Risk management proposal

April 18, 2023

WESTERN CAPE DEPARTMENT OF HEALTH

Risk Management Proposal

Cape Town | Sandisa Sebezo |

© Western Cape Government 2012 | 2WCG-PPT Slide Gallery-01112012.pptx

Overview

National Treasury – Public Sector Risk Management Framework

Risk Management : South African & Global Perspectives

Combined Assurance

Situational Analysis

Recommendations

Bibliography


National Treasury Public Sector Risk Management Framework

Risks

Risk Management Functions of Executive Authorities

Risk Management Functions of Accounting Officers

Risk Management Functions of Internal Auditing

Functions of Risk Management Committees

Functions of Chief Risk Officers

Functions of Risk Champions



Risks

Risk Management Functions of Executive Authority








Risks









Risks









Risks









Risk Identification


Risk Management Functions of Accounting Authorities







Risks

Risk Management Functions of Executive Authorities






© Western Cape Government 2012 | 10

National Treasury Public Sector Risk Management FrameworkRisks

WCG-PPT Slide Gallery-01112012.pptx

Identify & Document key risks

Cover all risks – not only risks within the direct control of the institution

Draw as much as possible from inputs from unbiased independent sources

Identify : Strategic Risks, Operational Risks and Project Risks

Identification

Assists to enrich risk intelligence

Help to prioritize important risks

Assessment on the basis of likelihood and impact

Performed through a 3 Stage process : Inherent Risk, Residual Risk and Risk Appetite

Designing control activities to address the risks

Assessment

Critical in order to identify, assess and respond to risks

Communicating responsibilities and actionsCommunication & Reporting

Through ongoing activities and separate evaluationsMonitoring


Risk Management Functions of :

Executive Authority

Header

Header

HeaderObtain assurance from management

Playing an accountability role

Support

That strategic choices are based on a rigorous assessment of risk

That key risks inherent in the institution’s strategy were identified, assessed and properly managed

Insisting on the achievement of objectives, affective performance management and value for money

Assist Accounting O fficer to deal with fiscal, intergovernmental, political risk beyond direct control



Accounting Officers

Header

Header

HeaderUltimate Chief Risk Officer

Leadership

Provides Assurance

Accountable for overall governance of risk

Sets the tone for effective risk management by providing support

Devotes attention to overseeing management of significant risks

Holds management accountable

Ensures that actions are taken with regards recommendations from AC, IA, EA and RMC

Approves risk management policy, strategy and implementation plan

To relevant stakeholders that key risks are properly identified, assessed and mitigated



Internal Auditing

Header

Header

HeaderProvides Assurance

Takes Ownership

Conducts Assessments

Provides an objective, independent assurance on the effectiveness of risk management

Evaluates effectiveness of the entire system and provide recommendations on improvement

Can assume the role of Chief Risk Officer

Audit Committee could also take on the responsibilities of RMC

Must guard against assuming management responsibilities for risk management

To ensure that significant risks are identified and assessed

To check whether risk responses are appropriate

To check whether risk information is communicated in a timely manner and that it is properly recorded



Risk Management Committees

Attributes Duties

Appointment Composition

Appointed by Accounting Officer Should be chaired by independent external person

Comprise of management and external members

Responsibilities should be formally defined in a charter

Intimate understanding of mandate and operations

Ability to act independently and objectively in the interest of department

Should have thorough understanding of risk management principles and their application

Review and Recommend : Risk Management Policy, Risk Management Strategy, Risk Management Implementation Plan and Risk Appetite

Evaluate effectiveness of integration of risk management

Evaluate the effectiveness of the mitigating strategies




Develops the combined assurance plan

Analyzing results of risk assessments to extract risk intelligenceReporting risk intelligence to the Accounting Officer and RMC

Facilitating orientation and training of Risk Management Committee

Develops risk management framework i.e. Policy, Strategy, Implementation Plan, Risk Identification, Risk Assessment Methodology, Risk Appetite and Tolerance and Risk Classification

Develops department’s vision for risk managementUses specialist expertise to assist embed risk managementReports directly to Accounting Officer


Functions of Risk Champion


Must never assume the role of risk owner

Intervenes in instances where risk management efforts are being hampered by lack of cooperation or lack of skills and expertise

Provides guidance and support to manage problematic risks

Good understanding of risk management

Good analytical skills

Expert power

Leadership qualities

Motivational qualities

Good communication skills

Champions a particular aspect of riskPlays a catalyst role


Risk Management South African & Global Perspectives


On an “Apply or Explain” basis

The suggestion of independent experts be part of the RMC comes from here as well

Chapter 4 deals with the governance of risk

The Orange Book provides broad based general principles on risk management

Combined Code on Corporate Governance – Comply and Explain Basis

Turnbull Guidance seeks to imbed internal control

South African : King Code III Global : UK

ISO 31000 : Focus Plan –Do- Check and Act

Its purpose is to provide principles and generic guidelines for the design, implementation and maintenance of risk management throughout an organization

COSO Enterprise Risk Management Framework : A 3 dimensional model for understanding enterprise risk, applicable to all industries and encompassing all types of risks

Dr. Marc J. Epstein - Research Professor at Rice University

Dr. Adriana Rejc Buhovac – Assistant Professor at University of Ljubljana

FERMA – A Risk Management Standard

Good Practice in Risk Management – Northern Ireland Audit Office

Audit & Risk Assurance Committee Handbook

Global : US & Australia Global Works on Risk

Key FactOther Views


Risk Management Process



Risk Management Process



Risk Management Model



Risk Register - Example



Risk Governance Structure


Premise Premise

Practice Advisory 2050 – 2 speaks about assurance mapping as a valuable tool for coordinating risk management and assurance activitiesAn assurance mapping exercise involves mapping assurance coverage against the key risks in an organization. This process allows an organization to identify and address any gaps in the risk management process and givesStakeholders comfort that risks are being managed and reported on, and that regulatory and legal obligations are being met.

Practice Advisory 2050 -3 states that the internal auditor may rely on or use the work of other internal or external assurance providers in providing governance, risk management, and control assurance to the board.

King Code III declares that the audit committee should ensure that a combined assurance model is applied to provide a coordinated approach to all assurance activitiesInternal audit should form an integral part of the combined assurance model as internal assurance provider.Internal audit should provide a written assessment of the effectiveness of the company’s system of internal controls and risk management

Combined Assurance


Combined Assurance Model



Combined Assurance Governance Model



Bibliography

National Treasury, Public Sector Risk Management Framework (2010)

Her Majesty Treasury, Audit & Risk Assurance Committee Handbook (2013)

King Code of Governance principles for South Africa (2009)

Her Majesty Treasury, The Orange Book : Management of Risk – Principles and Concepts (2004)

Northern Ireland Audit Office, Good Practice in Risk Management (2011)

COSO – Enterprise Risk Management -Integrated Framework : Application Techniques (2004)

Dr. Hugh van Seaton, Enterprise Risk Management : COSO, new COSO, ISO 3000 (2012)

Fandy Haristha Siregar, Combined Assurance : Holistic Approach for Organization (2014)

Deloitte, Combined Assurance : Intergrating Role Players to paint the Full Picture

Marc J. Epstein & Adriana Rejc, Identifying, Measuring and Managing Organizational Risks for Improved Performance

Tel: Fax:

www.westerncape.gov.za

Contact Us

Sandisa SebezoAdministrative Clerk : Strategic Planning & Coordination

+27 (0)21 483 6626

+27 (0)21 483 3205

[email protected]

4 Dorp Street, Cape Town, 8001

Leadership & Management

Risk management proposal