Post Merger Scorecard

Takaful Nasional Sdn Berhad
CORPORATE RISK SCORECARD REPORT

Key Risk Register
Scorecard Name : Post Merger Risk
Scorecard Owner : Mohd Radzuan Mohamed
Reporting Period : Apr-2006 (For KPI Reporting)
Print Date : 24-May-2006
1. Goal : To ensure that all risks that threatened the accomplishment of of the Merger objectives i.e. value creation
are mitigated.
1. Strategic : (External) TBA
Objective
1. Risk Factor : Fs4-1:Reputation Risk
Description :
Owner :
Reference : Ei1101
Risk Theme :
Cause : Cause Category
Consequence : Consequence Category
Gross Risk Ratings Gross Rating

Likelihood Likely QA
Impact Major
KPI Owner Trigger Unit Score Actual Target Status Last Trend
Value Month
Existing Controls
Type Name Owner Interval Effectiveness
Controls Effectiveness
Control Likelihood N/A
Control Impact N/A
Nett Rating Current Status Action

Nett Rating
Create Action
Nett Likelihood N/A NA N/A Plan
Nett Impact N/A
Target Rating
Target Likelihood N/A NA
Target Impact N/A
Management Actions
Type Name Owner Priority Start Date Due Date Status
Preventive To ensure that CEO is the only N/A 17 Apr 2006 17 May 2006 0%
spokesperson for the
organization
Page 1 of 112
2. Risk Factor : Fs4-2: Media Risk
Description :
Owner :
Reference : Ei1102
Risk Theme :

Likelihood Rare NA
Impact N/A
Value Month
Existing Controls
Control Impact N/A

Nett Rating
Create Action
Nett Impact N/A
Target Rating
Target Impact N/A
Management Actions
Preventive To ensure that media buys are N/A 17 Apr 2006 17 May 2006 0%
well coordinated through one
department, the corporate
communications department
Page 2 of 112
3. Risk Factor : Fs4-3: Event Scheduling Risk
Description :
Owner :
Reference : Ei1103
Risk Theme :

Likelihood Rare NA
Impact N/A
Value Month
Existing Controls
Control Impact N/A

Nett Rating
Create Action
Nett Impact N/A
Target Rating
Target Impact N/A
Management Actions
Preventive To ensure that event dates are N/A 17 Apr 2006 17 May 2006 0%
well coordinated through the
corporate communications
department
Page 3 of 112
2. Strategic : (Regulatory (Compliance)) TBA
Objective
1. Risk Factor : Fs3A-2: Statutory Risk – BNM might not favor the decision of reducing takaful benefits
resulting injection of capital from Shareholders
Description : FS3.28 Addressing Takaful Annuities Benefits - Actuarial (Life)
Update Note:
Review from earlier risk factor based on 20060410 Risk Compilation v4: Fs3A-3: Statutory
Risks – Regulators might step in to impose special conditions since this is a nationwide interest
Owner :
Reference : Ri1102
Risk Theme :

Likelihood Possible QA
Impact Catastrophic
Value Month
Existing Controls
Control Impact N/A

Nett Rating
Create Action
Nett Impact N/A
Target Rating
Target Impact N/A
Management Actions
Preventive Notify and explain to BNM of N/A 13 Apr 2006 30 Jun 2006 0%
new product feature to reduce
benefits
Page 4 of 112
2. Risk Factor : Vc5-Brn5: Unfavorable New Insurance Act
Description : Possible new Insurance Act’s statutory requirements which might adversely effect the business
and operations at the branches
Owner :
Reference : Ri1103
Risk Theme :
Cause : 1. New changes to the Act might require new Cause Category
operational procedure
2. New changes to the Act might also require
changes to business processes
Consequence : Possible negative impact to agents and Consequence Category

customers at the branches

Likelihood Almost Certain QA
Impact Catastrophic
Value Month
Existing Controls
Control Likelihood Unsatisfactory
Control Impact Unsatisfactory

Nett Rating
Create Action
Nett Likelihood Almost Certain QA To be reviewed Plan
Nett Impact Catastrophic
Target Rating
Target Impact N/A
Management Actions
Preventive Corporate Planning to assist N/A 17 Apr 2006 31 May 2006 0%
on feasibility study for
management decision
Page 5 of 112
3. Risk Factor : Vc6-5: Reputational & regulatory non-compliance risk, in the absence of capability of Syariah
unit
Description : Investment management for Takaful funds may have a potential of syariah non-compliance
due to the absence of capability separate syariah compliance unit
Owner :
Reference : Ri2101
Risk Theme :
Cause : 1. Inability to hire competent and capability Cause Category

personnel for separate syariah compliance
section
2. Absence of future investment management
direction to ensure the need for separate
syariah compliance unit
3. No suitable ready candidate to look into
issues pertaining to syariah & its compliance
Consequence : 1. Regulatory non compliance Consequence Category

2. Reputational risk with regards to
investment of Takaful funds
3. Loss of business potential in Takaful
products

Impact Major
Value Month
Existing Controls
Preventive Establishment of separate syariah N/A
compliance unit under merged investment
management department
Control Likelihood Satisfactory
Control Impact Good

Nett Rating
Create Action
Nett Likelihood Unlikely QD May Need Plan
Nett Impact Insignificant improvement
Target Rating
Target Likelihood Rare QD
Target Impact Insignificant
Management Actions
Preventive Effective selection process (in N/A 27 Apr 2006 30 Jun 2006 0%
terms of staffing for syariah
compliance unit)
Page 6 of 112
3. Strategic : (Corporate Governance (Strategy)) TBA
Objective
1. Risk Factor : Vc5-EC3: Failure to realize potential from MBB’s SMI/SME base
Description : To further capture the Maybank’s SMI/SME customers ( who are not yet being covered under
MFB Group )
Owner :
Reference : Gi1101
Risk Theme :
Cause : 1. Lack of possible focus on the business Cause Category

2. Lack of marketing strategy to penetrate the
market
Consequence : Potential loss of business opportunities Consequence Category

Impact Moderate
Value Month
Existing Controls

Nett Rating
Create Action
Nett Impact Moderate
Target Rating
Target Impact N/A
Management Actions
Preventive Aggressive strategy of N/A 17 Apr 2006 01 Jul 2006 0%
executing value proposition
Page 7 of 112
2. Risk Factor : Vc5-EC5: Failure to develop a core marketing team
Description : The failure to develop a core marketing team to handle the sales & marketing reqd. of the MFB
Group
Owner :
Reference : Gi1102
Risk Theme :
Cause : 1. Lack of identification and development of Cause Category

existing talent pool
2. Good staff/ talent being pinched by
competitors
Consequence : 1. Lack of ability to kick start and implement Consequence Category

the sales and marketing activities
2. Existing business might be pinched by the
staff who resigned/ pinched by competitors

Likelihood Possible QD
Impact Insignificant
Value Month
Existing Controls

Nett Rating
Create Action
Nett Likelihood Possible QD To be reviewed Plan
Nett Impact Insignificant
Target Rating
Target Impact N/A
Management Actions
Preventive To identify and develop talent N/A 27 Apr 2006 01 Jul 2006 0%
pool early
Page 8 of 112
3. Risk Factor : Vc5-Brn1: Loss of key branch resources
Description : Loss of staff due to resignation, pinching and etc.

Owner :
Reference : Gi1103
Risk Theme :
Cause : 1. Staff morale being affected during the Cause Category

merger process
2. Staff being pinched by competitors
3. Branch directions – to close/ merged
between branches
Consequence : 1. Potential loss of business focus due to staff Consequence Category

resignation/pinched
2. Competitors might gain our existing
customers

Impact Catastrophic
Value Month
Existing Controls

Nett Rating
Create Action
Target Rating
Target Impact N/A
Management Actions
Preventive Obtain empowerment to retain N/A 17 Apr 2006 17 May 2006 0%
resources
Page 9 of 112
4. Risk Factor : Vc5-S/MS1- Disruption of planned activities / calendar
Description :
Owner :
Reference : Gi1104
Risk Theme :

Likelihood Rare QD
Value Month
Existing Controls

Nett Rating
Create Action
Nett Likelihood Rare QD To be reviewed Plan
Target Rating
Target Impact N/A
Management Actions
Preventive Obtain full picture of current N/A 17 Apr 2006 17 May 2006 0%
calendar
Page 10 of 112
5. Risk Factor : Vc5-S/MS3: Ineffective coordination among entities
Description :
Owner :
Reference : Gi1105
Risk Theme :

Likelihood Rare QC
Impact Moderate
Value Month
Existing Controls

Nett Rating
Create Action
Nett Likelihood Rare QC To be reviewed Plan
Target Rating
Target Impact N/A
Management Actions
Preventive Regular consultation and/or N/A 17 Apr 2006 17 May 2006 0%
meetings
Page 11 of 112
6. Risk Factor : Vc5-AG8: Lack of focus in Group Agency business development
Description : Need to improve the management of Group Agency business development
Owner :
Reference : Gi1106
Risk Theme :
Cause : 1. Lack of properly define incentive scheme Cause Category

for Group Agency business
2. Lack of manegerial skill among Group
Agency business leaders
3. Lack of effective management and
monitoring of Group Agency business
performance
Consequence : 1. Low motivation to develop Group business Consequence Category

2. Low level of skills in developing group
business among group business agency force
3. Ineffective in managing and monitoring

Group Agency business
4. Unable to capitalise a huge group business
market

Likelihood Possible QB
Impact Moderate
Value Month
Existing Controls

Nett Rating
Create Action
Nett Likelihood Possible QB May Need Plan
Nett Impact Moderate improvement
Target Rating
Target Likelihood Unlikely QC
Target Impact Minor
Management Actions
Preventive To recognize group business N/A 25 Apr 2006 25 May 2006 0%
performance (e.g. overseas
convention, club qualifiers)
Preventive To provide / strengthen N/A 25 Apr 2006 25 May 2006 0%
leaders management skill (e.g.
MII agency management
course)
Corrective To refocus & re engineer in N/A 25 Apr 2006 25 May 2006 0%
managing direct agents Action
Plan 3
Page 12 of 112
4. Strategic : (Financial) TBA
Objective
1. Risk Factor : Vc6-1: Not able to establish Mayban Fortis’ Investment Framework for MNI & TN
Description : The approved Investment Management Framework as current requirement in Mayban Fortis
may have a potential of non-adoption by MNI & TN
Owner :
Reference : Fi1101
Risk Theme :
Cause : 1. Different governance and investment Cause Category

management methodology at MNI & TN
2. Unclear communication on methodology in
Financial Risk Management
3. Inconsistent basis in terms of investment
management (risk-return characteristics)
Consequence : 1. Asset-liability mismatching risk Consequence Category

2. Investment exposure beyond acceptable
risk tolerance
3. Reduced in investment quality (in terms of
asset allocation & exposures
)

Impact Major
Value Month
Existing Controls
Preventive Adoption of Financial Risk Management N/A
framework (including the Investment
Management Guidelines)
Control Likelihood Good
Control Impact Good

Nett Rating
Create Action
Nett Likelihood Rare QD Within Expectation Plan
Target Rating
Management Actions
Preventive Setting up joint Asset-Liability N/A 27 Apr 2006 30 Jun 2006 0%
Management Committee
(ALCO)
Preventive Asset-Liability Management N/A 27 Apr 2006 30 Jun 2006 0%
(ALM) analysis for each of MNI
& TN’s funds
Page 13 of 112
2. Risk Factor : Vc6-3: Non alignment of asset class mix as according to the strategic, maximum & minimum
asset mix
Description : Different methodology in terms of investment management for various entities may lead to
misalignment of investment strategy with regards to investment strategic mix as defined in
ALM framework
Owner :
Reference : Fi1102
Risk Theme :
Cause : 1. Different governance and investment Cause Category

management methodology at MNI & TN
2. Unclear communication on methodology in
Financial Risk Management
3. Inconsistent basis in terms of investment
management (risk-return characteristics)
Consequence : 1. Asset-liability mismatching risk Consequence Category

2. Investment exposure beyond acceptable
risk tolerance
3. Reduced in investment quality (in terms of
asset allocation & exposures)

Impact Major
Value Month
Existing Controls
Preventive Compliance monitoring (in terms of N/A
investment strategic mix, including
maximum & minimum limits)
Control Impact Good

Nett Rating
Create Action
Target Rating
Management Actions
Preventive Compliance reporting to N/A 27 Apr 2006 31 Dec 2007 0%
various committees and
boards (ALCO, RMC, IC,
Boards)
Page 14 of 112
3. Risk Factor : Vc6-4: Non optimization in fixed income portfolio investment
Description : The different methodology in terms of managing credit risk for fixed income investment in
separate entities may result in non-optimization of the fixed income investment within
allowable limit (60% in terms of AA and higher rated instruments)
Owner :
Reference : Fi1103
Risk Theme :
Cause : 1. Non adoption of investment management & Cause Category

risk management governance in terms of
managing fixed income
2. Absence of methodology used in credit risk
assessment
3. Absence of allowable limits to ensure
quality fixed income investment
Consequence : 1. Potential lower yield in fixed income Consequence Category

investment
2. Inconsistent management of fixed income
based on risk aspect
3. Mismatch in terms of invested asset with
product pricing

Impact Major
Value Month
Existing Controls
Preventive Compliance monitoring (in terms of credit N/A
risk assessment by funds)
Control Impact Good

Nett Rating
Create Action
Target Rating
Management Actions
Preventive Compliance reporting to N/A 27 Apr 2006 27 May 2006 0%
various committees and
boards (ALCO, RMC, IC,
Boards)
Page 15 of 112
4. Risk Factor : Vc8-4: Financial Risks – Take up rate on free-up space
Description : Huge space to be vacated
1. MNI Twins at 140k sq ft
2. BDZ at 65k sq ft
3. Potential reduction of occupancy retention rate on existing tenancy (non MIG
)
Owner :
Reference : Fi1104
Risk Theme :
Cause : 1. Relocation of MIG Cause Category

2. Failure in retaining existing tenants
3. Potential delay in relocation exercise – ideal
space could not be rented out timely
Consequence : 1. Financial loss/impact on unoccupied space Consequence Category

– MNI Twins at 140k sq ft@RM4.20, BDZ at
65k sq ft@RM3.50.
2. Loss of rental income due to existing
tenant/s moving out
3. Increase in ratio in Building Maintenance
cost

Impact Major
Value Month
Existing Controls
Detective Establishment of marketing strategy On going N/A
Detective Continuous update and communication to; On going N/A
1. Property brokers on marketing plan
2. Existing tenant/s on flexible package
Control Likelihood Some Weaknesses
Control Impact Some Weakness

Nett Rating
Create Action
Nett Likelihood Possible QB Within Expectation Plan
Target Rating
Target Likelihood Possible QA
Target Impact Major
Management Actions
Preventive Implementation of proper and N/A 25 Apr 2006 25 May 2006 0%
effective marketing strategy
Preventive Temporary/interim risk taking N/A 25 Apr 2006 25 May 2006 0%
to relocate staff at vacated
floor
Preventive To offer attractive tenancy N/A 25 Apr 2006 25 May 2006 0%
package to retain the existing
tenant
Page 16 of 112
Page 17 of 112
5. Risk Factor : Fs3F-3: Prolonged completion leading to higher costs
Description :
Owner :
Reference : Fi1105
Risk Theme :

Impact Moderate
Value Month
Existing Controls
Control Impact N/A

Nett Rating
Create Action
Nett Impact N/A
Target Rating
Target Impact N/A
Management Actions
Detective Active project plan with clear N/A 06 Apr 2006 06 May 2006 0%
milestones and prompt issues
resolution
Page 18 of 112
6. Risk Factor : Fs3A-1.1: Business Risk – Reputational risk of Takaful if benefits are reduced subsequently not
matching the ‘PRE’
Description : FS3.28 Addressing Takaful Annuities Benefits - Actuarial (Life)
Note:
Fs3A-2: Business Risks – Loss of revenue due to negative perception of the model and fulfilling
PRE is merged into FS3A-1.1 based on 20060410 Risk Compilation v4.
Owner :
Reference : Fi1106
Risk Theme :

Impact Catastrophic
Value Month
Existing Controls
Control Impact N/A

Nett Rating
Create Action
Nett Impact N/A
Target Rating
Target Impact N/A
Management Actions
Preventive Detail comprehensive N/A 06 Apr 2006 06 May 2006 0%
communications and
explanation plan
Preventive The front-liner N/A 13 Apr 2006 30 Jun 2006 0%
(Marketing,Agents,Corporate
Communications) be made
aware of the decision to
reduce benefits
Page 19 of 112
7. Risk Factor : Vc5-EC4: Failure to increase share of wallet
Description : Failure to increase business from existing customers by widening the products being offered &
sell to the customers
Owner :
Reference : Fi1107
Risk Theme :
Cause : Lack of coordination in regards to joint Cause Category

marketing approach/programs to existing
customers within MFB Group
Consequence : Potential loss of business opportunities. Consequence Category

Value Month
Existing Controls

Nett Rating
Create Action
Nett Likelihood Possible QD To be reviewed Plan
Target Rating
Target Impact N/A
Management Actions
Preventive To set joint-market approach N/A 17 Apr 2006 01 Jul 2006 0%
of customers soon
Page 20 of 112
8. Risk Factor : Vc5-AD2: Low take-up rate
Description :
Owner :
Reference : Fi1108
Risk Theme :

Likelihood Rare QD
Value Month
Existing Controls

Nett Rating
Create Action
Target Rating
Target Impact N/A
Management Actions
Preventive Refine database N/A 17 Apr 2006 17 May 2006 0%
Page 21 of 112
9. Risk Factor : Fs3-PB2: Failure to meet the Maybank Group’s deadlines
Description :
Owner :
Reference : Fi1109
Risk Theme :

Likelihood Rare QB
Impact Catastrophic
Value Month
Existing Controls
Control Impact N/A

Nett Rating
Create Action
Nett Impact N/A
Target Rating
Target Impact N/A
Management Actions
Preventive Desktop exercise to finalise N/A 17 Apr 2006 17 May 2006 0%
budget
Page 22 of 112
10. Risk Factor : Fs3-Fs3.29-2: Financial Risk – internal assessment may be conservative considering data
issues, hence may result in high IBNR reserve
Description : Note: FS3 Finance & Risk Management – FS3.29 Aligning MNI & TN IBNR Data for Reserving
Period Ending 30 June - Actuarial (General)
Owner :
Reference : Fi1110
Risk Theme :

Impact Catastrophic
Value Month
Existing Controls
Control Impact N/A

Nett Rating
Create Action
Nett Impact N/A
Target Rating
Target Impact N/A
Management Actions
Preventive A consultant may be able to N/A 17 Apr 2006 17 May 2006 0%
provide more accurate
estimate, and release margin
due to conservatism
Page 23 of 112
11. Risk Factor : Vc5-AG9: Lower than industry in persistency ratio
Description : High surrendered cases among policy holders especially in the first two years of the policy
term (Pls indicate the statistics). Currently stands at more than 1000 surrended cases per
month in TN alone
Owner :
Reference : Fi1111
Risk Theme :
Cause : 1. Some agents are taking advantage of the Cause Category

situation by encouraging policy switching to
the existing TN policy holder
2. Ineffective and inconsistent agent
disciplinary enforcement
3. Misrepresentation by agents to potential
and existing customers
4. Lack of monitoring by agency leaders on
the conducts of their agents
Consequence : 1. Impacting persistency ratio currently stand Consequence Category

at 65% which is very much lower than
industry average
2. Reputation risk to the company
3. Impacting profitability / Higher cost of
doing business

Impact Major
Value Month
Existing Controls

Nett Rating
Create Action
Nett Likelihood Possible QA May Need Plan
Nett Impact Major improvement
Target Rating
Target Impact Minor
Management Actions
Preventive To establish Customer N/A 25 Apr 2006 25 May 2006 0%
Conservation Unit
Preventive To implement a consistent N/A 25 Apr 2006 25 May 2006 0%
agent disciplinary
conducts/enforcement
Preventive To incorporate persistency N/A 25 Apr 2006 25 May 2006 0%
ratio in agency promotion and
incentive programs
Preventive Suggested KRI N/A 25 Apr 2006 25 May 2006 0%
Page 24 of 112
5. Strategic : (Customers (Business)) TBA
Objective
1. Risk Factor : Vc2-3: Reduced customer satisfaction due to centralization of operation.

Description : 1. Centralization of processing is core of value creation.
2. Key assumption that branch will not be in processing. Branch sales oriented.
3. Currently customer being served at branches especially life business.
Owner :
Reference : Ci1101
Risk Theme :
Cause : 1. Uncertainty of the function of the branch Cause Category

create dissatisfaction.
2. Redeployment of staff
3. Agent reservation on the centralization of
operation.
4. Efficiency of the system.
Consequence : 1. Loss of customer/ agents confidence. Consequence Category

2. Staff resigning

Impact Major
Value Month
Existing Controls
Detective Usage of Maybank facilities. N/A

Nett Rating
Create Action
Nett Likelihood Possible QB To be reviewed Plan
Target Rating
Target Impact N/A
Management Actions
Preventive Formulation of Branch SLA N/A 27 Apr 2006 27 May 2006 0%
Preventive Plan for agency awareness N/A 27 Apr 2006 27 May 2006 0%
program on alternative
facilities i.e. self service
facilities, Channel, I Pos etc at
branch level
Preventive To clearly identify all N/A 27 Apr 2006 27 May 2006 0%
processes handled at branch
and find alternative avenues
without reducing SLA. Work
with all Sales and Marketing
team.
Preventive Plan for outsourcing/ N/A 27 Apr 2006 27 May 2006 0%
centralization of function
alternative strategy
Page 25 of 112
Page 26 of 112
2. Risk Factor : Vc2-4: Integrating Takaful with conventional becomes an opportunity to our competitors.
Description : Competitors will exploit the sentiment that TN is not incompliance with Shariah, due to mixture
of conventional front & back end processes.
Owner :
Reference : Ci1102
Risk Theme :
Cause : Composite branch concept (Takaful & non-T in Cause Category

1 branch)
Consequence : Loss of market share Consequence Category

Impact Major
Value Month
Existing Controls
Preventive Purity campaign by TN N/A

Nett Rating
Create Action
Nett Likelihood Likely QB To be reviewed Plan
Target Rating
Target Impact N/A
Management Actions
Preventive To propose for a team (consist N/A 27 Apr 2006 27 May 2006 0%
of branch and agency team) to
look into proposal to segregate
Takaful and non-Takaful
operation
Preventive Ensure that part of purity N/A 27 Apr 2006 27 May 2006 0%
campaign includes
communication policy to staff
on how to respond to queries
with regards to model,
operation etc
Page 27 of 112
3. Risk Factor : Vc4-2: Business Risks – Loss of revenue due to shortcomings in transition to Wakalah
Description : Refer to the possibility of reduced in the business growth due to lower return to the
participants
Owner :
Reference : Ci1103
Risk Theme :
Cause : 1. Takaful product not customer friendly and Cause Category

less attractive
2. Difficult to sell the product
Consequence : 1. Loss of customer and market share. Consequence Category

2. Reduced surplus and profit
3. Impact to channel and agency i.e. high
turnover of staff and agency.
4. Reduced business volume.

Likelihood Likely QB
Impact Moderate
Value Month
Existing Controls

Nett Rating
Create Action
Nett Likelihood Likely QB May Need Plan
Target Rating
Target Likelihood Possible QC
Target Impact Minor
Management Actions
Preventive The DIP to ensure that a N/A 25 Apr 2006 01 Jul 2006 0%
comprehensive testing and
communications plan is
established prior to transition
points and to conduct phased
rollout
Preventive TN Account Dept to N/A 25 Apr 2006 01 Jun 2006 0%
analyze/study the viability of
the Takaful model. Currently
the study is conducted for
General & Group Family
Takaful.
Preventive To study and conduct N/A 25 Apr 2006 01 Jun 2006 0%

simulation on the correctness
and suitability of the Wakalah
model for the enlarged entity
and advice the committee on
the findings
Preventive To present the proposed new N/A 25 Apr 2006 01 Jun 2006 0%
Takaful model to TN Shariah
Committee.
Page 28 of 112
Page 29 of 112
4. Risk Factor : Vc4-3: Business Risks – Loss of revenue due to unfavorable response of agents and customers
to new fee structure
Description : 1. The MTB wakalah model will reduce the return to the client as opposed to TN’s existing
model
2. The Wakalah model work to MTB due to its share of Maybank’s captive market.
Owner :
Reference : Ci1104
Risk Theme :
Cause : 1. Incorrect assessment of optimal fee Cause Category

structure.
2. Less customer friendly because of the 80
(operator) :20 (participant) sharing of surplus
from the general Takaful fund as of MTB
model
3. Lack of proper communication to various
stakeholders.
Consequence : 1. Negative impact to business growth. Consequence Category

2. To give high return to client (in order to
compete with competitors), Takaful need to
charge a higher premium.

Impact Moderate
Value Month
Existing Controls

Nett Rating
Create Action
Target Rating
Target Likelihood Likely QC
Target Impact Minor
Management Actions
Preventive Propose to review the current N/A 25 Apr 2006 01 Jun 2006 0%
MTB sharing of surplus ratio
Preventive Test and survey agent and N/A 25 Apr 2006 25 May 2006 0%
customer response to new fee
structure prior to actual rollout
Preventive To review the model based on N/A 25 Apr 2006 25 May 2006 0%
the survey results
Page 30 of 112
5. Risk Factor : Vc5-BA1: Lost of 3rd party banca partners
Description : The loss of 3rd. party business channel i.e other Banks
Owner :
Reference : Ci1105
Risk Theme :
Cause : 1. Lack of understanding on the merged entity Cause Category

2. Lack of willingness to work with perceived
banking competitor
3. Limited New Products i.e single premium
product
Consequence : 1. Loss of sales Consequence Category

2. Loss of a 3rd party business channel

Impact Moderate
Value Month
Existing Controls

Nett Rating
Create Action
Target Rating
Target Impact N/A
Management Actions
Preventive Develop 2-3 integrated banca N/A 17 Apr 2006 30 Jun 2007 0%
relationships
Page 31 of 112
6. Risk Factor : Vc5-BA2: Banca partners do not accept products
Description : Non acceptance of the bancassurance products to be offered through the Banca partners.
Owner :
Reference : Ci1106
Risk Theme :
Cause : 1. Lack of detailed knowledge on the Cause Category

bancasurrance product
2. Acceptance level of the product might be
affected due to issues of i.e commission paid
to Banca partners etc.
Consequence : Product cannot be rolled out Consequence Category

Impact Moderate
Value Month
Existing Controls

Nett Rating
Create Action
Target Rating
Target Impact N/A
Management Actions
Preventive Ensure buy-in by educating N/A 17 Apr 2006 30 Sep 2006 0%
and/or promoting
Page 32 of 112
7. Risk Factor : Vc5-BA3: Banca partners disagree on rollout timing
Description : The timing or launch date might not be agreeable to the Banca partner.
Owner :
Reference : Ci1107
Risk Theme :
Cause : Different priorities and scheduling for the Cause Category

Banca partners
Consequence : Late/ Delay in launching Consequence Category

Likelihood Rare QD
Value Month
Existing Controls

Nett Rating
Create Action
Target Rating
Target Impact N/A
Management Actions
Preventive Early involvement of partners N/A 17 Apr 2006 30 Sep 2006 0%
Page 33 of 112
8. Risk Factor : Vc5-AG5: Rejection by Takaful agents
Description : Related to the perception about Takaful business operation and issue of purity of takaful
business conduct
Owner :
Reference : Ci1108
Risk Theme :
Cause : 1. Takaful agents do not want to be seen as Cause Category

doing business together with the conventional
agents
2. Takaful agents worried about public
perception on the conduct of their business -
purity of takaful operation is at stake
Consequence : 1. Takful Agency force might be rejected by Consequence Category

the public
2. Public perception about TN takaful practice
is not in line with Shariah requirement
3. TN reputation in the eyes of public is at
stake
4. Competitors might take opportunity to
exploit the issue and impacting MF takaful
business in the market

Impact Major
Value Month
Existing Controls

Nett Rating
Create Action
Target Rating
Target Impact Minor
Management Actions
Preventive Plan training and incentive N/A 17 Apr 2006 30 Jun 2006 0%
schemes
Preventive To ensure to separate the two N/A 25 Apr 2006 25 May 2006 0%
agency force entity i.e. takaful
ans conventional agents
Page 34 of 112
9. Risk Factor : Vc5-AG6: (KIV) Agents lose focus on life business
Description :
Owner :
Reference : Ci1109
Risk Theme :

Likelihood Rare QD
Value Month
Existing Controls

Nett Rating
Create Action
Target Rating
Target Impact N/A
Management Actions
Preventive Develop communication plan N/A 17 Apr 2006 17 May 2006 0%
and develop min. hurdles for
life products
Page 35 of 112
10. Risk Factor : Vc5-EC1: Lost of key (top 25) customers
Description : The loss of the key or main Corporate customers

Owner :
Reference : Ci1110
Risk Theme :
Cause : 1. Anxiety by the brokers due to the merger Cause Category

process
2. Customer pinching by other competitors
Consequence : Loss of business and sales target Consequence Category

Impact Moderate
Value Month
Existing Controls

Nett Rating
Create Action
Target Rating
Target Impact N/A
Management Actions
Preventive Ensure visitation on merger N/A 17 Apr 2006 01 Jul 2006 0%
update; involve CEO in client
relationship; constant
communication
Page 36 of 112
11. Risk Factor : Vc5-EC2: Failure to capture the 200 MBB large customers
Description : To further capture the 200 Maybank’s major customers ( who are not yet being covered by
MFB Group )
Owner :
Reference : Ci1111
Risk Theme :
Cause : 1. Lack of possible focus on the business Cause Category

2. Lack of marketing strategy to penetrate the
market
Consequence : Potential loss of business opportunities Consequence Category

Impact Moderate
Value Month
Existing Controls

Nett Rating
Create Action
Target Rating
Target Impact N/A
Management Actions
Preventive Aggressive strategy of N/A 17 Apr 2006 01 Jul 2006 0%
executing value proposition
Page 37 of 112
12. Risk Factor : Vc5-S/MS4: Lack of preparedness of agency force
Description :
Owner :
Reference : Ci1112
Risk Theme :

Impact Moderate
Value Month
Existing Controls

Nett Rating
Create Action
Target Rating
Target Impact N/A
Management Actions
Preventive Early preparation and N/A 17 Apr 2006 17 May 2006 0%
communication with agents
Page 38 of 112
13. Risk Factor : Fs3-Fs3.25-2:Business Risk – MNI’s carried forward surplus reduced substantially if MLA’s
bonus allocation practice is adopted
Description : Note: FS3 Finance & Risk Management – FS3.25 Aligning Various Bonus Practices of
Participating Policies - Actuarial (Life)
Owner :
Reference : Ci1113
Risk Theme :

Impact Catastrophic
Value Month
Existing Controls
Control Impact N/A

Nett Rating
Create Action
Nett Impact N/A
Target Rating
Target Impact N/A
Management Actions
Preventive Adopt MNI’s bonus allocation N/A 17 Apr 2006 17 May 2006 0%
practice
Page 39 of 112
14. Risk Factor : Fs3-Fs3.26-1:Business Risk – Valuation basis affects surplus arising in the life funds and ROSF
Description : Inconsistent valuation basis / practice is not reasonable and difficult to justify
Note: FS3 Finance & Risk Management – FS3.26 Alignment of Differing Valuation Bases -
Actuarial (Life)
Owner :
Reference : Ci1114
Risk Theme :

Impact Moderate
Value Month
Existing Controls
Control Impact N/A

Nett Rating
Create Action
Nett Impact N/A
Target Rating
Target Impact N/A
Management Actions
Preventive Review valuation basis for N/A 17 Apr 2006 17 May 2006 0%
common items where the basis
is not stipulated in the
Insurance Act
Page 40 of 112
15. Risk Factor : Vc5-AG10: Uncompetitive Agency Value Propositions
Description : Poor Agency Value Propositions planning and budgeting
Owner :
Reference : Ci1115
Risk Theme :
Cause : 1. Lack of market research Cause Category

2. Lack of innovative ideas in developing
agency value propositions
Consequence : 1. Loss of agency business Consequence Category

2. Loss of productive agents
3. Inability to recruit new productive agents

Likelihood Unlikely QC
Impact Minor
Value Month
Existing Controls

Nett Rating
Create Action
Nett Likelihood Unlikely QC May Need Plan
Nett Impact Minor improvement
Target Rating
Management Actions
Preventive Conduct thorough market N/A 27 Apr 2006 27 May 2006 0%
research and develop
competitive and innovative
agency value propositions and
budget
Page 41 of 112
16. Risk Factor : Vc5-AG11: Ineffective Agency Training
Description : Ineffective Agency Training Plan
Owner :
Reference : Ci1116
Risk Theme :
Cause : 1. Lack of Training Need Analysis Cause Category

2. Lack of a Training Calendar
3. Lack of competent trainer
Consequence : 1. Lack of agency professionalism Consequence Category

2. Lack of agency productivity
3. Poor customer service

Likelihood Possible QC
Impact Minor
Value Month
Existing Controls

Nett Rating
Create Action
Nett Likelihood Possible QC May Need Plan
Target Rating
Target Likelihood Unlikely QD
Management Actions
Preventive Conduct training need analysis N/A 27 Apr 2006 27 May 2006 0%
and develop appropriate
training program and calendar
for the different categories of
agents.
Page 42 of 112
6. Strategic : (Products and Services) TBA
Objective
1. Risk Factor : Vc5-BA5: Product cannibalization by 3rd party banca sales force
Description : Products not being pushed due to issues of the 3rd. party Banca sales force
Owner :
Reference : Pi1102
Risk Theme :
Cause : Lack of product differentiation from Cause Category

competitors within the same 3rd. party
bancasurrance channel.
Consequence : Unable to meet the sales target Consequence Category

Likelihood Rare QC
Impact Moderate
Value Month
Existing Controls

Nett Rating
Create Action
Target Rating
Target Impact N/A
Management Actions
Preventive Ensure adequate product N/A 27 Apr 2006 30 Sep 2006 0%
features differentiation
Page 43 of 112
2. Risk Factor : Vc5-BA6: Low take-up rate for motor takaful
Description : Low take up rate for motor takaful cover through the 3rd. party bancassurance channel.
Owner :
Reference : Pi1103
Risk Theme :
Cause : 1. Inadequate promotional campaign done Cause Category

with the 3rd. party bancasurance channel
2. Inadequate close working relationship with
3rd. party bancassurance partners
Consequence : Motor takaful product sales target not met. Consequence Category

Likelihood Rare QC
Impact Moderate
Value Month
Existing Controls

Nett Rating
Create Action
Target Rating
Target Impact N/A
Management Actions
Preventive Promotion campaign and work N/A 27 Apr 2006 27 May 2006 0%
closely with TN banca partners
Page 44 of 112
3. Risk Factor : Vc5-AD4: Cooperatives may opt for MBB products only
Description :
Owner :
Reference : Pi1104
Risk Theme :

Likelihood Rare QD
Value Month
Existing Controls

Nett Rating
Create Action
Target Rating
Target Impact N/A
Management Actions
Page 45 of 112
4. Risk Factor : Vc5-S/MS5: Product ideation and launches delayed due to inappropriate or uncoordinated
product management
Description :
Owner :
Reference : Pi1105
Risk Theme :

Impact Moderate
Value Month
Existing Controls

Nett Rating
Create Action
Target Rating
Target Impact N/A
Management Actions
Preventive Work very closely with PDC N/A 17 Apr 2006 17 May 2006 0%
and operations; take a
proactive role and monitor the
progress of each product
closely
Page 46 of 112
5. Risk Factor : Vc2-5:Product Development
Description : 1. Product development to the respective market segment
2. Possibility that own products from different areas ( conventional and takaful ) will
cannibalize each other due to the establishment of composite branch
Owner :
Reference : Pi7101
Risk Theme :
Cause : 1. No real market analysis on customer Cause Category

segment.
2. Agents not productive as compared to
competitors
3. Target market overlapped.
Consequence : 1. Inability to achieve top line target. Consequence Category

2. Inability to compete.

Impact Major
Value Month
Existing Controls
Preventive Ensuring the effectiveness of Product N/A
Development Committee of Mayban Fortis

Nett Rating
Create Action
Nett Likelihood Likely QA To be reviewed Plan
Nett Impact Major
Target Rating
Target Impact N/A
Management Actions
Preventive Market analysis to be N/A 27 Apr 2006 27 May 2006 0%
undertaken to support
marketing and sales strategy
which will drives product
specification and development.
Page 47 of 112
7. Strategic : (Suppliers (Business)) TBA
Objective
1. Risk Factor : Vc1-IT2: Vendor risk

Description : 1. The project will require involvement of multiple vendors. Effective management of all
vendor will be a challenge for the project team
2. In certain circumstances, over dependant on single vendor give rise to possibility of a single
vendor involve in too many projects as a result the vendor may not be able to cope with the
workload
Owner :
Reference : Si1101
Risk Theme :
Cause : 1. Resource constraints and lack of business Cause Category

knowledge
2. Vendor not giving priority to project
- Skill set and replacement not quality
Consequence : 1. Schedule overrun Consequence Category

2. Cost overrun
3. Inability to meet project objective in term
of requirement and quality.

Impact Moderate
Value Month
Existing Controls
Preventive Objective vendor selection process As Appropriate N/A
Preventive IT to vet through the contract to ensure As Appropriate N/A
that comprehensive arrangement for each
vendor selected i.e. in term of resources
quality and replacement availability
Preventive To consider multiple vendor for various As Appropriate N/A
projects
Preventive Contract to include penalty clauses As Appropriate N/A

Nett Rating
Create Action
Target Rating
Target Impact Minor
Management Actions
Preventive To liaise with legal to consider N/A 25 Apr 2006 25 May 2006 0%
for favourable spread for the
payment term to vendor
Page 48 of 112
8. Strategic : (Human Capital (People)) TBA
Objective
1. Risk Factor : Vc3-4: People Risks – Internal resistance to process harmonization between takaful and
conventional operations
Description : No in depth understanding and awareness of staff on management structure on takaful and
conventional operations
Owner :
Reference : Hi1101
Risk Theme :
Cause : 1. In adequate communication Cause Category

2. Lack of awareness
3. Sensitivity of Takaful requirements ie
Shariah compliance and restricted Investment
requirements
Consequence : 1. No buy-in commitment by employee Consequence Category

2. Low staff morale
3. Reduced productivity

Impact Moderate
Value Month
Existing Controls
Preventive Prepare communications strategy to On going N/A
address staff concerns and issues ie formal
communication via Townhall session,
Newsletter etc
Preventive Generate feedback from staff On going N/A

Nett Rating
Create Action
Target Rating
Target Impact Minor
Management Actions
Preventive Formalize training and related N/A 06 Apr 2006 06 May 2006 0%
knowledge sharing
program/session on Takaful
and conventional requirements
to staff
Page 49 of 112
2. Risk Factor : Vc4-1: Personnel Risks – Failure to effectively educate and train staff, agents and customers
on the changes
Description : 1. Takaful operation to change from modified mudharabah to wakalah.
2. Is correct wakalah model used for the integration as per Saudi scholar fatwa.
3. Legitimacy/permissibility of the wakalah concept used.
4. Given the wakalah model is finalized.
Owner :
Reference : Hi1102
Risk Theme :
Cause : 1. Lack of dedicated training resources to Cause Category

conduct training
2. Lack of understanding on the differences
between mudharabah and wakalah model.
Consequence : 1. Wrong perception by the agents and client. Consequence Category

2. Impact to Takaful revenue
3. Poor Takaful reputation due to failure to
provide proper advice to clients i.e. on policy
benefit, surrender value.
4. BNM intervention due to unfavourable
result.

Impact Major
Value Month
Existing Controls
Preventive Establishment of training department N/A

Nett Rating
Create Action
Nett Likelihood Likely QA May Need Plan
Target Rating
Target Impact Minor
Management Actions
Preventive To ensure that a N/A 25 Apr 2006 15 Jun 2006 0%
comprehensive training is
considered in preparing the
Detailed Implementation Plan
(DIP).
Preventive Training department to N/A 25 Apr 2006 25 May 2006 0%
develop a comprehensive
communications, and training
plan (specific module) to
address on Takaful model
Preventive To prepare plan for the N/A 25 Apr 2006 25 May 2006 0%
establishment of the
conservation unit for Takaful
Page 50 of 112
3. Risk Factor : Vc6-2: Unable to integrate investment division for the merged entity
Description : The merger process may have a potential of problems in integrating 3 investment departments
into one merged entity
Owner :
Reference : Hi1103
Risk Theme :
Cause : 1. No prior agreement on governance Cause Category

structure of investment management
2. Each of different departments in MF, MNI &
TN has different methodology in terms of
investment management
3. No clear guide from the management on
the future direction of investment
management
Consequence : 1. Potential higher operating cost due to Consequence Category

separate investment departments
2. Inefficiency in fund management &
investment activities – duplication of work
3. Potential lack of control over investment
activities
4. Inability to achieve similar objectives

Impact Major
Value Month
Existing Controls
Preventive Common management (& governance) for N/A
separate departments under merged entity
Control Impact Good

Nett Rating
Create Action
Target Rating
Management Actions
Preventive Effective selection process (in N/A 27 Apr 2006 30 Jun 2006 0%
terms of staffing)
Page 51 of 112
4. Risk Factor : Fs3F-1: Personnel risk – loss of key staff
Description :
Owner :
Reference : Hi1104
Risk Theme :

Value Month
Existing Controls
Control Impact N/A

Nett Rating
Create Action
Nett Impact N/A
Target Rating
Target Impact N/A
Management Actions
Preventive Identify alternate support staff N/A 06 Apr 2006 06 May 2006 0%
Page 52 of 112
5. Risk Factor : Fs3F-2: Personnel risk – mismatch of competency / talent
Description :
Owner :
Reference : Hi1105
Risk Theme :

Likelihood Rare QD
Value Month
Existing Controls
Control Impact N/A

Nett Rating
Create Action
Nett Impact N/A
Target Rating
Target Impact N/A
Management Actions
Preventive Identify alternate support staff N/A 06 Apr 2006 06 May 2006 0%
Page 53 of 112
6. Risk Factor : Fs3R-1: Loss of key personnel during the period of integration
Description :
Owner :
Reference : Hi1106
Risk Theme :

Value Month
Existing Controls
Control Impact N/A

Nett Rating
Create Action
Nett Impact N/A
Target Rating
Target Impact N/A
Management Actions
Corrective Succession program, N/A 06 Apr 2006 06 May 2006 0%
headcount assessment
Page 54 of 112
7. Risk Factor : Fs3R-2: Workload of personnel in the period of integration
Description :
Owner :
Reference : Hi1107
Risk Theme :

Likelihood Almost Certain QC
Value Month
Existing Controls
Control Impact N/A

Nett Rating
Create Action
Nett Impact N/A
Target Rating
Target Impact N/A
Management Actions
Preventive Priority list, time management N/A 06 Apr 2006 06 May 2006 0%
Page 55 of 112
8. Risk Factor : Vc5-AG4: Implementation problems due to insufficient staff
Description : Additional staff (Development Officers) for an effective agency development program
Owner :
Reference : Hi1108
Risk Theme :
Cause : 1. Lack of focus in agency development Cause Category

program
2. Lower compentency level amongst ADE to
command respect from agency force
3. Inadequate manpower to service agency
force at HQ and Branches
Consequence : 1. Ineffective monitoring on agent Consequence Category

performance
2. Many development programs were not
effectively implemented
3. Low servicing level to agents as compared
to our competitors

Impact Minor
Value Month
Existing Controls

Nett Rating
Create Action
Nett Likelihood Unlikely QC May Need Plan
Target Rating
Management Actions
Preventive Work with HR on getting N/A 25 Apr 2006 31 May 2006 0%
Manpower planning. To study
the existing manpower
availibity and compentency
level and to propose to HR as
needed
Preventive To ensure that ADE is N/A 25 Apr 2006 25 May 2006 0%
empowered with enough
authority to implement and
monitor development
programs effectively
Page 56 of 112
9. Risk Factor : Vc5-AD5: Insufficient staff to handle tasks
Description :
Owner :
Reference : Hi1109
Risk Theme :

Likelihood Rare QD
Value Month
Existing Controls

Nett Rating
Create Action
Target Rating
Target Impact N/A
Management Actions
Preventive Ensure and pre-plan N/A 17 Apr 2006 17 May 2006 0%
manpower requirement and
prepare back-up data entry
personnel
Page 57 of 112
10. Risk Factor : Vc5-Brn2: Negative response of agents/clients
Description : Negative perception/response by agents/clients due to previous experience etc.
Owner :
Reference : Hi1110
Risk Theme :
Cause : 1. Lack of understanding of the merger & Cause Category

integration process
2. Agents wrong perception based on past
experience
Consequence : 1. Agents might source business to Consequence Category

competitors
2. Wrong perception given to customer by
agents might lead to loss of renewal
businesses.

Impact Moderate
Value Month
Existing Controls

Nett Rating
Create Action
Target Rating
Target Impact N/A
Management Actions
Preventive Formulate strategy to N/A 17 Apr 2006 17 May 2006 0%
communicate to clients/
agents
Page 58 of 112
11. Risk Factor : Fs2-1: Retention of key employees during the merger
Description :
Owner :
Reference : Hi1111
Risk Theme :

Likelihood N/A NA
Impact Catastrophic
Value Month
Existing Controls
Control Impact N/A

Nett Rating
Create Action
Nett Impact N/A
Target Rating
Target Impact N/A
Management Actions
Preventive Design re-recruitment’ N/A 17 Apr 2006 17 May 2006 0%
exercise for key employees:
identify, assess, select and
place –level 3 and level 4 jobs
and implement ‘
Page 59 of 112
12. Risk Factor : Fs2-2: Address employee “me” issues – grade, salary, benefits etc.
Description :
Owner :
Reference : Hi1112
Risk Theme :

Likelihood N/A NA
Impact Catastrophic
Value Month
Existing Controls
Control Impact N/A

Nett Rating
Create Action
Nett Impact N/A
Target Rating
Target Impact N/A
Management Actions
Preventive Harmonise T&C’s of service N/A 17 Apr 2006 17 May 2006 0%
including grades, salary and
benefits
Preventive Migrate all employees to N/A 17 Apr 2006 17 May 2006 0%
common structure
Page 60 of 112
13. Risk Factor : Fs2-3: Maintain employee productivity during and immediately after the merger
Description :
Owner :
Reference : Hi1113
Risk Theme :

Likelihood N/A NA
Impact Moderate
Value Month
Existing Controls
Control Impact N/A

Nett Rating
Create Action
Nett Impact N/A
Target Rating
Target Impact N/A
Management Actions
Preventive Assess cultural differences N/A 17 Apr 2006 17 May 2006 0%
Preventive Develop action plans to N/A 17 Apr 2006 17 May 2006 0%

address ‘merger’
relatedissues
Preventive Develop & implement N/A 17 Apr 2006 17 May 2006 0%

comprehensive communication
and engagement plans
Preventive Cascade BSC to all employees N/A 17 Apr 2006 17 May 2006 0%
asap
Page 61 of 112
14. Risk Factor : Fs3-PB1: Shortage of resources to carry out the tasks
Description :
Owner :
Reference : Hi1114
Risk Theme :

Likelihood Rare QB
Impact Catastrophic
Value Month
Existing Controls
Control Impact N/A

Nett Rating
Create Action
Nett Impact N/A
Target Rating
Target Impact N/A
Management Actions
Preventive Redeployment of personnel N/A 17 Apr 2006 17 May 2006 0%
Page 62 of 112
15. Risk Factor : Fs3-PB3: Confusion over roles and responsibilities during the transition
Description :
Owner :
Reference : Hi1115
Risk Theme :

Likelihood Rare QB
Impact Catastrophic
Value Month
Existing Controls
Control Impact N/A

Nett Rating
Create Action
Nett Impact N/A
Target Rating
Target Impact N/A
Management Actions
Preventive Conducting briefings on the N/A 17 Apr 2006 17 May 2006 0%
planning/budgeting process
and expectations
Page 63 of 112
16. Risk Factor : Fs3-Fs3.24-1: People risks loss of key staff
Description : Note: FS3 Finance & Risk Management – FS3.24 Develop Integrated Actuarial Functions
Owner :
Reference : Hi1116
Risk Theme :

Likelihood Rare QC
Impact Moderate
Value Month
Existing Controls
Control Impact N/A

Nett Rating
Create Action
Nett Impact N/A
Target Rating
Target Impact N/A
Management Actions
Preventive Retention program for key N/A 17 Apr 2006 17 May 2006 0%
staff to be agreed on &
implemented
Page 64 of 112
17. Risk Factor : Fs3-Fs3.24-2: People risks – lack of key skills and relevant expertise to support integrated
functions
Description : Note: FS3 Finance & Risk Management – FS3.24 Develop Integrated Actuarial Functions
Owner :
Reference : Hi1117
Risk Theme :

Likelihood Rare QD
Value Month
Existing Controls
Control Impact N/A

Nett Rating
Create Action
Nett Impact N/A
Target Rating
Target Impact N/A
Management Actions
Preventive Define skills & expertise N/A 17 Apr 2006 17 May 2006 0%
needed to support critical
functions.
Preventive Identify suitable staff (& N/A 17 Apr 2006 17 May 2006 0%
back-up support) for
development & training
Page 65 of 112
18. Risk Factor : Fs3-Fs3.30-2: People Risk – require product knowledge and skill in developing the models.
Description : Note: FS3 Finance & Risk Management – FS3.30 Harmonization of actuarial reports
Owner :
Reference : Hi1118
Risk Theme :

Likelihood Rare QD
Value Month
Existing Controls
Control Impact N/A

Nett Rating
Create Action
Nett Impact N/A
Target Rating
Target Impact N/A
Management Actions
Preventive Identify suitable staff N/A 17 Apr 2006 17 May 2006 0%
Preventive Ensure precise documentation N/A 17 Apr 2006 17 May 2006 0%
Page 66 of 112
19. Risk Factor : Vc1-IT1: People Risks - IT resources
Description : 1. Loss of key staff to competitors
2. Insufficient staff with key skills & expertise
3. Insufficient staff with execution & leadership capabilities
Note:
- Risk from insufficient /inappropriate staffing imply the inability to allocate a skilled workforce
to the project, regardless of availability.
- The integration is a big scale project and a lot of resources are required.
- The increase need for more human capital resources for the core and non-core system
integration for the enlarged entity.
- The concern is on the ability to retain experienced staff to support throughout the integration
period.
- There is a need for ‘industry knowledge’ to be brought in
Owner :
Reference : Hi1119
Risk Theme :
Cause : 1. Inability to retain skilled and experienced Cause Category

staff
2. Too many projects run concurrently.
Internal resources not sufficient to cope with
the workload.
3. Lack of subject matter expert (SME)
available internally.
Consequence : 1. Schedule overrun Consequence Category

2. Cost overrun
of functional requirement and quality.

Impact Major
Value Month
Existing Controls
Preventive Adoption of Maybank’s System Selection As Appropriate N/A
Criteria.
Preventive Engagement of external resources/project As Appropriate N/A

manager based on contract basis for key
projects.
Preventive Initiatives by HR to cope with staff On going N/A
attrition.

Nett Rating
Create Action
Target Rating
Target Likelihood Possible QB
Target Impact Moderate
Management Actions
Preventive To prepare detailed N/A 24 Apr 2006 30 Jun 2006 0%
implementation planning (DIP)
Page 67 of 112
and specific attention will be
provided to address the above
issues
Preventive IT will define skills required for N/A 24 Apr 2006 24 Apr 2006 0%
HR to initiate:
- Hiring and/or training
process
- Retention program
- IT team to focus on detailed
execution and build
capabilities
Detective To conduct monthly project N/A 16 Jun 2006 30 Jun 2006 0%

progress review meeting with
Project Steering Committee.
Page 68 of 112
20. Risk Factor : Vc1-IT4: Execution Risks
Description : Delay or failure in executing critical path merger activities
- The project has many interdependencies. In most cases, projects are dependant on many
milestones.
- Inability of the VCs and FSs to complete the milestones will result in delay or failure of
execution i.e. co-location, site preparation, etc.
Owner :
Reference : Hi1120
Risk Theme :
Cause : 1. Critical path delayed Cause Category

2. Lack of comprehensive project
management tools to monitor the
achievement of critical paths. Currently
projects are tracked manually by using
spreadsheet and Microsoft Project.
Consequence : 1. Delay in operation for the enlarged entity Consequence Category

due to schedule overrun
2. Resources are not optimized effectively
3. Inability to meet merger objective

Impact Moderate
Value Month
Existing Controls
Preventive High awareness of key dependencies and N/A
communication of the same to the whole
project team
Detective IT progress review meeting N/A

Nett Rating
Create Action
Target Rating
Target Impact Minor
Management Actions
Preventive To ensure that the DIP N/A 16 Jun 2006 15 Jul 2006 0%
prepared identify and
subsequently properly map all
the critical
paths/dependencies.
Corrective To look into the possibility of N/A 02 May 2006 02 May 2006 0%
using superior project
management tool (Principal
II/Prince II) to replace the
existing manual tools.
Page 69 of 112
Page 70 of 112
21. Risk Factor : VC8-6 - Low staff morale Associated with relocation exercise
Description : Based on estimation, almost 40% of employees will be getting lower/smaller working station
specification
Owner :
Reference : Hi1121
Risk Theme :
Cause : 1. New work station policy and standard at Cause Category

MIG – Proposed cubicle at 6X6 as compared to
6X9 at MNI.
2. To best align the Maybank Group
workstation standards.
3. Staff “overcrowded” – Existing 45 per floor
compared to proposed 77 per floor.
Consequence : 1. Low staff morale. Consequence Category

2. Ineffective and inefficient productivity.
3. Dissatisfaction feeling over “crowded”
environment.

Impact Moderate
Value Month
Existing Controls
Preventive Establishment of Co-Location Steering As Appropriate N/A
Committee (CLSC) to focus on relocation
related matters

Nett Rating
Create Action
Target Rating
Target Impact Minor
Management Actions
Preventive To recommend “incentive N/A 25 Apr 2006 25 May 2006 0%
package” to lessen/mitigate
the staff low morale issues due
to reduction in size of
workstation specifications
Page 71 of 112
22. Risk Factor : Vc5-AG7: Manpower size at agency – Small manpower size & many part time agents halts the
agency sales model program
Description : To improve and increase productivity 238 “Star” (high-performing) agent’s current FYCP of
RM50K-RM500K by 30% each year.
Small number of Star Agency Group
Owner :
Reference : Hi1122
Risk Theme :
Cause : 1. Small number of highly productive agents Cause Category

with current production of FYCP between
RM50K-RM500K
2. Many part time agents
3. Lack of professionalism among agency
leadres
Consequence : 1. Halted the agency sales model programs Consequence Category

2. Group Agency Financial Status – Agency
Leaders financial sthrengths will influence
thier capabilityto develop thier agencies
(mapped from risk identified in Slide 11 of IC)

Impact Major
Value Month
Existing Controls

Nett Rating
Create Action
Target Rating
Target Impact Minor
Management Actions
Preventive Analyse and establish various N/A 25 Apr 2006 25 May 2006 0%
agency groups (segments) -
Star, Average, and Laggard
Preventive Plan and establish agency N/A 25 Apr 2006 25 May 2006 0%
development pograms for each
identified segment
Preventive Roll out pilot program at N/A 25 Apr 2006 25 May 2006 0%
selected branches
Preventive Implement full blown N/A 25 Apr 2006 25 May 2006 0%
development programs to all
branches
Preventive Identify and recruit additional N/A 25 Apr 2006 25 May 2006 0%
staff for agency development
program
Preventive Establish and monitor N/A 25 Apr 2006 25 May 2006 0%
productivity improvement
targets including MDRT
qualifiers
Page 72 of 112
Preventive Allocate budget for agency N/A 25 Apr 2006 25 May 2006 0%
development and incentive
programs
Page 73 of 112
9. Strategic : (Operations (& Systems)) TBA
Objective
1. Risk Factor : Vc2-1: IT system Back end & workflow

Description : 1. System consolidation for the merged entity. Few systems to integrate (Tall order). Risk is
there. Migration process will be huge and resource consuming. Back end & front end systems
issues are similarly must be addressed. i.e. different point of sale/ channel.
2. The assumption of future business is based on the I.T system being able to meet post
merger requirements
3. For the next 3 years the 3 entities will use their current system.
4. Resources for system implementation VC, BA & IT.
Owner :
Reference : Oi1101
Risk Theme :
Cause : 1. People working through different system Cause Category

( resource duplications )
2. System consolidation.
3. No optimization of resources.
Consequence : 1. Major operational issues. Consequence Category

2. Data integrity questionable.
3. Impact of future business.
4. Not meeting merger objective -
VCRM11.5mn

Impact Catastrophic
Value Month
Existing Controls
Detective Key users involvement in the IT evaluation On going N/A
team.

Nett Rating
Create Action
Target Rating
Target Impact N/A
Management Actions
Preventive Establishment of a Business N/A 27 Apr 2006 27 May 2006 0%
Analyst Team to look into
system & method, process &
system integration and
implementing best of breed I.T
system solution
Preventive To look into the possibility to N/A 27 Apr 2006 27 May 2006 0%
appoint subject matter expert
consultants to assist and
develop the I.T system
solution
Page 74 of 112
Page 75 of 112
2. Risk Factor : Vc2-2: Meeting the SLA with 3rd parties Bancasurrance partner.
Description : 1. Team expects high impact on the area of banca in regards to expectation by the partners.
2. Other sales channel the impact is relatively low.
Owner :
Reference : Oi1102
Risk Theme :
Cause : 1. System inability to support to banca Cause Category

partners needs
2. The 3rd party banca partners might not be
comfortable with working together with the
competitor i.e Maybank group
Consequence : 1. Not meeting SLA Consequence Category

2. Loss of strategic partner.

Impact Moderate
Value Month
Existing Controls
Detective Operation is manage in such a way to cater On going N/A
to respective channel i.e. priority service
team.
Control Likelihood Very Good
Control Impact Very Good

Nett Rating
Create Action
Target Rating
Target Impact N/A
Management Actions
Detective PMO should validate the values N/A 06 Apr 2006 06 May 2006 0%
to ensure no duplications
Page 76 of 112
3. Risk Factor : Vc3-1: Operational Risks – Integration impact to service levels
Description : 1. Potential down time and disruption of operations arise during M&A process
2. Lack of system optimization
3. Perception issues from customers (internal & externally
)
Owner :
Reference : Oi1103
Risk Theme :
Cause : 1. Non alignment of resources Cause Category

2. Delay in IT
3. Inconsistent communication to internal &
external parties
Consequence : 1. Failure to maximize/optimize efficiency and Consequence Category

cost effectiveness
2. Duplication of effort due to delay in
automation of process
3. Internal – Reduce staff morale; External -
Confusion, dissatisfaction of customers

Impact Major
Value Month
Existing Controls
Preventive Establishment of VC3 to focus on; As Appropriate N/A

Nett Rating
Create Action
Target Rating
Target Likelihood Unlikely QB
Target Impact Major
Management Actions
Preventive Ensure greater commitment & N/A 06 Apr 2006 06 May 2006 0%
motivation; enhanced
processes & systems;
increased professionalism
Preventive To implement and continuous N/A 27 Apr 2006 27 May 2006 0%
monitoring of the proposed
action plans and strategy
Page 77 of 112
4. Risk Factor : Vc3-2: Operational Risks – Disruption and delays to existing operations
Description : 1. Centralizing process between HQ and branches
2. Harmonizing process between MNI, TN and MF
Owner :
Reference : Oi1104
Risk Theme :
Cause : 1. Failure to understand the scope and Cause Category

requirements of existing operations/areas
2. Capability of IT and automation
3. Ineffectiveness in deployment of resources
and relocation complexity
Consequence : 1. Customer dissatisfaction Consequence Category

2. Duplication of effort – under utilization of
resources
3. Missed of business opportunity and cost
saving

Impact Major
Value Month
Existing Controls
Preventive Develop action plans for centralization and As Appropriate N/A
harmonization of operations
Preventive Objectives, timelines and project milestone On going N/A
to be tracked

Nett Rating
Create Action
Target Rating
Target Likelihood Unlikely QA
Target Impact Catastrophic
Management Actions
Preventive Full commitment & support N/A 06 Apr 2006 06 May 2006 0%
from management to staff
exposed to integration tasks
Page 78 of 112
5. Risk Factor : Vc3-3: System Risks – Delay in IT, systems or automation initiatives
Description : Identifying one platform to streamline the process and implement high automated
environment
Owner :
Reference : Oi1105
Risk Theme :
Cause : 1. Delay in deciding one IT platform Cause Category

2. Capability of system to automate
3. Too many projects run concurrently –
Inability to deliver to customer timely
Consequence : 1. Reduce productivity – Internal & External Consequence Category

parties
2. Duplication of effort
3. Reduce customer service level

Impact Major
Value Month
Existing Controls
Preventive Develop detailed IT execution plan and As Appropriate N/A
proposed contingency plan and/or work
around solution to cater for potential delay
Preventive Establishment of IT Steering Committee for As Appropriate N/A
M&A exercise (ITSC) to look into IT
direction

Nett Rating
Create Action
Target Rating
Target Impact Minor
Management Actions
Preventive To ensure implementation is N/A 27 Apr 2006 27 May 2006 0%
tracked and monitored
Detective Prepare transition plan to N/A 06 Apr 2006 06 May 2006 0%
account for potential delays
Page 79 of 112
6. Risk Factor : Vc6-6: Non integration of investment management system
Description : Separate investment departments for each different entities may have different investment
system to support each of entities’ current investment activities
Owner :
Reference : Oi1106
Risk Theme :
Cause : 1. Different in system capabilities for Cause Category

investment management & activities
2. Different methodology in cost-benefit
analysis for each separate entities
3. Different purpose and needs (relating to
investment activities) in each entities
Consequence : 1. High operating cost if system were not be Consequence Category

integrated
2. Management inefficiencies for the merged
investment management department
3. Duplications in investment activities
(including reporting)

Impact Major
Value Month
Existing Controls
Corrective Initiative under investment management N/A
VC team to integrate investment system

Nett Rating
Create Action
Target Rating
Management Actions
Preventive Monitoring of initiatives N/A 27 Apr 2006 31 Dec 2007 0%
undergone by the VC team
Corrective To consider alternative system N/A 06 Apr 2006 06 May 2006 0%
Page 80 of 112
7. Risk Factor : Vc8-1: Process/Supplier Risks – Delay in decision making process on finalization of existing
and future engagement of vendor/suppliers
Description : 1. Delay in establishing printed items standard
2. Expiry of vendors/suppliers appointments later than implementation date
3. Expiry of current service providers agreements
Owner :
Reference : Oi1107
Risk Theme :
Cause : 1. Inability to finalize the Cause Category

integration/harmonisation process of related
operations timely.
2. Unresolved branding issues
3. Ineffective communication and unclear
policy & procedures relating to joint
vendors/suppliers selection process
Consequence : 1. Multiple preferred vendors/suppliers Consequence Category

2. Schedule & cost overrun
3. Disruption of ongoing operations that may
lead to dissatisfaction to both internal and
external parties

Impact Minor
Value Month
Existing Controls
Detective Establishment of project committee to N/A
focus on;
1. Review and document vendors/suppliers
selection process
2. Review of current active agreements

Nett Rating
Create Action
Target Rating
Target Impact Minor
Management Actions
Preventive Close loop communication on N/A 06 Apr 2006 06 May 2006 0%
operations printing strategy
Preventive To prepare detailed N/A 25 Apr 2006 25 May 2006 0%
implementation planning and
execution approach by;
Page 81 of 112
8. Risk Factor : Vc8-2: Project Risks – Delay in relocation exercise
Description : The relocation exercise of MNI and TN Head Office to Dataran Maybank, Bangsar
Owner :
Reference : Oi1108
Risk Theme :
Cause : 1. Delay in commencement of relocation Cause Category

exercise scheduled July 01, 2006
2. Delay in finalizing of organizational chart
(Unclear future office layout)
3. Availability on additional floors
Consequence : 1. Delay in harmonisation Consequence Category

2. Impact on implementation of initiatives
3. Impact on productivity

Impact Major
Value Month
Existing Controls
Detective Establishment of Co-Location Steering As Appropriate N/A
Committee (CLSC)

Nett Rating
Create Action
Target Rating
Target Impact Minor
Management Actions
Preventive Implementation and N/A 01 Jul 2006 31 Dec 2006 0%
continuous monitoring of the
relocation exercise that need
to be completed by – Dec 31,
2006
Preventive Escalation to Merger N/A 25 Apr 2006 25 May 2006 0%
Management Steering
Committee (MMSC) on out of
control situation
Page 82 of 112
9. Risk Factor : VC8-3: Project Risks – Under scope relocation costing due to omission of unforeseen request
Description : Inadequate relocation budget to meet unforeseen requirements
Owner :
Reference : Oi1109
Risk Theme :
Cause : Scope of work was inadequately defined Cause Category

1. Additional floor space to be acquired due to
revision in working standards floor space
(bigger floor space per head count)
2. Renovation works on staff related
recreation rooms, ex: Executive Lounge, Staff
lounge etc.
3. Space requirements for ONELINE and
Branches Operation Centralisation.
Consequence : 1. Cost overrun – increased in budget Consequence Category

2. Schedule overrun
of requirement and quality.

Impact Major
Value Month
Existing Controls
Preventive Establishment of Co-Location Steering As Appropriate N/A
Committee

Nett Rating
Create Action
Nett Likelihood Rare QB May Need Plan
Target Rating
Target Impact Minor
Management Actions
Preventive To revisit, confirm and seek N/A 25 Apr 2006 25 May 2006 0%
additional budget (if any) from
management
Page 83 of 112
10. Risk Factor : Vc8-5: Project Risks – Underscope Building Maintenance Budget
Description : 1. Maintenance of buildings (Tower A, B & C) at Dataran Maybank currently being handled by
outsourced parties at service fee of RM400k per year
2. Tower B & C directly owned by MIG whereas Tower A owned by MBB – Maintenance issues
Owner :
Reference : Oi1110
Risk Theme :
Cause : 1. Lack of controls on Building Maintenance Cause Category

cost
2. Lack of harmonisation of MIG owned
buildings maintenance
Consequence : 1. High cost of building maintenance Consequence Category

Likelihood Likely QC
Impact Minor
Value Month
Existing Controls

Nett Rating
Create Action
Nett Likelihood Likely QC May Need Plan
Target Rating
Target Likelihood Possible QB
Target Impact Moderate
Management Actions
Preventive To develop the cost benefit N/A 25 Apr 2006 25 May 2006 0%
analysis on Dataran Maybank
Building Maintenance –
Outsourcing Vs Inhouse
Maintenance cost
Preventive To discuss, negotiate and seek N/A 25 Apr 2006 25 May 2006 0%
permission to allow insurance
group to maintain our own
buildings
Page 84 of 112
11. Risk Factor : Fs3R-3: Inaccurate information gathered for the purpose of integration exercise (financial &
insurance risk program)
Description :
Owner :
Reference : Oi1111
Risk Theme :

Impact Moderate
Value Month
Existing Controls
Control Impact N/A

Nett Rating
Create Action
Nett Impact N/A
Target Rating
Target Impact N/A
Management Actions
Detective Independent check, reliability N/A 06 Apr 2006 06 May 2006 0%
tests
Page 85 of 112
12. Risk Factor : Vc5-BA4: Delay in approvals from respective authorities
Description : Delay in approval by Bank Negara Malaysia
Owner :
Reference : Oi1112
Risk Theme :
Cause : 1. Lack of understanding of the requirements Cause Category

to be complied with
2. Possible insufficient information submitted
Consequence : Late/delay in launching Consequence Category

Impact Moderate
Value Month
Existing Controls

Nett Rating
Create Action
Target Rating
Target Impact N/A
Management Actions
Preventive Understand requirements early N/A 17 Apr 2006 30 Sep 2006 0%
and then complete fulfillment
Page 86 of 112
13. Risk Factor : Vc5-AG1: High drop-out rate due to lack of monitoring tool
Description : Lacking in monitoring tools that halted agency business development program
Owner :
Reference : Oi1113
Risk Theme :
Cause : 1. Lack of monitoring capability to address Cause Category

performance issues
2. Lack of accurate and timely information in
monitoring agent performance
3. Lack of effective agent recruitment policy
and procedures
4. Too many agent under one agency leader
which monitoring is usually ineffective
Consequence : 1. Agency performance can not be monitored Consequence Category

effectively
2 Agency leaders focusing on short term gain
at the expense of long term sustainability of
business
3. Many agent left TN to other competitors
4. Creating unfavourable situation in the
industry

Impact Moderate
Value Month
Existing Controls

Nett Rating
Create Action
Target Rating
Target Impact Minor
Management Actions
Preventive Prioritize development or N/A 25 Apr 2006 30 Jun 2006 0%
acquisition of tool. Agency
Development Division (ADD)
to establish the required
reports and monitoring
requirements and to submit to
IT
Preventive IT support – reports & N/A 25 Apr 2006 25 May 2006 0%
monitoring tool. IT support
(generation of weekly reports
as monitoring tool
Preventive To seek help from IT to N/A 25 Apr 2006 25 May 2006 0%
develop the required report
and monitoring capabilities
Preventive To set an effective policy with N/A 25 Apr 2006 25 May 2006 0%
regard to number of
Page 87 of 112
productive agent per agency
leader
Preventive Develop programmes to N/A 25 Apr 2006 25 May 2006 0%
improve the recruitment of
high potential and productive
agents
Page 88 of 112
14. Risk Factor : Vc5-AG2: Incapability of back-office processes
Description : Capability of backroom processes to support front business activities is not up to the mark
Owner :
Reference : Oi1114
Risk Theme :
Cause : 1. Inefficient backroom process impacting Cause Category

service level to the agency force.
2 Lack of focus by Branch on the support of
agency activities.
3. Lack of efficient and effective payment
modes available to policy holders as compared
to other competitors
4. System instability resulting in switching of
business to our competitors
Consequence : 1. Agency – Divert business focus to other Consequence Category

activity eg MLM if no strong support from HQ
or actractive offer from competitor
2. Negative impact to agency force
productivity
3. Increase surrendered cases
4. Increase customer disatisfaction level

Impact Minor
Value Month
Existing Controls

Nett Rating
Create Action
Target Rating
Management Actions
Preventive Early communication - To N/A 25 Apr 2006 30 Jun 2006 0%
"legalise" SLA between Agency
business and all backroom
support units. To develop an
early detection mechanism on
the level of support to agency
force
Preventive Branch Sales Support - To N/A 25 Apr 2006 25 May 2006 0%
develop KPI for all branches to
adhere to the agreed SLA
Preventive Develop unit at branches to N/A 25 Apr 2006 25 May 2006 0%
specifically service life
business
Preventive Agency leaders - required to N/A 25 Apr 2006 25 May 2006 0%
provide info on the level of
support provided to the agents
and clients
Page 89 of 112
Preventive To immediately review existing N/A 25 Apr 2006 25 May 2006 0%
and establish new mode of
payments to policy holders
Page 90 of 112
15. Risk Factor : Vc5-AG3: New products not delivered (Lack of systematic and strategic focus on new product
development proceses)
Description : Ineffective new product development plan that can help agency business to grow
Owner :
Reference : Oi1115
Risk Theme :
Cause : 1. Lack of proper market reaserch in Cause Category

developing new products
2. Lack of comprehensive business analysis in
developing new product
3. Agent’s incentives not at par with our
competitors
Consequence : 1. Many products developed failed to meet Consequence Category

market needs
2. Lack of assurance in meeting production
target
3. Unable to meet targeted profit level - failed
to meet financial target
4.Products benefits especially PA not at par
with our competitors

Impact Minor
Value Month
Existing Controls

Nett Rating
Create Action
Target Rating
Management Actions
Preventive Ensure product ideas are N/A 25 Apr 2006 25 May 2006 0%
viable etc.; work closely with
ODC and operations
Preventive To seek help from ORM to N/A 25 Apr 2006 25 May 2006 0%
establish cost of capital (RBC
requirements) on every new
product developed
Page 91 of 112
16. Risk Factor : Vc5-EC6: Problems in arranging manual facultative insurance
Description : Problems in arranging manual facultative insurance arrangement with Reinsurers

Owner :
Reference : Oi1116
Risk Theme :
Cause : If review process of the current facultative Cause Category

reinsurance are done without
adequate/possible alternative reinsurers
Consequence : Insurance risk might not be adequately Consequence Category

reinsured out

Likelihood Rare QD
Value Month
Existing Controls

Nett Rating
Create Action
Target Rating
Target Impact N/A
Management Actions
Preventive Execute transactions from list N/A 17 Apr 2006 01 Jul 2006 0%
of accounts established
Page 92 of 112
17. Risk Factor : Vc5-AD1:Backend integration issues and timing
Description :
Owner :
Reference : Oi1117
Risk Theme :

Likelihood Rare QC
Impact Moderate
Value Month
Existing Controls

Nett Rating
Create Action
Target Rating
Target Impact N/A
Management Actions
Preventive Work closely with IT N/A 17 Apr 2006 17 May 2006 0%
Preventive Give priority N/A 17 Apr 2006 17 May 2006 0%
Page 93 of 112
18. Risk Factor : Vc5-AD3: Wrong FT database contactable rate
Description :
Owner :
Reference : Oi1118
Risk Theme :
Cause : 1. Lack of proper market reaserch in Cause Category

developing new products
2. Lack of comprehensive business analysis in
developing new product
Consequence : 1. Many products developed failed to meet Consequence Category

market needs
2. Lack of assurance in meeting production
target
3. Unable to meet targeted profit level - failed
to meet financial target

Likelihood Rare QD
Value Month
Existing Controls

Nett Rating
Create Action
Target Rating
Target Impact N/A
Management Actions
Page 94 of 112
19. Risk Factor : Vc5-AD6: Backend integration problems
Description :
Owner :
Reference : Oi1119
Risk Theme :

Likelihood Rare QD
Value Month
Existing Controls

Nett Rating
Create Action
Target Rating
Target Impact N/A
Management Actions
Preventive IT to expedite integration N/A 17 Apr 2006 17 May 2006 0%
Page 95 of 112
20. Risk Factor : Vc5-AD7: Credit card acceptance
Description :
Owner :
Reference : Oi1120
Risk Theme :

Likelihood Rare QC
Impact Moderate
Value Month
Existing Controls

Nett Rating
Create Action
Target Rating
Target Impact N/A
Management Actions
Preventive To secure assurance from N/A 17 Apr 2006 17 May 2006 0%
Maybank and establish M2U
merchant account
Page 96 of 112
21. Risk Factor : Vc5-AD8: Security concerns
Description :
Owner :
Reference : Oi1121
Risk Theme :

Impact Moderate
Value Month
Existing Controls

Nett Rating
Create Action
Target Rating
Target Impact N/A
Management Actions
Preventive Awareness program N/A 17 Apr 2006 17 May 2006 0%
Page 97 of 112
22. Risk Factor : Vc5-AD9: Issues with authorities
Description :
Owner :
Reference : Oi1122
Risk Theme :

Likelihood Rare QD
Value Month
Existing Controls

Nett Rating
Create Action
Target Rating
Target Impact N/A
Management Actions
Preventive Develop education program – N/A 17 Apr 2006 17 May 2006 0%
online training & examination
for cyber agents
Page 98 of 112
23. Risk Factor : Vc5-Brn3: Delay in resource replacement
Description : Time delay in replacement of staff at the branches
Owner :
Reference : Oi1123
Risk Theme :
Cause : Perceived slowness in replacement of staff at Cause Category

the branches
Consequence : 1. Potential loss of business focus due to staff Consequence Category

resignation/pinched
2. Competitors might gain our existing
customers

Impact Moderate
Value Month
Existing Controls
Control Impact Satisfactory

Nett Rating
Create Action
Nett Likelihood Almost Certain QC To be reviewed Plan
Target Rating
Target Impact N/A
Management Actions
Preventive HC to speed up re-deployment N/A 17 Apr 2006 31 May 2006 0%
& replacement of key positions
Page 99 of 112
24. Risk Factor : Vc5-Brn4: Negative effects of centralization process
Description : Centralization of key operational functions might have negative impact to branches
Owner :
Reference : Oi1124
Risk Theme :
Cause : 1. Perceived slow operational process in Cause Category

supporting branches.
2. Lack of focus on the operational issues
affecting branches
Consequence : Possible negative impact to agents and Consequence Category

customers at the branches

Impact Moderate
Value Month
Existing Controls

Nett Rating
Create Action
Target Rating
Target Impact N/A
Management Actions
Preventive Demand SLA from HQ N/A 17 Apr 2006 17 May 2006 0%
Operations on key processes
Page 100 of 112

25. Risk Factor : Vc5-S/MS2: Delay due to system incompatibility
Description :
Owner :
Reference : Oi1125
Risk Theme :

Impact Moderate
Value Month
Existing Controls

Nett Rating
Create Action
Target Rating
Target Impact N/A
Management Actions
Preventive Work very closely with IT; N/A 17 Apr 2006 17 May 2006 0%
constant communications with
agents
Page 101 of 112

26. Risk Factor : Fs3-Fs3.25-1: Process Risk – bonus allocation practice needs to be streamlined in order to
avoid confusion for Operations upon claim payment & bonus declaration
Description : Note: FS3 Finance & Risk Management – FS3.25 Aligning Various Bonus Practices of
Participating Policies - Actuarial (Life)
Owner :
Reference : Oi1126
Risk Theme :

Impact Catastrophic
Value Month
Existing Controls
Control Impact N/A

Nett Rating
Create Action
Nett Impact N/A
Target Rating
Target Impact N/A
Management Actions
Preventive Recommend a common N/A 17 Apr 2006 17 May 2006 0%
practice
Page 102 of 112

27. Risk Factor : Fs3-Fs3.27-1:Process Risk – retention limits need to be streamlined for practical purposes & to
avoid confusion for underwriters
Description : e.g. if a customer buys 2 products with different retention at the same time, which retention
to apply ? Have to consider accumulation of risk per life.
Note: FS3 Finance & Risk Management – FS3.27 Consolidation of MNI & MLA Reinsurance
Treaties - Actuarial (Life)
Owner :
Reference : Oi1127
Risk Theme :

Likelihood Rare QD
Value Month
Existing Controls
Control Impact N/A

Nett Rating
Create Action
Nett Impact N/A
Target Rating
Target Impact N/A
Management Actions
Preventive Review reinsurance N/A 17 Apr 2006 17 May 2006 0%
arrangements to identify
affected risks.
Preventive Notify reinsures & Operations. N/A 17 Apr 2006 17 May 2006 0%
Page 103 of 112

28. Risk Factor : Fs3-Fs3.27-2: Process Risk – consolidation of various treaties for better management of risks
and to avoid duplication of risks covered as this could lead to a dispute when a claim arises.
Description : Note: FS3 Finance & Risk Management – FS3.27 Consolidation of MNI & MLA Reinsurance
Treaties - Actuarial (Life)
Owner :
Reference : Oi1128
Risk Theme :

Likelihood Rare QD
Value Month
Existing Controls
Control Impact N/A

Nett Rating
Create Action
Nett Impact N/A
Target Rating
Target Impact N/A
Management Actions
Preventive Identify treaties for N/A 17 Apr 2006 17 May 2006 0%
consolidation.
Preventive Negotiate with reinsures to N/A 17 Apr 2006 17 May 2006 0%
maintain the best terms &
conditions
Page 104 of 112

29. Risk Factor : Fs3-Fs3.29-1:Operational Risk – Data integrity issue arise in order to compile historical data
for corresponding new financial period. Data resides in multiple systems and no base for
reconciliation.
Description : Note: FS3 Finance & Risk Management – FS3.29 Aligning MNI & TN IBNR Data for Reserving
Period Ending 30 June - Actuarial (General)
Owner :
Reference : Oi1129
Risk Theme :

Impact Catastrophic
Value Month
Existing Controls
Control Impact N/A

Nett Rating
Create Action
Nett Impact N/A
Target Rating
Target Impact N/A
Management Actions
Preventive To engage a consultant to do N/A 17 Apr 2006 17 May 2006 0%
IBNR computation for FYE
30/06/2006 without having to
tabulate historical date for
corresponding new financial
period.
Page 105 of 112

30. Risk Factor : Fs3-Fs3.30-1: Process Risk – availability of detailed historical information of assets, liabilities
& products for all entities
Description : Note: FS3 Finance & Risk Management – FS3.30 Harmonization of actuarial reports
Owner :
Reference : Oi1130
Risk Theme :

Likelihood Rare QD
Value Month
Existing Controls
Control Impact N/A

Nett Rating
Create Action
Nett Impact N/A
Target Rating
Target Impact N/A
Management Actions
Preventive Identify information required N/A 17 Apr 2006 17 May 2006 0%
Preventive Review & determine N/A 17 Apr 2006 17 May 2006 0%

assumptions
Page 106 of 112

31. Risk Factor : Vc1-IT5: Process Risks – delay in approval of the system
Description : 1. The IT team noted that there is a timeline need to be met by the business side by
September 06. As such, IT need to complete the approval process by June 06 to support the
above.
2. As at to date, the PMO had resolved the approval issues, nevertheless the matter remain as
‘Watch List Issues’ as it is remain relevant if left unchecked
Owner :
Reference : Oi1131
Risk Theme :
Cause : 1. Lengthy process of compliance and various Cause Category

levels of approval.
2. Uncertainty over the systems and models
to use.
3. Uncertainty in term of commitment and
input from users.
4. Uncertainty in term of responsiveness of
vendor(s) to clarification and RFP.
Consequence : 1. Delay in operation for the enlarged entity Consequence Category

2. Inability to meet merger objective

Impact Moderate
Value Month
Existing Controls
Preventive High awareness of key dependencies and N/A
communication of the same to the whole
project team

Nett Rating
Create Action
Target Rating
Target Impact Minor
Management Actions
Detective To prepare and review N/A 01 May 2006 30 Jun 2006 0%
approval timeline for all
projects and to ensure that the
timeline will consider the
above uncertainties as
identified in the causes and
contingency measures.
Page 107 of 112

32. Risk Factor : Vc1-IT3: Process Risks due to resources issues – Disruption/delay to existing operation
Description : 1. Staff involved in the projects must at the same time support existing business at respective
business entity concurrently.
2. The concern is if there is a need for the staff to attend to business, the resources will be
pulled back from the project hence creating a void to the team.
3. A time bomb issues during full fledge implementation of the integration program.
Owner :
Reference : Oi1132
Risk Theme :
Cause : 1. Lack of full time resources commitment. Cause Category

2. Unavailability of immediate replacement.
Consequence : 1. Impact to existing operation Consequence Category

2. Schedule overrun
3. Cost overrun

Impact Moderate
Value Month
Existing Controls
Preventive High awareness on commitment and N/A
support from respective entities

Nett Rating
Create Action
Target Rating
Target Impact Minor
Management Actions
Preventive To request from the PMO for a N/A 16 Jun 2006 15 Jul 2006 0%
full time resources to be
allocated to the projects
Preventive To built in contingency with N/A 16 Jun 2006 16 Jul 2006 0%
regards to resources allocation
within the team
Preventive For a package system which N/A 16 Jun 2006 15 Jul 2006 0%
highly dependant on vendor,
the team will acquire the
vendor assistance to look for
possible arrangement for
external support and
resources.
Page 108 of 112

33. Risk Factor : Vc1-IT6: Process Risks – user requirements poorly defined
Description : 1. Not thoroughly defining the requirements before starting, consequently not understanding
the true work effort, skill sets and technology required to complete the project.
2. Complexity of the requirements i.e. merging of the Takaful & conventional, mudharabah &
wakalah, FRS139 & existing accounting practices etc.
3. The success of any project dependent on commitment to deliverables and responsibilities.
Owner :
Reference : Oi1133
Risk Theme :
Cause : 1. Poor resources commitment and Cause Category

coordination i.e. lack of active participation by
end user.
2. Unavailability of full time resources.
3. Limited resources anticipated due to heavy
reliance on key personnel.
Consequence : 1. Poor business requirement sign off resulted Consequence Category

in poor test cases developed, business
scenarios or rules missing and impact to the
test plan.
2. System developed or integrated mismatch
and does not meet business requirement or
expectation
3. Cost overrun due to variation order as a
result of changing requirements

Impact Moderate
Value Month
Existing Controls
Detective Project manager and/or business analyst Weekly N/A
engage for the respective project to
provide report to Project Steering on
regular basis to ensure the adequacy and
quality of business requirement. Any
shortcomings are to be reported via the
escalation process established by the
merger PMO.
Detective Establishment and close monitoring of Weekly N/A
respective project charter.
Detective Establishment and close monitoring of Weekly N/A
respective project charter.

Nett Rating
Create Action
Target Rating
Target Impact Minor
Management Actions
Preventive To prepare and review N/A 16 May 2006 30 Jun 2006 0%
approval timeline for all
Page 109 of 112

project and to ensure that the
timeline will consider the
above uncertainties as
identified in the causes and
contingency measures.
Preventive To propose for a dedicated N/A 16 Jun 2006 15 Jul 2006 0%
team to be appointed for the
initiatives.
Preventive To use Maybank resources to N/A 16 Jun 2006 15 Jul 2006 0%
do project QA
Preventive Appointment of business N/A 01 Jun 2006 30 Jun 2006 0%
analyst
Page 110 of 112

34. Risk Factor : Vc1-IT7: Data Quality and Integrity Risks
Description : 1. Complexity of the conversion activity
2. Discrepancies/errors in source data especially for the life policies
3. Old data
Owner :
Reference : Oi1134
Risk Theme :
Cause : 1. Degree of complexity of the migration and Cause Category

conversion required
- Different coding used by different systems
2. Product specification not available for
developing conversion specifications
3. Data kept outside the core system
Consequence : 1. Operational issues Consequence Category

2. Project schedule overrun
3. Cost overrun

Impact Major
Value Month
Existing Controls
Preventive Data cleansing before implementing As Appropriate N/A
Preventive Conversion planning and strategy As Appropriate N/A

Nett Rating
Create Action
Nett Likelihood Likely QA May Need Plan
Target Rating
Target Impact Minor
Management Actions
Preventive To establish specific data N/A 01 Aug 2006 15 Sep 2006 0%
migration and conversion risk
scorecard to ensure all specific
risks details addressed
Page 111 of 112

Risk Quadrant Legend : QA - Very Significant
QB - High
QC - Medium
QD - Low
Page 112 of 112

Post Merger Scorecard

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Post Merger Scorecard

Hochgeladen von

Copyright:

Verfügbare Formate

Takaful Nasional Sdn Berhad

CORPORATE RISK SCORECARD REPORT

1. Risk Factor : Fs4-1:Reputation Risk

Cause : Cause Category

Consequence : Consequence Category

Gross Risk Ratings Gross Rating

Nett Rating Current Status Action

Cause : Cause Category

Consequence : Consequence Category

Gross Risk Ratings Gross Rating

Nett Rating Current Status Action

Cause : Cause Category

Consequence : Consequence Category

Gross Risk Ratings Gross Rating

Nett Rating Current Status Action

Cause : Cause Category

Consequence : Consequence Category

Gross Risk Ratings Gross Rating

Nett Rating Current Status Action

Consequence : Possible negative impact to agents and Consequence Category

Gross Risk Ratings Gross Rating

Nett Rating Current Status Action

Cause : 1. Inability to hire competent and capability Cause Category

Consequence : 1. Regulatory non compliance Consequence Category

Gross Risk Ratings Gross Rating

Nett Rating Current Status Action

Cause : 1. Lack of possible focus on the business Cause Category

Consequence : Potential loss of business opportunities Consequence Category

Gross Risk Ratings Gross Rating

Nett Rating Current Status Action

Cause : 1. Lack of identification and development of Cause Category

Consequence : 1. Lack of ability to kick start and implement Consequence Category

Gross Risk Ratings Gross Rating

Nett Rating Current Status Action

Description : Loss of staff due to resignation, pinching and etc.

Cause : 1. Staff morale being affected during the Cause Category

Consequence : 1. Potential loss of business focus due to staff Consequence Category

Gross Risk Ratings Gross Rating

Nett Rating Current Status Action

Cause : Cause Category

Consequence : Consequence Category

Gross Risk Ratings Gross Rating

Nett Rating Current Status Action

Cause : Cause Category

Consequence : Consequence Category

Gross Risk Ratings Gross Rating

Nett Rating Current Status Action

Cause : 1. Lack of properly define incentive scheme Cause Category

Consequence : 1. Low motivation to develop Group business Consequence Category

3. Ineffective in managing and monitoring

Gross Risk Ratings Gross Rating

Nett Rating Current Status Action

Cause : 1. Different governance and investment Cause Category

Consequence : 1. Asset-liability mismatching risk Consequence Category

Gross Risk Ratings Gross Rating

Nett Rating Current Status Action

Cause : 1. Different governance and investment Cause Category

Consequence : 1. Asset-liability mismatching risk Consequence Category

Gross Risk Ratings Gross Rating

Nett Rating Current Status Action

Cause : 1. Non adoption of investment management & Cause Category

Consequence : 1. Potential lower yield in fixed income Consequence Category

Gross Risk Ratings Gross Rating