.com
Toolkit