Skip Ribbon Commands
Skip to main content
South African Reserve Bank

Approach And Methodology  

Strategic and operational risk management
The Bank’s strategic and operational risk management approach and methodology are largely based on the principles contained in the Committee of Sponsoring Organizations (COSO) Enterprise Risk Management (ERM) Framework and is consistent with widely accepted standards, guidelines and best practice. The methodology includes the following components: 
  • Objective setting – Establishing the context for risk analysis and assessment 
  • Risk identification – Identifying potential risks that could threaten the achievement of objectives 
  • Risk assessment – Assessing the potential impact of identified risks on the operations, financial resources and reputation of the Bank 
  • Risk mitigating measures – Consideration of the adequacy and effectiveness of risk mitigating measures and assessing the likelihood of risks materialising  
  • Areas for improvement – Identifying areas where existing risk mitigating measures can or should be improved 
  • Action plans – Formulating action plans to implement new or enhance existing risk mitigating measures 
  • Follow up – Monitoring the status of implementation of action plans 
  • Reporting – Reporting to the risk management oversight committees on the results of risk assessments and the status of implementation of action plans  
  • Monitoring – Monitoring the adequacy and effectiveness of the risk management process
Facilitated work sessions are conducted by the RMCD, in conjunction with management of the Bank, for the purpose of completing the Bank-wide and departmental risk assessments.
Business continuity risk management
The Bank’s business continuity management (BCM) programme is based on the BCM lifecycle model, as defined by the Business Continuity Institute UK.  This is widely recognised as the international good practice guideline for BCM development and management. 
The Business Continuity Institute’s lifecycle model consists of the following elements:
  • BCM policy and programme management
  • Embedding BCM in the organisation’s culture
  • Understanding the organisation
  • Determining BCM strategy
  • Developing and implementing a BCM response
  • Exercising, maintaining and reviewing
Information security risk management
The Bank has adopted the ISO 27002 Information Security standard and the Information Security Forum’s (ISF) “Standard of Good Practice for Information Security”. This standard covers six distinct aspects of information security:
  • Security Management, which deals with topics related to high level direction for IS, arrangements for IS across the organisation and establishing a secure environment; 
  • Critical Business Applications, which deals with topics related to requirements for securing business applications; 
  • Computer Installations, which deals with topics related to the design and configuration of computer systems; 
  • Networks, which deals with topics related to network design and implementation;
  • Systems Development, which deals with topics related to the application of IS during all stages of the systems development life cycle; and 
  • End User Environment, which deals with topics related to local security management and the protection of desktop applications.

Financial risk management

Comprehensive and specialised financial risk management methodologies and systems are in place to manage financial risks pertaining to domestic and foreign-exchange market operations. Please refer to the Bank’s Annual Report for more information in this regard.
Sign In
Risk Management Help (new window)