Post Merger Scorecard

  • November 2019
  • PDF

This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA


Overview

Download & View Post Merger Scorecard as PDF for free.

More details

  • Words: 19,723
  • Pages: 112
Takaful Nasional Sdn Berhad

CORPORATE RISK SCORECARD REPORT Key Risk Register Scorecard Name : Post Merger Risk Scorecard Owner : Mohd Radzuan Mohamed Reporting Period : Apr-2006 (For KPI Reporting) Print Date

1.

: 24-May-2006

Goal :

To ensure that all risks that threatened the accomplishment of of the Merger objectives i.e. value creation are mitigated. Strategic : (External) TBA Objective

1.

1.

Risk Factor

: Fs4-1:Reputation Risk

Description

:

Owner Reference

: : Ei1101

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Likely

Impact

Major

KPI

QA Owner

Trigger Value

Existing Controls Type Name

Unit

Score

Actual

Owner

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact

Nett Rating

NA

N/A

Current Status N/A

Action Create Action Plan

N/A

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

1

of 112

To ensure that CEO is the only spokesperson for the organization

NA

Owner

Priority

Start Date

Due Date

N/A

17 Apr 2006

17 May 2006 0%

Status

2.

Risk Factor

: Fs4-2: Media Risk

Description

:

Owner Reference

: : Ei1102

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings Likelihood

Rare

Impact

N/A

Gross Rating

NA

KPI

Owner

Trigger Value

Existing Controls Type Name

Unit

Score

Actual

Owner

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact

Nett Rating

NA

N/A

Current Status N/A

Action Create Action Plan

N/A

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

2

of 112

To ensure that media buys are well coordinated through one department, the corporate communications department

NA

Owner

Priority

Start Date

Due Date

N/A

17 Apr 2006

17 May 2006 0%

Status

3.

Risk Factor

: Fs4-3: Event Scheduling Risk

Description

:

Owner Reference

: : Ei1103

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings Likelihood

Rare

Impact

N/A

Gross Rating

NA

KPI

Owner

Trigger Value

Existing Controls Type Name

Unit

Score

Actual

Owner

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact

Nett Rating

NA

N/A

Current Status N/A

Action Create Action Plan

N/A

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

3

of 112

To ensure that event dates are well coordinated through the corporate communications department

NA

Owner

Priority

Start Date

Due Date

N/A

17 Apr 2006

17 May 2006 0%

Status

Strategic : (Regulatory (Compliance)) TBA Objective

2.

1.

Risk Factor

: Fs3A-2: Statutory Risk – BNM might not favor the decision of reducing takaful benefits resulting injection of capital from Shareholders

Description

: FS3.28 Addressing Takaful Annuities Benefits - Actuarial (Life) Update Note: Review from earlier risk factor based on 20060410 Risk Compilation v4: Fs3A-3: Statutory Risks – Regulators might step in to impose special conditions since this is a nationwide interest

Owner Reference

: : Ri1102

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Possible

Impact

Catastrophic

KPI

Owner

QA Trigger Value

Existing Controls Type Name

Unit

Score

Actual

Owner

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact

Nett Rating

NA

N/A

Current Status N/A

Action Create Action Plan

N/A

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

4

of 112

Notify and explain to BNM of new product feature to reduce benefits

NA

Owner

Priority

Start Date

Due Date

N/A

13 Apr 2006

30 Jun 2006 0%

Status

2.

Risk Factor

: Vc5-Brn5: Unfavorable New Insurance Act

Description

: Possible new Insurance Act’s statutory requirements which might adversely effect the business and operations at the branches

Owner Reference

: : Ri1103

Risk Theme

:

Cause

: 1. New changes to the Act might require new operational procedure 2. New changes to the Act might also require changes to business processes

Consequence

: Possible negative impact to agents and customers at the branches

Gross Risk Ratings

Cause Category

Consequence Category

Gross Rating

Likelihood

Almost Certain

Impact

Catastrophic

KPI

Owner

QA Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QA

Almost Certain

Current Status To be reviewed

Action Create Action Plan

Catastrophic

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

5

of 112

Corporate Planning to assist on feasibility study for management decision

NA

Owner

Priority

Start Date

Due Date

N/A

17 Apr 2006

31 May 2006 0%

Status

3.

Risk Factor

: Vc6-5: Reputational & regulatory non-compliance risk, in the absence of capability of Syariah unit

Description

: Investment management for Takaful funds may have a potential of syariah non-compliance due to the absence of capability separate syariah compliance unit

Owner Reference

: : Ri2101

Risk Theme

:

Cause

: 1. Inability to hire competent and capability personnel for separate syariah compliance section 2. Absence of future investment management direction to ensure the need for separate syariah compliance unit 3. No suitable ready candidate to look into issues pertaining to syariah & its compliance

Consequence

: 1. Regulatory non compliance 2. Reputational risk with regards to investment of Takaful funds 3. Loss of business potential in Takaful products

Gross Risk Ratings

Consequence Category

Gross Rating

Likelihood

Likely

Impact

Major

KPI

QA Owner

Trigger Value

Existing Controls Type Name Preventive

Cause Category

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Establishment of separate syariah compliance unit under merged investment management department

Effectiveness N/A

Controls Effectiveness Control Likelihood Satisfactory Control Impact Good Nett Rating Nett Likelihood Nett Impact

Nett Rating

QD

Unlikely Insignificant

Current Status May Need improvement

Action Create Action Plan

Target Rating Target Likelihood

Rare

Target Impact

Insignificant

Management Actions Type Name Preventive

Page

6

of 112

Effective selection process (in terms of staffing for syariah compliance unit)

QD

Owner

Priority

Start Date

Due Date

N/A

27 Apr 2006

30 Jun 2006 0%

Status

Strategic : (Corporate Governance (Strategy)) TBA Objective

3.

1.

Risk Factor

: Vc5-EC3: Failure to realize potential from MBB’s SMI/SME base

Description

: To further capture the Maybank’s SMI/SME customers ( who are not yet being covered under MFB Group )

Owner Reference

: : Gi1101

Risk Theme

:

Cause

: 1. Lack of possible focus on the business 2. Lack of marketing strategy to penetrate the market

Consequence

: Potential loss of business opportunities

Gross Risk Ratings

Cause Category

Consequence Category Gross Rating

Likelihood

Almost Certain

Impact

Moderate

KPI

Owner

QA Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QA

Almost Certain

Current Status To be reviewed

Action Create Action Plan

Moderate

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

7

of 112

Aggressive strategy of executing value proposition

NA

Owner

Priority

Start Date

Due Date

Status

N/A

17 Apr 2006

01 Jul 2006

0%

2.

Risk Factor

: Vc5-EC5: Failure to develop a core marketing team

Description

: The failure to develop a core marketing team to handle the sales & marketing reqd. of the MFB Group

Owner Reference

: : Gi1102

Risk Theme

:

Cause

: 1. Lack of identification and development of existing talent pool 2. Good staff/ talent being pinched by competitors

Cause Category

Consequence

: 1. Lack of ability to kick start and implement the sales and marketing activities 2. Existing business might be pinched by the staff who resigned/ pinched by competitors

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Possible

Impact

Insignificant

KPI

Owner

QD Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QD

Possible

Current Status To be reviewed

Action Create Action Plan

Insignificant

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

8

of 112

To identify and develop talent pool early

NA

Owner

Priority

Start Date

Due Date

Status

N/A

27 Apr 2006

01 Jul 2006

0%

3.

Risk Factor

: Vc5-Brn1: Loss of key branch resources

Description

: Loss of staff due to resignation, pinching and etc.

Owner Reference

: : Gi1103

Risk Theme

:

Cause

: 1. Staff morale being affected during the merger process 2. Staff being pinched by competitors 3. Branch directions – to close/ merged between branches

Consequence

: 1. Potential loss of business focus due to staff resignation/pinched 2. Competitors might gain our existing customers

Gross Risk Ratings

Cause Category

Consequence Category

Gross Rating

Likelihood

Almost Certain

Impact

Catastrophic

KPI

Owner

QA Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QA

Almost Certain

Current Status To be reviewed

Action Create Action Plan

Catastrophic

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

9

of 112

Obtain empowerment to retain resources

NA

Owner

Priority

Start Date

Due Date

N/A

17 Apr 2006

17 May 2006 0%

Status

4.

Risk Factor

: Vc5-S/MS1- Disruption of planned activities / calendar

Description

:

Owner Reference

: : Gi1104

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Rare

Impact

Insignificant

KPI

Owner

QD Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QD

Rare

Current Status To be reviewed

Action Create Action Plan

Insignificant

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

10 of 112

Obtain full picture of current calendar

NA

Owner

Priority

Start Date

Due Date

N/A

17 Apr 2006

17 May 2006 0%

Status

5.

Risk Factor

: Vc5-S/MS3: Ineffective coordination among entities

Description

:

Owner Reference

: : Gi1105

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Rare

Impact

Moderate

KPI

Owner

QC Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QC

Rare

Current Status To be reviewed

Action Create Action Plan

Moderate

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

11 of 112

Regular consultation and/or meetings

NA

Owner

Priority

Start Date

Due Date

N/A

17 Apr 2006

17 May 2006 0%

Status

6.

Risk Factor

: Vc5-AG8: Lack of focus in Group Agency business development

Description

: Need to improve the management of Group Agency business development

Owner Reference

: : Gi1106

Risk Theme

:

Cause

: 1. Lack of properly define incentive scheme for Group Agency business 2. Lack of manegerial skill among Group Agency business leaders 3. Lack of effective management and monitoring of Group Agency business performance

Consequence

: 1. Low motivation to develop Group business 2. Low level of skills in developing group business among group business agency force

Cause Category

Consequence Category

3. Ineffective in managing and monitoring Group Agency business 4. Unable to capitalise a huge group business market Gross Risk Ratings

Gross Rating

Likelihood

Possible

Impact

Moderate

KPI

Owner

QB Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QB

Possible Moderate

Current Status May Need improvement

Action Create Action Plan

Target Rating Target Likelihood

Unlikely

Target Impact

Minor

Management Actions Type Name

Page

QC

Priority

Start Date

Due Date

Preventive

To recognize group business performance (e.g. overseas convention, club qualifiers)

N/A

25 Apr 2006

25 May 2006 0%

Preventive

To provide / strengthen leaders management skill (e.g. MII agency management course)

N/A

25 Apr 2006

25 May 2006 0%

Corrective

To refocus & re engineer in managing direct agents Action Plan 3

N/A

25 Apr 2006

25 May 2006 0%

12 of 112

Owner

Status

Strategic : (Financial) TBA Objective

4.

1.

Risk Factor

: Vc6-1: Not able to establish Mayban Fortis’ Investment Framework for MNI & TN

Description

: The approved Investment Management Framework as current requirement in Mayban Fortis may have a potential of non-adoption by MNI & TN

Owner Reference

: : Fi1101

Risk Theme

:

Cause

: 1. Different governance and investment management methodology at MNI & TN 2. Unclear communication on methodology in Financial Risk Management 3. Inconsistent basis in terms of investment management (risk-return characteristics)

Cause Category

Consequence

: 1. Asset-liability mismatching risk 2. Investment exposure beyond acceptable risk tolerance 3. Reduced in investment quality (in terms of asset allocation & exposures )

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Likely

Impact

Major

KPI

QA Owner

Trigger Value

Existing Controls Type Name Preventive

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Adoption of Financial Risk Management framework (including the Investment Management Guidelines)

Effectiveness N/A

Controls Effectiveness Control Likelihood Good Control Impact Good Nett Rating Nett Likelihood Nett Impact

Nett Rating

QD

Rare

Current Status Within Expectation

Action Create Action Plan

Insignificant

Target Rating Target Likelihood

Rare

Target Impact

Insignificant

Management Actions Type Name

Page

QD

Owner

Priority

Start Date

Due Date

Status

Preventive

Setting up joint Asset-Liability Management Committee (ALCO)

N/A

27 Apr 2006

30 Jun 2006 0%

Preventive

Asset-Liability Management (ALM) analysis for each of MNI & TN’s funds

N/A

27 Apr 2006

30 Jun 2006 0%

13 of 112

2.

Risk Factor

: Vc6-3: Non alignment of asset class mix as according to the strategic, maximum & minimum asset mix

Description

: Different methodology in terms of investment management for various entities may lead to misalignment of investment strategy with regards to investment strategic mix as defined in ALM framework

Owner Reference

: : Fi1102

Risk Theme

:

Cause

: 1. Different governance and investment management methodology at MNI & TN 2. Unclear communication on methodology in Financial Risk Management 3. Inconsistent basis in terms of investment management (risk-return characteristics)

Cause Category

Consequence

: 1. Asset-liability mismatching risk 2. Investment exposure beyond acceptable risk tolerance 3. Reduced in investment quality (in terms of asset allocation & exposures)

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Likely

Impact

Major

KPI

QA Owner

Trigger Value

Existing Controls Type Name Preventive

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Compliance monitoring (in terms of investment strategic mix, including maximum & minimum limits)

Effectiveness N/A

Controls Effectiveness Control Likelihood Good Control Impact Good Nett Rating Nett Likelihood Nett Impact

Nett Rating

QD

Rare

Current Status Within Expectation

Action Create Action Plan

Insignificant

Target Rating Target Likelihood

Rare

Target Impact

Insignificant

Management Actions Type Name Preventive

Page

14 of 112

Compliance reporting to various committees and boards (ALCO, RMC, IC, Boards)

QD

Owner

Priority

Start Date

Due Date

N/A

27 Apr 2006

31 Dec 2007 0%

Status

3.

Risk Factor

: Vc6-4: Non optimization in fixed income portfolio investment

Description

: The different methodology in terms of managing credit risk for fixed income investment in separate entities may result in non-optimization of the fixed income investment within allowable limit (60% in terms of AA and higher rated instruments)

Owner Reference

: : Fi1103

Risk Theme

:

Cause

: 1. Non adoption of investment management & risk management governance in terms of managing fixed income 2. Absence of methodology used in credit risk assessment 3. Absence of allowable limits to ensure quality fixed income investment

Consequence

: 1. Potential lower yield in fixed income investment 2. Inconsistent management of fixed income based on risk aspect 3. Mismatch in terms of invested asset with product pricing

Gross Risk Ratings

Consequence Category

Gross Rating

Likelihood

Likely

Impact

Major

KPI

QA Owner

Trigger Value

Existing Controls Type Name Preventive

Cause Category

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Compliance monitoring (in terms of credit risk assessment by funds)

Effectiveness N/A

Controls Effectiveness Control Likelihood Good Control Impact Good Nett Rating Nett Likelihood Nett Impact

Nett Rating

QD

Rare

Current Status Within Expectation

Action Create Action Plan

Insignificant

Target Rating Target Likelihood

Rare

Target Impact

Insignificant

Management Actions Type Name Preventive

Page

15 of 112

Compliance reporting to various committees and boards (ALCO, RMC, IC, Boards)

QD

Owner

Priority

Start Date

Due Date

N/A

27 Apr 2006

27 May 2006 0%

Status

4.

Risk Factor

: Vc8-4: Financial Risks – Take up rate on free-up space

Description

: Huge space to be vacated 1. MNI Twins at 140k sq ft 2. BDZ at 65k sq ft 3. Potential reduction of occupancy retention rate on existing tenancy (non MIG )

Owner Reference

: : Fi1104

Risk Theme

:

Cause

: 1. Relocation of MIG 2. Failure in retaining existing tenants 3. Potential delay in relocation exercise – ideal space could not be rented out timely

Consequence

: 1. Financial loss/impact on unoccupied space – MNI Twins at 140k sq [email protected], BDZ at 65k sq [email protected]. 2. Loss of rental income due to existing tenant/s moving out 3. Increase in ratio in Building Maintenance cost

Gross Risk Ratings

Cause Category

Consequence Category

Gross Rating

Likelihood

Likely

Impact

Major

KPI

QA Owner

Trigger Value

Existing Controls Type Name

Unit

Score

Actual

Target Status Last Trend Month

Interval

Effectiveness

Detective

Establishment of marketing strategy

On going

N/A

Detective

Continuous update and communication to; 1. Property brokers on marketing plan 2. Existing tenant/s on flexible package

On going

N/A

Owner

Controls Effectiveness Control Likelihood Some Weaknesses Control Impact Some Weakness Nett Rating Nett Likelihood Nett Impact

Nett Rating

QB

Possible

Current Status Within Expectation

Action Create Action Plan

Moderate

Target Rating Target Likelihood

Possible

Target Impact

Major

Management Actions Type Name

Page

QA

Priority

Start Date

Due Date

Preventive

Implementation of proper and effective marketing strategy

N/A

25 Apr 2006

25 May 2006 0%

Preventive

Temporary/interim risk taking to relocate staff at vacated floor

N/A

25 Apr 2006

25 May 2006 0%

Preventive

To offer attractive tenancy package to retain the existing tenant

N/A

25 Apr 2006

25 May 2006 0%

16 of 112

Owner

Status

Page

17 of 112

5.

Risk Factor

: Fs3F-3: Prolonged completion leading to higher costs

Description

:

Owner Reference

: : Fi1105

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Possible

Impact

Moderate

KPI

Owner

QB Trigger Value

Existing Controls Type Name

Unit

Score

Actual

Owner

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact

Nett Rating

NA

N/A

Current Status N/A

Action Create Action Plan

N/A

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Detective

Page

18 of 112

Active project plan with clear milestones and prompt issues resolution

NA

Owner

Priority

Start Date

Due Date

N/A

06 Apr 2006

06 May 2006 0%

Status

6.

Risk Factor

: Fs3A-1.1: Business Risk – Reputational risk of Takaful if benefits are reduced subsequently not matching the ‘PRE’

Description

: FS3.28 Addressing Takaful Annuities Benefits - Actuarial (Life) Note: Fs3A-2: Business Risks – Loss of revenue due to negative perception of the model and fulfilling PRE is merged into FS3A-1.1 based on 20060410 Risk Compilation v4.

Owner Reference

: : Fi1106

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Possible

Impact

Catastrophic

KPI

Owner

QA Trigger Value

Existing Controls Type Name

Unit

Score

Actual

Owner

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact

Nett Rating

NA

N/A

Current Status N/A

Action Create Action Plan

N/A

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name

Page

NA

Priority

Start Date

Due Date

Preventive

Detail comprehensive communications and explanation plan

N/A

06 Apr 2006

06 May 2006 0%

Preventive

The front-liner (Marketing,Agents,Corporate Communications) be made aware of the decision to reduce benefits

N/A

13 Apr 2006

30 Jun 2006 0%

19 of 112

Owner

Status

7.

Risk Factor

: Vc5-EC4: Failure to increase share of wallet

Description

: Failure to increase business from existing customers by widening the products being offered & sell to the customers

Owner Reference

: : Fi1107

Risk Theme

:

Cause

: Lack of coordination in regards to joint marketing approach/programs to existing customers within MFB Group

Consequence

: Potential loss of business opportunities.

Gross Risk Ratings

Cause Category

Consequence Category

Gross Rating

Likelihood

Possible

Impact

Insignificant

KPI

Owner

QD Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QD

Possible

Current Status To be reviewed

Action Create Action Plan

Insignificant

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

20 of 112

To set joint-market approach of customers soon

NA

Owner

Priority

Start Date

Due Date

Status

N/A

17 Apr 2006

01 Jul 2006

0%

8.

Risk Factor

: Vc5-AD2: Low take-up rate

Description

:

Owner Reference

: : Fi1108

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Rare

Impact

Insignificant

KPI

Owner

QD Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QD

Rare

Current Status To be reviewed

Action Create Action Plan

Insignificant

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

21 of 112

Refine database

NA

Owner

Priority

Start Date

Due Date

N/A

17 Apr 2006

17 May 2006 0%

Status

9.

Risk Factor

: Fs3-PB2: Failure to meet the Maybank Group’s deadlines

Description

:

Owner Reference

: : Fi1109

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Rare

Impact

Catastrophic

KPI

Owner

QB Trigger Value

Existing Controls Type Name

Unit

Score

Actual

Owner

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact

Nett Rating

NA

N/A

Current Status N/A

Action Create Action Plan

N/A

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

22 of 112

Desktop exercise to finalise budget

NA

Owner

Priority

Start Date

Due Date

N/A

17 Apr 2006

17 May 2006 0%

Status

10. Risk Factor

: Fs3-Fs3.29-2: Financial Risk – internal assessment may be conservative considering data issues, hence may result in high IBNR reserve

Description

: Note: FS3 Finance & Risk Management – FS3.29 Aligning MNI & TN IBNR Data for Reserving Period Ending 30 June - Actuarial (General)

Owner Reference

: : Fi1110

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Almost Certain

Impact

Catastrophic

KPI

Owner

QA Trigger Value

Existing Controls Type Name

Unit

Score

Actual

Owner

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact

Nett Rating

NA

N/A

Current Status N/A

Action Create Action Plan

N/A

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

23 of 112

A consultant may be able to provide more accurate estimate, and release margin due to conservatism

NA

Owner

Priority

Start Date

Due Date

N/A

17 Apr 2006

17 May 2006 0%

Status

11. Risk Factor

: Vc5-AG9: Lower than industry in persistency ratio

Description

: High surrendered cases among policy holders especially in the first two years of the policy term (Pls indicate the statistics). Currently stands at more than 1000 surrended cases per month in TN alone

Owner Reference

: : Fi1111

Risk Theme

:

Cause

: 1. Some agents are taking advantage of the situation by encouraging policy switching to the existing TN policy holder 2. Ineffective and inconsistent agent disciplinary enforcement 3. Misrepresentation by agents to potential and existing customers 4. Lack of monitoring by agency leaders on the conducts of their agents

Consequence

: 1. Impacting persistency ratio currently stand at 65% which is very much lower than industry average 2. Reputation risk to the company 3. Impacting profitability / Higher cost of doing business

Gross Risk Ratings

Cause Category

Consequence Category

Gross Rating

Likelihood

Possible

Impact

Major

KPI

Owner

QA Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QA

Possible Major

Current Status May Need improvement

Action Create Action Plan

Target Rating Target Likelihood

Unlikely

Target Impact

Minor

Management Actions Type Name

Page

QC

Priority

Start Date

Due Date

Preventive

To establish Customer Conservation Unit

N/A

25 Apr 2006

25 May 2006 0%

Preventive

To implement a consistent agent disciplinary conducts/enforcement

N/A

25 Apr 2006

25 May 2006 0%

Preventive

To incorporate persistency ratio in agency promotion and incentive programs

N/A

25 Apr 2006

25 May 2006 0%

Preventive

Suggested KRI

N/A

25 Apr 2006

25 May 2006 0%

24 of 112

Owner

Status

Strategic : (Customers (Business)) TBA Objective

5.

1.

Risk Factor

: Vc2-3: Reduced customer satisfaction due to centralization of operation.

Description

: 1. Centralization of processing is core of value creation. 2. Key assumption that branch will not be in processing. Branch sales oriented. 3. Currently customer being served at branches especially life business.

Owner Reference

: : Ci1101

Risk Theme

:

Cause

: 1. Uncertainty of the function of the branch create dissatisfaction. 2. Redeployment of staff 3. Agent reservation on the centralization of operation. 4. Efficiency of the system.

Consequence

: 1. Loss of customer/ agents confidence. 2. Staff resigning

Gross Risk Ratings

Consequence Category

Gross Rating

Likelihood

Likely

Impact

Major

KPI

QA Owner

Trigger Value

Existing Controls Type Name Detective

Cause Category

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Usage of Maybank facilities.

Effectiveness N/A

Controls Effectiveness Control Likelihood Some Weaknesses Control Impact Some Weakness Nett Rating Nett Likelihood Nett Impact

Nett Rating

QB

Possible

Current Status To be reviewed

Action Create Action Plan

Moderate

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name

Page

NA

Priority

Start Date

Due Date

Preventive

Formulation of Branch SLA

N/A

27 Apr 2006

27 May 2006 0%

Preventive

Plan for agency awareness program on alternative facilities i.e. self service facilities, Channel, I Pos etc at branch level

N/A

27 Apr 2006

27 May 2006 0%

Preventive

To clearly identify all processes handled at branch and find alternative avenues without reducing SLA. Work with all Sales and Marketing team.

N/A

27 Apr 2006

27 May 2006 0%

Preventive

Plan for outsourcing/ centralization of function alternative strategy

N/A

27 Apr 2006

27 May 2006 0%

25 of 112

Owner

Status

Page

26 of 112

2.

Risk Factor

: Vc2-4: Integrating Takaful with conventional becomes an opportunity to our competitors.

Description

: Competitors will exploit the sentiment that TN is not incompliance with Shariah, due to mixture of conventional front & back end processes.

Owner Reference

: : Ci1102

Risk Theme

:

Cause

: Composite branch concept (Takaful & non-T in 1 branch)

Consequence

: Loss of market share

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Likely

Impact

Major

KPI

QA Owner

Trigger Value

Existing Controls Type Name Preventive

Cause Category

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Purity campaign by TN

Effectiveness N/A

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Some Weakness Nett Rating Nett Likelihood Nett Impact

Nett Rating

QB

Likely

Current Status To be reviewed

Action Create Action Plan

Moderate

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name

Page

NA

Priority

Start Date

Due Date

Preventive

To propose for a team (consist of branch and agency team) to look into proposal to segregate Takaful and non-Takaful operation

N/A

27 Apr 2006

27 May 2006 0%

Preventive

Ensure that part of purity campaign includes communication policy to staff on how to respond to queries with regards to model, operation etc

N/A

27 Apr 2006

27 May 2006 0%

27 of 112

Owner

Status

3.

Risk Factor

: Vc4-2: Business Risks – Loss of revenue due to shortcomings in transition to Wakalah

Description

: Refer to the possibility of reduced in the business growth due to lower return to the participants

Owner Reference

: : Ci1103

Risk Theme

:

Cause

: 1. Takaful product not customer friendly and less attractive 2. Difficult to sell the product

Consequence

: 1. Loss of customer and market share. 2. Reduced surplus and profit 3. Impact to channel and agency i.e. high turnover of staff and agency. 4. Reduced business volume.

Gross Risk Ratings

Cause Category

Consequence Category

Gross Rating

Likelihood

Likely

Impact

Moderate

KPI

Owner

QB Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QB

Likely Moderate

Current Status May Need improvement

Action Create Action Plan

Target Rating Target Likelihood

Possible

Target Impact

Minor

Management Actions Type Name

Page

QC

Priority

Start Date

Due Date

Status

Preventive

The DIP to ensure that a comprehensive testing and communications plan is established prior to transition points and to conduct phased rollout

N/A

25 Apr 2006

01 Jul 2006

0%

Preventive

TN Account Dept to analyze/study the viability of the Takaful model. Currently the study is conducted for General & Group Family Takaful.

N/A

25 Apr 2006

01 Jun 2006 0%

Preventive

To study and conduct simulation on the correctness and suitability of the Wakalah model for the enlarged entity and advice the committee on the findings

N/A

25 Apr 2006

01 Jun 2006 0%

Preventive

To present the proposed new Takaful model to TN Shariah Committee.

N/A

25 Apr 2006

01 Jun 2006 0%

28 of 112

Owner

Page

29 of 112

4.

Risk Factor

: Vc4-3: Business Risks – Loss of revenue due to unfavorable response of agents and customers to new fee structure

Description

: 1. The MTB wakalah model will reduce the return to the client as opposed to TN’s existing model 2. The Wakalah model work to MTB due to its share of Maybank’s captive market.

Owner Reference

: : Ci1104

Risk Theme

:

Cause

: 1. Incorrect assessment of optimal fee structure. 2. Less customer friendly because of the 80 (operator) :20 (participant) sharing of surplus from the general Takaful fund as of MTB model 3. Lack of proper communication to various stakeholders.

Consequence

: 1. Negative impact to business growth. 2. To give high return to client (in order to compete with competitors), Takaful need to charge a higher premium.

Gross Risk Ratings

Cause Category

Consequence Category

Gross Rating

Likelihood

Likely

Impact

Moderate

KPI

Owner

QB Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QB

Likely Moderate

Current Status May Need improvement

Action Create Action Plan

Target Rating Target Likelihood

Likely

Target Impact

Minor

Management Actions Type Name

Page

QC

Priority

Start Date

Due Date

Preventive

Propose to review the current MTB sharing of surplus ratio

N/A

25 Apr 2006

01 Jun 2006 0%

Preventive

Test and survey agent and customer response to new fee structure prior to actual rollout

N/A

25 Apr 2006

25 May 2006 0%

Preventive

To review the model based on the survey results

N/A

25 Apr 2006

25 May 2006 0%

30 of 112

Owner

Status

5.

Risk Factor

: Vc5-BA1: Lost of 3rd party banca partners

Description

: The loss of 3rd. party business channel i.e other Banks

Owner Reference

: : Ci1105

Risk Theme

:

Cause

: 1. Lack of understanding on the merged entity 2. Lack of willingness to work with perceived banking competitor 3. Limited New Products i.e single premium product

Consequence

: 1. Loss of sales 2. Loss of a 3rd party business channel

Gross Risk Ratings

Cause Category

Consequence Category

Gross Rating

Likelihood

Almost Certain

Impact

Moderate

KPI

Owner

QA Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QA

Almost Certain

Current Status To be reviewed

Action Create Action Plan

Moderate

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

31 of 112

Develop 2-3 integrated banca relationships

NA

Owner

Priority

Start Date

Due Date

N/A

17 Apr 2006

30 Jun 2007 0%

Status

6.

Risk Factor

: Vc5-BA2: Banca partners do not accept products

Description

: Non acceptance of the bancassurance products to be offered through the Banca partners.

Owner Reference

: : Ci1106

Risk Theme

:

Cause

: 1. Lack of detailed knowledge on the bancasurrance product 2. Acceptance level of the product might be affected due to issues of i.e commission paid to Banca partners etc.

Consequence

: Product cannot be rolled out

Gross Risk Ratings

Cause Category

Consequence Category Gross Rating

Likelihood

Possible

Impact

Moderate

KPI

Owner

QB Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QB

Possible

Current Status To be reviewed

Action Create Action Plan

Moderate

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

32 of 112

Ensure buy-in by educating and/or promoting

NA

Owner

Priority

Start Date

Due Date

N/A

17 Apr 2006

30 Sep 2006 0%

Status

7.

Risk Factor

: Vc5-BA3: Banca partners disagree on rollout timing

Description

: The timing or launch date might not be agreeable to the Banca partner.

Owner Reference

: : Ci1107

Risk Theme

:

Cause

: Different priorities and scheduling for the Banca partners

Consequence

: Late/ Delay in launching

Cause Category

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Rare

Impact

Insignificant

KPI

Owner

QD Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QD

Rare

Current Status To be reviewed

Action Create Action Plan

Insignificant

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

33 of 112

Early involvement of partners

NA

Owner

Priority

Start Date

Due Date

N/A

17 Apr 2006

30 Sep 2006 0%

Status

8.

Risk Factor

: Vc5-AG5: Rejection by Takaful agents

Description

: Related to the perception about Takaful business operation and issue of purity of takaful business conduct

Owner Reference

: : Ci1108

Risk Theme

:

Cause

: 1. Takaful agents do not want to be seen as doing business together with the conventional agents 2. Takaful agents worried about public perception on the conduct of their business purity of takaful operation is at stake

Cause Category

Consequence

: 1. Takful Agency force might be rejected by the public 2. Public perception about TN takaful practice is not in line with Shariah requirement 3. TN reputation in the eyes of public is at stake 4. Competitors might take opportunity to exploit the issue and impacting MF takaful business in the market

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Possible

Impact

Major

KPI

Owner

QA Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QA

Possible Major

Current Status May Need improvement

Action Create Action Plan

Target Rating Target Likelihood

Unlikely

Target Impact

Minor

Management Actions Type Name

Page

QC

Priority

Start Date

Due Date

Preventive

Plan training and incentive schemes

N/A

17 Apr 2006

30 Jun 2006 0%

Preventive

To ensure to separate the two agency force entity i.e. takaful ans conventional agents

N/A

25 Apr 2006

25 May 2006 0%

34 of 112

Owner

Status

9.

Risk Factor

: Vc5-AG6: (KIV) Agents lose focus on life business

Description

:

Owner Reference

: : Ci1109

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Rare

Impact

Insignificant

KPI

Owner

QD Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QD

Rare

Current Status To be reviewed

Action Create Action Plan

Insignificant

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

35 of 112

Develop communication plan and develop min. hurdles for life products

NA

Owner

Priority

Start Date

Due Date

N/A

17 Apr 2006

17 May 2006 0%

Status

10. Risk Factor

: Vc5-EC1: Lost of key (top 25) customers

Description

: The loss of the key or main Corporate customers

Owner Reference

: : Ci1110

Risk Theme

:

Cause

: 1. Anxiety by the brokers due to the merger process 2. Customer pinching by other competitors

Consequence

: Loss of business and sales target

Gross Risk Ratings

Cause Category

Consequence Category

Gross Rating

Likelihood

Almost Certain

Impact

Moderate

KPI

Owner

QA Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QA

Almost Certain

Current Status To be reviewed

Action Create Action Plan

Moderate

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

36 of 112

Ensure visitation on merger update; involve CEO in client relationship; constant communication

NA

Owner

Priority

Start Date

Due Date

Status

N/A

17 Apr 2006

01 Jul 2006

0%

11. Risk Factor

: Vc5-EC2: Failure to capture the 200 MBB large customers

Description

: To further capture the 200 Maybank’s major customers ( who are not yet being covered by MFB Group )

Owner Reference

: : Ci1111

Risk Theme

:

Cause

: 1. Lack of possible focus on the business 2. Lack of marketing strategy to penetrate the market

Consequence

: Potential loss of business opportunities

Gross Risk Ratings

Cause Category

Consequence Category

Gross Rating

Likelihood

Almost Certain

Impact

Moderate

KPI

Owner

QA Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QA

Almost Certain

Current Status To be reviewed

Action Create Action Plan

Moderate

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

37 of 112

Aggressive strategy of executing value proposition

NA

Owner

Priority

Start Date

Due Date

Status

N/A

17 Apr 2006

01 Jul 2006

0%

12. Risk Factor

: Vc5-S/MS4: Lack of preparedness of agency force

Description

:

Owner Reference

: : Ci1112

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Possible

Impact

Moderate

KPI

Owner

QB Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QB

Possible

Current Status To be reviewed

Action Create Action Plan

Moderate

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

38 of 112

Early preparation and communication with agents

NA

Owner

Priority

Start Date

Due Date

N/A

17 Apr 2006

17 May 2006 0%

Status

13. Risk Factor

: Fs3-Fs3.25-2:Business Risk – MNI’s carried forward surplus reduced substantially if MLA’s bonus allocation practice is adopted

Description

: Note: FS3 Finance & Risk Management – FS3.25 Aligning Various Bonus Practices of Participating Policies - Actuarial (Life)

Owner Reference

: : Ci1113

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Almost Certain

Impact

Catastrophic

KPI

Owner

QA Trigger Value

Existing Controls Type Name

Unit

Score

Actual

Owner

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact

Nett Rating

NA

N/A

Current Status N/A

Action Create Action Plan

N/A

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

39 of 112

Adopt MNI’s bonus allocation practice

NA

Owner

Priority

Start Date

Due Date

N/A

17 Apr 2006

17 May 2006 0%

Status

14. Risk Factor

: Fs3-Fs3.26-1:Business Risk – Valuation basis affects surplus arising in the life funds and ROSF

Description

: Inconsistent valuation basis / practice is not reasonable and difficult to justify Note: FS3 Finance & Risk Management – FS3.26 Alignment of Differing Valuation Bases Actuarial (Life)

Owner Reference

: : Ci1114

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Possible

Impact

Moderate

KPI

Owner

QB Trigger Value

Existing Controls Type Name

Unit

Score

Actual

Owner

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact

Nett Rating

NA

N/A

Current Status N/A

Action Create Action Plan

N/A

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

40 of 112

Review valuation basis for common items where the basis is not stipulated in the Insurance Act

NA

Owner

Priority

Start Date

Due Date

N/A

17 Apr 2006

17 May 2006 0%

Status

15. Risk Factor

: Vc5-AG10: Uncompetitive Agency Value Propositions

Description

: Poor Agency Value Propositions planning and budgeting

Owner Reference

: : Ci1115

Risk Theme

:

Cause

: 1. Lack of market research 2. Lack of innovative ideas in developing agency value propositions

Consequence

: 1. Loss of agency business 2. Loss of productive agents 3. Inability to recruit new productive agents

Gross Risk Ratings

Cause Category

Consequence Category

Gross Rating

Likelihood

Unlikely

Impact

Minor

KPI

Owner

QC Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QC

Unlikely Minor

Current Status May Need improvement

Action Create Action Plan

Target Rating Target Likelihood

Rare

Target Impact

Insignificant

Management Actions Type Name Preventive

Page

41 of 112

Conduct thorough market research and develop competitive and innovative agency value propositions and budget

QD

Owner

Priority

Start Date

Due Date

N/A

27 Apr 2006

27 May 2006 0%

Status

16. Risk Factor

: Vc5-AG11: Ineffective Agency Training

Description

: Ineffective Agency Training Plan

Owner Reference

: : Ci1116

Risk Theme

:

Cause

: 1. Lack of Training Need Analysis 2. Lack of a Training Calendar 3. Lack of competent trainer

Cause Category

Consequence

: 1. Lack of agency professionalism 2. Lack of agency productivity 3. Poor customer service

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Possible

Impact

Minor

KPI

Owner

QC Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QC

Possible Minor

Current Status May Need improvement

Action Create Action Plan

Target Rating Target Likelihood

Unlikely

Target Impact

Insignificant

Management Actions Type Name Preventive

Page

42 of 112

Conduct training need analysis and develop appropriate training program and calendar for the different categories of agents.

QD

Owner

Priority

Start Date

Due Date

N/A

27 Apr 2006

27 May 2006 0%

Status

Strategic : (Products and Services) TBA Objective

6.

1.

Risk Factor

: Vc5-BA5: Product cannibalization by 3rd party banca sales force

Description

: Products not being pushed due to issues of the 3rd. party Banca sales force

Owner Reference

: : Pi1102

Risk Theme

:

Cause

: Lack of product differentiation from competitors within the same 3rd. party bancasurrance channel.

Consequence

: Unable to meet the sales target

Gross Risk Ratings

Cause Category

Consequence Category

Gross Rating

Likelihood

Rare

Impact

Moderate

KPI

Owner

QC Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QC

Rare

Current Status To be reviewed

Action Create Action Plan

Moderate

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

43 of 112

Ensure adequate product features differentiation

NA

Owner

Priority

Start Date

Due Date

N/A

27 Apr 2006

30 Sep 2006 0%

Status

2.

Risk Factor

: Vc5-BA6: Low take-up rate for motor takaful

Description

: Low take up rate for motor takaful cover through the 3rd. party bancassurance channel.

Owner Reference

: : Pi1103

Risk Theme

:

Cause

: 1. Inadequate promotional campaign done with the 3rd. party bancasurance channel 2. Inadequate close working relationship with 3rd. party bancassurance partners

Consequence

: Motor takaful product sales target not met.

Gross Risk Ratings

Cause Category

Consequence Category

Gross Rating

Likelihood

Rare

Impact

Moderate

KPI

Owner

QC Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QC

Rare

Current Status To be reviewed

Action Create Action Plan

Moderate

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

44 of 112

Promotion campaign and work closely with TN banca partners

NA

Owner

Priority

Start Date

Due Date

N/A

27 Apr 2006

27 May 2006 0%

Status

3.

Risk Factor

: Vc5-AD4: Cooperatives may opt for MBB products only

Description

:

Owner Reference

: : Pi1104

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Rare

Impact

Insignificant

KPI

Owner

QD Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QD

Rare

Current Status To be reviewed

Action Create Action Plan

Insignificant

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name

Page

45 of 112

NA

Owner

Priority

Start Date

Due Date

Status

4.

Risk Factor

: Vc5-S/MS5: Product ideation and launches delayed due to inappropriate or uncoordinated product management

Description

:

Owner Reference

: : Pi1105

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Almost Certain

Impact

Moderate

KPI

Owner

QA Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QA

Almost Certain

Current Status To be reviewed

Action Create Action Plan

Moderate

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

46 of 112

Work very closely with PDC and operations; take a proactive role and monitor the progress of each product closely

NA

Owner

Priority

Start Date

Due Date

N/A

17 Apr 2006

17 May 2006 0%

Status

5.

Risk Factor

: Vc2-5:Product Development

Description

: 1. Product development to the respective market segment 2. Possibility that own products from different areas ( conventional and takaful ) will cannibalize each other due to the establishment of composite branch

Owner Reference

: : Pi7101

Risk Theme

:

Cause

: 1. No real market analysis on customer segment. 2. Agents not productive as compared to competitors 3. Target market overlapped.

Consequence

: 1. Inability to achieve top line target. 2. Inability to compete.

Gross Risk Ratings

Consequence Category

Gross Rating

Likelihood

Likely

Impact

Major

KPI

QA Owner

Trigger Value

Existing Controls Type Name Preventive

Cause Category

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Ensuring the effectiveness of Product Development Committee of Mayban Fortis

Effectiveness N/A

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QA

Likely

Current Status To be reviewed

Action Create Action Plan

Major

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

47 of 112

Market analysis to be undertaken to support marketing and sales strategy which will drives product specification and development.

NA

Owner

Priority

Start Date

Due Date

N/A

27 Apr 2006

27 May 2006 0%

Status

Strategic : (Suppliers (Business)) TBA Objective

7.

1.

Risk Factor

: Vc1-IT2: Vendor risk

Description

: 1. The project will require involvement of multiple vendors. Effective management of all vendor will be a challenge for the project team 2. In certain circumstances, over dependant on single vendor give rise to possibility of a single vendor involve in too many projects as a result the vendor may not be able to cope with the workload

Owner Reference

: : Si1101

Risk Theme

:

Cause

: 1. Resource constraints and lack of business knowledge 2. Vendor not giving priority to project - Skill set and replacement not quality

Consequence

: 1. 2. 3. of

Cause Category

Consequence Category

Schedule overrun Cost overrun Inability to meet project objective in term requirement and quality.

Gross Risk Ratings

Gross Rating

Likelihood

Possible

Impact

Moderate

KPI

Owner

QB Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Preventive

Objective vendor selection process

As Appropriate N/A

Preventive

IT to vet through the contract to ensure that comprehensive arrangement for each vendor selected i.e. in term of resources quality and replacement availability

As Appropriate N/A

Preventive

To consider multiple vendor for various projects

As Appropriate N/A

Preventive

Contract to include penalty clauses

As Appropriate N/A

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QB

Possible Moderate

Current Status May Need improvement

Action Create Action Plan

Target Rating Target Likelihood

Unlikely

Target Impact

Minor

Management Actions Type Name Preventive

Page

48 of 112

To liaise with legal to consider for favourable spread for the payment term to vendor

QC

Owner

Priority

Start Date

Due Date

N/A

25 Apr 2006

25 May 2006 0%

Status

Strategic : (Human Capital (People)) TBA Objective

8.

1.

Risk Factor

: Vc3-4: People Risks – Internal resistance to process harmonization between takaful and conventional operations

Description

: No in depth understanding and awareness of staff on management structure on takaful and conventional operations

Owner Reference

: : Hi1101

Risk Theme

:

Cause

: 1. In adequate communication 2. Lack of awareness 3. Sensitivity of Takaful requirements ie Shariah compliance and restricted Investment requirements

Consequence

: 1. No buy-in commitment by employee 2. Low staff morale 3. Reduced productivity

Gross Risk Ratings

Cause Category

Consequence Category

Gross Rating

Likelihood

Possible

Impact

Moderate

KPI

Owner

QB Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Preventive

Prepare communications strategy to address staff concerns and issues ie formal communication via Townhall session, Newsletter etc

On going

N/A

Preventive

Generate feedback from staff

On going

N/A

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QB

Possible Moderate

Current Status May Need improvement

Action Create Action Plan

Target Rating Target Likelihood

Rare

Target Impact

Minor

Management Actions Type Name Preventive

Page

49 of 112

Formalize training and related knowledge sharing program/session on Takaful and conventional requirements to staff

QD

Owner

Priority

Start Date

Due Date

N/A

06 Apr 2006

06 May 2006 0%

Status

2.

Risk Factor

: Vc4-1: Personnel Risks – Failure to effectively educate and train staff, agents and customers on the changes

Description

: 1. 2. 3. 4.

Owner Reference

: : Hi1102

Risk Theme

:

Cause

: 1. Lack of dedicated training resources to conduct training 2. Lack of understanding on the differences between mudharabah and wakalah model.

Consequence

: 1. Wrong perception by the agents and client. 2. Impact to Takaful revenue 3. Poor Takaful reputation due to failure to provide proper advice to clients i.e. on policy benefit, surrender value. 4. BNM intervention due to unfavourable result.

Takaful operation to change from modified mudharabah to wakalah. Is correct wakalah model used for the integration as per Saudi scholar fatwa. Legitimacy/permissibility of the wakalah concept used. Given the wakalah model is finalized.

Gross Risk Ratings

Consequence Category

Gross Rating

Likelihood

Likely

Impact

Major

KPI

QA Owner

Trigger Value

Existing Controls Type Name Preventive

Cause Category

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Establishment of training department

Effectiveness N/A

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QA

Likely Major

Current Status May Need improvement

Action Create Action Plan

Target Rating Target Likelihood

Unlikely

Target Impact

Minor

Management Actions Type Name

Page

QC

Owner

Priority

Start Date

Due Date

Status

Preventive

To ensure that a comprehensive training is considered in preparing the Detailed Implementation Plan (DIP).

N/A

25 Apr 2006

15 Jun 2006 0%

Preventive

Training department to develop a comprehensive communications, and training plan (specific module) to address on Takaful model

N/A

25 Apr 2006

25 May 2006 0%

Preventive

To prepare plan for the establishment of the conservation unit for Takaful

N/A

25 Apr 2006

25 May 2006 0%

50 of 112

3.

Risk Factor

: Vc6-2: Unable to integrate investment division for the merged entity

Description

: The merger process may have a potential of problems in integrating 3 investment departments into one merged entity

Owner Reference

: : Hi1103

Risk Theme

:

Cause

: 1. No prior agreement on governance structure of investment management 2. Each of different departments in MF, MNI & TN has different methodology in terms of investment management 3. No clear guide from the management on the future direction of investment management

Consequence

: 1. Potential higher operating cost due to separate investment departments 2. Inefficiency in fund management & investment activities – duplication of work 3. Potential lack of control over investment activities 4. Inability to achieve similar objectives

Gross Risk Ratings

Consequence Category

Gross Rating

Likelihood

Likely

Impact

Major

KPI

QA Owner

Trigger Value

Existing Controls Type Name Preventive

Cause Category

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Common management (& governance) for separate departments under merged entity

Effectiveness N/A

Controls Effectiveness Control Likelihood Good Control Impact Good Nett Rating Nett Likelihood Nett Impact

Nett Rating

QD

Rare

Current Status Within Expectation

Action Create Action Plan

Insignificant

Target Rating Target Likelihood

Rare

Target Impact

Insignificant

Management Actions Type Name Preventive

Page

51 of 112

Effective selection process (in terms of staffing)

QD

Owner

Priority

Start Date

Due Date

N/A

27 Apr 2006

30 Jun 2006 0%

Status

4.

Risk Factor

: Fs3F-1: Personnel risk – loss of key staff

Description

:

Owner Reference

: : Hi1104

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Possible

Impact

Insignificant

KPI

Owner

QD Trigger Value

Existing Controls Type Name

Unit

Score

Actual

Owner

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact

Nett Rating

NA

N/A

Current Status N/A

Action Create Action Plan

N/A

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

52 of 112

Identify alternate support staff

NA

Owner

Priority

Start Date

Due Date

N/A

06 Apr 2006

06 May 2006 0%

Status

5.

Risk Factor

: Fs3F-2: Personnel risk – mismatch of competency / talent

Description

:

Owner Reference

: : Hi1105

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Rare

Impact

Insignificant

KPI

Owner

QD Trigger Value

Existing Controls Type Name

Unit

Score

Actual

Owner

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact

Nett Rating

NA

N/A

Current Status N/A

Action Create Action Plan

N/A

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

53 of 112

Identify alternate support staff

NA

Owner

Priority

Start Date

Due Date

N/A

06 Apr 2006

06 May 2006 0%

Status

6.

Risk Factor

: Fs3R-1: Loss of key personnel during the period of integration

Description

:

Owner Reference

: : Hi1106

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Possible

Impact

Insignificant

KPI

Owner

QD Trigger Value

Existing Controls Type Name

Unit

Score

Actual

Owner

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact

Nett Rating

NA

N/A

Current Status N/A

Action Create Action Plan

N/A

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Corrective

Page

54 of 112

Succession program, headcount assessment

NA

Owner

Priority

Start Date

Due Date

N/A

06 Apr 2006

06 May 2006 0%

Status

7.

Risk Factor

: Fs3R-2: Workload of personnel in the period of integration

Description

:

Owner Reference

: : Hi1107

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Almost Certain

Impact

Insignificant

KPI

Owner

QC Trigger Value

Existing Controls Type Name

Unit

Score

Actual

Owner

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact

Nett Rating

NA

N/A

Current Status N/A

Action Create Action Plan

N/A

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

55 of 112

Priority list, time management

NA

Owner

Priority

Start Date

Due Date

N/A

06 Apr 2006

06 May 2006 0%

Status

8.

Risk Factor

: Vc5-AG4: Implementation problems due to insufficient staff

Description

: Additional staff (Development Officers) for an effective agency development program

Owner Reference

: : Hi1108

Risk Theme

:

Cause

: 1. Lack of focus in agency development program 2. Lower compentency level amongst ADE to command respect from agency force 3. Inadequate manpower to service agency force at HQ and Branches

Cause Category

Consequence

: 1. Ineffective monitoring on agent performance 2. Many development programs were not effectively implemented 3. Low servicing level to agents as compared to our competitors

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Unlikely

Impact

Minor

KPI

Owner

QC Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QC

Unlikely Minor

Current Status May Need improvement

Action Create Action Plan

Target Rating Target Likelihood

Rare

Target Impact

Insignificant

Management Actions Type Name

Page

QD

Priority

Start Date

Due Date

Preventive

Work with HR on getting Manpower planning. To study the existing manpower availibity and compentency level and to propose to HR as needed

N/A

25 Apr 2006

31 May 2006 0%

Preventive

To ensure that ADE is empowered with enough authority to implement and monitor development programs effectively

N/A

25 Apr 2006

25 May 2006 0%

56 of 112

Owner

Status

9.

Risk Factor

: Vc5-AD5: Insufficient staff to handle tasks

Description

:

Owner Reference

: : Hi1109

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Rare

Impact

Insignificant

KPI

Owner

QD Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QD

Rare

Current Status To be reviewed

Action Create Action Plan

Insignificant

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

57 of 112

Ensure and pre-plan manpower requirement and prepare back-up data entry personnel

NA

Owner

Priority

Start Date

Due Date

N/A

17 Apr 2006

17 May 2006 0%

Status

10. Risk Factor

: Vc5-Brn2: Negative response of agents/clients

Description

: Negative perception/response by agents/clients due to previous experience etc.

Owner Reference

: : Hi1110

Risk Theme

:

Cause

: 1. Lack of understanding of the merger & integration process 2. Agents wrong perception based on past experience

Cause Category

Consequence

: 1. Agents might source business to competitors 2. Wrong perception given to customer by agents might lead to loss of renewal businesses.

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Almost Certain

Impact

Moderate

KPI

Owner

QA Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QA

Almost Certain

Current Status To be reviewed

Action Create Action Plan

Moderate

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

58 of 112

Formulate strategy to communicate to clients/ agents

NA

Owner

Priority

Start Date

Due Date

N/A

17 Apr 2006

17 May 2006 0%

Status

11. Risk Factor

: Fs2-1: Retention of key employees during the merger

Description

:

Owner Reference

: : Hi1111

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

N/A

Impact

Catastrophic

KPI

Owner

NA Trigger Value

Existing Controls Type Name

Unit

Score

Actual

Owner

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact

Nett Rating

NA

N/A

Current Status N/A

Action Create Action Plan

N/A

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

59 of 112

Design re-recruitment’ exercise for key employees: identify, assess, select and place –level 3 and level 4 jobs and implement ‘

NA

Owner

Priority

Start Date

Due Date

N/A

17 Apr 2006

17 May 2006 0%

Status

12. Risk Factor

: Fs2-2: Address employee “me” issues – grade, salary,

benefits etc.

Description

:

Owner Reference

: : Hi1112

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

N/A

Impact

Catastrophic

KPI

Owner

NA Trigger Value

Existing Controls Type Name

Unit

Score

Actual

Owner

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact

Nett Rating

NA

N/A

Current Status N/A

Action Create Action Plan

N/A

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name

Page

NA

Priority

Start Date

Due Date

Preventive

Harmonise T&C’s of service including grades, salary and benefits

N/A

17 Apr 2006

17 May 2006 0%

Preventive

Migrate all employees to common structure

N/A

17 Apr 2006

17 May 2006 0%

60 of 112

Owner

Status

13. Risk Factor

: Fs2-3: Maintain employee productivity during and immediately after the merger

Description

:

Owner Reference

: : Hi1113

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

N/A

Impact

Moderate

KPI

Owner

NA Trigger Value

Existing Controls Type Name

Unit

Score

Actual

Owner

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact

Nett Rating

NA

N/A

Current Status N/A

Action Create Action Plan

N/A

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name

Page

NA

Priority

Start Date

Due Date

Preventive

Assess cultural differences

N/A

17 Apr 2006

17 May 2006 0%

Preventive

Develop action plans to address ‘merger’ relatedissues

N/A

17 Apr 2006

17 May 2006 0%

Preventive

Develop & implement comprehensive communication and engagement plans

N/A

17 Apr 2006

17 May 2006 0%

Preventive

Cascade BSC to all employees asap

N/A

17 Apr 2006

17 May 2006 0%

61 of 112

Owner

Status

14. Risk Factor

: Fs3-PB1: Shortage of resources to carry out the tasks

Description

:

Owner Reference

: : Hi1114

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Rare

Impact

Catastrophic

KPI

Owner

QB Trigger Value

Existing Controls Type Name

Unit

Score

Actual

Owner

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact

Nett Rating

NA

N/A

Current Status N/A

Action Create Action Plan

N/A

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

62 of 112

Redeployment of personnel

NA

Owner

Priority

Start Date

Due Date

N/A

17 Apr 2006

17 May 2006 0%

Status

15. Risk Factor

: Fs3-PB3: Confusion over roles and responsibilities during the transition

Description

:

Owner Reference

: : Hi1115

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Rare

Impact

Catastrophic

KPI

Owner

QB Trigger Value

Existing Controls Type Name

Unit

Score

Actual

Owner

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact

Nett Rating

NA

N/A

Current Status N/A

Action Create Action Plan

N/A

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

63 of 112

Conducting briefings on the planning/budgeting process and expectations

NA

Owner

Priority

Start Date

Due Date

N/A

17 Apr 2006

17 May 2006 0%

Status

16. Risk Factor

: Fs3-Fs3.24-1: People risks loss of key staff

Description

: Note: FS3 Finance & Risk Management – FS3.24 Develop Integrated Actuarial Functions

Owner Reference

: : Hi1116

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Rare

Impact

Moderate

KPI

Owner

QC Trigger Value

Existing Controls Type Name

Unit

Score

Actual

Owner

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact

Nett Rating

NA

N/A

Current Status N/A

Action Create Action Plan

N/A

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

64 of 112

Retention program for key staff to be agreed on & implemented

NA

Owner

Priority

Start Date

Due Date

N/A

17 Apr 2006

17 May 2006 0%

Status

17. Risk Factor

: Fs3-Fs3.24-2: People risks – lack of key skills and relevant expertise to support integrated functions

Description

: Note: FS3 Finance & Risk Management – FS3.24 Develop Integrated Actuarial Functions

Owner Reference

: : Hi1117

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Rare

Impact

Insignificant

KPI

Owner

QD Trigger Value

Existing Controls Type Name

Unit

Score

Actual

Owner

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact

Nett Rating

NA

N/A

Current Status N/A

Action Create Action Plan

N/A

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name

Page

NA

Priority

Start Date

Due Date

Preventive

Define skills & expertise needed to support critical functions.

N/A

17 Apr 2006

17 May 2006 0%

Preventive

Identify suitable staff (& back-up support) for development & training

N/A

17 Apr 2006

17 May 2006 0%

65 of 112

Owner

Status

18. Risk Factor

: Fs3-Fs3.30-2: People Risk – require product knowledge and skill in developing the models.

Description

: Note: FS3 Finance & Risk Management – FS3.30 Harmonization of actuarial reports

Owner Reference

: : Hi1118

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Rare

Impact

Insignificant

KPI

Owner

QD Trigger Value

Existing Controls Type Name

Unit

Score

Actual

Owner

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact

Nett Rating

NA

N/A

Current Status N/A

Action Create Action Plan

N/A

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name

Page

NA

Priority

Start Date

Due Date

Preventive

Identify suitable staff

N/A

17 Apr 2006

17 May 2006 0%

Preventive

Ensure precise documentation

N/A

17 Apr 2006

17 May 2006 0%

66 of 112

Owner

Status

19. Risk Factor

: Vc1-IT1: People Risks - IT resources

Description

: 1. Loss of key staff to competitors 2. Insufficient staff with key skills & expertise 3. Insufficient staff with execution & leadership capabilities Note: - Risk from insufficient /inappropriate staffing imply the inability to allocate a skilled workforce to the project, regardless of availability. - The integration is a big scale project and a lot of resources are required. - The increase need for more human capital resources for the core and non-core system integration for the enlarged entity. - The concern is on the ability to retain experienced staff to support throughout the integration period. - There is a need for ‘industry knowledge’ to be brought in

Owner Reference

: : Hi1119

Risk Theme

:

Cause

: 1. Inability to retain skilled and experienced staff 2. Too many projects run concurrently. Internal resources not sufficient to cope with the workload. 3. Lack of subject matter expert (SME) available internally.

Consequence

: 1. 2. 3. of

Cause Category

Consequence Category

Schedule overrun Cost overrun Inability to meet project objective in term functional requirement and quality.

Gross Risk Ratings

Gross Rating

Likelihood

Likely

Impact

Major

KPI

QA Owner

Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Preventive

Adoption of Maybank’s System Selection Criteria.

As Appropriate N/A

Preventive

Engagement of external resources/project manager based on contract basis for key projects.

As Appropriate N/A

Preventive

Initiatives by HR to cope with staff attrition.

On going

N/A

Controls Effectiveness Control Likelihood Some Weaknesses Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QA

Possible Major

Current Status May Need improvement

Action Create Action Plan

Target Rating Target Likelihood

Possible

Target Impact

Moderate

Management Actions Type Name Preventive

Page

67 of 112

To prepare detailed implementation planning (DIP)

QB

Owner

Priority

Start Date

Due Date

N/A

24 Apr 2006

30 Jun 2006 0%

Status

and specific attention will be provided to address the above issues

Page

Preventive

IT will define skills required for HR to initiate: - Hiring and/or training process - Retention program - IT team to focus on detailed execution and build capabilities

N/A

24 Apr 2006

24 Apr 2006 0%

Detective

To conduct monthly project progress review meeting with Project Steering Committee.

N/A

16 Jun 2006

30 Jun 2006 0%

68 of 112

20. Risk Factor

: Vc1-IT4: Execution Risks

Description

: Delay or failure in executing critical path merger activities - The project has many interdependencies. In most cases, projects are dependant on many milestones. - Inability of the VCs and FSs to complete the milestones will result in delay or failure of execution i.e. co-location, site preparation, etc.

Owner Reference

: : Hi1120

Risk Theme

:

Cause

: 1. Critical path delayed 2. Lack of comprehensive project management tools to monitor the achievement of critical paths. Currently projects are tracked manually by using spreadsheet and Microsoft Project.

Consequence

: 1. Delay in operation for the enlarged entity due to schedule overrun 2. Resources are not optimized effectively 3. Inability to meet merger objective

Gross Risk Ratings

Cause Category

Consequence Category

Gross Rating

Likelihood

Possible

Impact

Moderate

KPI

Owner

QB Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Preventive

High awareness of key dependencies and communication of the same to the whole project team

N/A

Detective

IT progress review meeting

N/A

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QB

Possible Moderate

Current Status May Need improvement

Action Create Action Plan

Target Rating Target Likelihood

Possible

Target Impact

Minor

Management Actions Type Name

Page

QC

Priority

Start Date

Due Date

Status

Preventive

To ensure that the DIP prepared identify and subsequently properly map all the critical paths/dependencies.

N/A

16 Jun 2006

15 Jul 2006

0%

Corrective

To look into the possibility of using superior project management tool (Principal II/Prince II) to replace the existing manual tools.

N/A

02 May 2006 02 May 2006 0%

69 of 112

Owner

Page

70 of 112

21. Risk Factor

: VC8-6 - Low staff morale Associated with relocation exercise

Description

: Based on estimation, almost 40% of employees will be getting lower/smaller working station specification

Owner Reference

: : Hi1121

Risk Theme

:

Cause

: 1. New work station policy and standard at MIG – Proposed cubicle at 6X6 as compared to 6X9 at MNI. 2. To best align the Maybank Group workstation standards. 3. Staff “overcrowded” – Existing 45 per floor compared to proposed 77 per floor.

Consequence

: 1. Low staff morale. 2. Ineffective and inefficient productivity. 3. Dissatisfaction feeling over “crowded” environment.

Gross Risk Ratings

Consequence Category

Gross Rating

Likelihood

Possible

Impact

Moderate

KPI

Owner

QB Trigger Value

Existing Controls Type Name Preventive

Cause Category

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Establishment of Co-Location Steering Committee (CLSC) to focus on relocation related matters

Effectiveness

As Appropriate N/A

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QB

Possible Moderate

Current Status May Need improvement

Action Create Action Plan

Target Rating Target Likelihood

Unlikely

Target Impact

Minor

Management Actions Type Name Preventive

Page

71 of 112

To recommend “incentive package” to lessen/mitigate the staff low morale issues due to reduction in size of workstation specifications

QC

Owner

Priority

Start Date

Due Date

N/A

25 Apr 2006

25 May 2006 0%

Status

22. Risk Factor

: Vc5-AG7: Manpower size at agency – Small manpower size & many part time agents halts the agency sales model program

Description

: To improve and increase productivity 238 “Star” (high-performing) agent’s current FYCP of RM50K-RM500K by 30% each year. Small number of Star Agency Group

Owner Reference

: : Hi1122

Risk Theme

:

Cause

: 1. Small number of highly productive agents with current production of FYCP between RM50K-RM500K 2. Many part time agents 3. Lack of professionalism among agency leadres

Consequence

: 1. Halted the agency sales model programs 2. Group Agency Financial Status – Agency Leaders financial sthrengths will influence thier capabilityto develop thier agencies (mapped from risk identified in Slide 11 of IC)

Gross Risk Ratings

Cause Category

Consequence Category

Gross Rating

Likelihood

Possible

Impact

Major

KPI

Owner

QA Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QA

Possible Major

Current Status May Need improvement

Action Create Action Plan

Target Rating Target Likelihood

Unlikely

Target Impact

Minor

Management Actions Type Name

Page

QC

Priority

Start Date

Due Date

Preventive

Analyse and establish various agency groups (segments) Star, Average, and Laggard

N/A

25 Apr 2006

25 May 2006 0%

Preventive

Plan and establish agency development pograms for each identified segment

N/A

25 Apr 2006

25 May 2006 0%

Preventive

Roll out pilot program at selected branches

N/A

25 Apr 2006

25 May 2006 0%

Preventive

Implement full blown development programs to all branches

N/A

25 Apr 2006

25 May 2006 0%

Preventive

Identify and recruit additional staff for agency development program

N/A

25 Apr 2006

25 May 2006 0%

Preventive

Establish and monitor productivity improvement targets including MDRT qualifiers

N/A

25 Apr 2006

25 May 2006 0%

72 of 112

Owner

Status

Preventive

Page

73 of 112

Allocate budget for agency development and incentive programs

N/A

25 Apr 2006

25 May 2006 0%

Strategic : (Operations (& Systems)) TBA Objective

9.

1.

Risk Factor

: Vc2-1: IT system Back end & workflow

Description

: 1. System consolidation for the merged entity. Few systems to integrate (Tall order). Risk is there. Migration process will be huge and resource consuming. Back end & front end systems issues are similarly must be addressed. i.e. different point of sale/ channel. 2. The assumption of future business is based on the I.T system being able to meet post merger requirements 3. For the next 3 years the 3 entities will use their current system. 4. Resources for system implementation VC, BA & IT.

Owner Reference

: : Oi1101

Risk Theme

:

Cause

: 1. People working through different system ( resource duplications ) 2. System consolidation. 3. No optimization of resources.

Consequence

: 1. Major operational issues. 2. Data integrity questionable. 3. Impact of future business. 4. Not meeting merger objective VCRM11.5mn

Gross Risk Ratings

Consequence Category

Gross Rating

Likelihood

Almost Certain

Impact

Catastrophic

KPI

Owner

QA Trigger Value

Existing Controls Type Name Detective

Cause Category

Unit

Score

Owner

Key users involvement in the IT evaluation team.

Actual

Target Status Last Trend Month

Interval

Effectiveness

On going

N/A

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QA

Almost Certain

Current Status To be reviewed

Action Create Action Plan

Catastrophic

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name

Page

NA

Owner

Priority

Start Date

Due Date

Status

Preventive

Establishment of a Business Analyst Team to look into system & method, process & system integration and implementing best of breed I.T system solution

N/A

27 Apr 2006

27 May 2006 0%

Preventive

To look into the possibility to appoint subject matter expert consultants to assist and develop the I.T system solution

N/A

27 Apr 2006

27 May 2006 0%

74 of 112

Page

75 of 112

2.

Risk Factor

: Vc2-2: Meeting the SLA with 3rd parties Bancasurrance partner.

Description

: 1. Team expects high impact on the area of banca in regards to expectation by the partners. 2. Other sales channel the impact is relatively low.

Owner Reference

: : Oi1102

Risk Theme

:

Cause

: 1. System inability to support to banca partners needs 2. The 3rd party banca partners might not be comfortable with working together with the competitor i.e Maybank group

Consequence

: 1. Not meeting SLA 2. Loss of strategic partner.

Gross Risk Ratings

Consequence Category

Gross Rating

Likelihood

Unlikely

Impact

Moderate

KPI

Owner

QC Trigger Value

Existing Controls Type Name Detective

Cause Category

Unit

Score

Owner

Operation is manage in such a way to cater to respective channel i.e. priority service team.

Actual

Target Status Last Trend Month

Interval

Effectiveness

On going

N/A

Controls Effectiveness Control Likelihood Very Good Control Impact Very Good Nett Rating Nett Likelihood Nett Impact

Nett Rating

QD

Rare

Current Status To be reviewed

Action Create Action Plan

Insignificant

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Detective

Page

76 of 112

PMO should validate the values to ensure no duplications

NA

Owner

Priority

Start Date

Due Date

N/A

06 Apr 2006

06 May 2006 0%

Status

3.

Risk Factor

: Vc3-1: Operational Risks – Integration impact to service levels

Description

: 1. Potential down time and disruption of operations arise during M&A process 2. Lack of system optimization 3. Perception issues from customers (internal & externally )

Owner Reference

: : Oi1103

Risk Theme

:

Cause

: 1. Non alignment of resources 2. Delay in IT 3. Inconsistent communication to internal & external parties

Consequence

: 1. Failure to maximize/optimize efficiency and cost effectiveness 2. Duplication of effort due to delay in automation of process 3. Internal – Reduce staff morale; External Confusion, dissatisfaction of customers

Gross Risk Ratings

Consequence Category

Gross Rating

Likelihood

Almost Certain

Impact

Major

KPI

Owner

QA Trigger Value

Existing Controls Type Name Preventive

Cause Category

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Establishment of VC3 to focus on;

Effectiveness

As Appropriate N/A

Controls Effectiveness Control Likelihood Satisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QA

Possible Major

Current Status May Need improvement

Action Create Action Plan

Target Rating Target Likelihood

Unlikely

Target Impact

Major

Management Actions Type Name

Page

QB

Owner

Priority

Start Date

Due Date

Status

Preventive

Ensure greater commitment & motivation; enhanced processes & systems; increased professionalism

N/A

06 Apr 2006

06 May 2006 0%

Preventive

To implement and continuous monitoring of the proposed action plans and strategy

N/A

27 Apr 2006

27 May 2006 0%

77 of 112

4.

Risk Factor

: Vc3-2: Operational Risks – Disruption and delays to existing operations

Description

: 1. Centralizing process between HQ and branches 2. Harmonizing process between MNI, TN and MF

Owner Reference

: : Oi1104

Risk Theme

:

Cause

: 1. Failure to understand the scope and requirements of existing operations/areas 2. Capability of IT and automation 3. Ineffectiveness in deployment of resources and relocation complexity

Consequence

: 1. Customer dissatisfaction 2. Duplication of effort – under utilization of resources 3. Missed of business opportunity and cost saving

Gross Risk Ratings

Cause Category

Consequence Category

Gross Rating

Likelihood

Almost Certain

Impact

Major

KPI

Owner

QA Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Preventive

Develop action plans for centralization and harmonization of operations

As Appropriate N/A

Preventive

Objectives, timelines and project milestone to be tracked

On going

N/A

Controls Effectiveness Control Likelihood Satisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QA

Possible Major

Current Status May Need improvement

Action Create Action Plan

Target Rating Target Likelihood

Unlikely

Target Impact

Catastrophic

Management Actions Type Name Preventive

Page

78 of 112

Full commitment & support from management to staff exposed to integration tasks

QA

Owner

Priority

Start Date

Due Date

N/A

06 Apr 2006

06 May 2006 0%

Status

5.

Risk Factor

: Vc3-3: System Risks – Delay in IT, systems or automation initiatives

Description

: Identifying one platform to streamline the process and implement high automated environment

Owner Reference

: : Oi1105

Risk Theme

:

Cause

: 1. Delay in deciding one IT platform 2. Capability of system to automate 3. Too many projects run concurrently – Inability to deliver to customer timely

Consequence

: 1. Reduce productivity – Internal & External parties 2. Duplication of effort 3. Reduce customer service level

Gross Risk Ratings

Cause Category

Consequence Category

Gross Rating

Likelihood

Almost Certain

Impact

Major

KPI

Owner

QA Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Preventive

Develop detailed IT execution plan and proposed contingency plan and/or work around solution to cater for potential delay

As Appropriate N/A

Preventive

Establishment of IT Steering Committee for M&A exercise (ITSC) to look into IT direction

As Appropriate N/A

Controls Effectiveness Control Likelihood Satisfactory Control Impact Some Weakness Nett Rating Nett Likelihood Nett Impact

Nett Rating

QB

Possible Moderate

Current Status May Need improvement

Action Create Action Plan

Target Rating Target Likelihood

Unlikely

Target Impact

Minor

Management Actions Type Name

Page

QC

Priority

Start Date

Due Date

Preventive

To ensure implementation is tracked and monitored

N/A

27 Apr 2006

27 May 2006 0%

Detective

Prepare transition plan to account for potential delays

N/A

06 Apr 2006

06 May 2006 0%

79 of 112

Owner

Status

6.

Risk Factor

: Vc6-6: Non integration of investment management system

Description

: Separate investment departments for each different entities may have different investment system to support each of entities’ current investment activities

Owner Reference

: : Oi1106

Risk Theme

:

Cause

: 1. Different in system capabilities for investment management & activities 2. Different methodology in cost-benefit analysis for each separate entities 3. Different purpose and needs (relating to investment activities) in each entities

Consequence

: 1. High operating cost if system were not be integrated 2. Management inefficiencies for the merged investment management department 3. Duplications in investment activities (including reporting)

Gross Risk Ratings

Consequence Category

Gross Rating

Likelihood

Likely

Impact

Major

KPI

QA Owner

Trigger Value

Existing Controls Type Name Corrective

Cause Category

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Initiative under investment management VC team to integrate investment system

Effectiveness N/A

Controls Effectiveness Control Likelihood Some Weaknesses Control Impact Some Weakness Nett Rating Nett Likelihood Nett Impact

Nett Rating

QB

Possible Moderate

Current Status May Need improvement

Action Create Action Plan

Target Rating Target Likelihood

Rare

Target Impact

Insignificant

Management Actions Type Name

Page

QD

Priority

Start Date

Due Date

Preventive

Monitoring of initiatives undergone by the VC team

N/A

27 Apr 2006

31 Dec 2007 0%

Corrective

To consider alternative system

N/A

06 Apr 2006

06 May 2006 0%

80 of 112

Owner

Status

7.

Risk Factor

: Vc8-1: Process/Supplier Risks – Delay in decision making process on finalization of existing and future engagement of vendor/suppliers

Description

: 1. Delay in establishing printed items standard 2. Expiry of vendors/suppliers appointments later than implementation date 3. Expiry of current service providers agreements

Owner Reference

: : Oi1107

Risk Theme

:

Cause

: 1. Inability to finalize the integration/harmonisation process of related operations timely. 2. Unresolved branding issues 3. Ineffective communication and unclear policy & procedures relating to joint vendors/suppliers selection process

Cause Category

Consequence

: 1. Multiple preferred vendors/suppliers 2. Schedule & cost overrun 3. Disruption of ongoing operations that may lead to dissatisfaction to both internal and external parties

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Possible

Impact

Minor

KPI

Owner

QC Trigger Value

Existing Controls Type Name Detective

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Establishment of project committee to focus on; 1. Review and document vendors/suppliers selection process 2. Review of current active agreements

Effectiveness N/A

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QC

Possible Minor

Current Status May Need improvement

Action Create Action Plan

Target Rating Target Likelihood

Unlikely

Target Impact

Minor

Management Actions Type Name

Page

QC

Priority

Start Date

Due Date

Preventive

Close loop communication on operations printing strategy

N/A

06 Apr 2006

06 May 2006 0%

Preventive

To prepare detailed implementation planning and execution approach by;

N/A

25 Apr 2006

25 May 2006 0%

81 of 112

Owner

Status

8.

Risk Factor

: Vc8-2: Project Risks – Delay in relocation exercise

Description

: The relocation exercise of MNI and TN Head Office to Dataran Maybank, Bangsar

Owner Reference

: : Oi1108

Risk Theme

:

Cause

: 1. Delay in commencement of relocation exercise scheduled July 01, 2006 2. Delay in finalizing of organizational chart (Unclear future office layout) 3. Availability on additional floors

Consequence

: 1. Delay in harmonisation 2. Impact on implementation of initiatives 3. Impact on productivity

Gross Risk Ratings

Consequence Category

Gross Rating

Likelihood

Possible

Impact

Major

KPI

Owner

QA Trigger Value

Existing Controls Type Name Detective

Cause Category

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Establishment of Co-Location Steering Committee (CLSC)

Effectiveness

As Appropriate N/A

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QA

Possible Major

Current Status May Need improvement

Action Create Action Plan

Target Rating Target Likelihood

Unlikely

Target Impact

Minor

Management Actions Type Name

Page

QC

Priority

Start Date

Due Date

Preventive

Implementation and continuous monitoring of the relocation exercise that need to be completed by – Dec 31, 2006

N/A

01 Jul 2006

31 Dec 2006 0%

Preventive

Escalation to Merger Management Steering Committee (MMSC) on out of control situation

N/A

25 Apr 2006

25 May 2006 0%

82 of 112

Owner

Status

9.

Risk Factor

: VC8-3: Project Risks – Under scope relocation costing due to omission of unforeseen request

Description

: Inadequate relocation budget to meet unforeseen requirements

Owner Reference

: : Oi1109

Risk Theme

:

Cause

: Scope of work was inadequately defined 1. Additional floor space to be acquired due to revision in working standards floor space (bigger floor space per head count) 2. Renovation works on staff related recreation rooms, ex: Executive Lounge, Staff lounge etc. 3. Space requirements for ONELINE and Branches Operation Centralisation.

Consequence

: 1. 2. 3. of

Consequence Category

Cost overrun – increased in budget Schedule overrun Inability to meet project objective in term requirement and quality.

Gross Risk Ratings

Gross Rating

Likelihood

Possible

Impact

Major

KPI

Owner

QA Trigger Value

Existing Controls Type Name Preventive

Cause Category

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Establishment of Co-Location Steering Committee

Effectiveness

As Appropriate N/A

Controls Effectiveness Control Likelihood Satisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QB

Rare Major

Current Status May Need improvement

Action Create Action Plan

Target Rating Target Likelihood

Unlikely

Target Impact

Minor

Management Actions Type Name Preventive

Page

83 of 112

To revisit, confirm and seek additional budget (if any) from management

QC

Owner

Priority

Start Date

Due Date

N/A

25 Apr 2006

25 May 2006 0%

Status

10. Risk Factor

: Vc8-5: Project Risks – Underscope Building Maintenance Budget

Description

: 1. Maintenance of buildings (Tower A, B & C) at Dataran Maybank currently being handled by outsourced parties at service fee of RM400k per year 2. Tower B & C directly owned by MIG whereas Tower A owned by MBB – Maintenance issues

Owner Reference

: : Oi1110

Risk Theme

:

Cause

: 1. Lack of controls on Building Maintenance cost 2. Lack of harmonisation of MIG owned buildings maintenance

Consequence

: 1. High cost of building maintenance

Gross Risk Ratings

Cause Category

Consequence Category Gross Rating

Likelihood

Likely

Impact

Minor

KPI

QC Owner

Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QC

Likely Minor

Current Status May Need improvement

Action Create Action Plan

Target Rating Target Likelihood

Possible

Target Impact

Moderate

Management Actions Type Name

Page

QB

Priority

Start Date

Due Date

Preventive

To develop the cost benefit analysis on Dataran Maybank Building Maintenance – Outsourcing Vs Inhouse Maintenance cost

N/A

25 Apr 2006

25 May 2006 0%

Preventive

To discuss, negotiate and seek permission to allow insurance group to maintain our own buildings

N/A

25 Apr 2006

25 May 2006 0%

84 of 112

Owner

Status

11. Risk Factor

: Fs3R-3: Inaccurate information gathered for the purpose of integration exercise (financial & insurance risk program)

Description

:

Owner Reference

: : Oi1111

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Possible

Impact

Moderate

KPI

Owner

QB Trigger Value

Existing Controls Type Name

Unit

Score

Actual

Owner

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact

Nett Rating

NA

N/A

Current Status N/A

Action Create Action Plan

N/A

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Detective

Page

85 of 112

Independent check, reliability tests

NA

Owner

Priority

Start Date

Due Date

N/A

06 Apr 2006

06 May 2006 0%

Status

12. Risk Factor

: Vc5-BA4: Delay in approvals from respective authorities

Description

: Delay in approval by Bank Negara Malaysia

Owner Reference

: : Oi1112

Risk Theme

:

Cause

: 1. Lack of understanding of the requirements to be complied with 2. Possible insufficient information submitted

Consequence

: Late/delay in launching

Cause Category

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Possible

Impact

Moderate

KPI

Owner

QB Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QB

Possible

Current Status To be reviewed

Action Create Action Plan

Moderate

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

86 of 112

Understand requirements early and then complete fulfillment

NA

Owner

Priority

Start Date

Due Date

N/A

17 Apr 2006

30 Sep 2006 0%

Status

13. Risk Factor

: Vc5-AG1: High drop-out rate due to lack of monitoring tool

Description

: Lacking in monitoring tools that halted agency business development program

Owner Reference

: : Oi1113

Risk Theme

:

Cause

: 1. Lack of monitoring capability to address performance issues 2. Lack of accurate and timely information in monitoring agent performance 3. Lack of effective agent recruitment policy and procedures 4. Too many agent under one agency leader which monitoring is usually ineffective

Cause Category

Consequence

: 1. Agency performance can not be monitored effectively 2 Agency leaders focusing on short term gain at the expense of long term sustainability of business 3. Many agent left TN to other competitors 4. Creating unfavourable situation in the industry

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Likely

Impact

Moderate

KPI

Owner

QB Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QB

Likely Moderate

Current Status May Need improvement

Action Create Action Plan

Target Rating Target Likelihood

Unlikely

Target Impact

Minor

Management Actions Type Name

Page

QC

Priority

Start Date

Due Date

Preventive

Prioritize development or acquisition of tool. Agency Development Division (ADD) to establish the required reports and monitoring requirements and to submit to IT

N/A

25 Apr 2006

30 Jun 2006 0%

Preventive

IT support – reports & monitoring tool. IT support (generation of weekly reports as monitoring tool

N/A

25 Apr 2006

25 May 2006 0%

Preventive

To seek help from IT to develop the required report and monitoring capabilities

N/A

25 Apr 2006

25 May 2006 0%

Preventive

To set an effective policy with regard to number of

N/A

25 Apr 2006

25 May 2006 0%

87 of 112

Owner

Status

productive agent per agency leader Preventive

Page

88 of 112

Develop programmes to improve the recruitment of high potential and productive agents

N/A

25 Apr 2006

25 May 2006 0%

14. Risk Factor

: Vc5-AG2: Incapability of back-office processes

Description

: Capability of backroom processes to support front business activities is not up to the mark

Owner Reference

: : Oi1114

Risk Theme

:

Cause

: 1. Inefficient backroom process impacting service level to the agency force. 2 Lack of focus by Branch on the support of agency activities. 3. Lack of efficient and effective payment modes available to policy holders as compared to other competitors 4. System instability resulting in switching of business to our competitors

Consequence

: 1. Agency – Divert business focus to other activity eg MLM if no strong support from HQ or actractive offer from competitor 2. Negative impact to agency force productivity 3. Increase surrendered cases 4. Increase customer disatisfaction level

Gross Risk Ratings

Cause Category

Consequence Category

Gross Rating

Likelihood

Possible

Impact

Minor

KPI

Owner

QC Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QC

Possible Minor

Current Status May Need improvement

Action Create Action Plan

Target Rating Target Likelihood

Unlikely

Target Impact

Insignificant

Management Actions Type Name

Page

QD

Priority

Start Date

Due Date

Preventive

Early communication - To "legalise" SLA between Agency business and all backroom support units. To develop an early detection mechanism on the level of support to agency force

N/A

25 Apr 2006

30 Jun 2006 0%

Preventive

Branch Sales Support - To develop KPI for all branches to adhere to the agreed SLA

N/A

25 Apr 2006

25 May 2006 0%

Preventive

Develop unit at branches to specifically service life business

N/A

25 Apr 2006

25 May 2006 0%

Preventive

Agency leaders - required to provide info on the level of support provided to the agents and clients

N/A

25 Apr 2006

25 May 2006 0%

89 of 112

Owner

Status

Preventive

Page

90 of 112

To immediately review existing and establish new mode of payments to policy holders

N/A

25 Apr 2006

25 May 2006 0%

15. Risk Factor

: Vc5-AG3: New products not delivered (Lack of systematic and strategic focus on new product development proceses)

Description

: Ineffective new product development plan that can help agency business to grow

Owner Reference

: : Oi1115

Risk Theme

:

Cause

: 1. Lack of proper market reaserch in developing new products 2. Lack of comprehensive business analysis in developing new product 3. Agent’s incentives not at par with our competitors

Cause Category

Consequence

: 1. Many products developed failed to meet market needs 2. Lack of assurance in meeting production target 3. Unable to meet targeted profit level - failed to meet financial target 4.Products benefits especially PA not at par with our competitors

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Possible

Impact

Minor

KPI

Owner

QC Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QC

Possible Minor

Current Status May Need improvement

Action Create Action Plan

Target Rating Target Likelihood

Unlikely

Target Impact

Insignificant

Management Actions Type Name

Page

QD

Priority

Start Date

Due Date

Preventive

Ensure product ideas are viable etc.; work closely with ODC and operations

N/A

25 Apr 2006

25 May 2006 0%

Preventive

To seek help from ORM to establish cost of capital (RBC requirements) on every new product developed

N/A

25 Apr 2006

25 May 2006 0%

91 of 112

Owner

Status

16. Risk Factor

: Vc5-EC6: Problems in arranging manual facultative insurance

Description

: Problems in arranging manual facultative insurance arrangement with Reinsurers

Owner Reference

: : Oi1116

Risk Theme

:

Cause

: If review process of the current facultative reinsurance are done without adequate/possible alternative reinsurers

Consequence

: Insurance risk might not be adequately reinsured out

Gross Risk Ratings

Cause Category

Consequence Category

Gross Rating

Likelihood

Rare

Impact

Insignificant

KPI

Owner

QD Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QD

Rare

Current Status To be reviewed

Action Create Action Plan

Insignificant

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

92 of 112

Execute transactions from list of accounts established

NA

Owner

Priority

Start Date

Due Date

Status

N/A

17 Apr 2006

01 Jul 2006

0%

17. Risk Factor

: Vc5-AD1:Backend integration issues and timing

Description

:

Owner Reference

: : Oi1117

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Rare

Impact

Moderate

KPI

Owner

QC Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QC

Rare

Current Status To be reviewed

Action Create Action Plan

Moderate

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name

Page

NA

Priority

Start Date

Due Date

Preventive

Work closely with IT

N/A

17 Apr 2006

17 May 2006 0%

Preventive

Give priority

N/A

17 Apr 2006

17 May 2006 0%

93 of 112

Owner

Status

18. Risk Factor

: Vc5-AD3: Wrong FT database contactable rate

Description

:

Owner Reference

: : Oi1118

Risk Theme

:

Cause

: 1. Lack of proper market reaserch in developing new products 2. Lack of comprehensive business analysis in developing new product

Cause Category

Consequence

: 1. Many products developed failed to meet market needs 2. Lack of assurance in meeting production target 3. Unable to meet targeted profit level - failed to meet financial target

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Rare

Impact

Insignificant

KPI

Owner

QD Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QD

Rare

Current Status To be reviewed

Action Create Action Plan

Insignificant

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name

Page

94 of 112

NA

Owner

Priority

Start Date

Due Date

Status

19. Risk Factor

: Vc5-AD6: Backend integration problems

Description

:

Owner Reference

: : Oi1119

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Rare

Impact

Insignificant

KPI

Owner

QD Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QD

Rare

Current Status To be reviewed

Action Create Action Plan

Insignificant

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

95 of 112

IT to expedite integration

NA

Owner

Priority

Start Date

Due Date

N/A

17 Apr 2006

17 May 2006 0%

Status

20. Risk Factor

: Vc5-AD7: Credit card acceptance

Description

:

Owner Reference

: : Oi1120

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Rare

Impact

Moderate

KPI

Owner

QC Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QC

Rare

Current Status To be reviewed

Action Create Action Plan

Moderate

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

96 of 112

To secure assurance from Maybank and establish M2U merchant account

NA

Owner

Priority

Start Date

Due Date

N/A

17 Apr 2006

17 May 2006 0%

Status

21. Risk Factor

: Vc5-AD8: Security concerns

Description

:

Owner Reference

: : Oi1121

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Possible

Impact

Moderate

KPI

Owner

QB Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QB

Possible

Current Status To be reviewed

Action Create Action Plan

Moderate

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

97 of 112

Awareness program

NA

Owner

Priority

Start Date

Due Date

N/A

17 Apr 2006

17 May 2006 0%

Status

22. Risk Factor

: Vc5-AD9: Issues with authorities

Description

:

Owner Reference

: : Oi1122

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Rare

Impact

Insignificant

KPI

Owner

QD Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QD

Rare

Current Status To be reviewed

Action Create Action Plan

Insignificant

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

98 of 112

Develop education program – online training & examination for cyber agents

NA

Owner

Priority

Start Date

Due Date

N/A

17 Apr 2006

17 May 2006 0%

Status

23. Risk Factor

: Vc5-Brn3: Delay in resource replacement

Description

: Time delay in replacement of staff at the branches

Owner Reference

: : Oi1123

Risk Theme

:

Cause

: Perceived slowness in replacement of staff at the branches

Cause Category

Consequence

: 1. Potential loss of business focus due to staff resignation/pinched 2. Competitors might gain our existing customers

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Almost Certain

Impact

Moderate

KPI

Owner

QA Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Satisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QC

Almost Certain

Current Status To be reviewed

Action Create Action Plan

Insignificant

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

99 of 112

HC to speed up re-deployment & replacement of key positions

NA

Owner

Priority

Start Date

Due Date

N/A

17 Apr 2006

31 May 2006 0%

Status

24. Risk Factor

: Vc5-Brn4: Negative effects of centralization process

Description

: Centralization of key operational functions might have negative impact to branches

Owner Reference

: : Oi1124

Risk Theme

:

Cause

: 1. Perceived slow operational process in supporting branches. 2. Lack of focus on the operational issues affecting branches

Consequence

: Possible negative impact to agents and customers at the branches

Gross Risk Ratings

Cause Category

Consequence Category

Gross Rating

Likelihood

Possible

Impact

Moderate

KPI

Owner

QB Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QB

Possible

Current Status To be reviewed

Action Create Action Plan

Moderate

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

100 of 112

Demand SLA from HQ Operations on key processes

NA

Owner

Priority

Start Date

Due Date

N/A

17 Apr 2006

17 May 2006 0%

Status

25. Risk Factor

: Vc5-S/MS2: Delay due to system incompatibility

Description

:

Owner Reference

: : Oi1125

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Possible

Impact

Moderate

KPI

Owner

QB Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QB

Possible

Current Status To be reviewed

Action Create Action Plan

Moderate

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

101 of 112

Work very closely with IT; constant communications with agents

NA

Owner

Priority

Start Date

Due Date

N/A

17 Apr 2006

17 May 2006 0%

Status

26. Risk Factor

: Fs3-Fs3.25-1: Process Risk – bonus allocation practice needs to be streamlined in order to avoid confusion for Operations upon claim payment & bonus declaration

Description

: Note: FS3 Finance & Risk Management – FS3.25 Aligning Various Bonus Practices of Participating Policies - Actuarial (Life)

Owner Reference

: : Oi1126

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Possible

Impact

Catastrophic

KPI

Owner

QA Trigger Value

Existing Controls Type Name

Unit

Score

Actual

Owner

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact

Nett Rating

NA

N/A

Current Status N/A

Action Create Action Plan

N/A

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

102 of 112

Recommend a common practice

NA

Owner

Priority

Start Date

Due Date

N/A

17 Apr 2006

17 May 2006 0%

Status

27. Risk Factor

: Fs3-Fs3.27-1:Process Risk – retention limits need to be streamlined for practical purposes & to avoid confusion for underwriters

Description

: e.g. if a customer buys 2 products with different retention at the same time, which retention to apply ? Have to consider accumulation of risk per life. Note: FS3 Finance & Risk Management – FS3.27 Consolidation of MNI & MLA Reinsurance Treaties - Actuarial (Life)

Owner Reference

: : Oi1127

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Rare

Impact

Insignificant

KPI

Owner

QD Trigger Value

Existing Controls Type Name

Unit

Score

Actual

Owner

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact

Nett Rating

NA

N/A

Current Status N/A

Action Create Action Plan

N/A

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name

Page

NA

Priority

Start Date

Due Date

Preventive

Review reinsurance arrangements to identify affected risks.

N/A

17 Apr 2006

17 May 2006 0%

Preventive

Notify reinsures & Operations.

N/A

17 Apr 2006

17 May 2006 0%

103 of 112

Owner

Status

28. Risk Factor

: Fs3-Fs3.27-2: Process Risk – consolidation of various treaties for better management of risks and to avoid duplication of risks covered as this could lead to a dispute when a claim arises.

Description

: Note: FS3 Finance & Risk Management – FS3.27 Consolidation of MNI & MLA Reinsurance Treaties - Actuarial (Life)

Owner Reference

: : Oi1128

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Rare

Impact

Insignificant

KPI

Owner

QD Trigger Value

Existing Controls Type Name

Unit

Score

Actual

Owner

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact

Nett Rating

NA

N/A

Current Status N/A

Action Create Action Plan

N/A

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name

Page

NA

Priority

Start Date

Due Date

Preventive

Identify treaties for consolidation.

N/A

17 Apr 2006

17 May 2006 0%

Preventive

Negotiate with reinsures to maintain the best terms & conditions

N/A

17 Apr 2006

17 May 2006 0%

104 of 112

Owner

Status

29. Risk Factor

: Fs3-Fs3.29-1:Operational Risk – Data integrity issue arise in order to compile historical data for corresponding new financial period. Data resides in multiple systems and no base for reconciliation.

Description

: Note: FS3 Finance & Risk Management – FS3.29 Aligning MNI & TN IBNR Data for Reserving Period Ending 30 June - Actuarial (General)

Owner Reference

: : Oi1129

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Almost Certain

Impact

Catastrophic

KPI

Owner

QA Trigger Value

Existing Controls Type Name

Unit

Score

Actual

Owner

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact

Nett Rating

NA

N/A

Current Status N/A

Action Create Action Plan

N/A

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name Preventive

Page

105 of 112

To engage a consultant to do IBNR computation for FYE 30/06/2006 without having to tabulate historical date for corresponding new financial period.

NA

Owner

Priority

Start Date

Due Date

N/A

17 Apr 2006

17 May 2006 0%

Status

30. Risk Factor

: Fs3-Fs3.30-1: Process Risk – availability of detailed historical information of assets, liabilities & products for all entities

Description

: Note: FS3 Finance & Risk Management – FS3.30 Harmonization of actuarial reports

Owner Reference

: : Oi1130

Risk Theme

:

Cause

:

Cause Category

Consequence

:

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Rare

Impact

Insignificant

KPI

Owner

QD Trigger Value

Existing Controls Type Name

Unit

Score

Actual

Owner

Target Status Last Trend Month

Interval

Effectiveness

Controls Effectiveness Control Likelihood N/A Control Impact N/A Nett Rating Nett Likelihood Nett Impact

Nett Rating

NA

N/A

Current Status N/A

Action Create Action Plan

N/A

Target Rating Target Likelihood

N/A

Target Impact

N/A

Management Actions Type Name

Page

NA

Priority

Start Date

Due Date

Preventive

Identify information required

N/A

17 Apr 2006

17 May 2006 0%

Preventive

Review & determine assumptions

N/A

17 Apr 2006

17 May 2006 0%

106 of 112

Owner

Status

31. Risk Factor

: Vc1-IT5: Process Risks – delay in approval of the system

Description

: 1. The IT team noted that there is a timeline need to be met by the business side by September 06. As such, IT need to complete the approval process by June 06 to support the above. 2. As at to date, the PMO had resolved the approval issues, nevertheless the matter remain as ‘Watch List Issues’ as it is remain relevant if left unchecked

Owner Reference

: : Oi1131

Risk Theme

:

Cause

: 1. Lengthy process of compliance and various levels of approval. 2. Uncertainty over the systems and models to use. 3. Uncertainty in term of commitment and input from users. 4. Uncertainty in term of responsiveness of vendor(s) to clarification and RFP.

Consequence

: 1. Delay in operation for the enlarged entity 2. Inability to meet merger objective

Gross Risk Ratings

Consequence Category

Gross Rating

Likelihood

Possible

Impact

Moderate

KPI

Owner

QB Trigger Value

Existing Controls Type Name Preventive

Cause Category

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

High awareness of key dependencies and communication of the same to the whole project team

Effectiveness N/A

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QB

Possible Moderate

Current Status May Need improvement

Action Create Action Plan

Target Rating Target Likelihood

Unlikely

Target Impact

Minor

Management Actions Type Name Detective

Page

107 of 112

To prepare and review approval timeline for all projects and to ensure that the timeline will consider the above uncertainties as identified in the causes and contingency measures.

QC

Owner

Priority

Start Date

N/A

01 May 2006 30 Jun 2006 0%

Due Date

Status

32. Risk Factor

: Vc1-IT3: Process Risks due to resources issues – Disruption/delay to existing operation

Description

: 1. Staff involved in the projects must at the same time support existing business at respective business entity concurrently. 2. The concern is if there is a need for the staff to attend to business, the resources will be pulled back from the project hence creating a void to the team. 3. A time bomb issues during full fledge implementation of the integration program.

Owner Reference

: : Oi1132

Risk Theme

:

Cause

: 1. Lack of full time resources commitment. 2. Unavailability of immediate replacement.

Consequence

: 1. Impact to existing operation 2. Schedule overrun 3. Cost overrun

Gross Risk Ratings

Consequence Category

Gross Rating

Likelihood

Likely

Impact

Moderate

KPI

Owner

QB Trigger Value

Existing Controls Type Name Preventive

Cause Category

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

High awareness on commitment and support from respective entities

Effectiveness N/A

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QB

Likely Moderate

Current Status May Need improvement

Action Create Action Plan

Target Rating Target Likelihood

Possible

Target Impact

Minor

Management Actions Type Name

Page

QC

Priority

Start Date

Due Date

Status

Preventive

To request from the PMO for a full time resources to be allocated to the projects

N/A

16 Jun 2006

15 Jul 2006

0%

Preventive

To built in contingency with regards to resources allocation within the team

N/A

16 Jun 2006

16 Jul 2006

0%

Preventive

For a package system which highly dependant on vendor, the team will acquire the vendor assistance to look for possible arrangement for external support and resources.

N/A

16 Jun 2006

15 Jul 2006

0%

108 of 112

Owner

33. Risk Factor

: Vc1-IT6: Process Risks – user requirements poorly defined

Description

: 1. Not thoroughly defining the requirements before starting, consequently not understanding the true work effort, skill sets and technology required to complete the project. 2. Complexity of the requirements i.e. merging of the Takaful & conventional, mudharabah & wakalah, FRS139 & existing accounting practices etc. 3. The success of any project dependent on commitment to deliverables and responsibilities.

Owner Reference

: : Oi1133

Risk Theme

:

Cause

: 1. Poor resources commitment and coordination i.e. lack of active participation by end user. 2. Unavailability of full time resources. 3. Limited resources anticipated due to heavy reliance on key personnel.

Cause Category

Consequence

: 1. Poor business requirement sign off resulted in poor test cases developed, business scenarios or rules missing and impact to the test plan. 2. System developed or integrated mismatch and does not meet business requirement or expectation 3. Cost overrun due to variation order as a result of changing requirements

Consequence Category

Gross Risk Ratings

Gross Rating

Likelihood

Likely

Impact

Moderate

KPI

Owner

QB Trigger Value

Existing Controls Type Name

Unit

Score

Actual

Target Status Last Trend Month

Interval

Effectiveness

Detective

Project manager and/or business analyst engage for the respective project to provide report to Project Steering on regular basis to ensure the adequacy and quality of business requirement. Any shortcomings are to be reported via the escalation process established by the merger PMO.

Weekly

N/A

Detective

Establishment and close monitoring of respective project charter.

Weekly

N/A

Detective

Establishment and close monitoring of respective project charter.

Weekly

N/A

Owner

Controls Effectiveness Control Likelihood Some Weaknesses Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QB

Possible Moderate

Current Status May Need improvement

Action Create Action Plan

Target Rating Target Likelihood

Possible

Target Impact

Minor

Management Actions Type Name Preventive

Page

109 of 112

To prepare and review approval timeline for all

QC

Owner

Priority

Start Date

N/A

16 May 2006 30 Jun 2006 0%

Due Date

Status

project and to ensure that the timeline will consider the above uncertainties as identified in the causes and contingency measures.

Page

Preventive

To propose for a dedicated team to be appointed for the initiatives.

N/A

16 Jun 2006

15 Jul 2006

0%

Preventive

To use Maybank resources to do project QA

N/A

16 Jun 2006

15 Jul 2006

0%

Preventive

Appointment of business analyst

N/A

01 Jun 2006

30 Jun 2006 0%

110 of 112

34. Risk Factor

: Vc1-IT7: Data Quality and Integrity Risks

Description

: 1. Complexity of the conversion activity 2. Discrepancies/errors in source data especially for the life policies 3. Old data

Owner Reference

: : Oi1134

Risk Theme

:

Cause

: 1. Degree of complexity of the migration and conversion required - Different coding used by different systems 2. Product specification not available for developing conversion specifications 3. Data kept outside the core system

Consequence

: 1. Operational issues 2. Project schedule overrun 3. Cost overrun

Gross Risk Ratings

Cause Category

Consequence Category

Gross Rating

Likelihood

Likely

Impact

Major

KPI

QA Owner

Trigger Value

Existing Controls Type Name

Unit

Score

Owner

Actual

Target Status Last Trend Month

Interval

Effectiveness

Preventive

Data cleansing before implementing

As Appropriate N/A

Preventive

Conversion planning and strategy

As Appropriate N/A

Controls Effectiveness Control Likelihood Unsatisfactory Control Impact Unsatisfactory Nett Rating Nett Likelihood Nett Impact

Nett Rating

QA

Likely Major

Current Status May Need improvement

Action Create Action Plan

Target Rating Target Likelihood

Possible

Target Impact

Minor

Management Actions Type Name Preventive

Page

111 of 112

To establish specific data migration and conversion risk scorecard to ensure all specific risks details addressed

QC

Owner

Priority

Start Date

N/A

01 Aug 2006 15 Sep 2006 0%

Due Date

Status

Risk Quadrant Legend :

QA - Very Significant QB - High QC - Medium QD - Low

Page

112 of 112

Related Documents

Post Merger Scorecard
November 2019 5
Merger
June 2020 31
Merger
November 2019 43
Merger
June 2020 25
Merger
May 2020 51