Enterprise Risk Management Framework
Public Sector Risk Management Framework
Guidelines for the Risk Management Committee
(for the purposes of this guideline, the term “Institution” refers to National Departments, Provincial Department, Constitutional Institutions, Public Entities, Provincial Entities, Municipalities (Metropolitan, Local and District) and Municipal Owned Entities)
Note: All underlined words in this document contain a link to a relevant example, guidebook or template. If you click on the link it will open the relevant document automatically.
Published by:
Contents
1 Purpose 2
2 Application 2
3 How to navigate the guideline 2
4 Legal mandate and corporate governance 3
4.1 Legal mandate 3
4.2 Corporate Governance 3
5 Strategic value of the Risk Management Committee 4
6 ERM architecture and high level responsibilities of the Risk Management Committee 4
7 Evaluation 6
8 Additional reading / reference 6
Purpose
The purpose of this guideline is to assist the Risk management Committee in discharging their responsibility for risk management.
A Risk Management Committee is defined as:
• An oversight committee responsible to the Accounting Authority / Officer for the monitoring of risk management (i.e. to assist in designing, implementing and coordinating the institution’s risk management initiatives). It’s constitution is made up of both independent members and Management.
Application
The guideline is designed to:
• Provide the Risk management Committee with information to enable them to fully understand the roles and responsibilities of their office in terms of risk management;
• Provide templates to assist the Risk Management Committee to effectively discharge such roles and responsibilities.
How to navigate the guideline
The guideline has been structured according to the sections noted below. Each of the sections contains underlying information that can be accessed by clicking on the title.
• Legal mandate (Section 4)
• Strategic value of the Risk Management Committee in risk management (Section 5)
• ERM architecture and high level responsibilities of the Risk Management Committee (Section 6)
• Evaluation criteria (Section 7)
• Additional reading / reference (Section 8)
Legal mandate and corporate governance
1 Legal mandate
There is currently no legal mandate for the establishment of a Risk Management Committee.
2 Corporate Governance
The institution can draw guidance from the following:
• King 2 Report on Corporate Governance; and
• Batho Pele principles.
Strategic value of the Risk Management Committee
The Risk Management Committee is responsible for assisting the Accounting Authority / Officer in addressing its oversight requirements of risk management and evaluating and monitoring the institution’s performance with regards to risk management. The role of the Risk Management Committee is to formulate, promote and review the institution’s ERM objectives, strategy and policy and monitor the process at strategic, management and operational levels.
ERM architecture and high level responsibilities of the Risk Management Committee
To derive optimal benefits, risk management ought to be conducted in a systematic manner, using proven methodologies, tools and techniques. For consistency in the way that risk management is handled in the Public Sector, all institutions are encouraged to adopt the ERM architecture.
In discharging its oversight responsibilities relating to risk management, the Risk Management Committee as the following high level responsibilities:
• Review the risk management policy and strategy and recommend for approval by the Accounting Officer;
• Review the risk appetite and tolerance and recommend for approval by the Accounting Officer;
• Review the institution’s risk identification and assessment methodologies to obtain reasonable assurance of the completeness and accuracy of the risk register;
• Evaluate the effectiveness of mitigating strategies to address the material risks of the Institution;
• Report to the Accounting Officer any material changes to the risk profile of the Institution;
• Review the fraud prevention policy and recommend for approval by the Accounting Officer;
• Evaluate the effectiveness of the implementation of the fraud prevention policy;
• Review any material findings and recommendations by assurance providers on the system of risk management and monitor that appropriate action is instituted to address the identified weaknesses;
• Develop goals, objectives and key performance indicators for the Committee for approval by the Accounting Officer;
• Develop goals, objectives and key performance indicators to measure the effectiveness of the risk management activity;
• Set out the nature, role, responsibility and authority of the risk management function within the Institution for approval by the Accounting Officer, and oversee the performance of the risk management function;
• Provide proper and timely reports to the Accounting Officer on the state of risk management, together with aspects requiring improvement accompanied by the Committee’s recommendations to address such issues.
Evaluation
Clear objectives and key performance indicators should be set for the Risk Management Committee in respect of risk management. These indicators should be able to measure the Risk Management Committee’s effectiveness in the institution’s ERM in contributing to the institution’s goals and objectives. Possible key performance indicators for the Risk Management Committee could include:
• Results of the Risk Management Committee 360 degree assessment;
• % implementation of the ERM Framework;
• Credibility of the implemented risk management structures.
Additional reading / reference
A catalogue of additional resources is included below to assist the Risk Management Committee to facilitate implementation of risk management. Click on the relevant link to access these documents.
|Guidebooks |Templates |Examples |
|Control Environment | | |
|Fraud Risk Management Policy |Fraud Risk Management Policy | |
| |Fraud Prevention Strategy | |
|Implementing Risk Management | | |
|Information and Communication | | |
|Risk Assurance |Combined Assurance Plan |Combined Assurance Plan |
|Risk Identification |Risk Categories | |
| |Risk Rating Tables | |
| |Risk Register |Risk Register |
| | |Heat Maps |
| | |Inherent vs. Residual Risk Exposure |
|Risk Management Strategy |Risk Management Implementation Plan | |
|Risk Management Reporting Structures | |Possible Risk Management Structures |
|Risk Management Policy |Risk Management Policy | |
|Risk assessment | | |
| |Emerging Risk | |
| |Incident Report | |
|Risk Tolerance | |Individual Risk Dashboard |
|What is Risk Management? | | |
[pic]
-----------------------
RISK
RISK MANAGEMENT
CONTROL
-----------------------
© 2008 "" "Firm name" "KPMG " KPMG . All rights reserved.
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related searches
- nist risk management framework pdf
- nist risk management framework 2019
- enterprise risk management pdf
- coso enterprise risk management pdf
- enterprise risk management plan template
- enterprise risk management model
- enterprise risk management framework coso
- enterprise risk management framework template
- enterprise risk management framework examples
- risk management framework template
- enterprise risk management framework models
- enterprise risk management framework pdf