RSK2601
Assignment 1 Semester 2 2025
2 2025
Unique Number:
Due date: 28 August 2025
CASE STUDY 1: UBUNTU HOLDINGS (PTY) LTD
QUESTION 1
Here are the seven core ERM components Ubuntu Holdings should put in place (aligned to
ISO 31000/COSO and your context):
1. Corporate governance
Board and executive oversight with a clear charter, risk appetite and tolerance, defined roles
(Board, Audit/Risk Committee, CRO, management), and regular risk reporting and
assurance.
2. System of internal control
A strong control environment and control activities across finance, operations, HSE, legal
and compliance, with monitoring and corrective actions to safeguard assets and shareholder
value.
DISCLAIMER & TERMS OF USE
Educational Aid: These study notes are intended to be used as educational resources and should not be seen as a
replacement for individual research, critical analysis, or professional consultation. Students are encouraged to perform
their own research and seek advice from their instructors or academic advisors for specific assignment guidelines.
Personal Responsibility: While every effort has been made to ensure the accuracy and reliability of the information in
these study notes, the seller does not guarantee the completeness or correctness of all content. The buyer is
responsible for verifying the accuracy of the information and exercising their own judgment when applying it to their
assignments.
Academic Integrity: It is essential for students to maintain academic integrity and follow their institution's policies
regarding plagiarism, citation, and referencing. These study notes should be used as learning tools and sources of
inspiration. Any direct reproduction of the content without proper citation and acknowledgment may be considered
academic misconduct.
Limited Liability: The seller shall not be liable for any direct or indirect damages, losses, or consequences arising from
the use of these notes. This includes, but is not limited to, poor academic performance, penalties, or any other negative
consequences resulting from the application or misuse of the information provided.
, For additional support +27 81 278 3372
CASE STUDY 1: UBUNTU HOLDINGS (PTY) LTD
QUESTION 1
Here are the seven core ERM components Ubuntu Holdings should put in place
(aligned to ISO 31000/COSO and your context):
1. Corporate governance
Board and executive oversight with a clear charter, risk appetite and tolerance,
defined roles (Board, Audit/Risk Committee, CRO, management), and regular risk
reporting and assurance.
2. System of internal control
A strong control environment and control activities across finance, operations, HSE,
legal and compliance, with monitoring and corrective actions to safeguard assets
and shareholder value.
3. Dedicated risk resources
A competent risk function led by the CRO (risk champions in business units, training,
tools and systems) to implement, coordinate and continuously improve ERM.
4. Risk management framework
An organisation-wide framework that embeds risk at strategic, tactical and
operational levels, setting context, roles, escalation paths, reporting lines and
integration with strategy, budgeting and project lifecycles.
5. Risk management policy
A Board-approved policy linking risk to corporate objectives, stating principles,
appetite/tolerance, responsibilities, and minimum standards for identifying,
assessing, treating and reporting risks.
6. Risk management process
A standard process: establish context; identify risks; analyse and evaluate; select
responses (avoid, reduce, transfer, accept, exploit); implement controls/actions;
monitor and review; and communicate and consult—supported by registers, KRIs,
incident/near-miss capture and assurance.
Assignment 1 Semester 2 2025
2 2025
Unique Number:
Due date: 28 August 2025
CASE STUDY 1: UBUNTU HOLDINGS (PTY) LTD
QUESTION 1
Here are the seven core ERM components Ubuntu Holdings should put in place (aligned to
ISO 31000/COSO and your context):
1. Corporate governance
Board and executive oversight with a clear charter, risk appetite and tolerance, defined roles
(Board, Audit/Risk Committee, CRO, management), and regular risk reporting and
assurance.
2. System of internal control
A strong control environment and control activities across finance, operations, HSE, legal
and compliance, with monitoring and corrective actions to safeguard assets and shareholder
value.
DISCLAIMER & TERMS OF USE
Educational Aid: These study notes are intended to be used as educational resources and should not be seen as a
replacement for individual research, critical analysis, or professional consultation. Students are encouraged to perform
their own research and seek advice from their instructors or academic advisors for specific assignment guidelines.
Personal Responsibility: While every effort has been made to ensure the accuracy and reliability of the information in
these study notes, the seller does not guarantee the completeness or correctness of all content. The buyer is
responsible for verifying the accuracy of the information and exercising their own judgment when applying it to their
assignments.
Academic Integrity: It is essential for students to maintain academic integrity and follow their institution's policies
regarding plagiarism, citation, and referencing. These study notes should be used as learning tools and sources of
inspiration. Any direct reproduction of the content without proper citation and acknowledgment may be considered
academic misconduct.
Limited Liability: The seller shall not be liable for any direct or indirect damages, losses, or consequences arising from
the use of these notes. This includes, but is not limited to, poor academic performance, penalties, or any other negative
consequences resulting from the application or misuse of the information provided.
, For additional support +27 81 278 3372
CASE STUDY 1: UBUNTU HOLDINGS (PTY) LTD
QUESTION 1
Here are the seven core ERM components Ubuntu Holdings should put in place
(aligned to ISO 31000/COSO and your context):
1. Corporate governance
Board and executive oversight with a clear charter, risk appetite and tolerance,
defined roles (Board, Audit/Risk Committee, CRO, management), and regular risk
reporting and assurance.
2. System of internal control
A strong control environment and control activities across finance, operations, HSE,
legal and compliance, with monitoring and corrective actions to safeguard assets
and shareholder value.
3. Dedicated risk resources
A competent risk function led by the CRO (risk champions in business units, training,
tools and systems) to implement, coordinate and continuously improve ERM.
4. Risk management framework
An organisation-wide framework that embeds risk at strategic, tactical and
operational levels, setting context, roles, escalation paths, reporting lines and
integration with strategy, budgeting and project lifecycles.
5. Risk management policy
A Board-approved policy linking risk to corporate objectives, stating principles,
appetite/tolerance, responsibilities, and minimum standards for identifying,
assessing, treating and reporting risks.
6. Risk management process
A standard process: establish context; identify risks; analyse and evaluate; select
responses (avoid, reduce, transfer, accept, exploit); implement controls/actions;
monitor and review; and communicate and consult—supported by registers, KRIs,
incident/near-miss capture and assurance.
