Our Business
Risk and opportunity management
Resilience
We recognise that unexpected events can disrupt business operations, potentially leading to prolonged service outages that impact customer satisfaction and the Fund’s reputation. To mitigate this risk, we have established robust business continuity systems and processes, including a fully-fledged disaster recovery site (DRS) located several kilometres from the primary site at Workers House. The DRS enables real-time data replication from the primary site, ensuring continuity even in the event of a major disruption.
Regular disaster recovery tests are conducted to assess the resilience of our systems, identify potential challenges, and proactively address them. In FY2024/25, two tests were carried out, both of which confirmed our ability to meet recovery time objectives.
Risk awareness
Regular risk-awareness training and sensitisation are conducted to ensure staff are well equipped to effectively manage the risks associated with their activities. A recent internal survey indicated that 97% of employees reported being aware of the risks linked to their roles, 93% confirmed that control assessments are conducted regularly, and 94% agreed that these assessments have strengthened the Fund’s overall control environment. The results of the survey are illustrated below.
Risk awareness survey
I am aware that effective risk management enables the Fund to attain its objectives
96%
I have a good idea of the key risks associated with the activities that I do
97%
The way I identify and manage risks in my department determines my success in achieving my performance targets
95%
The Enterprise Risk Management department has contributed significantly to my appreciation of risk and risk management
92%
I believe the level of risk awareness in the Fund is high
89%
When I think of doing something, I reflect on what could wrong and figure out how to mitigate it
97%
In my department, before a new system or process is implemented, a risk assessment is conducted
89%
Risk assessments should be carried out before undertaking any new business activity
96%
Control assessments are carried out regularly in my department
93%
I support the idea of regular assessments of controls
97%
Regular control assessments have helped to strengthen the control environment in the Fund
94%
I would recommend every organisation to undertake regular control assessments
96%
Data protection
Our information security management systems are aligned with international best practices. In FY2024/25, the Fund obtained certification (No. IS 767004), for ISO/IEC 27001:2022, the current global standard for Information Security Management Systems. This certification affirms the robustness of our information security controls and our commitment to safeguarding member data.
Heatmap (severity and trend): 2024-25
Heatmap 2024
- MR – Market risk
- IR- Info security/cyber risk
- RR- Reputation risk
- GR – Governance risk
- CR – Compliance/litigation risk
- TR – Technology risk
- TaR – Taxation risk
- FR – Financial crime risk
- HsR – Health and safety risk
- LR- Liquidity risk
- SR - Strategic risk
- OpR – Operational risk
Heatmap 2025
- IR- Info security/cyber risk
- SR - Strategic risk
- IntR- Interest rate risk
- MR – Market risk
- CR – Compliance/litigation risk
- TR – Technology risk
- FR – Financial crime risk
- RegR – Regulatory risk
- GR- Governance risk
- RR – Reputational risk
Heatmap 2024
- MR – Market risk
- IR- Info security/cyber risk
- RR- Reputation risk
- GR – Governance risk
- CR – Compliance/litigation risk
- TR – Technology risk
- TaR – Taxation risk
- FR – Financial crime risk
- HsR – Health and safety risk
- LR- Liquidity risk
- SR - Strategic risk
- OpR – Operational risk
Heatmap 2025
- IR- Info security/cyber risk
- SR - Strategic risk
- IntR- Interest rate risk
- MR – Market risk
- CR – Compliance/litigation risk
- TR – Technology risk
- FR – Financial crime risk
- RegR – Regulatory risk
- GR- Governance risk
- RR – Reputational risk