Risk description Key controls and risk mitigation Operational risk is the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events. Operational risk remained stable in 2023 and operational losses remained insignificant. Technology, cyber and people risk continue to be the most material operational risk areas. • An effective operational risk management programme, which includes the three lines of defence. The Group seeks to operate an effective framework for the identification, assessment, mitigation and control of operational risk. • The Group seeks to have optimal control of all types of operational risk and seeks to mitigate operational risk to a level consistent with its risk appetite and thresholds. • The Group recognises that Operational Risk exists as an inherent part of doing business and the objective generally is not to eliminate the risk, but to ensure the risk is effectively managed at an acceptable level in a cost-effective manner. • Non-financial risk policies and procedures have been implemented and are reviewed on a periodical basis to keep up-to-date with evolving business needs and the control environment. • Identification and assessment of risk and controls via the Risk Control Self-Assessment (‘RCSA’) methodology. • Incident reporting, oversight and independent monitoring by the risk team. • Operational risk management information analysis and reporting to the Operational Risk Forum and to the Risk Management Committee. Key developments • The Group continues to enhance its operational risk management practices and to further embed the effective use of the operational risk tools. • Work continues to enhance the existing control environment and risk identification assessment mechanisms and approach. • The Group is in the middle of a digital transformation journey which requires constant review, assessment and improvement in controls to mitigate and manage operational risk, including technology and cyber risk. • Focus has been on enhancing the Technology and Cyber Risk Framework in line with the Bank of Mauritius’ new Guideline on Technology and Cyber Risk while ensuring IT and operational resilience. Operational risk Risk Management Report Continued 66 CIM FINANCE ANNUAL REPORT
RkJQdWJsaXNoZXIy MzQ3MjQ5