HOW TO DEVELOP RISK MANAGEMENT
POLICY FOR SACCOS
Faustin K. Zihiga
Association of Microfinance Institution of Rwanda (AMIR).
2nd SACCO LEADERS’ FORUM- Kigali Rwanda 21-23/03/2011
Presentation Out line
What is Risk?
What is risk management.
Characteristics of SACCOs and the risk factor.
Categories of Risks from a SACCO perspective.
Risk management Policy.
Like food is a necessity to our body, Risk Management is
the life and blood of any financial institution”.
SACCOs are predominantly formed as a result of a need to
mitigate life threatening risks by mainly the poor; however,
they too (SACCOs) pause a big risk if not well managed
through sound policies.
The killer risk in our business, be it SACCO or any other
entity providing financial services or intermediation, is the
inability to know what our risks are or the extent to which
these risks will affect our businesses/ SACCOs. SACCOs
are prune to risk because like any other financial
institution, they handle money and more than often; they
handle many small cash transactions. Therefore Risk
management policies are crucial to provide the essential
guidelines to mitigate risks that come with the nature of
The dictionary definition of risk is :- “Possibility or chance of
meeting danger, suffering loss, injury”¹
Risk is anything that will make your well intended actions to
deviate and bring about unintended, in most cases, negative
results and or loss.
Because there is a risk of death people go to see a doctor,
wear caskets, put on safety belts etc and in SACCOs because
there is a risk of loss, closure or legal proceedings against
people, sound risk management policies need to be in place
¹Longman learners dictionary
What is Risk management:
Risk management is a systematic approach /process of
identifying, prioritizing risks and implementing strategies to
mitigate the risks. It involves prevention of potential problems
and the early detection of actual problems²
Consequently a Risk Management policy is a framework
established within the business entity through which the
systemic approaches and processes of risk management are
²Adopted from CGAP course materials.
Characteristics of SACCOs and the
Large number of small loans thus small number of many payments that
are very difficult to track.
Decentralized and dispersed operations over a wide disconnected
Large numbers of less literate clientele that depend on the ingenuity of
the managers of the SACCOs –
Managers with a social science rather than a business background.
Limited use of integrated management information systems.
There is often great pressure to cut costs in most cases at the expense
of adequate supervisional and control mechanisms.
Reluctance to write off bad loans especially those given to influential
members in the SACCOs or for fear of a bad image.
Categories of risks.
Risks can be categorized into 4 to 6 major categories
Financial management risks
IT risk (very prevalent today).
Governance risk (hidden risk)
Categories of risks – Operational Risk.
Operational risks are risks likely to occur while executing our
day today business; examples include, fraud, theft, cash loss,
security, Inefficiencies, redundancies, funds concentration etc
The risk management policy will be designed depending on
the risk area of the business or a combination of more than
one policy if the risk areas are highly related. E.g an
operational policy and procedure manual could address the
above risk depending on the size of the business and the of
variety of products.
Categories of risks – Institutional Risk.
Institutional risks are those that threaten the institutional identity in
terms of its Mission – sometimes termed Mission drift.
Such risks may occur due to a change in the client target group,
dependency on a single source of financing or donor dependency
Policy may determine how much share capital each member
should contribute and what this would translate into in terms of the
decision powers to be exercise.
What donations and under what conditions will they be accepted
and financially accounted for.
Categories of risks
– Financial Management Risk.
Financial management risks would include those
related to treasury and liquidity management, Asset
liability risks etc
Financial and Treasury management manuals as well
as asset liability policies will provide clear guidelines
Categories of risks – External Risks.
External risks, these are risks that may impact the SACCO
Microeconomic challenges, competition, politics, regulatory
environment, social unrest etc
Policies to mitigate such risks will vary from environment to
environment while others will dependent entirely on the
prevailing conditions at the time.
Categories of risks - IT Risk.
IT risk (very prevalent today) Heavy dependence or non
Dependency - unauthorized access, Data inaccuracies,
environmental disasters, inappropriate use, limited software
Non dependent – Manual systems data tracking inaccuracies,
time management and compliancy, adoptability to systems etc
Policies - Disaster recovery program, Business continuity
programs, appropriate technology policies etc
Categories of risks - Governance Risk.
Governance risk (hidden risk)
Poor governance in SACCOs,
Training, proper and distinguished roles of the
organ with clear sanctions for those that do
not respect procedures
Risk management mechanisms :
Risk management policies and procedures will clearly
state how particular risks will be :-
- Deterred before they can be committed
- Prevented when there is likelihood to occur
- Detected in the system
- Mitigated when they occur
Effective risk management policies
Clearly stated missions vision, objective and values to
provide overall direction to all employee and stakeholders.
Provide for a sound and safe conducive environment
Motivated and confident people who have ownership
Clear and easy to understand processes and procedures
Accountable and transparent process
Performance monitoring systems that can help measure
Reliable management information systems be it manual or
electronic with documented workflows.
Risk management is something that each SACCO
will always live with. It is a work in progress
moving target function because business
conditions change over time
It will always require the conscious effort of
management to continually monitor and alert the
institution about possible risks, the implication and
the mitigation process to be engaged.
Policies and procedures are good but they have
one major flaw, “they are easily, forgotten, skipped,
neglected or overridden. It is people and their
commitment that are critical in the success or
failure of any procedures, policies and or
Thank You !!!