Enterprise Risk Management Framework



Public Sector Risk Management Framework

Guidelines for Other Personnel

(for the purposes of this guideline, the term “Institution” refers to National Departments, Provincial Department, Constitutional Institutions, Public Entities, Provincial Entities, Municipalities (Metropolitan, Local and District) and Municipal Owned Entities)

Note: All underlined words in this document contain a link to a relevant example, guidebook or template. If you click on the link it will open the relevant document automatically.

Published by:

Contents

1 Purpose 2

2 Application 2

3 How to navigate the guideline 2

4 Legal mandate and corporate governance 3

4.1 Legal mandate 3

4.2 Corporate Governance 5

5 Strategic value of Other Personnel in risk management 5

6 ERM architecture and high level responsibilities of Other Personnel 6

7 Evaluation 7

8 Additional reading / reference 7

Purpose

The purpose of this guideline is to assist Other Personnel in discharging his/her responsibility for risk management.

Other Personnel is defined as:

• Employees within the Institution with non specific risk management responsibilities;

• Employees within the Department / Division with non specific risk management responsibilities.

Application

The guideline is designed to:

• Provide Other Personnel with sufficient information to enable them to fully understand the roles and responsibilities of their office in terms of risk management;

• Provide templates to assist Other Personnel to effectively discharge such roles and responsibilities.

How to navigate the guideline

The guideline has been structured according to the sections noted below. Each of the sections contains underlying information that can be accessed by clicking on the title.

• Legal mandate (Section 4)

• Strategic value of Other Personnel in risk management (Section 5)

• ERM architecture and high level responsibilities of Other Personnel (Section 6)

• Evaluation criteria (Section 7)

• Additional reading / reference (Section 8)

Legal mandate and corporate governance

1 Legal mandate

Legislating the implementation of risk management in public sector institutions is part of a macro strategy of Government towards ensuring the achievement of national goals and objectives.

The following legislative instruments provide the legal foundation for Other Personnel’s responsibility for risk management:

National Departments

• Section 45 of the Public Finance Management Act (Act 1 of 1999 as amended by Act 29 of 1999) (PFMA).

Constitutional Institutions

• Section 45 of the Public Finance Management Act (Act 1 of 1999 as amended by Act 29 of 1999) (PFMA).

Provincial Departments

• Section 45 of the Public Finance Management Act (Act 1 of 1999 as amended by Act 29 of 1999) (PFMA).

Public Entity

• Section 57 of the Public Finance Management Act (Act 1 of 1999 as amended by Act 29 of 1999) (PFMA).

Provincial Entity

• Section 57 of the Public Finance Management Act (Act 1 of 1999 as amended by Act 29 of 1999) (PFMA).

Municipalities

• Section 78 of the Municipal Finance Management Act (Act 56 of 2003) (MFMA).

Municipal Entity

• Section 105 of the Municipal Finance Management Act (Act 56 of 2003) (MFMA).

2 Corporate Governance

The institution can draw guidance from the following:

• King II Report on Corporate Governance;

• Batho Pele principles.

Strategic value of Other Personnel in risk management

Other Personnel are accountable to their Management for implementing and monitoring the process of risk management and integrating it into their day-to-day activities.

ERM architecture and high level responsibilities of Other Personnel

To derive optimal benefits, risk management ought to be conducted in a systematic manner, using proven methodologies, tools and techniques. For consistency in the way that risk management is handled in the Public Sector, all institutions are encouraged to adopt the ERM architecture

Other Personnel are responsible to ensure that the risk management process has been integrated into the day-to-day activities of the institution.

High level responsibilities include:

• Familiarity with the overall enterprise risk management vision, risk management strategy, fraud risk management policy and risk management policy;

• Acting in terms of the spirit and letter of the above

• Acting within the risk appetite and tolerance levels set by the business unit;

• Adhering to the code of conduct for the institution;

• Maintaining the functioning of the control environment, information and communication as well as the monitoring systems within their delegated responsibility;

• Providing information and cooperation with other role players;

• Participation in risk identification and risk assessment within their business unit;

• Implementation of risk responses to address the identified risks.

Evaluation

Clear objectives and key performance indicators should be set for Other Personnel in respect of risk management. These indicators must be able to measure Other Personnel’s effectiveness in participating in the institution’s ERM in contributing to the institution’s goals and objectives. Other Personnel are accountable to perform in terms of their delegated responsibilities.

Additional reading / reference

A catalogue of additional resources is included below to assist Other Personnel to facilitate implementation of risk management. Click on the relevant link to access these documents.

|Guidebooks |Templates |Examples |

|Control Environment | | |

|Fraud Risk Management Policy |Fraud Risk Management Policy | |

| |Fraud Prevention Strategy | |

|Implementing Risk Management | | |

|Information and Communication | | |

|Risk Appetite | | |

|Risk Assurance |Combined Assurance Plan |Combined Assurance Plan |

|Risk Identification |Risk Categories | |

| |Risk Rating Tables | |

| |Risk Register |Risk Register |

| | |Heat Maps |

| | |Inherent vs. Residual Risk Exposure |

|Risk Management Strategy |Risk Management Implementation Plan | |

|Risk Management Reporting Structures | |Possible Risk Management Structures |

|Risk Management Policy |Risk Management Policy | |

|Risk assessment | | |

| |Emerging Risk | |

| |Incident Report | |

|Risk Tolerance | |Individual Risk Dashboard |

|What is Risk Management? | | |

[pic]

-----------------------

RISK

RISK MANAGEMENT

CONTROL

-----------------------

© 2008 "" "Firm name" "KPMG " KPMG . All rights reserved.

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download