RSK4801

Suggested Solutions
Operational Risk Management

RSK4801
Year module

Department of Finance, Risk Management

and Banking
1. PURPOSE OF THE ASSIGNMENT AND ASSESSMENT ON POSTGRADUATE LEVEL

The purpose of this assignment was to cover the fundamentals of the module and to prepare
students to answer essay questions based on case studies. Assessment plays an important role in
the learning process and there are different types of performance standards that one can use
when assessing performance. This module is based on the mastery of specified learning
outcomes, which, together with the assessment criteria, are included in your study guide and
Tutorial Letter 101. Standards for accrediting qualifications are set by the South African
Qualifications Authority (SAQA), which oversees the National Qualifications Framework (NQF).

The two assignments form part of the formative assessment in this module. They are used to
assess your progress during the year and provide feedback which you can use to improve your
future performance in this module. In addition to being assessed on the learning outcomes of the
module, you will also be assessed on the critical cross- field outcomes (CCFOs) associated with
the module and with postgraduate studies in general. These CCFOs are generic outcomes that
inform all teaching and learning and have been integrated with the formative and summative
assessment in this module. The following table indicates the appropriate CCFOs and the

practical examples for assessment.

CCFO EXAMPLE

Organising and managing oneself and Submitting your completed assignment on or

one’s activities responsibly and before the due date is an indication that you
effectively have mastered this outcome
Collecting, analysing, organizing and Searching for other sources, incorporating
critically evaluating information different views and forming a substantiated
opinion is an indication that you have mastered
this outcome
Communicating effectively using Adhering to the technical requirements for an
language skills in written presentation essay/case assignment is an indication that
you have mastered this outcome

For more information in the CCFOs, please visit the South African Qualifications
Authority (SAQA) website at http://www.saqa.org.za.

At this early stage of your learning experience we have to sound a warning. Simply memorising
and presenting the content of your prescribed books will definitely lead to poor results. It is our duty
and privilege to give you the guidance and assistance necessary to make your learning experience

2
 RSK4801/201

at UNISA worthwhile. However, as a postgraduate student you are responsible to ensure that
you pass this module. This means that you have to work on a regular basis throughout the
year. We will give you all the support that we possibly can but, ultimately, it is up to you to decide
how you are going to master the required skills. We strongly encourage you to either form
study groups with fellow students in your area or to join an online study group via myUnisa.

3
SUGGESTED SOLUTIONS FOR ASSIGNMENT 01

An announcement with general feedback on Assignment 01 will be made during August. The
purpose is to highlight general mistakes and guidelines and areas for improvement.

The assessment has been done by considering the questions as a whole. A mark has been be
allocated on a rubric for every question. Please note that each question was rated in its totality and
not by counting the different ticks. (One tick does not represent one mark).

4
 RSK4801

Question 1 30 Marks

The purpose of this question was to introduce students to learning with case study. You were therefore required to read the Benchmark case
critically with the objective to have an understanding of the facts presented in the case study, and then to compare the facts of the case with a
theoretical framework – in this instance, the requirements of the King III report with regard to risk management and internal audit. Although the
focus of this course is not on the King III report, it provides the context for the operational risk framework, which is important f or the module.

Suggested solution

KING III BENCHMARK GAP AND RECOMMENDATIONS

Governance of risk The key elements within governance structure A bank with such a complex structure and
The board’s responsibility for risk relevant to this matter are: products should have a Board Risk
governance Board and board committees: Committee (which was established at a later

∙ The board should be responsible for  Main Board (the Board). stage).

the governance of risk  Board Audit Committee (BAC).

 Board Risk Committee.
∙ The board should determine the
levels of risk tolerance
Benchmark only had an audit committee but not Matters reported by internal, external audit
∙ The risk committee or audit a risk committee. The risk committee was and the regulators should have been tabled
committee should assist the board in established later. The audit committee acted as at the main board for notice and discussion.
carrying out its risk responsibilities the risk committee, but due to the workload,
 The board should delegate to insufficient attention was given to risk.
management the responsibility to design,
Although there was no formal delegation of Management should have be reprimanded
implement and monitor the risk
market risk monitoring functions to the BAC prior for not rectifying audit findings and concerns
management plan
to the formation of the BRC, it is arguable that raised by the regulator.
Risk assessment
the BAC took on a market risk monitoring role in
∙ The board should ensure that risk
the absence of explicit market risk oversight and
assessments are performed on a monitoring that occurred at Board level. There is
continual basis
also evidence to suggest that BAC had a
∙ The board should ensure that number of opportunities to discuss market risk
frameworks and methodologies are management issues in 2011, principally due to
implemented to increase the the elevation of issues via the Regulator’s letter
probability of anticipating and the external auditor, JAFUA
unpredictable risks
The audit committee did not escalate the
The board should ensure that
potential seriousness of limit excesses to the
management considers and implements
main board. Management was also effective in
appropriate risk responses
downplaying the potential impact of these
The board should ensure continual risk
events.
monitoring by management
The board should receive assurance Even though internal concerns about traded
regarding the effectiveness of the risk market risk, the integrity of the VaR measures
management process and the operation of currency options desk were
The board should ensure that there are raised and discussed internally by executive
processes in place enabling complete, management within CIB and MR&PC. These
timely, relevant, accurate and accessible issues and concerns do not appear to have

6
 RSK4801/201

risk disclosure to stakeholders been elevated through the available escalation

channels by executive management to the BAC
Audit committees through the various escalation channels that
The board should ensure that the existed.
company has an effective and
independent audit committee. The audit committee was also ineffective with

Membership and resources of the audit dealing with adverse reporting by the regulators
as it did not table the report at the main board.
committee
The report included comments on:
∙ Audit committee members should be
suitably skilled and experienced lax approach to limit management;
independent non-executive directors culture of poor adherence to risk
∙ The audit committee should be management policies;

chaired by an independent non- inadequate sourcing of revaluation rates;

executive director problems with interfaces to the Infinity risk
Responsibilities of the audit committee engine;
The audit committee should oversee no formal validation or back-testing for the
integrated reporting bank’s approved VaR model; and
∙ The audit committee should ensure inadequate stress testing.
that a combined assurance model is
The BRC was created by the Board in August
applied to provide a coordinated
2011, its charter was approved by the Board in
approach to all assurance activities
October and its first meeting was in November.
Internal assurance providers
Under the BRC reporting framework, the risk
∙ The audit committee should satisfy and finance functions reporting to the BRC

7
 itself of the expertise, resources and would report on risk strategy, appetite and
experience of the company’s finance control frameworks. These divisions will then
function report the outcomes of control frameworks to

∙ The audit committee should be BAC. The BRC would address all elements of
responsible for overseeing of internal risk including market risk, although it was
audit acknowledged that credit risk would be a
significant component of the Committee’s
∙ The audit committee should be an
deliberations.
integral component of the risk
management process
In particular, the BRC’s charter explicitly notes
The audit committee is responsible for
that it is to “ Ensure that the Group has a
recommending the appointment of the
comprehensive independent market risk control
external auditor and overseeing the
framework in operation” and it is to “ Review and
external audit process
The audit committee should report to the set Value at Risk (VaR) limits” .
board and shareholders on how it has
At the BRC meeting in November 2011, the
discharged its duties
BRC received an overview of the market risk
profile of CIB and the risk measurement
Compliance with laws, rules, codes andframework from the Head of MR&PC. It was
standards
noted that the average usage for 2010/2011 was
The board should ensure that the
approximately R22.4 million, which was well
company complies with applicable laws
within the maximum VaR limit for the group of
and considers adherence to nonbinding
R80 million. Although the analyses of VaR by
rules, codes and standards
region and product were reviewed, there is no
The board and each individual director
record of discussion or escalation of VaR sub-

8
 RSK4801/201

should have a working understanding of limit breaches at the BRC even though these
the effect of the applicable laws, rules, were well known by MR&PC at the time.
codes and standards on the company
and its business
Internal Audit completed a number of reports on
Compliance risk should form an integral
the operation of the currency options desk,
part of the company’s risk management
including an assessment of internal controls and
process
the currency options trading system. For

The board should delegate to management example, in 2009, internal audit rated and raised
the implementation of an effective issues defined as “Serious matters for the
compliance framework and processes attention of the Managing Director and
reportable to BAC”. However, under a revised
Internal Audit rating system for the elevation and escalation of

The board should ensure that there is an audit issues to the BAC, these serious issues
effective risk based internal audit were not raised for consideration and discussion
Internal audit should follow a risk based at the BAC.
approach to its plan
Among the lessons identified from the other
Internal audit should provide a written
banks’ failings, the report noted that alarm bells
assessment of the effectiveness of the
should ring when the following occur:
company’s system of internal controls
“Weaknesses identified by Audit or
and risk management
Regulators are not quickly and permanently
The audit committee should be
resolved;
responsible for overseeing internal audit
breaches of limits are not quickly and
Internal audit should be strategically
independently investigated; and

9
 positioned to achieve its objectives there is a culture that allows undue influence
or bullying to prevail over due process.”

Even though internal concerns about traded

market risk, the integrity of the VaR measures
and the operation of currency options desk were
well known to internal audit because of its past
reviews of the desk, these issues and concerns
do not appear to have been elevated to BAC
because they were below the internal audit
threshold for issue escalation.

The Head of Internal Audit reported regularly to

the BAC in the form of summaries of internal

audit work completed and the elevation and
presentation of serious audit issues within the
business. In addition to regular attendance at
BAC meetings, the Head of Internal Audit was
able to meet in private sessions with members
of the BAC when necessary to elevate and
escalate concerns about risk management and
internal controls

Regular meetings are scheduled between

internal audit and external audit at both the
highest and senior management level. Between
10
 RSK4801/201

February and August 2010, an ADFA partner,

was seconded to take up the position as Acting
Head of CIB Internal Audit. It appears that the
regular scheduled meetings between the ADFA
secondment and their external audit counterpart
did not take place. It is likely that this adversely
impacted on the level of communication
between internal audit and external audit over
this period.

The underlying principle is that the board and even its committees were starved of reliable business intelligence i.e. proper feedback on the
findings of the regulators, external auditors, internal auditors and the risk management function. CIB management was also able to suppress
information and ridicule the assurance providers. Furthermore, no one was prepared to ask the tough questions and proper explanations. The
culture of the bank did not encourage open and frank communication.

The workload of the audit committee was also unacceptable and reports highlighting control weaknesses did not receive sufficient attention.
Another problem is whether all the people on the audit committee had sufficient understanding of the implications of some of the control
weaknesses and regulatory concerns would have been understood even if it did make it to the agenda of the meeting.

Hindsight remains perfect and it is possible to draw parallels to the conduct of Benchmark’s board to events that are currently unfolding in both
the public and private sector in South Africa.

11
 RSK4801

Question 2 20 Marks

The purpose of the question was to give students the opportunity to classify risks in terms of the risk
definitions and to demonstrate how difficult it sometimes is to classify risks, as the consequence of
the event can caused by a number of different factors. In practice, this is known as the boundary
effect.

Although it may appear to be trivial, the impact on the profitability of a department or division can be
impacted significantly due to loss events. Banks and insurers also have to calculate regulatory
capital, and for operational risk and loss experience is one of the factors considered to calculate the
capital. The incorrect classification of risk can therefore have a significant impact on a department or
division, both from a profitability and regulatory capital aspect.

The identification and classification of risk are also important for exam purposes as you will be
required to identify and classify risk. You will not receive marks where the risks are incorrectly
classified.

Below is the suggested solution for the classification of the events. We added an explanation
where there is a boundary effect. Work through the examples and ensure that you
understand the reasoning for the classification. You needed to convert the foreign exchange in
the loss register to South African Rand. To convert American Dollar (USD) to rand, multiply the
dollar amount with the exchange rate e.g. $1000 x 7.11789 = R7 117.89. You can use the same
principle for the other currencies.
 RSK4801

DESCRIPTION CREDIT MARKET OPERATIONAL RISK

PEOPLE PROCESS SYSTEMS EXTERNAL

Trader on the FX desk processed R 151,975.99

the transaction as buy instead of
sell
AML function took wrong R 1,573,035.00
directional view on interest rates.
Loss on swap curve.
Bond options trader captured R 604,980.02
expiry date wrong
SAFEX penalty for late margin R 100,000.00
calls. Clearing House official did
not contact broker for payment.
JSE penalty for late bond R 150,000.00
settlements. Missed settlement
window due to offshore
counterparty processing
transaction late.
customer claim for bad R 150,000.00
derivatives investment advice
Interest on late Citi Bank R 249,129.30
collateral calls. Incorrect
calculation by clerk
Duplicate payment to Lloyds R 231,288.00
Bank
Payment to Sumitomo into wrong R 14,553.07
act loss was ¥156312 due to
change in currency
Payment fraud by Triad syndicate R 6,500,000.00
 DESCRIPTION CREDIT MARKET OPERATIONAL RISK

PEOPLE PROCESS SYSTEMS EXTERNAL

JSE penalty for late settlements. R 450,000.00

Recon outstanding for cleared
funds.
Goodwill payment to Big Shot Ltd R 600,000.00
because business online was
down over month end
Fraud due to sharing of R 300,000.00
passwords by payment staff
Teller difference R 15,687.00

Teller difference R 5,962.00

Teller difference R 1,114.00

Teller difference - new teller R 214,509.00

Polokwane branch R 100,250.00

Staff fraud R 56,000.00

Fraudulent payment by staff R 30,000.00

member
Cash centre R 15,600,000.00

BA 800 submitted incorrectly R 5,000.00

Teller difference R 32,418.00

14
 RSK4801/201

DESCRIPTION CREDIT MARKET OPERATIONAL RISK

PEOPLE PROCESS SYSTEMS EXTERNAL

Teller difference R 35,167.00

Stolen cheque book Bob Mugabe R 10,000.00

Loaded incorrect ATM fee R 235,145.00

increases for July - EXCO decided
not to backdate increases for
sensitivity to reputational risk
Staff fraud R 342,190.00

Lost guarantee P Pompies R 500,000.00

BA 800 submitted incorrectly R 10,000.00

(Jun)
Irrecoverable losses due to not R 753,451.00
follow up of excess reports
Bad debt written off: JMM R 2,567,000.00
Construction
Bad debt written off: BC R 654,789.00
Construction Supplies
Access payment for motor car R 5,000.00
accident claim
Access payment for motor car R 5,000.00
accident claim
Access payment for motor car R 5,000.00
accident claim
Late registration of bonds due to R 105,678.00
strike - penalties/interest claims

15
 DESCRIPTION CREDIT MARKET OPERATIONAL RISK

PEOPLE PROCESS SYSTEMS EXTERNAL

to customers

Staff fraud R 10,300.00

Staff fraud R 53,800.00

Teller difference R 23,749.00

Teller difference R 43,671.00

Interest claim by client because R 73,421.00

of bad service (customer not
informed of change in interest
rates)
Commodities trader captured R 317,291.08
incorrect amount
Write off due to incorrect model R 150,000.00
parameters on 5 year CDO
Embossing fraud - card cloned CR R 15,000.00

Charge back recon differences R 256,896.00

Interest claim due to late SWIFT R 15,352.00

transfer
Processing official used incorrect R 7,829.78
rate
Damage to premises due to ATM R 7,000,000.00
bombings (consolidated)

16
 RSK4801/201

DESCRIPTION CREDIT MARKET OPERATIONAL RISK

PEOPLE PROCESS SYSTEMS EXTERNAL

ATM bombings (money stolen) R 11,890,650.00

Branch teller differences R 165,631.00

TOTAL PER CATEGORY R 3,221,789.00 R 1,573,035.00 R 4,470,542.24 R 1,506,896.00 R 600,000.00 R 41,015,650.00

NUMBER OF EVENTS 2 1 35 5 1 6

The purpose of the histograms were to give you the opportunity to graphically illustrate the final classification, frequency and
amounts of the events in the risk register. Few students indicated either the frequency or the amounts. The histograms were also
not discussed and the presentation to EXCO would have been unacceptable.

17
 RSK4801

Question 3 30 Marks

Operational risk definition

Operational risk is the risk of losses due to inadequate or failed internal processes, systems and
people and external events. This can include legal risk, but excludes reputational and strategic
risk. The factors for ops risk are clear in order to make it possible to be measured. As soon as it

can be measured it can be managed effectively. It includes legal risk as legal risk can be
measured in terms of losses suffered in terms of penalties and fines as a result of breaches of
contracts and regulations for example. It usually excludes reputational and strategic risks as
these risks are difficult to measure and thus to manage as a specific risk type.

Benefits of operational risk

The benefits of operational risk management are discussed in Chapter 2 of the prescribed book.

Operational risk framework

Risk management should start with the analysis of the overall business strategy and objectives
of the organisation and subsequent changes to the strategy should also be considered and
changes made where necessary. An operational risk management framework also enables the
practical implementation governance. Governance provides an over-arching organisational
structure within the organi sation’s culture and also establishes the three lines of defence i.e. line
management, risk management and the independent assurance providers.

The operational framework can take many forms and the frame most often used is:

Identify the risks

The first step in the process is to understand the business in order to identify the risks. Methods
that can be used to gain an understanding of the business and to identify risks are inter alia:

Workshops and interviews

Questionnaires
Risk process follow analyses

Checklists

Losses history
The purpose of the process should also be clear in order to ensure to raise awareness, track the
risks and assess the financial impact of the risks.
 RSK4801/201

Evaluate the risks

Risk evaluation is the assessment and measurement of the identified risk exposures with the
aim to manage and control the risks. In order to do this, the risks should be measured to enable
management to manage it.

Operational risk can be measured in quantitative and qualitative terms. The quantitative
approach aims to quantify risk in numerical terms. The qualitative approach aims to evaluate the
risk exposures that cannot be calculated. The risk exposure are analysed in terms of rating
scales to determine the possible impact and likelihood of the risk events.

Control the risks

Once the risks have been evaluated, strategies can be developed to control the risks. Risks can
be preventative, detective or contingent. The objectives of a risk control programme will be to
reduce the potential effect of the loss and to prevent the likelihood of the risk occurring.
The control strategies can be to avoid the risk, transfer the potential effect of the loss event,
accept the consequences or improve the internal control measures to manage the risk.

Finance
The aim of risk financing is to ensure that the cost of risk and the cost of the risk management
process do not exceed the potential benefits provided to the organisation. The risk management

process can therefore require a pre-financing or post-financing policy. The pre-financing of

operational risk can include methods such as insurance or self-insurance, while post-financing
can include the use of cash resources or debt.

Monitoring
The monitoring of risk includes regular management and supervisory activities and the other
actions employees undertake in their daily activities. It is important that senior management is
involved in the monitoring of risk. Reporting forms an integral part of the monitoring process.

Reports can be produced for different users e.g. the external stakeholders such as regulators
and the shareholders, internal stakeholders at strategic level such as the board and EXCO,
senior management and line management.

It is important that the risk is managed as close to the source as possible. The different levels of
users will have different objectives e.g. the board and EXCO will need less frequent reports to
enable them to manage trends and evaluate the strategies in contrast to line management that
need more frequent reports to rectify transactions. Line management requires daily/intra-day
reports, senior management monthly, the board quarterly and shareholders annually.

19
 The risk strategy should consider various risk functions as it determines aspects such as risk
tolerance limits and capital allocation processes. A strategic planning process for operational
risk management consists of the following five steps:

Collate data
Collate the data with respect to the business strategy and objectives to determine the
operational risk management requirements in terms of resources and risk mitigation tools. The
information will also assist with the operational risk management planning process.

Evaluate data
Assists to determine the current operational risk profile. Quantitative and qualitative data are
used to determine the likelihood and impact of potential events on the business. Control self
assessments, key risk indicators and the loss history (internal and external) can be used to
develop the operational risk profile.

Formulate risk management objectives

It is important to determine the short-, medium and long term objectives of managing operational
risk. The short-term action plans must be formulated for the short-term objectives, including the
tools that will be used to execute the plans. The operational risk policy is also important to
support the organisation in achieving its business objectives. It is therefore important that the

policy is approved by the board. Components of the operational risk policy are:

 The operational risk definition

It is important that the organisation should use the same terminology with regard to the definition
and classification of risks, report of direct and indirect losses/cost and near misses and that it is
used consistently through out the organisation.

 Statement on the operational risk appetite

It is important to determine the tolerance of the organisation for a potential loss. This will form
the basis for the formulation of operational risk objectives and should be included in the
operational risk policy.

Monitoring and reporting

Purpose is to monitor the execution of risk management action plans. The use of the operational
risk management tools will enable the risk manager to continuously identify and evaluate
operational risk management exposures and determine the adequacy and effectiveness of the
controls and ultimately ensure the success of the business strategy.

This question was the most theoretical question of the assignment. Most of the
information is availably in the prescribed book. what was important is the structure of the

20
 RSK4801/201

answer to ensure completeness of the framework, but also to argue or explain why you
recommended a specific framework as there are different frameworks in the prescribed
book.

Question 4 20 Marks

Characteristics of risk indicators

Many organisations err in identifying too many indicators and classifying it also as key risk
indicator.

The following can be regarded as characteristics of good risk indicators:

Relevance

The risk indicator must be linked to the organisation’s operational risk exposures and provide
management with a quantum regarding the levels of exposure and degree to which such
exposures are changing over time. It is also important to review indicators periodically for
relevance as it can also change over time from the perspective of the users of the indicator.

Three criteria can be used to determine relevance:

 Specific focus indicators: Focused on a single exposure area.

 General focus indicators: Cover a specific area of activity and provide a general
impression of current exposure levels or activity.

 Common or generic indicators: Can be used anywhere in the business, usually by

adding specific context.

Measurable

Risk indicators must be capable of being measured repeatedly and with certainty. To be
measurable, it should meet the following criteria:

 Must be quantifiable as an amount, percentage, ratio, number or count.

 Must have values which a reasonably precise and a definite quantity

 Must be comparable over time

21
  Must be reported with primary values and be meaningful without interpretation or
some subjective measure.

Predictive

Indicators can provide a leading, lagging or current perspective of the operational risk exposures
of the organisation.

Although there is a need for leading indicators, this is the most difficult to develop as a simple
projection of the future based on historical events will most probably sacrifice accuracy and
therefore reliability. For an indicator to be fully predictive requires significantly more context,
which implies that single indicators by themselves are of little use. To overcome this challenge,
practitioners are moving towards the development of composite or index indicators. An
important requirement to develop a composite or index indicators is to understand both the
causal and underlying relationship with specific datasets to ensure the appropriate groupings of
related indicators.

Lagging indicators provide useful information regarding the historical causes of loss or
exposure. It can also be useful where losses are initially hidden or where changes in historical
trends may reflect changes in circumstances that may have some predictive qualities.

Current indicators provide a current view of operational risk exposures and may identify a
situation that requires attention to reduce an exposure or minimise a loss.

Easy to monitor

Organisations often find it difficult to source the data that can be used for risk indicators,
especially where the data architecture of the organisation is complex. The requirements to ease
the monitoring are:

 The data should be simple and relatively cost effective to collect, quality assured and
distribute.

 The data should be relatively easy to interpret, understand and monitor.

Auditable

Management will place significant reliance on risk indicators and it is therefore important that it is
accurate (sourced and calculated), complete and timely. The operational risk management
department must be satisfied with the quality and as a governance measure, the internal audit
function should include it as part of their audit coverage.

22
 RSK4801/201

Comparability

The indicator identification and selection process of an organisation should assess the level of
comparability with benchmarks in and across the industry to ensure that the users for the
indicators have a better understanding of the exposure levels that the indicator relates to.

Establishing KRIs and KCIs

Identifying KRIs and KCIs can be difficult as each organisation is unique and although industry
benchmarks are available, it still needs to be adapted to suit the individual organisation. The
prescribed book discusses a number of ways that can be used to identify indicators.

To make the use of indicators more effective, organisations establish targets or thresholds to
link indicators with the risk appetite of the organisation and to prioritise indicators for
management purposes. This enables management to focus their efforts where necessary.

It is also important to determine the frequency of recording and reporting the indicator. There is
a direct link between the frequency of the event and the recording and reporting thereof.

Few students referred to the GARP Article. The article illustrate the danger in using only
one metric, especially if the metric is not properly defined. Furthermore, too much
emphasis on one component can lead to the wrong behaviour as experienced by
Walmart/SAMS CLUB and even Benchmark Bank.

[TOTAL 100 MARKS]

REFERENCE
Blunden, T. Thirlwell, J. 2010. Mastering Operational Risk. Harlow: Pearson Education Ltd.

Davies, J. Finlay, M. McLenaghen, T. Wilson, D. 2006. Key Risk Indicators – Their Role in
Operational Risk Management and Measurement. Risk Business International.
http://d.yimg.com/kq/groups/12093474/1290864495/name/McLenaghenTara3.pdf
(Accessed 2011/04/20).

23
King Report on Governance for South Africa 2009. Institute of Directors in Southern Africa

Young, J. 2006. Operational Risk Management: The practical application of a qualitative

approach. Pretoria: Van Schaik Publishers.

24