Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Risk and Advisory Services
Risk and Advisory Services
Why Integrated Risk Management is Important
March 2017
Risk and Advisory Services
ERM Department and Service Offerings
Legislative Mandate
What is integrated risk management
Integration of External and Internal Risk Universe
Building Risk Profile from Global/ National/ Sector/ eThekwini
Monitoring and Evaluation of Risk Profile (Risk Indicators)
Recommendations
Channels Customers
eThekwini Municipality Business Operating Model v0.3
Governance Funding
Support Services
Legislation And Acts • The Constitution of the Republic
of S.A (1996) • Electricity related Acts • Housing related Acts • Municipal Management related
Acts • Water related Acts • Transport related Acts
• Health Services related Acts
• Pension related Acts • Rates related Acts • Waste Management related Acts • Security related Acts • FICA • POPI • King III
eThekwini Municipality Governance and Strategy
Grants
Digital • Call Centres • Website • Email • Social Media
Loans
Service Charges
Alliances / Partners
Government
Rates
Residential
Face-to-Face • Door to Door • Imbizos • Branches • Service
Delivery Staff
Business • Commercial • Institutions • Industrial • Retail
Government • Health • Education • Other
Municipalities
SA Government Departments Tourism
Markets
Academia Businesses Event
Organisers Suppliers
Social Housing Institutions
Service Providers
Global Partnerships
…..growing the economy and meeting people's needs…..
Planning Development Management Maintenance Research
and Innovation
Promotion Provision Billing Customer
Service
Community and Stakeholder Engagement
Services
Facilities • Roads Infrastructure • Storm Water
Infrastructure • Electricity Infrastructure • Landfills • Housing • Public Libraries • Community Halls • Durban Art Galleries • Museums • Cemeteries • Parks and Nature
Reserves • Disaster Sites
Essential Services • Electricity • Cleansing and Solid
Waste • Water and Sanitation • Broadband Connectivity?
Protection Services • Health • Police • Fire and Emergency • Disaster Management
Value-Added Services • Rentals • Transport Services • Facility Access • Tourism and Trade • Economic Development • Community Services • IT Services • ?
Other • Mail • Fax • Other Media
Finance HR Governance,
Risk and Compliance
Legal City
Administration
ICT Fleet Strategy and
Planning Internal Audit PMO?
City Enterprises
Economic Development
Agencies • Durban Fresh
Produce Market
• Durban Film Office
• Durban Tourism
• Durban IPA • Moses
Mabhida Stadium
City Entities • uShaka
Marine World • ICC
Other
ETHEKWINI MUNICIPALITY BUSINESS OPERATING MODEL V0.3
ERM AS PART OF MUNICIPAL STRATEGY
• “Good Governance and Responsive Local Government”.
• Objective of Plan 7 is to “Create an efficient, effective and accountable administration”.
• To achieve this, the municipality adopted an Enterprise-wide Risk Management process to assess and manage the risks that might impact the achievement of the municipality’s objectives.
Plan 7 - IDP
• OCM Cluster Internal Audit Risk & Advisory Services (BCM)
ERM Structural Positioning
• Council approved the Enterprise Risk Management Policy and Framework for implementation throughout the municipality and its’ entities.
Approved ERM Policy and
Framework • Enterprise Risk Management provides a formalised approach used
to proactively manage uncertainties linked to the strategic objectives of the municipality and its’ entities.
• The Enterprise Risk and Advisory Services Department’s mandate is to champion the establishment of the risk management processes and provide advice and guidance on risk management matters.
Enterprise Risk Management
ERM Service Offerings
Value adding risk advisory through informed, proactive decision making
Protect municipal reputation and brand image
Optimise achievement of strategic goals
Championing integrated enterprise wide risk management
Anticipate and communicate uncertainties inherent in performance goals
Improve management of common risks across the municipality and its’ entities
Promote Risk Ownership and Accountability
Eliminate redundant and unnecessary activities
Reduce operational losses and surprises
To support the delivery of capital projects within municipalities clusters/units by ensuring
that risks associated with projects delivery are identified, analysed, monitored and reported
to various project stakeholders for decision making therefore maximizing the opportunity
of delivering projects on time, right quality and within allocated budget.
Business Continuity Management and Resilience
MFMA:
1. S 62 (1) ( c ) states that “the Accounting Officer must ensure that the municipality has and maintains effective, efficient and transparent systems of financial and risk management and internal control”
2. S 78 and 105 further assigns the responsibilities to other officials to ensure “effective, efficient, economical and transparent use of financial and other resources within that official’s area of responsibility”
3. S 165 (2) (b) requires Internal Audit unit to advise the Accounting Officer on matters related to……(iv) risk and risk management
4. S166 (1) requires the Audit Committee to advise municipal Council, Political Office-bearers, the Accounting Officer and Management on matters related to …(ii) risk management
Other guidelines/best practice:
King III Code on corporate governance and Public Sector Risk Management Framework states:
“The Council/ Board is responsible for the total process of risk management, as well as for forming its own opinion on the effectiveness of the process.”
Generally:
– it makes sense
6
LEGISLATIVE MANDATE
7
What is integrated Risk Management
Integrated risk management =
incorporating risk information into the
strategic direction - setting of the
organization + making decisions that
consider the department's established
risk tolerance limits.
Stronger risk management practice
across government is essential to
managing resources more effectively,
making better decisions, and ultimately
improving the effectiveness of the public
service
The Integrated Reporting Framework has
been endorsed by the Integrated
Reporting Committee (IRC) of South
Africa as a guidance on good practice on
how to prepare an integrated report.
IT GOVERNANCE
SUSTAINABILITY FACTORS
INTERNAL CONTROL ENVIRONMENT
LAWS AND REGULATION
IT GOVERNANCE
SUSTAINABILITY FACTORS
INTERNAL CONTROL ENVIRONMENT
LAWS AND REGULATION
IT GOVERNANCE
SUSTAINABILITY FACTORS
INTERNAL CONTROL ENVIRONMENT
LAWS AND REGULATION
INTERNAL RISK UNIVERSE IDP Goals
Business Plans
Prior Years’ Strategic/ Cluster/ Unit Risk Registers
Key Performance Information/Areas
Annual Report
OPEX/CAPEX Spend
Intern Audit Logs
EXTERNAL RISK UNIVERSE
Global/Continental/National/Industry/Sector Risks
Local Government Risks
Laws & Regulations/Regulators/Licence Conditions
Professional Risk Standards & Guidelines
Stakeholder Expectations
(COGTA/SONA/SALGA/IGR)
Public Sector Risk Management Forum
Media/Feedback on Customer Survey Questionnaires Council/EXCO
Decisions CM Key Business
Issues AGSA
Risk Universe
2016/2017 Focus Areas
Approval of ERM Governance Doc
Development of risk appetite and tolerances
Training and Awareness on ERM Governance Municipal –wide (Annual Training Plan)
Category Risk Profiles (OHS/Infrastructure/ Finance & Supply Chain)
Integrated Risk Reporting
Special Value Add Projects
Portfolio Committees
National Treasury
Risk Categories Emerging Risks Materialised Risks Media
Sustainable Developmental Goals
Municipal Responses
Ensure availability and sustainable management of
water and sanitation for all
Plan 3 Programme 4,5
Build resilient infrastructure, promote inclusive and
sustainable industrialization and foster innovation
Plan 2: Programme 1,3,4,5,7,8,10,13
Plan 3: Programme 4,5,6
Make cities and human settlements inclusive, safe,
resilient and sustainable
Plan 3 Programme 1
Plan 4 Programme 1,2,3,4,5
Conserve and sustainable use the oceans, seas and
marine resources for sustainable development
Plan 3 Programme 7
Alignment of IDP to National Programs
Aligning IDP and Strategic Risks
10
Key Performance Area 8 point plan Strategic Focus Area Key Risks Areas
Basic Service Delivery Develop and Sustain our
Spatial, Natural and Built Environment
Develop, manage and regulate the
Built and Natural Environment
Rapid urbanization
Pace of Economic
Transformation with regards
to city spend
Sustainability of Water
Climate protection planning
Creating a Quality Living
Environment Meet infrastructure and household
service needs and backlogs
Integrated Rapid Transport
Services
Human settlement
expectations
Provision of public transport
services
Infrastructure Impact on
Service Delivery
Address community service
backlogs
Fostering a Socially
Equitable Environment Promoting the safety of citizens Safety and Security
Prevalence of Social Ills Promoting the health of citizens
Financially Accountable
and Sustainable City Durban Energy Office Financial sustainability
Contravention of supply
chain management policy,
regulations and circulars
INK ABM
Other Risk Management Units within the municipality
Legal & Complianc
e CIIU
Insurance - Treasury
Disaster Mgt
Fire & Emergency
Financial Risks & SCM -
Treasury
Infrastructure Risk Mgt
Enviro Health
Safety & Security
Enviro – ECD
Business Continuity
Occupational Health
Other Risk Management Units
RISK MANAGEMENT AS PART OF THE INTEGRATED PROCESS
Integrated Process
Integrated
Process
Performance Targets (Monthly
& Quarterly Integrated
reporting to Combined &
IRMC
IA & AG Logs (Effect of unresolved to
control environment &
delivery) (Monthly & Quarterly to
Combined/IRMC & AC
Integrated Report to include
Materialized/
Emerging Risks/
Opportunities per cluster and units
(Monthly & Quarterly)
Integrated Risk Profile Review including other category Risks (OHS/Fraud/
Compliance etc)
IDP Review
Business Plan/Risk
Assessment (Link
Goals/Perf Targets & Risk)
(Feb- April)
Final IDP/Scorecard
& Strategic Risk Register Approval
(May )
Risk Mitigations
requiring budget
Budget/Projects linked to
SDBIP
GLOBAL RISKS - WEF: TOP
RISKS BY CATEGORY
Food security risk in the context of climate
change
WEF: Risk in focus and trends
South Africa experienced
extreme drought
conditions in 2016/17
How changing climate
and weather patterns
could jeopardize weather,
food security and
agriculture production
across geographies.
STAKEHOLDER / REGULATORS
WATER AND SANITATION
17
Umngeni vs eThekwini Risks Profiles
Umgeni Risks EThekwini Risks Short Water Resource Availability
Implementation of the Asset Management Plan
Infrastructure Investment to Meet Service Delivery mandate and growth plan
Non Revenue Water
Performance of bulk waste water Infrastructure Assets Revenue Protection Measures
Breach of materiality and significant framework Business Continuity
Sustainable Tariffs Staffing - Recruitment and Retention
Protection and Safeguarding of assets Service Delivery
Ability to deliver Project on time and within Budget Infrastructure Impact on service delivery
Ability to secure funding to meet development goal Security of Water Supply
Long term Water resource availability
Performance of bulk portable water infrastructure Assets
Risk and Advisory Services
Strategic Risks for
2016/17
Risks are rated
Priority 2 Priority 3
Risks are rated
Risk and Advisory Services
Compliance Economic Development & Job Creation
Safety, Health & Social Inclusion
SustainabilityDisruption to Operations
Talent ManagementCorporate IT Governance
Fraud, Theft & Corruption
Governance Infrastructure
Absence of coordinated and centralised compliance
function which may lead to non-compliance with
applicable legislation and result in fines and penalties.
The city may not be able to meet its broader socio
economic objectives due to mainly weak economic
development and job creation.
City's inability to provide adequate protection for EMA
citizens, linked to safety, health and social inclusion.
Limited resources to address the growing demand for
services which may result in the municipality may not being able
to meet city’s objectives and ultimately threaten
sustainability.
Possible disruption to municipal services and economic activities
in the city.
Challenges experienced in implementing Talent
Management Framework therefore the municipality may not be able to create capacity to
enable efficient and effective service delivery.
The Municipality may not be
able to fully comply with the IT governance requirements due to
the non-adherence to IT governance principles thus
leading to the municipality not getting full value out of the IT
investments and also not being able to take full advantage of
strategic opportunities.
Activities and decisions undertaken in an unethical or
illegal manner.
Governance processes are not well coordinated for optimal
delivery and hence the municipality may not effectively
employ its resources thus leading to inefficiencies and
duplication.
Increasing demand on existing aging infrastructure managed in a predominantly reactive mode,
may result in reduced service
delivery levels with increased life cycle cost thus reducing the
investment potential of eThekwini.
Priority 2 Priority 2 Priority 2 Priority 2Priority 2
Priority 2 Priority 3 Priority 3 Priority 3 Priority 3
GOVERNANCE AND
OVERSIGHT
a
a
GO
VER
NA
NC
E
OV
ERSI
GH
T A
SSU
RA
NC
E ST
EWA
RD
SHIP
MA
NA
GEM
ENT
Council and Key Committees
Mayor/EXCO
Portfolio Committees
Audit Committee
Integrated Risk Management
Committee (IRMC)
Finance and Investment Committee
DCM Forum
Stratman All IT Steering Committee
Combined Risk & Managing the Municipality Sub Committee
Integrated Cluster/Units Risk Management Forums (ICRMF)
Integrated Risk Managment
Committee (IRMC)
Integrated Risk Managment
Committee (IRMC)
Integrated Risk Managment
Committee (IRMC)
First line of Defence Second line of Defence Third line of Defence
DCM Forum
Integrated Cluster
Meetings
Chief Risk Officer
Legal City Integrity and Investigations
Risk Champions Internal Audit Services
and Independent Assurers
Risk Category Forum
Three Lines of Defence
1ST LINE OF DEFENSE:
• The City Manager, the Executive
Management supported by
StratManAll has an overall
responsibility for the
management of municipal
operations.
• Management and staff within
each business unit, take
ownership for the operational
processes, budget, asset
management, performance
monitoring compliance, risk
management and reporting
requirements within their areas
of responsibility.
• Risk champions who assist
management in embedding the
risk management framework and
culture within operations.
2nd LINE OF DEFENSE:
• Risk Management, • Finance, • Legal • Human Resources • City Integrity &
Investigations.
• These functions provide support (technical or otherwise) and advice to the management at EXCO level and Business Units.
3RD LINE OF DEFENSE:
• Internal Audit
• External Audit
• External Regulators
• Provides independent
objective review and assurance through evaluating the effectiveness and integrity of the system of controls, performance management and compliance with applicable legislation
WATER AND SANITATION FIVE
YEAR RESIDUAL RISK ANALYSIS
Risks 2011/2012 2012/2013 2013/2014 2014/2015 2015/2016
Implementation of the Asset Management Plan priority 1 priority 1 priority 1 priority 1 priority 1
IT Systems priority 1
Supply Chain Management priority 4 priority 1 priority 1 priority 1
Non Revenue Water priority 1 priority 1 priority 1
Revenue Protection Measures priority 1 priority 1 priority 1
Theft Fraud and Corruption priority 1 priority 1 priority 1
Pace of Service Delivery priority 1 priority 1 priority 1
Business Continuity priority 1 priority 1 priority 1 priority 3
Staffing - Recruitment and Retetion priority 1 priority 2 priority 2 priority 2 priority 2
Bulk Water Supply Assurance priority 4 priority 4 priority 4
Infrastructure Challenges priority 1
Sustainability of Water Supply priority 1
Service Delivery priority 1
Infrastructure Impact on Service Delivery priority 2
Proposed actions Rating
•Take urgent action
•Report to CM/ CEO/RC/AC and Council/Board attention
• Detailed risk analysis, qualitative and quantitative, where
possible
•Mandatory business continuity plans
Priority 1
•Take immediate action
• Report to CM/ CEO,RC/AC and Council/Board attention.
•Detailed risk analysis, qualitative and quantitative, where possible
•Mandatory business continuity plans
Priority 2
•Proactive management
•Report up to CM.
Priority 3
•Active management
•Report up to DCM
•Mainly control and monitor
Priority 4
•Routine management
•No risk reduction - control, monitor, inform management.
Priority 5
PRIORITIES
Risk and Advisory Services
Limited resources to address the growing demand for services which may result in the municipality may not being able to meet city’s objectives and ultimately threaten sustainability.
Priority 2
Control environment change:
Recommendation
Change priority to a
Priority 1
Requires mitigations to
immediately address the risk
exposure
Satisfactory to Weak
Drought Response mechanisms not budgeted for
Water Reduction in water sales and high water losses
Electricity Increased electricity losses and reduction in sales
Infrastructure Competing demands for social and economic services and
growing backlog
Rapid Urbanisation
IRPTN Roll out & continued cost of operations
Risk and Advisory Services
2015/16
NON REVENUE WATER - stats
R711mil loss
132 mil kl
Non Revenue Water
40.7%2015/16
Risk and Advisory Services
Sustainability of water supply
eThekwini Municipality subscribes to Blue and Green Drop requirements
REGULATOR: BLUE AND GREEN
DROP STATUS
• Internal Audit Reports
• AGSA Management Letter
• National Treasury/ Metro Benchmark
• MPAC
• EXCO/ Council Resolutions/ Ward Committees
• Media – Reputational Risks
• SALGA/ COGTA
• Complaints from Citizens and Community Forums
Constitutional Mandate
Integration
Cross Sectors
Synchronisation/
businesses/
Achievement of societal common
goals
Drive efficiency &
Effectiveness in delivering
services
29
Risk and Advisory Services
Practical integrated processes (planning) process resulting in integrated output
Create platform for communication and sharing best practice
Understand stakeholder dynamics and its implications
Competition is good but should not defeat the bigger purpose
Encourage innovation – link with universities and global innovative platforms
Avoid silos and understand unintended consequences emanating from decisions
Embedding integrated risk management into business operations
Risk and Advisory Services
Risk and Advisory Services