Blue Label has adopted an enterprise-wide approach to risk management, which means that key risks in the group are identified, assessed and monitored in a structured and systematic process of risk review and management. The risk management plan forms part of the annual internal audit plan approved by the ARCC. The approved plan for the ensuing financial year comprise inherent and residual risk assessments on a quarterly basis as well as the compilation and review of a separate IT related risk register to ensure complete visibility of all IT risks in the group by segment.

Management conducts group-wide risk assessments on a quarterly basis. This entails the identification and prioritisation of risks in accordance with the impact and likelihood of these risks. In line with the group’s risk framework, the potential impacts of the risks are quantified on a five-point scale comprising catastrophic, critical, serious, significant and minor/ insignificant. Risks are then further quantified in terms of the probability of occurrence in accordance with probability factors viz almost certain, likely, possible, unlikely and rare. Internal controls to mitigate the identified risks are evaluated to establish the appropriateness and adequacy of the existing controls to ensure that they perform the required risk mitigation. Management decides on the acceptance of the identified risk or exposure and, if considered high, an action plan and timeframe are put in place to reduce the level of risk to a more acceptable level.

View the group’s material impacts and risks