LETTERS: Risk management key corporate governance tool

Disruptive cultures precipitate unique risks that should be proactively managed. FILE PHOTO | NMG 

The documentation and rollout of the Mwongozo Code of Governance for State Corporations (“Mwongozo”) in 2015 was a key milestone by the Public Service Commission (PSC) and the State Corporations Advisory Committee (SCAC) in the endeavor of creating strong governance frameworks.

The Mwongozo is a pivotal document that can foster a positive momentum in the quality of corporate governance if it is diligently implemented by the Boards in state corporations.

The document provides important guidance on transparency and disclosures, accountability, risk management and internal control, ethical leadership and corporate citizenship, compliance with laws and regulations, among others.

There have been disturbing organizational failures both locally and at the global stage. The recent failures of the Lehman Brothers, WorldCom, Barrings Bank and Enron are all attributable to failures in corporate governance.

In Kenya, there have been failures both at the public and private sectors mainly due to weak or compromised corporate governance. These organizational failures have been significant in the financial services, retail sector and Small and Medium Enterprises (SMEs).


Organisational failures cause massive financial losses by the shareholders and intense suffering by the key stakeholders – job losses, reputation impact, legal consequences etc. The ripple effects can reverberate across an entire economy and usually imply a reputation damage for the country.

The holy grail for organizational resilience and survival for perpetuity are strong governance frameworks capable of withstanding internal and external shocks.

The greatest ‘gem’ in the Mwongozo is risk management. Kenya has a strong detective risk management as provided for by the Office of the Auditor-General (OAG).

However, the preventative aspect of risk management requires to be strengthened. The OAG performs a pivotal role in conducting reviews across the public sector corporations. The audit reports largely point to risks that have already been initiated (crystallized) – leakages that have already occurred. The PSC and SCAC should expand on the Mwongozo with a view to establishing more robust risk management systems/ frameworks.

Organisational risks are dynamic and vary depending on the nature of the supply chain. With the ongoing digital revolution, there is likely to be an upsurge in cyber-related risks. Disruptive cultures, such as generation Y, and the increasing trend of globalisation also precipitate unique risks that should be proactively managed.

The Mwongozo provides a general requirement for a Risk Management function. However, it would be prudent for it to be enhanced to provide a more granular guidance on, for example, the Enterprise Risk Management (ERM) that should be implemented by the state corporations and the minimum human capital and resourcing requirements for the risk management functions.

This way it will ensure a standard approach with regard to the management of risk and instill an enhanced level of vigilance thus stimulating a high quality of corporate governance.

The boards would also be adequately capacitated to proactively manage “Black Swan” events and create a predictable control environment characterized with prudent management of public resources.

Jonah Mosso via email