The study conducted in March this year cites a lack of skilled personnel in the institutions, proper methodology and also data as the major risk the institutions face.
According to Michael Karanja, Enterprise Risk Services Manager at Deloitte, one of the major risks for many institutions in the region currently is on managing the use of new technology by putting in place measures to enhance privacy due to the increase of cyber crimes.
“A key finding was that most companies are just focusing on what we call the traditional risks like credit risks and market risks. But now we have the new emerging risks. So (firms need to) have a wide enterprise programme that focuses on both the old, new and emerging risks like operational risks, IT risks and so on,” said Karanja.
The traditional risks which have been given much focus include credits risks, which is highlighted by 92 percent of the surveyed companies, regulatory risks at 90 percent, compliance risks at 90 percent and market risks at 85 percent.
The new emerging risks which have forced many companies to shift focus include the operational risks at 95 percent, strategic risks at 80 percent, reputation risks at 83 percent while IT security was prioritised by 75 percent of respondent firms.
According to the survey which was carried out in Kenya, Uganda and Tanzania, 70 percent of the financial institutions have enterprise risk management programmes, with 31 percent of them having completed the implementation.
Julie Nyang’aya, a partner at Deloitte said the public sector in Kenya is a step ahead as far as risk governance is concerned and that the private sector should emulate.
She says this started way back from 1998 after a circular was sent to all government ministries by the then Treasury Permanent Secretary directing them to have institutional risk management framework.
“The government is doing its bit. It will now be a good time to go and asses how that circular has been effectively implemented across the various sectors,” said Nyang’aya.
The report shows that most of the institutions don’t invest in risk management with fear of making losses as some risks like IT security are expensive to maintain.
During the survey, 70 percent of the respondents were banks.