ASSET MANAGEMENT CONFERENCE Presentation by: Nasumba Kizito Kwatukha

1. ASSET MANAGEMENT CONFERENCE Presentation by: Nasumba Kizito Kwatukha CPA,CIA, CISA,CFE,CISSP,CRMA,CISM,DIP-IIK Director : Risk-com Ltd Uphold public interest

2. Assets: • Is a resource controlled by the entity as a result of past events and from which future economic benefits are expected to flow to the entity-create value • Concept of Ownership and Control and use of Substance over form • Concept of Control over work force and footballers-Diego Costa case Introduction

3. Asset Management • Set of interrelated activities and elements of an organization whose function is to develop processes needed to ACHIEVE objectives • It involves Policies, Framework and Process formulation. • Independent Assurance and review is critical

4. Benefits of Asset Management • Enables achievement of objectives through effective and efficient management of its asset • Achievement of objectives is through the linkage of the Overall Strategy to the organization Assets which are the core Revenue generators • What constitutes value is the linkage between Assets and Strategy with clear Measurable on Asset Performance • Resultant benefits are Financial and Non-financial

5. Influencers of Assets to Keep • Nature and of purpose of the organization: E.g. Financial Industry players should not hold Properties • Operating Context: Assessment of your key principal Activities: E.g. Manufacturing • Needs and Expectations of Stakeholders : Risk Appetite and Integrated Reporting • Regulatory Environment: Matching Assets to Liabilities

6. Risk Management Defined • Process of ensuring Organization goals are achieved through Identification, Assessment and Mitigation of Risk: • Key to Asset Management because Asset is the sole generator of Revenue • Assessment involves Looking at the Likelihood and Impact: • Risk Management helps in the linking of Asset Performance to the Strategy of the organization • Mitigation involves making a decision on whether to self Insure; Retain or to transfer the risks attached to the asset.

7. Risk Management Process

8. Role of Audit in Risk Mgt • Independent Assurance on the Asset Risk Management Process • Process Owners are responsible for the Risk Management Activities • Is there a role of the Risk and Compliance Department ?

9. Areas to disclose

10. Operational Risks: ISO 55001 • 2. Legal and Compliance Risk • 3. Data Management : ISO 27001 Risks Associated with Assets

11. Failures due to Systems, Processes and People : • Obsolescence or impairment of assets • Restructuring charges related to changes in the nature of the business • Incorrect recording of assets, hidden by complex ownership structures designed to keep assets (and related liabilities) off the books • Incorrect valuation of assets acquired as part of a group purchase • Improper recording of capital leases as operating leases Operational Risks

12. Operational Risks-Fraud

13. Operational Risks-Fraud

14. Operational Risks-Fraud • Increased Purchases • Complex Purchases • Employees Homes are like a second Institution • Alteration of Documents-Self copy is Incorrect • Shrinkages in physical Assets • Real Estate fraud: Land Rates, Idle land, copies missing, DOVE

15. DOVE: Objective Market Values • Surprise Checks • Insurance :Standard Fire and Business Interruption Policies • Proper Approvals; understand Insurable Risks and Exclusions • Roles and Rights • Statistical Sampling • Review of Risk Maps and Assessments Mechanisms to Mitigate Risks

16. Legal and Compliance Risks • Proper Asset Document and Referencing Register • Due Diligence on DOVE • Income tax Requirements: CAP 470 and CAP 476 • Depreciation and Capital Allowances • Determination on when to Capitalize Expenses

17. Data- the True Asset In God we trust All others must bring Data

18. Data is getting … • … bigger, faster, in more shapes and formats, from more sources … more complex to control • … more important for business, both for operational and analytical purposes • Business wants to keep focusing on the business • Data is in databases and servers, so IT is covering it • Complexity increase makes current approach tedious, error prone and unsustainable • Tweets, Facebook, IG Data at a glance

19. Data Should be treated as an enterprise asset • Data Quality should be part of everyone’s job description and a parameter of performance evaluations and incentive packages • Employees should be assigned responsibility of data • Stewardship responsibility including • Establishing and implementing of the policies • Defining data quality parameters and standards • Data classifications and processing • Address the major reasons for the failure to fill this role • Data is not recognized as an asset • Political or cultural consideration (e.g. who should be responsible for customer data) • The difficulty involved and other priorities • Data should be modeled like other assets • Data should be modeled via business or enterprise data model • Compromise between accuracy and availability of data Data as an Enterprise- Corporate Asset

20. Elements of Data Strategy

21. Organizational Structures & Awareness • Stewardship • Policy • Value Creation • Data Risk Management & Compliance • Information Security & Privacy • Data architecture • Data Quality Management • Classification and metadata • Information Lifecycle Management • Audit Information, Logging & Reporting Data Governance

22. Intake / Proposal • Review, approval, voting • Escalation • Issue management • Data Sharing • Security classification • Policy audit Process of Data Management

23. Domain Expert – Function consultant/ ICT • Information architect • Data steward • Data Analyst • Business Analyst Roles/ Competencies Involved

24. Q& A Nasumba Kizito Kwatukha CPA,CIA, CISA,CFE,CISSP,CRMA,CISM,DIP-IIK Director : Risk-com Ltd Q & A