Takaful Nasional Sdn Berhad
CORPORATE RISK SCORECARD REPORT Key Risk Register Scorecard Name : Post Merger Risk Scorecard Owner : Mohd Radzuan Mohamed Reporting Period : Apr-2006 (For KPI Reporting) Print Date
1.
: 24-May-2006
Goal :
To ensure that all risks that threatened the accomplishment of of the Merger objectives i.e. value creation are mitigated. Strategic : (External) TBA Objective
1.
1.
Risk Factor
: Fs4-1:Reputation Risk
Description
:
Owner Reference
: : Ei1101
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Likely
Impact
Major
KPI
QA Owner
Trigger Value
Existing Controls Type Name
Unit
Score
Actual
Owner
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact
Nett Rating
NA
N/A
Current Status N/A
Action Create Action Plan
N/A
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
1
of 112
To ensure that CEO is the only spokesperson for the organization
NA
Owner
Priority
Start Date
Due Date
N/A
17 Apr 2006
17 May 2006 0%
Status
2.
Risk Factor
: Fs4-2: Media Risk
Description
:
Owner Reference
: : Ei1102
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings Likelihood
Rare
Impact
N/A
Gross Rating
NA
KPI
Owner
Trigger Value
Existing Controls Type Name
Unit
Score
Actual
Owner
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact
Nett Rating
NA
N/A
Current Status N/A
Action Create Action Plan
N/A
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
2
of 112
To ensure that media buys are well coordinated through one department, the corporate communications department
NA
Owner
Priority
Start Date
Due Date
N/A
17 Apr 2006
17 May 2006 0%
Status
3.
Risk Factor
: Fs4-3: Event Scheduling Risk
Description
:
Owner Reference
: : Ei1103
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings Likelihood
Rare
Impact
N/A
Gross Rating
NA
KPI
Owner
Trigger Value
Existing Controls Type Name
Unit
Score
Actual
Owner
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact
Nett Rating
NA
N/A
Current Status N/A
Action Create Action Plan
N/A
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
3
of 112
To ensure that event dates are well coordinated through the corporate communications department
NA
Owner
Priority
Start Date
Due Date
N/A
17 Apr 2006
17 May 2006 0%
Status
Strategic : (Regulatory (Compliance)) TBA Objective
2.
1.
Risk Factor
: Fs3A-2: Statutory Risk – BNM might not favor the decision of reducing takaful benefits resulting injection of capital from Shareholders
Description
: FS3.28 Addressing Takaful Annuities Benefits - Actuarial (Life) Update Note: Review from earlier risk factor based on 20060410 Risk Compilation v4: Fs3A-3: Statutory Risks – Regulators might step in to impose special conditions since this is a nationwide interest
Owner Reference
: : Ri1102
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Possible
Impact
Catastrophic
KPI
Owner
QA Trigger Value
Existing Controls Type Name
Unit
Score
Actual
Owner
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact
Nett Rating
NA
N/A
Current Status N/A
Action Create Action Plan
N/A
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
4
of 112
Notify and explain to BNM of new product feature to reduce benefits
NA
Owner
Priority
Start Date
Due Date
N/A
13 Apr 2006
30 Jun 2006 0%
Status
2.
Risk Factor
: Vc5-Brn5: Unfavorable New Insurance Act
Description
: Possible new Insurance Act’s statutory requirements which might adversely effect the business and operations at the branches
Owner Reference
: : Ri1103
Risk Theme
:
Cause
: 1. New changes to the Act might require new operational procedure 2. New changes to the Act might also require changes to business processes
Consequence
: Possible negative impact to agents and customers at the branches
Gross Risk Ratings
Cause Category
Consequence Category
Gross Rating
Likelihood
Almost Certain
Impact
Catastrophic
KPI
Owner
QA Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QA
Almost Certain
Current Status To be reviewed
Action Create Action Plan
Catastrophic
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
5
of 112
Corporate Planning to assist on feasibility study for management decision
NA
Owner
Priority
Start Date
Due Date
N/A
17 Apr 2006
31 May 2006 0%
Status
3.
Risk Factor
: Vc6-5: Reputational & regulatory non-compliance risk, in the absence of capability of Syariah unit
Description
: Investment management for Takaful funds may have a potential of syariah non-compliance due to the absence of capability separate syariah compliance unit
Owner Reference
: : Ri2101
Risk Theme
:
Cause
: 1. Inability to hire competent and capability personnel for separate syariah compliance section 2. Absence of future investment management direction to ensure the need for separate syariah compliance unit 3. No suitable ready candidate to look into issues pertaining to syariah & its compliance
Consequence
: 1. Regulatory non compliance 2. Reputational risk with regards to investment of Takaful funds 3. Loss of business potential in Takaful products
Gross Risk Ratings
Consequence Category
Gross Rating
Likelihood
Likely
Impact
Major
KPI
QA Owner
Trigger Value
Existing Controls Type Name Preventive
Cause Category
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Establishment of separate syariah compliance unit under merged investment management department
Effectiveness N/A
Controls Effectiveness Control Likelihood Satisfactory Control Impact Good Nett Rating Nett Likelihood Nett Impact
Nett Rating
QD
Unlikely Insignificant
Current Status May Need improvement
Action Create Action Plan
Target Rating Target Likelihood
Rare
Target Impact
Insignificant
Management Actions Type Name Preventive
Page
6
of 112
Effective selection process (in terms of staffing for syariah compliance unit)
QD
Owner
Priority
Start Date
Due Date
N/A
27 Apr 2006
30 Jun 2006 0%
Status
Strategic : (Corporate Governance (Strategy)) TBA Objective
3.
1.
Risk Factor
: Vc5-EC3: Failure to realize potential from MBB’s SMI/SME base
Description
: To further capture the Maybank’s SMI/SME customers ( who are not yet being covered under MFB Group )
Owner Reference
: : Gi1101
Risk Theme
:
Cause
: 1. Lack of possible focus on the business 2. Lack of marketing strategy to penetrate the market
Consequence
: Potential loss of business opportunities
Gross Risk Ratings
Cause Category
Consequence Category Gross Rating
Likelihood
Almost Certain
Impact
Moderate
KPI
Owner
QA Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QA
Almost Certain
Current Status To be reviewed
Action Create Action Plan
Moderate
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
7
of 112
Aggressive strategy of executing value proposition
NA
Owner
Priority
Start Date
Due Date
Status
N/A
17 Apr 2006
01 Jul 2006
0%
2.
Risk Factor
: Vc5-EC5: Failure to develop a core marketing team
Description
: The failure to develop a core marketing team to handle the sales & marketing reqd. of the MFB Group
Owner Reference
: : Gi1102
Risk Theme
:
Cause
: 1. Lack of identification and development of existing talent pool 2. Good staff/ talent being pinched by competitors
Cause Category
Consequence
: 1. Lack of ability to kick start and implement the sales and marketing activities 2. Existing business might be pinched by the staff who resigned/ pinched by competitors
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Possible
Impact
Insignificant
KPI
Owner
QD Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QD
Possible
Current Status To be reviewed
Action Create Action Plan
Insignificant
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
8
of 112
To identify and develop talent pool early
NA
Owner
Priority
Start Date
Due Date
Status
N/A
27 Apr 2006
01 Jul 2006
0%
3.
Risk Factor
: Vc5-Brn1: Loss of key branch resources
Description
: Loss of staff due to resignation, pinching and etc.
Owner Reference
: : Gi1103
Risk Theme
:
Cause
: 1. Staff morale being affected during the merger process 2. Staff being pinched by competitors 3. Branch directions – to close/ merged between branches
Consequence
: 1. Potential loss of business focus due to staff resignation/pinched 2. Competitors might gain our existing customers
Gross Risk Ratings
Cause Category
Consequence Category
Gross Rating
Likelihood
Almost Certain
Impact
Catastrophic
KPI
Owner
QA Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QA
Almost Certain
Current Status To be reviewed
Action Create Action Plan
Catastrophic
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
9
of 112
Obtain empowerment to retain resources
NA
Owner
Priority
Start Date
Due Date
N/A
17 Apr 2006
17 May 2006 0%
Status
4.
Risk Factor
: Vc5-S/MS1- Disruption of planned activities / calendar
Description
:
Owner Reference
: : Gi1104
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Rare
Impact
Insignificant
KPI
Owner
QD Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QD
Rare
Current Status To be reviewed
Action Create Action Plan
Insignificant
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
10 of 112
Obtain full picture of current calendar
NA
Owner
Priority
Start Date
Due Date
N/A
17 Apr 2006
17 May 2006 0%
Status
5.
Risk Factor
: Vc5-S/MS3: Ineffective coordination among entities
Description
:
Owner Reference
: : Gi1105
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Rare
Impact
Moderate
KPI
Owner
QC Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QC
Rare
Current Status To be reviewed
Action Create Action Plan
Moderate
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
11 of 112
Regular consultation and/or meetings
NA
Owner
Priority
Start Date
Due Date
N/A
17 Apr 2006
17 May 2006 0%
Status
6.
Risk Factor
: Vc5-AG8: Lack of focus in Group Agency business development
Description
: Need to improve the management of Group Agency business development
Owner Reference
: : Gi1106
Risk Theme
:
Cause
: 1. Lack of properly define incentive scheme for Group Agency business 2. Lack of manegerial skill among Group Agency business leaders 3. Lack of effective management and monitoring of Group Agency business performance
Consequence
: 1. Low motivation to develop Group business 2. Low level of skills in developing group business among group business agency force
Cause Category
Consequence Category
3. Ineffective in managing and monitoring Group Agency business 4. Unable to capitalise a huge group business market Gross Risk Ratings
Gross Rating
Likelihood
Possible
Impact
Moderate
KPI
Owner
QB Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QB
Possible Moderate
Current Status May Need improvement
Action Create Action Plan
Target Rating Target Likelihood
Unlikely
Target Impact
Minor
Management Actions Type Name
Page
QC
Priority
Start Date
Due Date
Preventive
To recognize group business performance (e.g. overseas convention, club qualifiers)
N/A
25 Apr 2006
25 May 2006 0%
Preventive
To provide / strengthen leaders management skill (e.g. MII agency management course)
N/A
25 Apr 2006
25 May 2006 0%
Corrective
To refocus & re engineer in managing direct agents Action Plan 3
N/A
25 Apr 2006
25 May 2006 0%
12 of 112
Owner
Status
Strategic : (Financial) TBA Objective
4.
1.
Risk Factor
: Vc6-1: Not able to establish Mayban Fortis’ Investment Framework for MNI & TN
Description
: The approved Investment Management Framework as current requirement in Mayban Fortis may have a potential of non-adoption by MNI & TN
Owner Reference
: : Fi1101
Risk Theme
:
Cause
: 1. Different governance and investment management methodology at MNI & TN 2. Unclear communication on methodology in Financial Risk Management 3. Inconsistent basis in terms of investment management (risk-return characteristics)
Cause Category
Consequence
: 1. Asset-liability mismatching risk 2. Investment exposure beyond acceptable risk tolerance 3. Reduced in investment quality (in terms of asset allocation & exposures )
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Likely
Impact
Major
KPI
QA Owner
Trigger Value
Existing Controls Type Name Preventive
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Adoption of Financial Risk Management framework (including the Investment Management Guidelines)
Effectiveness N/A
Controls Effectiveness Control Likelihood Good Control Impact Good Nett Rating Nett Likelihood Nett Impact
Nett Rating
QD
Rare
Current Status Within Expectation
Action Create Action Plan
Insignificant
Target Rating Target Likelihood
Rare
Target Impact
Insignificant
Management Actions Type Name
Page
QD
Owner
Priority
Start Date
Due Date
Status
Preventive
Setting up joint Asset-Liability Management Committee (ALCO)
N/A
27 Apr 2006
30 Jun 2006 0%
Preventive
Asset-Liability Management (ALM) analysis for each of MNI & TN’s funds
N/A
27 Apr 2006
30 Jun 2006 0%
13 of 112
2.
Risk Factor
: Vc6-3: Non alignment of asset class mix as according to the strategic, maximum & minimum asset mix
Description
: Different methodology in terms of investment management for various entities may lead to misalignment of investment strategy with regards to investment strategic mix as defined in ALM framework
Owner Reference
: : Fi1102
Risk Theme
:
Cause
: 1. Different governance and investment management methodology at MNI & TN 2. Unclear communication on methodology in Financial Risk Management 3. Inconsistent basis in terms of investment management (risk-return characteristics)
Cause Category
Consequence
: 1. Asset-liability mismatching risk 2. Investment exposure beyond acceptable risk tolerance 3. Reduced in investment quality (in terms of asset allocation & exposures)
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Likely
Impact
Major
KPI
QA Owner
Trigger Value
Existing Controls Type Name Preventive
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Compliance monitoring (in terms of investment strategic mix, including maximum & minimum limits)
Effectiveness N/A
Controls Effectiveness Control Likelihood Good Control Impact Good Nett Rating Nett Likelihood Nett Impact
Nett Rating
QD
Rare
Current Status Within Expectation
Action Create Action Plan
Insignificant
Target Rating Target Likelihood
Rare
Target Impact
Insignificant
Management Actions Type Name Preventive
Page
14 of 112
Compliance reporting to various committees and boards (ALCO, RMC, IC, Boards)
QD
Owner
Priority
Start Date
Due Date
N/A
27 Apr 2006
31 Dec 2007 0%
Status
3.
Risk Factor
: Vc6-4: Non optimization in fixed income portfolio investment
Description
: The different methodology in terms of managing credit risk for fixed income investment in separate entities may result in non-optimization of the fixed income investment within allowable limit (60% in terms of AA and higher rated instruments)
Owner Reference
: : Fi1103
Risk Theme
:
Cause
: 1. Non adoption of investment management & risk management governance in terms of managing fixed income 2. Absence of methodology used in credit risk assessment 3. Absence of allowable limits to ensure quality fixed income investment
Consequence
: 1. Potential lower yield in fixed income investment 2. Inconsistent management of fixed income based on risk aspect 3. Mismatch in terms of invested asset with product pricing
Gross Risk Ratings
Consequence Category
Gross Rating
Likelihood
Likely
Impact
Major
KPI
QA Owner
Trigger Value
Existing Controls Type Name Preventive
Cause Category
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Compliance monitoring (in terms of credit risk assessment by funds)
Effectiveness N/A
Controls Effectiveness Control Likelihood Good Control Impact Good Nett Rating Nett Likelihood Nett Impact
Nett Rating
QD
Rare
Current Status Within Expectation
Action Create Action Plan
Insignificant
Target Rating Target Likelihood
Rare
Target Impact
Insignificant
Management Actions Type Name Preventive
Page
15 of 112
Compliance reporting to various committees and boards (ALCO, RMC, IC, Boards)
QD
Owner
Priority
Start Date
Due Date
N/A
27 Apr 2006
27 May 2006 0%
Status
4.
Risk Factor
: Vc8-4: Financial Risks – Take up rate on free-up space
Description
: Huge space to be vacated 1. MNI Twins at 140k sq ft 2. BDZ at 65k sq ft 3. Potential reduction of occupancy retention rate on existing tenancy (non MIG )
Owner Reference
: : Fi1104
Risk Theme
:
Cause
: 1. Relocation of MIG 2. Failure in retaining existing tenants 3. Potential delay in relocation exercise – ideal space could not be rented out timely
Consequence
: 1. Financial loss/impact on unoccupied space – MNI Twins at 140k sq
[email protected], BDZ at 65k sq
[email protected]. 2. Loss of rental income due to existing tenant/s moving out 3. Increase in ratio in Building Maintenance cost
Gross Risk Ratings
Cause Category
Consequence Category
Gross Rating
Likelihood
Likely
Impact
Major
KPI
QA Owner
Trigger Value
Existing Controls Type Name
Unit
Score
Actual
Target Status Last Trend Month
Interval
Effectiveness
Detective
Establishment of marketing strategy
On going
N/A
Detective
Continuous update and communication to; 1. Property brokers on marketing plan 2. Existing tenant/s on flexible package
On going
N/A
Owner
Controls Effectiveness Control Likelihood Some Weaknesses Control Impact Some Weakness Nett Rating Nett Likelihood Nett Impact
Nett Rating
QB
Possible
Current Status Within Expectation
Action Create Action Plan
Moderate
Target Rating Target Likelihood
Possible
Target Impact
Major
Management Actions Type Name
Page
QA
Priority
Start Date
Due Date
Preventive
Implementation of proper and effective marketing strategy
N/A
25 Apr 2006
25 May 2006 0%
Preventive
Temporary/interim risk taking to relocate staff at vacated floor
N/A
25 Apr 2006
25 May 2006 0%
Preventive
To offer attractive tenancy package to retain the existing tenant
N/A
25 Apr 2006
25 May 2006 0%
16 of 112
Owner
Status
Page
17 of 112
5.
Risk Factor
: Fs3F-3: Prolonged completion leading to higher costs
Description
:
Owner Reference
: : Fi1105
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Possible
Impact
Moderate
KPI
Owner
QB Trigger Value
Existing Controls Type Name
Unit
Score
Actual
Owner
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact
Nett Rating
NA
N/A
Current Status N/A
Action Create Action Plan
N/A
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Detective
Page
18 of 112
Active project plan with clear milestones and prompt issues resolution
NA
Owner
Priority
Start Date
Due Date
N/A
06 Apr 2006
06 May 2006 0%
Status
6.
Risk Factor
: Fs3A-1.1: Business Risk – Reputational risk of Takaful if benefits are reduced subsequently not matching the ‘PRE’
Description
: FS3.28 Addressing Takaful Annuities Benefits - Actuarial (Life) Note: Fs3A-2: Business Risks – Loss of revenue due to negative perception of the model and fulfilling PRE is merged into FS3A-1.1 based on 20060410 Risk Compilation v4.
Owner Reference
: : Fi1106
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Possible
Impact
Catastrophic
KPI
Owner
QA Trigger Value
Existing Controls Type Name
Unit
Score
Actual
Owner
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact
Nett Rating
NA
N/A
Current Status N/A
Action Create Action Plan
N/A
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name
Page
NA
Priority
Start Date
Due Date
Preventive
Detail comprehensive communications and explanation plan
N/A
06 Apr 2006
06 May 2006 0%
Preventive
The front-liner (Marketing,Agents,Corporate Communications) be made aware of the decision to reduce benefits
N/A
13 Apr 2006
30 Jun 2006 0%
19 of 112
Owner
Status
7.
Risk Factor
: Vc5-EC4: Failure to increase share of wallet
Description
: Failure to increase business from existing customers by widening the products being offered & sell to the customers
Owner Reference
: : Fi1107
Risk Theme
:
Cause
: Lack of coordination in regards to joint marketing approach/programs to existing customers within MFB Group
Consequence
: Potential loss of business opportunities.
Gross Risk Ratings
Cause Category
Consequence Category
Gross Rating
Likelihood
Possible
Impact
Insignificant
KPI
Owner
QD Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QD
Possible
Current Status To be reviewed
Action Create Action Plan
Insignificant
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
20 of 112
To set joint-market approach of customers soon
NA
Owner
Priority
Start Date
Due Date
Status
N/A
17 Apr 2006
01 Jul 2006
0%
8.
Risk Factor
: Vc5-AD2: Low take-up rate
Description
:
Owner Reference
: : Fi1108
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Rare
Impact
Insignificant
KPI
Owner
QD Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QD
Rare
Current Status To be reviewed
Action Create Action Plan
Insignificant
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
21 of 112
Refine database
NA
Owner
Priority
Start Date
Due Date
N/A
17 Apr 2006
17 May 2006 0%
Status
9.
Risk Factor
: Fs3-PB2: Failure to meet the Maybank Group’s deadlines
Description
:
Owner Reference
: : Fi1109
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Rare
Impact
Catastrophic
KPI
Owner
QB Trigger Value
Existing Controls Type Name
Unit
Score
Actual
Owner
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact
Nett Rating
NA
N/A
Current Status N/A
Action Create Action Plan
N/A
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
22 of 112
Desktop exercise to finalise budget
NA
Owner
Priority
Start Date
Due Date
N/A
17 Apr 2006
17 May 2006 0%
Status
10. Risk Factor
: Fs3-Fs3.29-2: Financial Risk – internal assessment may be conservative considering data issues, hence may result in high IBNR reserve
Description
: Note: FS3 Finance & Risk Management – FS3.29 Aligning MNI & TN IBNR Data for Reserving Period Ending 30 June - Actuarial (General)
Owner Reference
: : Fi1110
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Almost Certain
Impact
Catastrophic
KPI
Owner
QA Trigger Value
Existing Controls Type Name
Unit
Score
Actual
Owner
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact
Nett Rating
NA
N/A
Current Status N/A
Action Create Action Plan
N/A
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
23 of 112
A consultant may be able to provide more accurate estimate, and release margin due to conservatism
NA
Owner
Priority
Start Date
Due Date
N/A
17 Apr 2006
17 May 2006 0%
Status
11. Risk Factor
: Vc5-AG9: Lower than industry in persistency ratio
Description
: High surrendered cases among policy holders especially in the first two years of the policy term (Pls indicate the statistics). Currently stands at more than 1000 surrended cases per month in TN alone
Owner Reference
: : Fi1111
Risk Theme
:
Cause
: 1. Some agents are taking advantage of the situation by encouraging policy switching to the existing TN policy holder 2. Ineffective and inconsistent agent disciplinary enforcement 3. Misrepresentation by agents to potential and existing customers 4. Lack of monitoring by agency leaders on the conducts of their agents
Consequence
: 1. Impacting persistency ratio currently stand at 65% which is very much lower than industry average 2. Reputation risk to the company 3. Impacting profitability / Higher cost of doing business
Gross Risk Ratings
Cause Category
Consequence Category
Gross Rating
Likelihood
Possible
Impact
Major
KPI
Owner
QA Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QA
Possible Major
Current Status May Need improvement
Action Create Action Plan
Target Rating Target Likelihood
Unlikely
Target Impact
Minor
Management Actions Type Name
Page
QC
Priority
Start Date
Due Date
Preventive
To establish Customer Conservation Unit
N/A
25 Apr 2006
25 May 2006 0%
Preventive
To implement a consistent agent disciplinary conducts/enforcement
N/A
25 Apr 2006
25 May 2006 0%
Preventive
To incorporate persistency ratio in agency promotion and incentive programs
N/A
25 Apr 2006
25 May 2006 0%
Preventive
Suggested KRI
N/A
25 Apr 2006
25 May 2006 0%
24 of 112
Owner
Status
Strategic : (Customers (Business)) TBA Objective
5.
1.
Risk Factor
: Vc2-3: Reduced customer satisfaction due to centralization of operation.
Description
: 1. Centralization of processing is core of value creation. 2. Key assumption that branch will not be in processing. Branch sales oriented. 3. Currently customer being served at branches especially life business.
Owner Reference
: : Ci1101
Risk Theme
:
Cause
: 1. Uncertainty of the function of the branch create dissatisfaction. 2. Redeployment of staff 3. Agent reservation on the centralization of operation. 4. Efficiency of the system.
Consequence
: 1. Loss of customer/ agents confidence. 2. Staff resigning
Gross Risk Ratings
Consequence Category
Gross Rating
Likelihood
Likely
Impact
Major
KPI
QA Owner
Trigger Value
Existing Controls Type Name Detective
Cause Category
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Usage of Maybank facilities.
Effectiveness N/A
Controls Effectiveness Control Likelihood Some Weaknesses Control Impact Some Weakness Nett Rating Nett Likelihood Nett Impact
Nett Rating
QB
Possible
Current Status To be reviewed
Action Create Action Plan
Moderate
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name
Page
NA
Priority
Start Date
Due Date
Preventive
Formulation of Branch SLA
N/A
27 Apr 2006
27 May 2006 0%
Preventive
Plan for agency awareness program on alternative facilities i.e. self service facilities, Channel, I Pos etc at branch level
N/A
27 Apr 2006
27 May 2006 0%
Preventive
To clearly identify all processes handled at branch and find alternative avenues without reducing SLA. Work with all Sales and Marketing team.
N/A
27 Apr 2006
27 May 2006 0%
Preventive
Plan for outsourcing/ centralization of function alternative strategy
N/A
27 Apr 2006
27 May 2006 0%
25 of 112
Owner
Status
Page
26 of 112
2.
Risk Factor
: Vc2-4: Integrating Takaful with conventional becomes an opportunity to our competitors.
Description
: Competitors will exploit the sentiment that TN is not incompliance with Shariah, due to mixture of conventional front & back end processes.
Owner Reference
: : Ci1102
Risk Theme
:
Cause
: Composite branch concept (Takaful & non-T in 1 branch)
Consequence
: Loss of market share
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Likely
Impact
Major
KPI
QA Owner
Trigger Value
Existing Controls Type Name Preventive
Cause Category
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Purity campaign by TN
Effectiveness N/A
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Some Weakness Nett Rating Nett Likelihood Nett Impact
Nett Rating
QB
Likely
Current Status To be reviewed
Action Create Action Plan
Moderate
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name
Page
NA
Priority
Start Date
Due Date
Preventive
To propose for a team (consist of branch and agency team) to look into proposal to segregate Takaful and non-Takaful operation
N/A
27 Apr 2006
27 May 2006 0%
Preventive
Ensure that part of purity campaign includes communication policy to staff on how to respond to queries with regards to model, operation etc
N/A
27 Apr 2006
27 May 2006 0%
27 of 112
Owner
Status
3.
Risk Factor
: Vc4-2: Business Risks – Loss of revenue due to shortcomings in transition to Wakalah
Description
: Refer to the possibility of reduced in the business growth due to lower return to the participants
Owner Reference
: : Ci1103
Risk Theme
:
Cause
: 1. Takaful product not customer friendly and less attractive 2. Difficult to sell the product
Consequence
: 1. Loss of customer and market share. 2. Reduced surplus and profit 3. Impact to channel and agency i.e. high turnover of staff and agency. 4. Reduced business volume.
Gross Risk Ratings
Cause Category
Consequence Category
Gross Rating
Likelihood
Likely
Impact
Moderate
KPI
Owner
QB Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QB
Likely Moderate
Current Status May Need improvement
Action Create Action Plan
Target Rating Target Likelihood
Possible
Target Impact
Minor
Management Actions Type Name
Page
QC
Priority
Start Date
Due Date
Status
Preventive
The DIP to ensure that a comprehensive testing and communications plan is established prior to transition points and to conduct phased rollout
N/A
25 Apr 2006
01 Jul 2006
0%
Preventive
TN Account Dept to analyze/study the viability of the Takaful model. Currently the study is conducted for General & Group Family Takaful.
N/A
25 Apr 2006
01 Jun 2006 0%
Preventive
To study and conduct simulation on the correctness and suitability of the Wakalah model for the enlarged entity and advice the committee on the findings
N/A
25 Apr 2006
01 Jun 2006 0%
Preventive
To present the proposed new Takaful model to TN Shariah Committee.
N/A
25 Apr 2006
01 Jun 2006 0%
28 of 112
Owner
Page
29 of 112
4.
Risk Factor
: Vc4-3: Business Risks – Loss of revenue due to unfavorable response of agents and customers to new fee structure
Description
: 1. The MTB wakalah model will reduce the return to the client as opposed to TN’s existing model 2. The Wakalah model work to MTB due to its share of Maybank’s captive market.
Owner Reference
: : Ci1104
Risk Theme
:
Cause
: 1. Incorrect assessment of optimal fee structure. 2. Less customer friendly because of the 80 (operator) :20 (participant) sharing of surplus from the general Takaful fund as of MTB model 3. Lack of proper communication to various stakeholders.
Consequence
: 1. Negative impact to business growth. 2. To give high return to client (in order to compete with competitors), Takaful need to charge a higher premium.
Gross Risk Ratings
Cause Category
Consequence Category
Gross Rating
Likelihood
Likely
Impact
Moderate
KPI
Owner
QB Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QB
Likely Moderate
Current Status May Need improvement
Action Create Action Plan
Target Rating Target Likelihood
Likely
Target Impact
Minor
Management Actions Type Name
Page
QC
Priority
Start Date
Due Date
Preventive
Propose to review the current MTB sharing of surplus ratio
N/A
25 Apr 2006
01 Jun 2006 0%
Preventive
Test and survey agent and customer response to new fee structure prior to actual rollout
N/A
25 Apr 2006
25 May 2006 0%
Preventive
To review the model based on the survey results
N/A
25 Apr 2006
25 May 2006 0%
30 of 112
Owner
Status
5.
Risk Factor
: Vc5-BA1: Lost of 3rd party banca partners
Description
: The loss of 3rd. party business channel i.e other Banks
Owner Reference
: : Ci1105
Risk Theme
:
Cause
: 1. Lack of understanding on the merged entity 2. Lack of willingness to work with perceived banking competitor 3. Limited New Products i.e single premium product
Consequence
: 1. Loss of sales 2. Loss of a 3rd party business channel
Gross Risk Ratings
Cause Category
Consequence Category
Gross Rating
Likelihood
Almost Certain
Impact
Moderate
KPI
Owner
QA Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QA
Almost Certain
Current Status To be reviewed
Action Create Action Plan
Moderate
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
31 of 112
Develop 2-3 integrated banca relationships
NA
Owner
Priority
Start Date
Due Date
N/A
17 Apr 2006
30 Jun 2007 0%
Status
6.
Risk Factor
: Vc5-BA2: Banca partners do not accept products
Description
: Non acceptance of the bancassurance products to be offered through the Banca partners.
Owner Reference
: : Ci1106
Risk Theme
:
Cause
: 1. Lack of detailed knowledge on the bancasurrance product 2. Acceptance level of the product might be affected due to issues of i.e commission paid to Banca partners etc.
Consequence
: Product cannot be rolled out
Gross Risk Ratings
Cause Category
Consequence Category Gross Rating
Likelihood
Possible
Impact
Moderate
KPI
Owner
QB Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QB
Possible
Current Status To be reviewed
Action Create Action Plan
Moderate
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
32 of 112
Ensure buy-in by educating and/or promoting
NA
Owner
Priority
Start Date
Due Date
N/A
17 Apr 2006
30 Sep 2006 0%
Status
7.
Risk Factor
: Vc5-BA3: Banca partners disagree on rollout timing
Description
: The timing or launch date might not be agreeable to the Banca partner.
Owner Reference
: : Ci1107
Risk Theme
:
Cause
: Different priorities and scheduling for the Banca partners
Consequence
: Late/ Delay in launching
Cause Category
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Rare
Impact
Insignificant
KPI
Owner
QD Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QD
Rare
Current Status To be reviewed
Action Create Action Plan
Insignificant
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
33 of 112
Early involvement of partners
NA
Owner
Priority
Start Date
Due Date
N/A
17 Apr 2006
30 Sep 2006 0%
Status
8.
Risk Factor
: Vc5-AG5: Rejection by Takaful agents
Description
: Related to the perception about Takaful business operation and issue of purity of takaful business conduct
Owner Reference
: : Ci1108
Risk Theme
:
Cause
: 1. Takaful agents do not want to be seen as doing business together with the conventional agents 2. Takaful agents worried about public perception on the conduct of their business purity of takaful operation is at stake
Cause Category
Consequence
: 1. Takful Agency force might be rejected by the public 2. Public perception about TN takaful practice is not in line with Shariah requirement 3. TN reputation in the eyes of public is at stake 4. Competitors might take opportunity to exploit the issue and impacting MF takaful business in the market
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Possible
Impact
Major
KPI
Owner
QA Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QA
Possible Major
Current Status May Need improvement
Action Create Action Plan
Target Rating Target Likelihood
Unlikely
Target Impact
Minor
Management Actions Type Name
Page
QC
Priority
Start Date
Due Date
Preventive
Plan training and incentive schemes
N/A
17 Apr 2006
30 Jun 2006 0%
Preventive
To ensure to separate the two agency force entity i.e. takaful ans conventional agents
N/A
25 Apr 2006
25 May 2006 0%
34 of 112
Owner
Status
9.
Risk Factor
: Vc5-AG6: (KIV) Agents lose focus on life business
Description
:
Owner Reference
: : Ci1109
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Rare
Impact
Insignificant
KPI
Owner
QD Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QD
Rare
Current Status To be reviewed
Action Create Action Plan
Insignificant
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
35 of 112
Develop communication plan and develop min. hurdles for life products
NA
Owner
Priority
Start Date
Due Date
N/A
17 Apr 2006
17 May 2006 0%
Status
10. Risk Factor
: Vc5-EC1: Lost of key (top 25) customers
Description
: The loss of the key or main Corporate customers
Owner Reference
: : Ci1110
Risk Theme
:
Cause
: 1. Anxiety by the brokers due to the merger process 2. Customer pinching by other competitors
Consequence
: Loss of business and sales target
Gross Risk Ratings
Cause Category
Consequence Category
Gross Rating
Likelihood
Almost Certain
Impact
Moderate
KPI
Owner
QA Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QA
Almost Certain
Current Status To be reviewed
Action Create Action Plan
Moderate
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
36 of 112
Ensure visitation on merger update; involve CEO in client relationship; constant communication
NA
Owner
Priority
Start Date
Due Date
Status
N/A
17 Apr 2006
01 Jul 2006
0%
11. Risk Factor
: Vc5-EC2: Failure to capture the 200 MBB large customers
Description
: To further capture the 200 Maybank’s major customers ( who are not yet being covered by MFB Group )
Owner Reference
: : Ci1111
Risk Theme
:
Cause
: 1. Lack of possible focus on the business 2. Lack of marketing strategy to penetrate the market
Consequence
: Potential loss of business opportunities
Gross Risk Ratings
Cause Category
Consequence Category
Gross Rating
Likelihood
Almost Certain
Impact
Moderate
KPI
Owner
QA Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QA
Almost Certain
Current Status To be reviewed
Action Create Action Plan
Moderate
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
37 of 112
Aggressive strategy of executing value proposition
NA
Owner
Priority
Start Date
Due Date
Status
N/A
17 Apr 2006
01 Jul 2006
0%
12. Risk Factor
: Vc5-S/MS4: Lack of preparedness of agency force
Description
:
Owner Reference
: : Ci1112
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Possible
Impact
Moderate
KPI
Owner
QB Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QB
Possible
Current Status To be reviewed
Action Create Action Plan
Moderate
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
38 of 112
Early preparation and communication with agents
NA
Owner
Priority
Start Date
Due Date
N/A
17 Apr 2006
17 May 2006 0%
Status
13. Risk Factor
: Fs3-Fs3.25-2:Business Risk – MNI’s carried forward surplus reduced substantially if MLA’s bonus allocation practice is adopted
Description
: Note: FS3 Finance & Risk Management – FS3.25 Aligning Various Bonus Practices of Participating Policies - Actuarial (Life)
Owner Reference
: : Ci1113
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Almost Certain
Impact
Catastrophic
KPI
Owner
QA Trigger Value
Existing Controls Type Name
Unit
Score
Actual
Owner
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact
Nett Rating
NA
N/A
Current Status N/A
Action Create Action Plan
N/A
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
39 of 112
Adopt MNI’s bonus allocation practice
NA
Owner
Priority
Start Date
Due Date
N/A
17 Apr 2006
17 May 2006 0%
Status
14. Risk Factor
: Fs3-Fs3.26-1:Business Risk – Valuation basis affects surplus arising in the life funds and ROSF
Description
: Inconsistent valuation basis / practice is not reasonable and difficult to justify Note: FS3 Finance & Risk Management – FS3.26 Alignment of Differing Valuation Bases Actuarial (Life)
Owner Reference
: : Ci1114
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Possible
Impact
Moderate
KPI
Owner
QB Trigger Value
Existing Controls Type Name
Unit
Score
Actual
Owner
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact
Nett Rating
NA
N/A
Current Status N/A
Action Create Action Plan
N/A
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
40 of 112
Review valuation basis for common items where the basis is not stipulated in the Insurance Act
NA
Owner
Priority
Start Date
Due Date
N/A
17 Apr 2006
17 May 2006 0%
Status
15. Risk Factor
: Vc5-AG10: Uncompetitive Agency Value Propositions
Description
: Poor Agency Value Propositions planning and budgeting
Owner Reference
: : Ci1115
Risk Theme
:
Cause
: 1. Lack of market research 2. Lack of innovative ideas in developing agency value propositions
Consequence
: 1. Loss of agency business 2. Loss of productive agents 3. Inability to recruit new productive agents
Gross Risk Ratings
Cause Category
Consequence Category
Gross Rating
Likelihood
Unlikely
Impact
Minor
KPI
Owner
QC Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QC
Unlikely Minor
Current Status May Need improvement
Action Create Action Plan
Target Rating Target Likelihood
Rare
Target Impact
Insignificant
Management Actions Type Name Preventive
Page
41 of 112
Conduct thorough market research and develop competitive and innovative agency value propositions and budget
QD
Owner
Priority
Start Date
Due Date
N/A
27 Apr 2006
27 May 2006 0%
Status
16. Risk Factor
: Vc5-AG11: Ineffective Agency Training
Description
: Ineffective Agency Training Plan
Owner Reference
: : Ci1116
Risk Theme
:
Cause
: 1. Lack of Training Need Analysis 2. Lack of a Training Calendar 3. Lack of competent trainer
Cause Category
Consequence
: 1. Lack of agency professionalism 2. Lack of agency productivity 3. Poor customer service
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Possible
Impact
Minor
KPI
Owner
QC Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QC
Possible Minor
Current Status May Need improvement
Action Create Action Plan
Target Rating Target Likelihood
Unlikely
Target Impact
Insignificant
Management Actions Type Name Preventive
Page
42 of 112
Conduct training need analysis and develop appropriate training program and calendar for the different categories of agents.
QD
Owner
Priority
Start Date
Due Date
N/A
27 Apr 2006
27 May 2006 0%
Status
Strategic : (Products and Services) TBA Objective
6.
1.
Risk Factor
: Vc5-BA5: Product cannibalization by 3rd party banca sales force
Description
: Products not being pushed due to issues of the 3rd. party Banca sales force
Owner Reference
: : Pi1102
Risk Theme
:
Cause
: Lack of product differentiation from competitors within the same 3rd. party bancasurrance channel.
Consequence
: Unable to meet the sales target
Gross Risk Ratings
Cause Category
Consequence Category
Gross Rating
Likelihood
Rare
Impact
Moderate
KPI
Owner
QC Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QC
Rare
Current Status To be reviewed
Action Create Action Plan
Moderate
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
43 of 112
Ensure adequate product features differentiation
NA
Owner
Priority
Start Date
Due Date
N/A
27 Apr 2006
30 Sep 2006 0%
Status
2.
Risk Factor
: Vc5-BA6: Low take-up rate for motor takaful
Description
: Low take up rate for motor takaful cover through the 3rd. party bancassurance channel.
Owner Reference
: : Pi1103
Risk Theme
:
Cause
: 1. Inadequate promotional campaign done with the 3rd. party bancasurance channel 2. Inadequate close working relationship with 3rd. party bancassurance partners
Consequence
: Motor takaful product sales target not met.
Gross Risk Ratings
Cause Category
Consequence Category
Gross Rating
Likelihood
Rare
Impact
Moderate
KPI
Owner
QC Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QC
Rare
Current Status To be reviewed
Action Create Action Plan
Moderate
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
44 of 112
Promotion campaign and work closely with TN banca partners
NA
Owner
Priority
Start Date
Due Date
N/A
27 Apr 2006
27 May 2006 0%
Status
3.
Risk Factor
: Vc5-AD4: Cooperatives may opt for MBB products only
Description
:
Owner Reference
: : Pi1104
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Rare
Impact
Insignificant
KPI
Owner
QD Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QD
Rare
Current Status To be reviewed
Action Create Action Plan
Insignificant
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name
Page
45 of 112
NA
Owner
Priority
Start Date
Due Date
Status
4.
Risk Factor
: Vc5-S/MS5: Product ideation and launches delayed due to inappropriate or uncoordinated product management
Description
:
Owner Reference
: : Pi1105
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Almost Certain
Impact
Moderate
KPI
Owner
QA Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QA
Almost Certain
Current Status To be reviewed
Action Create Action Plan
Moderate
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
46 of 112
Work very closely with PDC and operations; take a proactive role and monitor the progress of each product closely
NA
Owner
Priority
Start Date
Due Date
N/A
17 Apr 2006
17 May 2006 0%
Status
5.
Risk Factor
: Vc2-5:Product Development
Description
: 1. Product development to the respective market segment 2. Possibility that own products from different areas ( conventional and takaful ) will cannibalize each other due to the establishment of composite branch
Owner Reference
: : Pi7101
Risk Theme
:
Cause
: 1. No real market analysis on customer segment. 2. Agents not productive as compared to competitors 3. Target market overlapped.
Consequence
: 1. Inability to achieve top line target. 2. Inability to compete.
Gross Risk Ratings
Consequence Category
Gross Rating
Likelihood
Likely
Impact
Major
KPI
QA Owner
Trigger Value
Existing Controls Type Name Preventive
Cause Category
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Ensuring the effectiveness of Product Development Committee of Mayban Fortis
Effectiveness N/A
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QA
Likely
Current Status To be reviewed
Action Create Action Plan
Major
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
47 of 112
Market analysis to be undertaken to support marketing and sales strategy which will drives product specification and development.
NA
Owner
Priority
Start Date
Due Date
N/A
27 Apr 2006
27 May 2006 0%
Status
Strategic : (Suppliers (Business)) TBA Objective
7.
1.
Risk Factor
: Vc1-IT2: Vendor risk
Description
: 1. The project will require involvement of multiple vendors. Effective management of all vendor will be a challenge for the project team 2. In certain circumstances, over dependant on single vendor give rise to possibility of a single vendor involve in too many projects as a result the vendor may not be able to cope with the workload
Owner Reference
: : Si1101
Risk Theme
:
Cause
: 1. Resource constraints and lack of business knowledge 2. Vendor not giving priority to project - Skill set and replacement not quality
Consequence
: 1. 2. 3. of
Cause Category
Consequence Category
Schedule overrun Cost overrun Inability to meet project objective in term requirement and quality.
Gross Risk Ratings
Gross Rating
Likelihood
Possible
Impact
Moderate
KPI
Owner
QB Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Preventive
Objective vendor selection process
As Appropriate N/A
Preventive
IT to vet through the contract to ensure that comprehensive arrangement for each vendor selected i.e. in term of resources quality and replacement availability
As Appropriate N/A
Preventive
To consider multiple vendor for various projects
As Appropriate N/A
Preventive
Contract to include penalty clauses
As Appropriate N/A
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QB
Possible Moderate
Current Status May Need improvement
Action Create Action Plan
Target Rating Target Likelihood
Unlikely
Target Impact
Minor
Management Actions Type Name Preventive
Page
48 of 112
To liaise with legal to consider for favourable spread for the payment term to vendor
QC
Owner
Priority
Start Date
Due Date
N/A
25 Apr 2006
25 May 2006 0%
Status
Strategic : (Human Capital (People)) TBA Objective
8.
1.
Risk Factor
: Vc3-4: People Risks – Internal resistance to process harmonization between takaful and conventional operations
Description
: No in depth understanding and awareness of staff on management structure on takaful and conventional operations
Owner Reference
: : Hi1101
Risk Theme
:
Cause
: 1. In adequate communication 2. Lack of awareness 3. Sensitivity of Takaful requirements ie Shariah compliance and restricted Investment requirements
Consequence
: 1. No buy-in commitment by employee 2. Low staff morale 3. Reduced productivity
Gross Risk Ratings
Cause Category
Consequence Category
Gross Rating
Likelihood
Possible
Impact
Moderate
KPI
Owner
QB Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Preventive
Prepare communications strategy to address staff concerns and issues ie formal communication via Townhall session, Newsletter etc
On going
N/A
Preventive
Generate feedback from staff
On going
N/A
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QB
Possible Moderate
Current Status May Need improvement
Action Create Action Plan
Target Rating Target Likelihood
Rare
Target Impact
Minor
Management Actions Type Name Preventive
Page
49 of 112
Formalize training and related knowledge sharing program/session on Takaful and conventional requirements to staff
QD
Owner
Priority
Start Date
Due Date
N/A
06 Apr 2006
06 May 2006 0%
Status
2.
Risk Factor
: Vc4-1: Personnel Risks – Failure to effectively educate and train staff, agents and customers on the changes
Description
: 1. 2. 3. 4.
Owner Reference
: : Hi1102
Risk Theme
:
Cause
: 1. Lack of dedicated training resources to conduct training 2. Lack of understanding on the differences between mudharabah and wakalah model.
Consequence
: 1. Wrong perception by the agents and client. 2. Impact to Takaful revenue 3. Poor Takaful reputation due to failure to provide proper advice to clients i.e. on policy benefit, surrender value. 4. BNM intervention due to unfavourable result.
Takaful operation to change from modified mudharabah to wakalah. Is correct wakalah model used for the integration as per Saudi scholar fatwa. Legitimacy/permissibility of the wakalah concept used. Given the wakalah model is finalized.
Gross Risk Ratings
Consequence Category
Gross Rating
Likelihood
Likely
Impact
Major
KPI
QA Owner
Trigger Value
Existing Controls Type Name Preventive
Cause Category
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Establishment of training department
Effectiveness N/A
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QA
Likely Major
Current Status May Need improvement
Action Create Action Plan
Target Rating Target Likelihood
Unlikely
Target Impact
Minor
Management Actions Type Name
Page
QC
Owner
Priority
Start Date
Due Date
Status
Preventive
To ensure that a comprehensive training is considered in preparing the Detailed Implementation Plan (DIP).
N/A
25 Apr 2006
15 Jun 2006 0%
Preventive
Training department to develop a comprehensive communications, and training plan (specific module) to address on Takaful model
N/A
25 Apr 2006
25 May 2006 0%
Preventive
To prepare plan for the establishment of the conservation unit for Takaful
N/A
25 Apr 2006
25 May 2006 0%
50 of 112
3.
Risk Factor
: Vc6-2: Unable to integrate investment division for the merged entity
Description
: The merger process may have a potential of problems in integrating 3 investment departments into one merged entity
Owner Reference
: : Hi1103
Risk Theme
:
Cause
: 1. No prior agreement on governance structure of investment management 2. Each of different departments in MF, MNI & TN has different methodology in terms of investment management 3. No clear guide from the management on the future direction of investment management
Consequence
: 1. Potential higher operating cost due to separate investment departments 2. Inefficiency in fund management & investment activities – duplication of work 3. Potential lack of control over investment activities 4. Inability to achieve similar objectives
Gross Risk Ratings
Consequence Category
Gross Rating
Likelihood
Likely
Impact
Major
KPI
QA Owner
Trigger Value
Existing Controls Type Name Preventive
Cause Category
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Common management (& governance) for separate departments under merged entity
Effectiveness N/A
Controls Effectiveness Control Likelihood Good Control Impact Good Nett Rating Nett Likelihood Nett Impact
Nett Rating
QD
Rare
Current Status Within Expectation
Action Create Action Plan
Insignificant
Target Rating Target Likelihood
Rare
Target Impact
Insignificant
Management Actions Type Name Preventive
Page
51 of 112
Effective selection process (in terms of staffing)
QD
Owner
Priority
Start Date
Due Date
N/A
27 Apr 2006
30 Jun 2006 0%
Status
4.
Risk Factor
: Fs3F-1: Personnel risk – loss of key staff
Description
:
Owner Reference
: : Hi1104
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Possible
Impact
Insignificant
KPI
Owner
QD Trigger Value
Existing Controls Type Name
Unit
Score
Actual
Owner
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact
Nett Rating
NA
N/A
Current Status N/A
Action Create Action Plan
N/A
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
52 of 112
Identify alternate support staff
NA
Owner
Priority
Start Date
Due Date
N/A
06 Apr 2006
06 May 2006 0%
Status
5.
Risk Factor
: Fs3F-2: Personnel risk – mismatch of competency / talent
Description
:
Owner Reference
: : Hi1105
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Rare
Impact
Insignificant
KPI
Owner
QD Trigger Value
Existing Controls Type Name
Unit
Score
Actual
Owner
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact
Nett Rating
NA
N/A
Current Status N/A
Action Create Action Plan
N/A
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
53 of 112
Identify alternate support staff
NA
Owner
Priority
Start Date
Due Date
N/A
06 Apr 2006
06 May 2006 0%
Status
6.
Risk Factor
: Fs3R-1: Loss of key personnel during the period of integration
Description
:
Owner Reference
: : Hi1106
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Possible
Impact
Insignificant
KPI
Owner
QD Trigger Value
Existing Controls Type Name
Unit
Score
Actual
Owner
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact
Nett Rating
NA
N/A
Current Status N/A
Action Create Action Plan
N/A
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Corrective
Page
54 of 112
Succession program, headcount assessment
NA
Owner
Priority
Start Date
Due Date
N/A
06 Apr 2006
06 May 2006 0%
Status
7.
Risk Factor
: Fs3R-2: Workload of personnel in the period of integration
Description
:
Owner Reference
: : Hi1107
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Almost Certain
Impact
Insignificant
KPI
Owner
QC Trigger Value
Existing Controls Type Name
Unit
Score
Actual
Owner
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact
Nett Rating
NA
N/A
Current Status N/A
Action Create Action Plan
N/A
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
55 of 112
Priority list, time management
NA
Owner
Priority
Start Date
Due Date
N/A
06 Apr 2006
06 May 2006 0%
Status
8.
Risk Factor
: Vc5-AG4: Implementation problems due to insufficient staff
Description
: Additional staff (Development Officers) for an effective agency development program
Owner Reference
: : Hi1108
Risk Theme
:
Cause
: 1. Lack of focus in agency development program 2. Lower compentency level amongst ADE to command respect from agency force 3. Inadequate manpower to service agency force at HQ and Branches
Cause Category
Consequence
: 1. Ineffective monitoring on agent performance 2. Many development programs were not effectively implemented 3. Low servicing level to agents as compared to our competitors
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Unlikely
Impact
Minor
KPI
Owner
QC Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QC
Unlikely Minor
Current Status May Need improvement
Action Create Action Plan
Target Rating Target Likelihood
Rare
Target Impact
Insignificant
Management Actions Type Name
Page
QD
Priority
Start Date
Due Date
Preventive
Work with HR on getting Manpower planning. To study the existing manpower availibity and compentency level and to propose to HR as needed
N/A
25 Apr 2006
31 May 2006 0%
Preventive
To ensure that ADE is empowered with enough authority to implement and monitor development programs effectively
N/A
25 Apr 2006
25 May 2006 0%
56 of 112
Owner
Status
9.
Risk Factor
: Vc5-AD5: Insufficient staff to handle tasks
Description
:
Owner Reference
: : Hi1109
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Rare
Impact
Insignificant
KPI
Owner
QD Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QD
Rare
Current Status To be reviewed
Action Create Action Plan
Insignificant
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
57 of 112
Ensure and pre-plan manpower requirement and prepare back-up data entry personnel
NA
Owner
Priority
Start Date
Due Date
N/A
17 Apr 2006
17 May 2006 0%
Status
10. Risk Factor
: Vc5-Brn2: Negative response of agents/clients
Description
: Negative perception/response by agents/clients due to previous experience etc.
Owner Reference
: : Hi1110
Risk Theme
:
Cause
: 1. Lack of understanding of the merger & integration process 2. Agents wrong perception based on past experience
Cause Category
Consequence
: 1. Agents might source business to competitors 2. Wrong perception given to customer by agents might lead to loss of renewal businesses.
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Almost Certain
Impact
Moderate
KPI
Owner
QA Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QA
Almost Certain
Current Status To be reviewed
Action Create Action Plan
Moderate
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
58 of 112
Formulate strategy to communicate to clients/ agents
NA
Owner
Priority
Start Date
Due Date
N/A
17 Apr 2006
17 May 2006 0%
Status
11. Risk Factor
: Fs2-1: Retention of key employees during the merger
Description
:
Owner Reference
: : Hi1111
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
N/A
Impact
Catastrophic
KPI
Owner
NA Trigger Value
Existing Controls Type Name
Unit
Score
Actual
Owner
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact
Nett Rating
NA
N/A
Current Status N/A
Action Create Action Plan
N/A
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
59 of 112
Design re-recruitment’ exercise for key employees: identify, assess, select and place –level 3 and level 4 jobs and implement ‘
NA
Owner
Priority
Start Date
Due Date
N/A
17 Apr 2006
17 May 2006 0%
Status
12. Risk Factor
: Fs2-2: Address employee “me” issues – grade, salary,
benefits etc.
Description
:
Owner Reference
: : Hi1112
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
N/A
Impact
Catastrophic
KPI
Owner
NA Trigger Value
Existing Controls Type Name
Unit
Score
Actual
Owner
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact
Nett Rating
NA
N/A
Current Status N/A
Action Create Action Plan
N/A
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name
Page
NA
Priority
Start Date
Due Date
Preventive
Harmonise T&C’s of service including grades, salary and benefits
N/A
17 Apr 2006
17 May 2006 0%
Preventive
Migrate all employees to common structure
N/A
17 Apr 2006
17 May 2006 0%
60 of 112
Owner
Status
13. Risk Factor
: Fs2-3: Maintain employee productivity during and immediately after the merger
Description
:
Owner Reference
: : Hi1113
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
N/A
Impact
Moderate
KPI
Owner
NA Trigger Value
Existing Controls Type Name
Unit
Score
Actual
Owner
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact
Nett Rating
NA
N/A
Current Status N/A
Action Create Action Plan
N/A
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name
Page
NA
Priority
Start Date
Due Date
Preventive
Assess cultural differences
N/A
17 Apr 2006
17 May 2006 0%
Preventive
Develop action plans to address ‘merger’ relatedissues
N/A
17 Apr 2006
17 May 2006 0%
Preventive
Develop & implement comprehensive communication and engagement plans
N/A
17 Apr 2006
17 May 2006 0%
Preventive
Cascade BSC to all employees asap
N/A
17 Apr 2006
17 May 2006 0%
61 of 112
Owner
Status
14. Risk Factor
: Fs3-PB1: Shortage of resources to carry out the tasks
Description
:
Owner Reference
: : Hi1114
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Rare
Impact
Catastrophic
KPI
Owner
QB Trigger Value
Existing Controls Type Name
Unit
Score
Actual
Owner
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact
Nett Rating
NA
N/A
Current Status N/A
Action Create Action Plan
N/A
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
62 of 112
Redeployment of personnel
NA
Owner
Priority
Start Date
Due Date
N/A
17 Apr 2006
17 May 2006 0%
Status
15. Risk Factor
: Fs3-PB3: Confusion over roles and responsibilities during the transition
Description
:
Owner Reference
: : Hi1115
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Rare
Impact
Catastrophic
KPI
Owner
QB Trigger Value
Existing Controls Type Name
Unit
Score
Actual
Owner
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact
Nett Rating
NA
N/A
Current Status N/A
Action Create Action Plan
N/A
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
63 of 112
Conducting briefings on the planning/budgeting process and expectations
NA
Owner
Priority
Start Date
Due Date
N/A
17 Apr 2006
17 May 2006 0%
Status
16. Risk Factor
: Fs3-Fs3.24-1: People risks loss of key staff
Description
: Note: FS3 Finance & Risk Management – FS3.24 Develop Integrated Actuarial Functions
Owner Reference
: : Hi1116
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Rare
Impact
Moderate
KPI
Owner
QC Trigger Value
Existing Controls Type Name
Unit
Score
Actual
Owner
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact
Nett Rating
NA
N/A
Current Status N/A
Action Create Action Plan
N/A
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
64 of 112
Retention program for key staff to be agreed on & implemented
NA
Owner
Priority
Start Date
Due Date
N/A
17 Apr 2006
17 May 2006 0%
Status
17. Risk Factor
: Fs3-Fs3.24-2: People risks – lack of key skills and relevant expertise to support integrated functions
Description
: Note: FS3 Finance & Risk Management – FS3.24 Develop Integrated Actuarial Functions
Owner Reference
: : Hi1117
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Rare
Impact
Insignificant
KPI
Owner
QD Trigger Value
Existing Controls Type Name
Unit
Score
Actual
Owner
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact
Nett Rating
NA
N/A
Current Status N/A
Action Create Action Plan
N/A
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name
Page
NA
Priority
Start Date
Due Date
Preventive
Define skills & expertise needed to support critical functions.
N/A
17 Apr 2006
17 May 2006 0%
Preventive
Identify suitable staff (& back-up support) for development & training
N/A
17 Apr 2006
17 May 2006 0%
65 of 112
Owner
Status
18. Risk Factor
: Fs3-Fs3.30-2: People Risk – require product knowledge and skill in developing the models.
Description
: Note: FS3 Finance & Risk Management – FS3.30 Harmonization of actuarial reports
Owner Reference
: : Hi1118
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Rare
Impact
Insignificant
KPI
Owner
QD Trigger Value
Existing Controls Type Name
Unit
Score
Actual
Owner
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact
Nett Rating
NA
N/A
Current Status N/A
Action Create Action Plan
N/A
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name
Page
NA
Priority
Start Date
Due Date
Preventive
Identify suitable staff
N/A
17 Apr 2006
17 May 2006 0%
Preventive
Ensure precise documentation
N/A
17 Apr 2006
17 May 2006 0%
66 of 112
Owner
Status
19. Risk Factor
: Vc1-IT1: People Risks - IT resources
Description
: 1. Loss of key staff to competitors 2. Insufficient staff with key skills & expertise 3. Insufficient staff with execution & leadership capabilities Note: - Risk from insufficient /inappropriate staffing imply the inability to allocate a skilled workforce to the project, regardless of availability. - The integration is a big scale project and a lot of resources are required. - The increase need for more human capital resources for the core and non-core system integration for the enlarged entity. - The concern is on the ability to retain experienced staff to support throughout the integration period. - There is a need for ‘industry knowledge’ to be brought in
Owner Reference
: : Hi1119
Risk Theme
:
Cause
: 1. Inability to retain skilled and experienced staff 2. Too many projects run concurrently. Internal resources not sufficient to cope with the workload. 3. Lack of subject matter expert (SME) available internally.
Consequence
: 1. 2. 3. of
Cause Category
Consequence Category
Schedule overrun Cost overrun Inability to meet project objective in term functional requirement and quality.
Gross Risk Ratings
Gross Rating
Likelihood
Likely
Impact
Major
KPI
QA Owner
Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Preventive
Adoption of Maybank’s System Selection Criteria.
As Appropriate N/A
Preventive
Engagement of external resources/project manager based on contract basis for key projects.
As Appropriate N/A
Preventive
Initiatives by HR to cope with staff attrition.
On going
N/A
Controls Effectiveness Control Likelihood Some Weaknesses Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QA
Possible Major
Current Status May Need improvement
Action Create Action Plan
Target Rating Target Likelihood
Possible
Target Impact
Moderate
Management Actions Type Name Preventive
Page
67 of 112
To prepare detailed implementation planning (DIP)
QB
Owner
Priority
Start Date
Due Date
N/A
24 Apr 2006
30 Jun 2006 0%
Status
and specific attention will be provided to address the above issues
Page
Preventive
IT will define skills required for HR to initiate: - Hiring and/or training process - Retention program - IT team to focus on detailed execution and build capabilities
N/A
24 Apr 2006
24 Apr 2006 0%
Detective
To conduct monthly project progress review meeting with Project Steering Committee.
N/A
16 Jun 2006
30 Jun 2006 0%
68 of 112
20. Risk Factor
: Vc1-IT4: Execution Risks
Description
: Delay or failure in executing critical path merger activities - The project has many interdependencies. In most cases, projects are dependant on many milestones. - Inability of the VCs and FSs to complete the milestones will result in delay or failure of execution i.e. co-location, site preparation, etc.
Owner Reference
: : Hi1120
Risk Theme
:
Cause
: 1. Critical path delayed 2. Lack of comprehensive project management tools to monitor the achievement of critical paths. Currently projects are tracked manually by using spreadsheet and Microsoft Project.
Consequence
: 1. Delay in operation for the enlarged entity due to schedule overrun 2. Resources are not optimized effectively 3. Inability to meet merger objective
Gross Risk Ratings
Cause Category
Consequence Category
Gross Rating
Likelihood
Possible
Impact
Moderate
KPI
Owner
QB Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Preventive
High awareness of key dependencies and communication of the same to the whole project team
N/A
Detective
IT progress review meeting
N/A
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QB
Possible Moderate
Current Status May Need improvement
Action Create Action Plan
Target Rating Target Likelihood
Possible
Target Impact
Minor
Management Actions Type Name
Page
QC
Priority
Start Date
Due Date
Status
Preventive
To ensure that the DIP prepared identify and subsequently properly map all the critical paths/dependencies.
N/A
16 Jun 2006
15 Jul 2006
0%
Corrective
To look into the possibility of using superior project management tool (Principal II/Prince II) to replace the existing manual tools.
N/A
02 May 2006 02 May 2006 0%
69 of 112
Owner
Page
70 of 112
21. Risk Factor
: VC8-6 - Low staff morale Associated with relocation exercise
Description
: Based on estimation, almost 40% of employees will be getting lower/smaller working station specification
Owner Reference
: : Hi1121
Risk Theme
:
Cause
: 1. New work station policy and standard at MIG – Proposed cubicle at 6X6 as compared to 6X9 at MNI. 2. To best align the Maybank Group workstation standards. 3. Staff “overcrowded” – Existing 45 per floor compared to proposed 77 per floor.
Consequence
: 1. Low staff morale. 2. Ineffective and inefficient productivity. 3. Dissatisfaction feeling over “crowded” environment.
Gross Risk Ratings
Consequence Category
Gross Rating
Likelihood
Possible
Impact
Moderate
KPI
Owner
QB Trigger Value
Existing Controls Type Name Preventive
Cause Category
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Establishment of Co-Location Steering Committee (CLSC) to focus on relocation related matters
Effectiveness
As Appropriate N/A
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QB
Possible Moderate
Current Status May Need improvement
Action Create Action Plan
Target Rating Target Likelihood
Unlikely
Target Impact
Minor
Management Actions Type Name Preventive
Page
71 of 112
To recommend “incentive package” to lessen/mitigate the staff low morale issues due to reduction in size of workstation specifications
QC
Owner
Priority
Start Date
Due Date
N/A
25 Apr 2006
25 May 2006 0%
Status
22. Risk Factor
: Vc5-AG7: Manpower size at agency – Small manpower size & many part time agents halts the agency sales model program
Description
: To improve and increase productivity 238 “Star” (high-performing) agent’s current FYCP of RM50K-RM500K by 30% each year. Small number of Star Agency Group
Owner Reference
: : Hi1122
Risk Theme
:
Cause
: 1. Small number of highly productive agents with current production of FYCP between RM50K-RM500K 2. Many part time agents 3. Lack of professionalism among agency leadres
Consequence
: 1. Halted the agency sales model programs 2. Group Agency Financial Status – Agency Leaders financial sthrengths will influence thier capabilityto develop thier agencies (mapped from risk identified in Slide 11 of IC)
Gross Risk Ratings
Cause Category
Consequence Category
Gross Rating
Likelihood
Possible
Impact
Major
KPI
Owner
QA Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QA
Possible Major
Current Status May Need improvement
Action Create Action Plan
Target Rating Target Likelihood
Unlikely
Target Impact
Minor
Management Actions Type Name
Page
QC
Priority
Start Date
Due Date
Preventive
Analyse and establish various agency groups (segments) Star, Average, and Laggard
N/A
25 Apr 2006
25 May 2006 0%
Preventive
Plan and establish agency development pograms for each identified segment
N/A
25 Apr 2006
25 May 2006 0%
Preventive
Roll out pilot program at selected branches
N/A
25 Apr 2006
25 May 2006 0%
Preventive
Implement full blown development programs to all branches
N/A
25 Apr 2006
25 May 2006 0%
Preventive
Identify and recruit additional staff for agency development program
N/A
25 Apr 2006
25 May 2006 0%
Preventive
Establish and monitor productivity improvement targets including MDRT qualifiers
N/A
25 Apr 2006
25 May 2006 0%
72 of 112
Owner
Status
Preventive
Page
73 of 112
Allocate budget for agency development and incentive programs
N/A
25 Apr 2006
25 May 2006 0%
Strategic : (Operations (& Systems)) TBA Objective
9.
1.
Risk Factor
: Vc2-1: IT system Back end & workflow
Description
: 1. System consolidation for the merged entity. Few systems to integrate (Tall order). Risk is there. Migration process will be huge and resource consuming. Back end & front end systems issues are similarly must be addressed. i.e. different point of sale/ channel. 2. The assumption of future business is based on the I.T system being able to meet post merger requirements 3. For the next 3 years the 3 entities will use their current system. 4. Resources for system implementation VC, BA & IT.
Owner Reference
: : Oi1101
Risk Theme
:
Cause
: 1. People working through different system ( resource duplications ) 2. System consolidation. 3. No optimization of resources.
Consequence
: 1. Major operational issues. 2. Data integrity questionable. 3. Impact of future business. 4. Not meeting merger objective VCRM11.5mn
Gross Risk Ratings
Consequence Category
Gross Rating
Likelihood
Almost Certain
Impact
Catastrophic
KPI
Owner
QA Trigger Value
Existing Controls Type Name Detective
Cause Category
Unit
Score
Owner
Key users involvement in the IT evaluation team.
Actual
Target Status Last Trend Month
Interval
Effectiveness
On going
N/A
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QA
Almost Certain
Current Status To be reviewed
Action Create Action Plan
Catastrophic
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name
Page
NA
Owner
Priority
Start Date
Due Date
Status
Preventive
Establishment of a Business Analyst Team to look into system & method, process & system integration and implementing best of breed I.T system solution
N/A
27 Apr 2006
27 May 2006 0%
Preventive
To look into the possibility to appoint subject matter expert consultants to assist and develop the I.T system solution
N/A
27 Apr 2006
27 May 2006 0%
74 of 112
Page
75 of 112
2.
Risk Factor
: Vc2-2: Meeting the SLA with 3rd parties Bancasurrance partner.
Description
: 1. Team expects high impact on the area of banca in regards to expectation by the partners. 2. Other sales channel the impact is relatively low.
Owner Reference
: : Oi1102
Risk Theme
:
Cause
: 1. System inability to support to banca partners needs 2. The 3rd party banca partners might not be comfortable with working together with the competitor i.e Maybank group
Consequence
: 1. Not meeting SLA 2. Loss of strategic partner.
Gross Risk Ratings
Consequence Category
Gross Rating
Likelihood
Unlikely
Impact
Moderate
KPI
Owner
QC Trigger Value
Existing Controls Type Name Detective
Cause Category
Unit
Score
Owner
Operation is manage in such a way to cater to respective channel i.e. priority service team.
Actual
Target Status Last Trend Month
Interval
Effectiveness
On going
N/A
Controls Effectiveness Control Likelihood Very Good Control Impact Very Good Nett Rating Nett Likelihood Nett Impact
Nett Rating
QD
Rare
Current Status To be reviewed
Action Create Action Plan
Insignificant
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Detective
Page
76 of 112
PMO should validate the values to ensure no duplications
NA
Owner
Priority
Start Date
Due Date
N/A
06 Apr 2006
06 May 2006 0%
Status
3.
Risk Factor
: Vc3-1: Operational Risks – Integration impact to service levels
Description
: 1. Potential down time and disruption of operations arise during M&A process 2. Lack of system optimization 3. Perception issues from customers (internal & externally )
Owner Reference
: : Oi1103
Risk Theme
:
Cause
: 1. Non alignment of resources 2. Delay in IT 3. Inconsistent communication to internal & external parties
Consequence
: 1. Failure to maximize/optimize efficiency and cost effectiveness 2. Duplication of effort due to delay in automation of process 3. Internal – Reduce staff morale; External Confusion, dissatisfaction of customers
Gross Risk Ratings
Consequence Category
Gross Rating
Likelihood
Almost Certain
Impact
Major
KPI
Owner
QA Trigger Value
Existing Controls Type Name Preventive
Cause Category
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Establishment of VC3 to focus on;
Effectiveness
As Appropriate N/A
Controls Effectiveness Control Likelihood Satisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QA
Possible Major
Current Status May Need improvement
Action Create Action Plan
Target Rating Target Likelihood
Unlikely
Target Impact
Major
Management Actions Type Name
Page
QB
Owner
Priority
Start Date
Due Date
Status
Preventive
Ensure greater commitment & motivation; enhanced processes & systems; increased professionalism
N/A
06 Apr 2006
06 May 2006 0%
Preventive
To implement and continuous monitoring of the proposed action plans and strategy
N/A
27 Apr 2006
27 May 2006 0%
77 of 112
4.
Risk Factor
: Vc3-2: Operational Risks – Disruption and delays to existing operations
Description
: 1. Centralizing process between HQ and branches 2. Harmonizing process between MNI, TN and MF
Owner Reference
: : Oi1104
Risk Theme
:
Cause
: 1. Failure to understand the scope and requirements of existing operations/areas 2. Capability of IT and automation 3. Ineffectiveness in deployment of resources and relocation complexity
Consequence
: 1. Customer dissatisfaction 2. Duplication of effort – under utilization of resources 3. Missed of business opportunity and cost saving
Gross Risk Ratings
Cause Category
Consequence Category
Gross Rating
Likelihood
Almost Certain
Impact
Major
KPI
Owner
QA Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Preventive
Develop action plans for centralization and harmonization of operations
As Appropriate N/A
Preventive
Objectives, timelines and project milestone to be tracked
On going
N/A
Controls Effectiveness Control Likelihood Satisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QA
Possible Major
Current Status May Need improvement
Action Create Action Plan
Target Rating Target Likelihood
Unlikely
Target Impact
Catastrophic
Management Actions Type Name Preventive
Page
78 of 112
Full commitment & support from management to staff exposed to integration tasks
QA
Owner
Priority
Start Date
Due Date
N/A
06 Apr 2006
06 May 2006 0%
Status
5.
Risk Factor
: Vc3-3: System Risks – Delay in IT, systems or automation initiatives
Description
: Identifying one platform to streamline the process and implement high automated environment
Owner Reference
: : Oi1105
Risk Theme
:
Cause
: 1. Delay in deciding one IT platform 2. Capability of system to automate 3. Too many projects run concurrently – Inability to deliver to customer timely
Consequence
: 1. Reduce productivity – Internal & External parties 2. Duplication of effort 3. Reduce customer service level
Gross Risk Ratings
Cause Category
Consequence Category
Gross Rating
Likelihood
Almost Certain
Impact
Major
KPI
Owner
QA Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Preventive
Develop detailed IT execution plan and proposed contingency plan and/or work around solution to cater for potential delay
As Appropriate N/A
Preventive
Establishment of IT Steering Committee for M&A exercise (ITSC) to look into IT direction
As Appropriate N/A
Controls Effectiveness Control Likelihood Satisfactory Control Impact Some Weakness Nett Rating Nett Likelihood Nett Impact
Nett Rating
QB
Possible Moderate
Current Status May Need improvement
Action Create Action Plan
Target Rating Target Likelihood
Unlikely
Target Impact
Minor
Management Actions Type Name
Page
QC
Priority
Start Date
Due Date
Preventive
To ensure implementation is tracked and monitored
N/A
27 Apr 2006
27 May 2006 0%
Detective
Prepare transition plan to account for potential delays
N/A
06 Apr 2006
06 May 2006 0%
79 of 112
Owner
Status
6.
Risk Factor
: Vc6-6: Non integration of investment management system
Description
: Separate investment departments for each different entities may have different investment system to support each of entities’ current investment activities
Owner Reference
: : Oi1106
Risk Theme
:
Cause
: 1. Different in system capabilities for investment management & activities 2. Different methodology in cost-benefit analysis for each separate entities 3. Different purpose and needs (relating to investment activities) in each entities
Consequence
: 1. High operating cost if system were not be integrated 2. Management inefficiencies for the merged investment management department 3. Duplications in investment activities (including reporting)
Gross Risk Ratings
Consequence Category
Gross Rating
Likelihood
Likely
Impact
Major
KPI
QA Owner
Trigger Value
Existing Controls Type Name Corrective
Cause Category
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Initiative under investment management VC team to integrate investment system
Effectiveness N/A
Controls Effectiveness Control Likelihood Some Weaknesses Control Impact Some Weakness Nett Rating Nett Likelihood Nett Impact
Nett Rating
QB
Possible Moderate
Current Status May Need improvement
Action Create Action Plan
Target Rating Target Likelihood
Rare
Target Impact
Insignificant
Management Actions Type Name
Page
QD
Priority
Start Date
Due Date
Preventive
Monitoring of initiatives undergone by the VC team
N/A
27 Apr 2006
31 Dec 2007 0%
Corrective
To consider alternative system
N/A
06 Apr 2006
06 May 2006 0%
80 of 112
Owner
Status
7.
Risk Factor
: Vc8-1: Process/Supplier Risks – Delay in decision making process on finalization of existing and future engagement of vendor/suppliers
Description
: 1. Delay in establishing printed items standard 2. Expiry of vendors/suppliers appointments later than implementation date 3. Expiry of current service providers agreements
Owner Reference
: : Oi1107
Risk Theme
:
Cause
: 1. Inability to finalize the integration/harmonisation process of related operations timely. 2. Unresolved branding issues 3. Ineffective communication and unclear policy & procedures relating to joint vendors/suppliers selection process
Cause Category
Consequence
: 1. Multiple preferred vendors/suppliers 2. Schedule & cost overrun 3. Disruption of ongoing operations that may lead to dissatisfaction to both internal and external parties
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Possible
Impact
Minor
KPI
Owner
QC Trigger Value
Existing Controls Type Name Detective
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Establishment of project committee to focus on; 1. Review and document vendors/suppliers selection process 2. Review of current active agreements
Effectiveness N/A
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QC
Possible Minor
Current Status May Need improvement
Action Create Action Plan
Target Rating Target Likelihood
Unlikely
Target Impact
Minor
Management Actions Type Name
Page
QC
Priority
Start Date
Due Date
Preventive
Close loop communication on operations printing strategy
N/A
06 Apr 2006
06 May 2006 0%
Preventive
To prepare detailed implementation planning and execution approach by;
N/A
25 Apr 2006
25 May 2006 0%
81 of 112
Owner
Status
8.
Risk Factor
: Vc8-2: Project Risks – Delay in relocation exercise
Description
: The relocation exercise of MNI and TN Head Office to Dataran Maybank, Bangsar
Owner Reference
: : Oi1108
Risk Theme
:
Cause
: 1. Delay in commencement of relocation exercise scheduled July 01, 2006 2. Delay in finalizing of organizational chart (Unclear future office layout) 3. Availability on additional floors
Consequence
: 1. Delay in harmonisation 2. Impact on implementation of initiatives 3. Impact on productivity
Gross Risk Ratings
Consequence Category
Gross Rating
Likelihood
Possible
Impact
Major
KPI
Owner
QA Trigger Value
Existing Controls Type Name Detective
Cause Category
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Establishment of Co-Location Steering Committee (CLSC)
Effectiveness
As Appropriate N/A
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QA
Possible Major
Current Status May Need improvement
Action Create Action Plan
Target Rating Target Likelihood
Unlikely
Target Impact
Minor
Management Actions Type Name
Page
QC
Priority
Start Date
Due Date
Preventive
Implementation and continuous monitoring of the relocation exercise that need to be completed by – Dec 31, 2006
N/A
01 Jul 2006
31 Dec 2006 0%
Preventive
Escalation to Merger Management Steering Committee (MMSC) on out of control situation
N/A
25 Apr 2006
25 May 2006 0%
82 of 112
Owner
Status
9.
Risk Factor
: VC8-3: Project Risks – Under scope relocation costing due to omission of unforeseen request
Description
: Inadequate relocation budget to meet unforeseen requirements
Owner Reference
: : Oi1109
Risk Theme
:
Cause
: Scope of work was inadequately defined 1. Additional floor space to be acquired due to revision in working standards floor space (bigger floor space per head count) 2. Renovation works on staff related recreation rooms, ex: Executive Lounge, Staff lounge etc. 3. Space requirements for ONELINE and Branches Operation Centralisation.
Consequence
: 1. 2. 3. of
Consequence Category
Cost overrun – increased in budget Schedule overrun Inability to meet project objective in term requirement and quality.
Gross Risk Ratings
Gross Rating
Likelihood
Possible
Impact
Major
KPI
Owner
QA Trigger Value
Existing Controls Type Name Preventive
Cause Category
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Establishment of Co-Location Steering Committee
Effectiveness
As Appropriate N/A
Controls Effectiveness Control Likelihood Satisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QB
Rare Major
Current Status May Need improvement
Action Create Action Plan
Target Rating Target Likelihood
Unlikely
Target Impact
Minor
Management Actions Type Name Preventive
Page
83 of 112
To revisit, confirm and seek additional budget (if any) from management
QC
Owner
Priority
Start Date
Due Date
N/A
25 Apr 2006
25 May 2006 0%
Status
10. Risk Factor
: Vc8-5: Project Risks – Underscope Building Maintenance Budget
Description
: 1. Maintenance of buildings (Tower A, B & C) at Dataran Maybank currently being handled by outsourced parties at service fee of RM400k per year 2. Tower B & C directly owned by MIG whereas Tower A owned by MBB – Maintenance issues
Owner Reference
: : Oi1110
Risk Theme
:
Cause
: 1. Lack of controls on Building Maintenance cost 2. Lack of harmonisation of MIG owned buildings maintenance
Consequence
: 1. High cost of building maintenance
Gross Risk Ratings
Cause Category
Consequence Category Gross Rating
Likelihood
Likely
Impact
Minor
KPI
QC Owner
Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QC
Likely Minor
Current Status May Need improvement
Action Create Action Plan
Target Rating Target Likelihood
Possible
Target Impact
Moderate
Management Actions Type Name
Page
QB
Priority
Start Date
Due Date
Preventive
To develop the cost benefit analysis on Dataran Maybank Building Maintenance – Outsourcing Vs Inhouse Maintenance cost
N/A
25 Apr 2006
25 May 2006 0%
Preventive
To discuss, negotiate and seek permission to allow insurance group to maintain our own buildings
N/A
25 Apr 2006
25 May 2006 0%
84 of 112
Owner
Status
11. Risk Factor
: Fs3R-3: Inaccurate information gathered for the purpose of integration exercise (financial & insurance risk program)
Description
:
Owner Reference
: : Oi1111
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Possible
Impact
Moderate
KPI
Owner
QB Trigger Value
Existing Controls Type Name
Unit
Score
Actual
Owner
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact
Nett Rating
NA
N/A
Current Status N/A
Action Create Action Plan
N/A
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Detective
Page
85 of 112
Independent check, reliability tests
NA
Owner
Priority
Start Date
Due Date
N/A
06 Apr 2006
06 May 2006 0%
Status
12. Risk Factor
: Vc5-BA4: Delay in approvals from respective authorities
Description
: Delay in approval by Bank Negara Malaysia
Owner Reference
: : Oi1112
Risk Theme
:
Cause
: 1. Lack of understanding of the requirements to be complied with 2. Possible insufficient information submitted
Consequence
: Late/delay in launching
Cause Category
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Possible
Impact
Moderate
KPI
Owner
QB Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QB
Possible
Current Status To be reviewed
Action Create Action Plan
Moderate
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
86 of 112
Understand requirements early and then complete fulfillment
NA
Owner
Priority
Start Date
Due Date
N/A
17 Apr 2006
30 Sep 2006 0%
Status
13. Risk Factor
: Vc5-AG1: High drop-out rate due to lack of monitoring tool
Description
: Lacking in monitoring tools that halted agency business development program
Owner Reference
: : Oi1113
Risk Theme
:
Cause
: 1. Lack of monitoring capability to address performance issues 2. Lack of accurate and timely information in monitoring agent performance 3. Lack of effective agent recruitment policy and procedures 4. Too many agent under one agency leader which monitoring is usually ineffective
Cause Category
Consequence
: 1. Agency performance can not be monitored effectively 2 Agency leaders focusing on short term gain at the expense of long term sustainability of business 3. Many agent left TN to other competitors 4. Creating unfavourable situation in the industry
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Likely
Impact
Moderate
KPI
Owner
QB Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QB
Likely Moderate
Current Status May Need improvement
Action Create Action Plan
Target Rating Target Likelihood
Unlikely
Target Impact
Minor
Management Actions Type Name
Page
QC
Priority
Start Date
Due Date
Preventive
Prioritize development or acquisition of tool. Agency Development Division (ADD) to establish the required reports and monitoring requirements and to submit to IT
N/A
25 Apr 2006
30 Jun 2006 0%
Preventive
IT support – reports & monitoring tool. IT support (generation of weekly reports as monitoring tool
N/A
25 Apr 2006
25 May 2006 0%
Preventive
To seek help from IT to develop the required report and monitoring capabilities
N/A
25 Apr 2006
25 May 2006 0%
Preventive
To set an effective policy with regard to number of
N/A
25 Apr 2006
25 May 2006 0%
87 of 112
Owner
Status
productive agent per agency leader Preventive
Page
88 of 112
Develop programmes to improve the recruitment of high potential and productive agents
N/A
25 Apr 2006
25 May 2006 0%
14. Risk Factor
: Vc5-AG2: Incapability of back-office processes
Description
: Capability of backroom processes to support front business activities is not up to the mark
Owner Reference
: : Oi1114
Risk Theme
:
Cause
: 1. Inefficient backroom process impacting service level to the agency force. 2 Lack of focus by Branch on the support of agency activities. 3. Lack of efficient and effective payment modes available to policy holders as compared to other competitors 4. System instability resulting in switching of business to our competitors
Consequence
: 1. Agency – Divert business focus to other activity eg MLM if no strong support from HQ or actractive offer from competitor 2. Negative impact to agency force productivity 3. Increase surrendered cases 4. Increase customer disatisfaction level
Gross Risk Ratings
Cause Category
Consequence Category
Gross Rating
Likelihood
Possible
Impact
Minor
KPI
Owner
QC Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QC
Possible Minor
Current Status May Need improvement
Action Create Action Plan
Target Rating Target Likelihood
Unlikely
Target Impact
Insignificant
Management Actions Type Name
Page
QD
Priority
Start Date
Due Date
Preventive
Early communication - To "legalise" SLA between Agency business and all backroom support units. To develop an early detection mechanism on the level of support to agency force
N/A
25 Apr 2006
30 Jun 2006 0%
Preventive
Branch Sales Support - To develop KPI for all branches to adhere to the agreed SLA
N/A
25 Apr 2006
25 May 2006 0%
Preventive
Develop unit at branches to specifically service life business
N/A
25 Apr 2006
25 May 2006 0%
Preventive
Agency leaders - required to provide info on the level of support provided to the agents and clients
N/A
25 Apr 2006
25 May 2006 0%
89 of 112
Owner
Status
Preventive
Page
90 of 112
To immediately review existing and establish new mode of payments to policy holders
N/A
25 Apr 2006
25 May 2006 0%
15. Risk Factor
: Vc5-AG3: New products not delivered (Lack of systematic and strategic focus on new product development proceses)
Description
: Ineffective new product development plan that can help agency business to grow
Owner Reference
: : Oi1115
Risk Theme
:
Cause
: 1. Lack of proper market reaserch in developing new products 2. Lack of comprehensive business analysis in developing new product 3. Agent’s incentives not at par with our competitors
Cause Category
Consequence
: 1. Many products developed failed to meet market needs 2. Lack of assurance in meeting production target 3. Unable to meet targeted profit level - failed to meet financial target 4.Products benefits especially PA not at par with our competitors
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Possible
Impact
Minor
KPI
Owner
QC Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QC
Possible Minor
Current Status May Need improvement
Action Create Action Plan
Target Rating Target Likelihood
Unlikely
Target Impact
Insignificant
Management Actions Type Name
Page
QD
Priority
Start Date
Due Date
Preventive
Ensure product ideas are viable etc.; work closely with ODC and operations
N/A
25 Apr 2006
25 May 2006 0%
Preventive
To seek help from ORM to establish cost of capital (RBC requirements) on every new product developed
N/A
25 Apr 2006
25 May 2006 0%
91 of 112
Owner
Status
16. Risk Factor
: Vc5-EC6: Problems in arranging manual facultative insurance
Description
: Problems in arranging manual facultative insurance arrangement with Reinsurers
Owner Reference
: : Oi1116
Risk Theme
:
Cause
: If review process of the current facultative reinsurance are done without adequate/possible alternative reinsurers
Consequence
: Insurance risk might not be adequately reinsured out
Gross Risk Ratings
Cause Category
Consequence Category
Gross Rating
Likelihood
Rare
Impact
Insignificant
KPI
Owner
QD Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QD
Rare
Current Status To be reviewed
Action Create Action Plan
Insignificant
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
92 of 112
Execute transactions from list of accounts established
NA
Owner
Priority
Start Date
Due Date
Status
N/A
17 Apr 2006
01 Jul 2006
0%
17. Risk Factor
: Vc5-AD1:Backend integration issues and timing
Description
:
Owner Reference
: : Oi1117
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Rare
Impact
Moderate
KPI
Owner
QC Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QC
Rare
Current Status To be reviewed
Action Create Action Plan
Moderate
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name
Page
NA
Priority
Start Date
Due Date
Preventive
Work closely with IT
N/A
17 Apr 2006
17 May 2006 0%
Preventive
Give priority
N/A
17 Apr 2006
17 May 2006 0%
93 of 112
Owner
Status
18. Risk Factor
: Vc5-AD3: Wrong FT database contactable rate
Description
:
Owner Reference
: : Oi1118
Risk Theme
:
Cause
: 1. Lack of proper market reaserch in developing new products 2. Lack of comprehensive business analysis in developing new product
Cause Category
Consequence
: 1. Many products developed failed to meet market needs 2. Lack of assurance in meeting production target 3. Unable to meet targeted profit level - failed to meet financial target
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Rare
Impact
Insignificant
KPI
Owner
QD Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QD
Rare
Current Status To be reviewed
Action Create Action Plan
Insignificant
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name
Page
94 of 112
NA
Owner
Priority
Start Date
Due Date
Status
19. Risk Factor
: Vc5-AD6: Backend integration problems
Description
:
Owner Reference
: : Oi1119
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Rare
Impact
Insignificant
KPI
Owner
QD Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QD
Rare
Current Status To be reviewed
Action Create Action Plan
Insignificant
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
95 of 112
IT to expedite integration
NA
Owner
Priority
Start Date
Due Date
N/A
17 Apr 2006
17 May 2006 0%
Status
20. Risk Factor
: Vc5-AD7: Credit card acceptance
Description
:
Owner Reference
: : Oi1120
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Rare
Impact
Moderate
KPI
Owner
QC Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QC
Rare
Current Status To be reviewed
Action Create Action Plan
Moderate
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
96 of 112
To secure assurance from Maybank and establish M2U merchant account
NA
Owner
Priority
Start Date
Due Date
N/A
17 Apr 2006
17 May 2006 0%
Status
21. Risk Factor
: Vc5-AD8: Security concerns
Description
:
Owner Reference
: : Oi1121
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Possible
Impact
Moderate
KPI
Owner
QB Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QB
Possible
Current Status To be reviewed
Action Create Action Plan
Moderate
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
97 of 112
Awareness program
NA
Owner
Priority
Start Date
Due Date
N/A
17 Apr 2006
17 May 2006 0%
Status
22. Risk Factor
: Vc5-AD9: Issues with authorities
Description
:
Owner Reference
: : Oi1122
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Rare
Impact
Insignificant
KPI
Owner
QD Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QD
Rare
Current Status To be reviewed
Action Create Action Plan
Insignificant
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
98 of 112
Develop education program – online training & examination for cyber agents
NA
Owner
Priority
Start Date
Due Date
N/A
17 Apr 2006
17 May 2006 0%
Status
23. Risk Factor
: Vc5-Brn3: Delay in resource replacement
Description
: Time delay in replacement of staff at the branches
Owner Reference
: : Oi1123
Risk Theme
:
Cause
: Perceived slowness in replacement of staff at the branches
Cause Category
Consequence
: 1. Potential loss of business focus due to staff resignation/pinched 2. Competitors might gain our existing customers
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Almost Certain
Impact
Moderate
KPI
Owner
QA Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Satisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QC
Almost Certain
Current Status To be reviewed
Action Create Action Plan
Insignificant
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
99 of 112
HC to speed up re-deployment & replacement of key positions
NA
Owner
Priority
Start Date
Due Date
N/A
17 Apr 2006
31 May 2006 0%
Status
24. Risk Factor
: Vc5-Brn4: Negative effects of centralization process
Description
: Centralization of key operational functions might have negative impact to branches
Owner Reference
: : Oi1124
Risk Theme
:
Cause
: 1. Perceived slow operational process in supporting branches. 2. Lack of focus on the operational issues affecting branches
Consequence
: Possible negative impact to agents and customers at the branches
Gross Risk Ratings
Cause Category
Consequence Category
Gross Rating
Likelihood
Possible
Impact
Moderate
KPI
Owner
QB Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QB
Possible
Current Status To be reviewed
Action Create Action Plan
Moderate
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
100 of 112
Demand SLA from HQ Operations on key processes
NA
Owner
Priority
Start Date
Due Date
N/A
17 Apr 2006
17 May 2006 0%
Status
25. Risk Factor
: Vc5-S/MS2: Delay due to system incompatibility
Description
:
Owner Reference
: : Oi1125
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Possible
Impact
Moderate
KPI
Owner
QB Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QB
Possible
Current Status To be reviewed
Action Create Action Plan
Moderate
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
101 of 112
Work very closely with IT; constant communications with agents
NA
Owner
Priority
Start Date
Due Date
N/A
17 Apr 2006
17 May 2006 0%
Status
26. Risk Factor
: Fs3-Fs3.25-1: Process Risk – bonus allocation practice needs to be streamlined in order to avoid confusion for Operations upon claim payment & bonus declaration
Description
: Note: FS3 Finance & Risk Management – FS3.25 Aligning Various Bonus Practices of Participating Policies - Actuarial (Life)
Owner Reference
: : Oi1126
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Possible
Impact
Catastrophic
KPI
Owner
QA Trigger Value
Existing Controls Type Name
Unit
Score
Actual
Owner
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact
Nett Rating
NA
N/A
Current Status N/A
Action Create Action Plan
N/A
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
102 of 112
Recommend a common practice
NA
Owner
Priority
Start Date
Due Date
N/A
17 Apr 2006
17 May 2006 0%
Status
27. Risk Factor
: Fs3-Fs3.27-1:Process Risk – retention limits need to be streamlined for practical purposes & to avoid confusion for underwriters
Description
: e.g. if a customer buys 2 products with different retention at the same time, which retention to apply ? Have to consider accumulation of risk per life. Note: FS3 Finance & Risk Management – FS3.27 Consolidation of MNI & MLA Reinsurance Treaties - Actuarial (Life)
Owner Reference
: : Oi1127
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Rare
Impact
Insignificant
KPI
Owner
QD Trigger Value
Existing Controls Type Name
Unit
Score
Actual
Owner
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact
Nett Rating
NA
N/A
Current Status N/A
Action Create Action Plan
N/A
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name
Page
NA
Priority
Start Date
Due Date
Preventive
Review reinsurance arrangements to identify affected risks.
N/A
17 Apr 2006
17 May 2006 0%
Preventive
Notify reinsures & Operations.
N/A
17 Apr 2006
17 May 2006 0%
103 of 112
Owner
Status
28. Risk Factor
: Fs3-Fs3.27-2: Process Risk – consolidation of various treaties for better management of risks and to avoid duplication of risks covered as this could lead to a dispute when a claim arises.
Description
: Note: FS3 Finance & Risk Management – FS3.27 Consolidation of MNI & MLA Reinsurance Treaties - Actuarial (Life)
Owner Reference
: : Oi1128
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Rare
Impact
Insignificant
KPI
Owner
QD Trigger Value
Existing Controls Type Name
Unit
Score
Actual
Owner
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact
Nett Rating
NA
N/A
Current Status N/A
Action Create Action Plan
N/A
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name
Page
NA
Priority
Start Date
Due Date
Preventive
Identify treaties for consolidation.
N/A
17 Apr 2006
17 May 2006 0%
Preventive
Negotiate with reinsures to maintain the best terms & conditions
N/A
17 Apr 2006
17 May 2006 0%
104 of 112
Owner
Status
29. Risk Factor
: Fs3-Fs3.29-1:Operational Risk – Data integrity issue arise in order to compile historical data for corresponding new financial period. Data resides in multiple systems and no base for reconciliation.
Description
: Note: FS3 Finance & Risk Management – FS3.29 Aligning MNI & TN IBNR Data for Reserving Period Ending 30 June - Actuarial (General)
Owner Reference
: : Oi1129
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Almost Certain
Impact
Catastrophic
KPI
Owner
QA Trigger Value
Existing Controls Type Name
Unit
Score
Actual
Owner
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact
Nett Rating
NA
N/A
Current Status N/A
Action Create Action Plan
N/A
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name Preventive
Page
105 of 112
To engage a consultant to do IBNR computation for FYE 30/06/2006 without having to tabulate historical date for corresponding new financial period.
NA
Owner
Priority
Start Date
Due Date
N/A
17 Apr 2006
17 May 2006 0%
Status
30. Risk Factor
: Fs3-Fs3.30-1: Process Risk – availability of detailed historical information of assets, liabilities & products for all entities
Description
: Note: FS3 Finance & Risk Management – FS3.30 Harmonization of actuarial reports
Owner Reference
: : Oi1130
Risk Theme
:
Cause
:
Cause Category
Consequence
:
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Rare
Impact
Insignificant
KPI
Owner
QD Trigger Value
Existing Controls Type Name
Unit
Score
Actual
Owner
Target Status Last Trend Month
Interval
Effectiveness
Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact
Nett Rating
NA
N/A
Current Status N/A
Action Create Action Plan
N/A
Target Rating Target Likelihood
N/A
Target Impact
N/A
Management Actions Type Name
Page
NA
Priority
Start Date
Due Date
Preventive
Identify information required
N/A
17 Apr 2006
17 May 2006 0%
Preventive
Review & determine assumptions
N/A
17 Apr 2006
17 May 2006 0%
106 of 112
Owner
Status
31. Risk Factor
: Vc1-IT5: Process Risks – delay in approval of the system
Description
: 1. The IT team noted that there is a timeline need to be met by the business side by September 06. As such, IT need to complete the approval process by June 06 to support the above. 2. As at to date, the PMO had resolved the approval issues, nevertheless the matter remain as ‘Watch List Issues’ as it is remain relevant if left unchecked
Owner Reference
: : Oi1131
Risk Theme
:
Cause
: 1. Lengthy process of compliance and various levels of approval. 2. Uncertainty over the systems and models to use. 3. Uncertainty in term of commitment and input from users. 4. Uncertainty in term of responsiveness of vendor(s) to clarification and RFP.
Consequence
: 1. Delay in operation for the enlarged entity 2. Inability to meet merger objective
Gross Risk Ratings
Consequence Category
Gross Rating
Likelihood
Possible
Impact
Moderate
KPI
Owner
QB Trigger Value
Existing Controls Type Name Preventive
Cause Category
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
High awareness of key dependencies and communication of the same to the whole project team
Effectiveness N/A
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QB
Possible Moderate
Current Status May Need improvement
Action Create Action Plan
Target Rating Target Likelihood
Unlikely
Target Impact
Minor
Management Actions Type Name Detective
Page
107 of 112
To prepare and review approval timeline for all projects and to ensure that the timeline will consider the above uncertainties as identified in the causes and contingency measures.
QC
Owner
Priority
Start Date
N/A
01 May 2006 30 Jun 2006 0%
Due Date
Status
32. Risk Factor
: Vc1-IT3: Process Risks due to resources issues – Disruption/delay to existing operation
Description
: 1. Staff involved in the projects must at the same time support existing business at respective business entity concurrently. 2. The concern is if there is a need for the staff to attend to business, the resources will be pulled back from the project hence creating a void to the team. 3. A time bomb issues during full fledge implementation of the integration program.
Owner Reference
: : Oi1132
Risk Theme
:
Cause
: 1. Lack of full time resources commitment. 2. Unavailability of immediate replacement.
Consequence
: 1. Impact to existing operation 2. Schedule overrun 3. Cost overrun
Gross Risk Ratings
Consequence Category
Gross Rating
Likelihood
Likely
Impact
Moderate
KPI
Owner
QB Trigger Value
Existing Controls Type Name Preventive
Cause Category
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
High awareness on commitment and support from respective entities
Effectiveness N/A
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QB
Likely Moderate
Current Status May Need improvement
Action Create Action Plan
Target Rating Target Likelihood
Possible
Target Impact
Minor
Management Actions Type Name
Page
QC
Priority
Start Date
Due Date
Status
Preventive
To request from the PMO for a full time resources to be allocated to the projects
N/A
16 Jun 2006
15 Jul 2006
0%
Preventive
To built in contingency with regards to resources allocation within the team
N/A
16 Jun 2006
16 Jul 2006
0%
Preventive
For a package system which highly dependant on vendor, the team will acquire the vendor assistance to look for possible arrangement for external support and resources.
N/A
16 Jun 2006
15 Jul 2006
0%
108 of 112
Owner
33. Risk Factor
: Vc1-IT6: Process Risks – user requirements poorly defined
Description
: 1. Not thoroughly defining the requirements before starting, consequently not understanding the true work effort, skill sets and technology required to complete the project. 2. Complexity of the requirements i.e. merging of the Takaful & conventional, mudharabah & wakalah, FRS139 & existing accounting practices etc. 3. The success of any project dependent on commitment to deliverables and responsibilities.
Owner Reference
: : Oi1133
Risk Theme
:
Cause
: 1. Poor resources commitment and coordination i.e. lack of active participation by end user. 2. Unavailability of full time resources. 3. Limited resources anticipated due to heavy reliance on key personnel.
Cause Category
Consequence
: 1. Poor business requirement sign off resulted in poor test cases developed, business scenarios or rules missing and impact to the test plan. 2. System developed or integrated mismatch and does not meet business requirement or expectation 3. Cost overrun due to variation order as a result of changing requirements
Consequence Category
Gross Risk Ratings
Gross Rating
Likelihood
Likely
Impact
Moderate
KPI
Owner
QB Trigger Value
Existing Controls Type Name
Unit
Score
Actual
Target Status Last Trend Month
Interval
Effectiveness
Detective
Project manager and/or business analyst engage for the respective project to provide report to Project Steering on regular basis to ensure the adequacy and quality of business requirement. Any shortcomings are to be reported via the escalation process established by the merger PMO.
Weekly
N/A
Detective
Establishment and close monitoring of respective project charter.
Weekly
N/A
Detective
Establishment and close monitoring of respective project charter.
Weekly
N/A
Owner
Controls Effectiveness Control Likelihood Some Weaknesses Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QB
Possible Moderate
Current Status May Need improvement
Action Create Action Plan
Target Rating Target Likelihood
Possible
Target Impact
Minor
Management Actions Type Name Preventive
Page
109 of 112
To prepare and review approval timeline for all
QC
Owner
Priority
Start Date
N/A
16 May 2006 30 Jun 2006 0%
Due Date
Status
project and to ensure that the timeline will consider the above uncertainties as identified in the causes and contingency measures.
Page
Preventive
To propose for a dedicated team to be appointed for the initiatives.
N/A
16 Jun 2006
15 Jul 2006
0%
Preventive
To use Maybank resources to do project QA
N/A
16 Jun 2006
15 Jul 2006
0%
Preventive
Appointment of business analyst
N/A
01 Jun 2006
30 Jun 2006 0%
110 of 112
34. Risk Factor
: Vc1-IT7: Data Quality and Integrity Risks
Description
: 1. Complexity of the conversion activity 2. Discrepancies/errors in source data especially for the life policies 3. Old data
Owner Reference
: : Oi1134
Risk Theme
:
Cause
: 1. Degree of complexity of the migration and conversion required - Different coding used by different systems 2. Product specification not available for developing conversion specifications 3. Data kept outside the core system
Consequence
: 1. Operational issues 2. Project schedule overrun 3. Cost overrun
Gross Risk Ratings
Cause Category
Consequence Category
Gross Rating
Likelihood
Likely
Impact
Major
KPI
QA Owner
Trigger Value
Existing Controls Type Name
Unit
Score
Owner
Actual
Target Status Last Trend Month
Interval
Effectiveness
Preventive
Data cleansing before implementing
As Appropriate N/A
Preventive
Conversion planning and strategy
As Appropriate N/A
Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact
Nett Rating
QA
Likely Major
Current Status May Need improvement
Action Create Action Plan
Target Rating Target Likelihood
Possible
Target Impact
Minor
Management Actions Type Name Preventive
Page
111 of 112
To establish specific data migration and conversion risk scorecard to ensure all specific risks details addressed
QC
Owner
Priority
Start Date
N/A
01 Aug 2006 15 Sep 2006 0%
Due Date
Status
Risk Quadrant Legend :
QA - Very Significant QB - High QC - Medium QD - Low
Page
112 of 112