Final questionnaire - National Treasury



You are requested to indicate or tick the applicable box with × and return the completed questionnaire smoloi@uj.ac.zaPlease indicate if this a national government department/ provincial government department/ municipality/ state owned entity/company:Please indicate the name of the department/ municipality/ state owned entity/company:Please indicate the province where this organisation is based:The following questions seek to determine “the capability within the enterprise risk management unit/section in the public service”1.1 Please indicate the total number of employees in your organisation?<5050-100101-200201-500>500If more than 500, indicate the number:1.2 Please indicate the number of employees in the Enterprise Risk Management (ERM) unit/section (excluding the CRO)1234>5If more than 5, indicate the number:1.3 Of the number of employees indicated in the previous question, please split the number in terms of following: Deputy Directors (Risk Managers)Assistance Director (Senior Risk Practitioners)Risk Assistants1.4 What is the ideal number of risk employees/officials (those conducting day to day ERM activities) would you like to have in the ERM unit/section? Indicate the number below:1.5 Please indicate the ideal number of risk employees/officials (those conducting day to day ERM activities) you would like to have in the ERM unit/section in terms of the below: Deputy Directors (Risk Managers)Assistance Director (Senior Risk Practitioners)Risk Assistants1.6 Please indicate the ideal academic qualification/s of Deputy Directors (Risk Managers) would you like to have in the ERM unit/section?Grade 12/ MatricDiplomaNational diplomaBachelor’s degree/ B TechHonours degreeMaster’s degree/ MBADoctoral degree/ PhD1.7 Please indicate the ideal academic qualification/s of Assistant Directors (Senior Risk Practitioners) would you like to have in the ERM department?Grade 12/ MatricDiplomaNational diplomaBachelor’s degree/ B TechHonours degreeMaster’s degree/ MBADoctoral degree/ PhD1.8 Please indicate the ideal academic qualification/s of Risk Assistants would you like to have in the ERM unit/section?Grade 12/ MatricDiplomaNational diplomaBachelor’s degree/ B TechHonours degreeMaster’s degree/ MBADoctoral degree/ PhD1.9 Please indicate the ideal risk management experience you would like the Deputy Directors (Risk Managers) to have in the ERM unit/section?0-2 years2-5 years5-10 years10-15 years15-20 years>20 years1.10 Please indicate the ideal risk management experience you would like the Assistant Directors (Senior Risk Practitioners) to have in the ERM unit/section?0-2 years2-5 years5-10 years10-15 years15-20 years>20 years1.11 Please indicate the ideal risk management experience you would like the Risk Assistants to have in the ERM unit/section?0-2 years2-5 years5-10 years10-15 years15-20 years>20 years1.12 Do you have vacant position in the ERM unit/section?YesNoIf yes, please indicate the number of vacant position/s: Please indicate the reason for the availability of vacant positions (i.e. unable to find suitable candidates):How long has this position been vacant?1.13 Please indicate the academic qualifications of the Chief Risk Officer (CRO) – You may select more than one option.No qualificationGrade 12/ MatricDiplomaNational diplomaBachelor’s degree/ B TechHonours degreeMaster’s degree/ MBADoctoral degree/ PhD1.14 Please indicate the professional membership of the Chief Risk Officer (CRO)No membershipInstitute of Internal AuditorsAssociation of Certified Fraud ExaminersInstitute of Business Continuity ManagementInstitute of Risk Management South AfricaSouth African Institute of Government AuditorsSouth African Institute of Professional AccountantsSouth African Institute of Chartered AccountantsOther (if applicable):1.15 Please indicate the package in which your (CRO) remuneration package fallDirector General/City Manager/ Municipal ManagerDeputy Director General/ Deputy Municipal Managers/ Executive DirectorChief Director/. Divisional Heads/ General ManagerDirector/ Senior ManagerDeputy Director/ ManagerAssistance Director/ Assistant Manager1.16 What is the functional line of reporting for the CROAudit CommitteeRisk Management CommitteeDirector General/City Manager/ Municipal ManagerDeputy Director General/ Deputy Municipal Managers/ Executive DirectorChief Director/. Divisional Heads/ General ManagerDirector/ Senior ManagerOther, please specify:1.17 What is the administrative line of reporting for the CROAudit CommitteeRisk Management CommitteeDirector General/City Manager/ Municipal ManagerDeputy Director General/ Deputy Municipal Managers/ Executive DirectorChief Director/. Divisional Heads/ General ManagerDirector/ Senior ManagerOther, please specify:The following questions seek to determine the maturity of enterprise risk management process and output 2.1 With regards to the latest annual report:2.1.1 Has your organisation included an undertaking from the Accounting Officer that risks are managed?YesNo2.1.2 Has your organisation indicated whether it conducted a strategic risk assessment for that year?YesNo2.1.3 Has your organisation included the description of risks it faces?YesNoComparing risks between this cycle and the previous one, has your organisational risksIncreasedDecreasedRemained the same2.3 Does your organisation have the risk management policy, framework, procedures and practices in place?YesNoIf yes, please indicate who approved these: When last was the risk management policy, framework, procedures and practices reviewed?2.4 Has the risk management policy, framework, procedures and practices been communicated throughout the organisation?YesNoIf yes, how was this communicated? 2.5 Is the risk management policy, framework, procedures and practices subject to an audit?YesNoIf yes, who conducts an audit2.6 Did the internal audit make findings on the risk management policy, framework, procedures and practices?YesNoIf yes, briefly explain2.7 Did the Auditor General make findings on the risk management policies, framework, procedures and practices?YesNoIf yes, briefly explain2.8 Please indicate if risk management process is integrated into the following key processes:Strategic planningYesNoIf integrated into the strategic planning, when does the strategic risk assessment process take place (i.e. June):Internal audit planningYesNoIf integrated into audit planning, when does the audit planning process take place (i.e. June):Combined assurance planningYesNoIf integrated into the combined assurance, when does the combined assurance process take place (i.e. June):2.9 Please indicate if your organisation has the following:Strategic Risk registerYesNoOperational Risk registersYesNoRisk management tool (Risk computer software) YesNoPlease indicate the name of the software/tool (i.e. Cura):In your experience, does the risk management tool add value (does it enable you to do risk management better)?YesNo2.10 How often does your organisation review and update risk registers?Please state (i.e. five times per year)2.11 How many times is your organisational risk report discussed by the Executive Committee/ Management Committee?Please state (i.e. five times per year)Briefly list the types of comments/ recommendations you normally receive from the Executive/ Management committee on the risk report (i.e. risk ratings need to be adjusted)2.12 How many times is your organisational risk report discussed by the risk management committee?Please state (i.e. five times per year)Briefly list the types of comments/ recommendations your normally receive from the risk management committee on the risk report.2.13 How many times is your organisational risk report discussed by the audit committee?Please state (i.e. five times per year)Briefly list the types of comments/ recommendations your normally receive from the audit committee on the risk report2.14 Please indicate if the organisation has:A risk management strategy in place YesNoIf yes, what is the duration of the risk management strategy (i.e. one to three years)2.15 Please indicate if the organisation has:A risk management implementation plan (annual plan) in placeYesNo2.16 Please indicate who has the final authority in approving the risk management plan:Audit committeeYesNoRisk management committeeYesNoAccounting OfficerYesNoChief Risk OfficerYesNo2.17 Please indicate the tool and technique used for identification of risk:Analysis of audit reportsYesNoWorkshopsYesNoBrainstormingYesNoInterviews/ focus groupsYesNoSurvey/ questionnairesYesNoOther, please listThe following questions aim at determining your perception on the support from senior leadership, including relevant structures and its impact on the effectiveness of the overall system of risk management3.1 In your opinion, do you feel that the support provided through the Public Sector Risk Management Framework is adequate to assist you with improvements in your organisation’s system of risk management?YesNoIf no, please list steps that you feel that they could be useful in ensuring that the support is adequate for the improvement of your risk process:3.1.13.1.23.1.33.1.43.1.53.1.63.1.73.1.83.2 Please tick the relevant field (you can either select fully effective OR ineffective)EffectiveIneffective3.2.1 The organisations senior management (Accounting Officer) give full support and focus to the Enterprise Risk Management process3.2.2 Line management has taken full ownership of risk management in the organisation3.2.3 The organisation has an effective culture of risk management3.2.4 Strategy and planning are linked to risk management3. 2.5 There is an adequate level of risk management understanding within your organisation3.2.6 The organisation has defined the risk appetite and the risk tolerance levels3.2.7 Risk management is linked to performance management for all employees of the organisation3.2.8 The organisation has an effective process of identifying risks3.2.9 The organisation has an effective process of recording risks3.2.10 The organisation has an effective process of evaluating and prioritizing risks3.2.11 The organisation has an effective process of developing and implementing the risk response strategies3.2.12 The organisation has an effective process of resourcing risk management response strategies and processes 3.2.13 The organisation monitors the risk performance on an ongoing basis3.2.14 There is continuous reporting of risks to all relevant structures3.2.15 The Risk Management Committee/ Audit and Risk Committee members have relevant qualifications and experience. They further provide and appropriate oversight valuable input in the organisation’s risk management process3.2.16 The independent Chair of the Risk Management Committee has relevant qualifications and experience. He/She further provides valuable input and suitable oversight in the organisation’s risk management process3.2.17 Please list the main obstacles that hinders your organisation to have an effective risk management:3.2.17.1.3.2.17.2.3.2.17.3.3.2.17.4.3.2.17.5.3.2.17.6.3.2.17.7.3.2.17.8. ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download