Enterprise Risk Management Framework - National Treasury
Public Sector Risk Management Framework
Guidebook: Risk management strategy
(for the purposes of this guideline, the term “Institution” refers to National Departments, Provincial Department, Constitutional Institutions, Public Entities, Provincial Entities, Municipalities (Metropolitan, Local and District) and Municipal Owned Entities)
Note: All underlined words in this document contain a link to a relevant example, guidebook or template. If you click on the link it will open the relevant document automatically.
Published by:
Contents
1 Introduction 1
2 Developing a risk management strategy 1
3 Developing a risk management implementation plan 3
4 Conclusion 4
Introduction
The risk management strategy outlines a high level plan on how the institution will go about implementing its risk management policy.
The risk management strategy is informed by the risk management policy and the institution’s risk profile. For example, a risk profile with a high level of threat to objectives will require a more rigorous commitment to risk management.
Developing a risk management strategy
There is one main output from this particular task. It is a document that describes how ongoing risk management will work in the institution.
The risk management strategy should consider the following five main elements:
• Structural configuration
This element describes how the institution will be structured in terms of committees and reporting lines to give effect to the risk management policy;
• Accountability, roles and responsibilities
This element describes the authority and delegation of responsibilities to give effect to the risk management policy. (Please refer to individual guidelines, included in this framework, for the specific roles and responsibilities of each role player);
• Risk management activities
This element includes the risk assessment processes and methodologies, monitoring activities and risk reporting standards to give effect to the risk management policy;
• Monitoring of the achievement of the risk management strategy
This element includes assessment of whether or not key milestones are achieved. More importantly it is also monitoring whether the risk management strategy is producing the sustainable outcomes as originally envisaged;
• Assurance activities
This element considers all assurance providers available to the institution and integration of their scope of responsibility.
The risk management strategy should be written in straightforward and practical terms and avoid risk management jargon. It should reflect the language style and conventions of the institution. The risk management strategy should not dwell too much on conceptual models and risk management theory but explains in simple terms how the five elements interact to reduce the institution’s risk exposure.
The risk management strategy should include a risk management implementation plan, in the form of a project plan and record the tasks, names of responsible persons and target dates.
Documenting the risk management implementation plan also overcomes problems with changes in personnel and is a good way of creating risk awareness and promoting a culture of risk management.
Developing a risk management implementation plan
The following steps need to be taken when developing the risk management implementation plan:
• Determine the risk management activities to be performed taking into account the risk profile and related costs versus the benefits ;
• Resourcing requirements
This element describes the capacity and competence of personnel and the strategy to address capacity gaps. It also addresses the technology and funding requirements to give effect to the risk management strategy;
• Determine the sequence of activities and the target implementation dates
The competition for management attention and resources requires that the sequence of activities should be founded on the principles of urgency, quick wins and sustainability of implemented risk mitigation strategies;
• Assign ownership for and communicate risk management activities;
• Agree on frequency and format of reporting
Consensus should be obtained regarding the frequency, content and responsibility for reporting.
Click here to view an example of a risk management implementation plan.
Conclusion
The risk management strategy and risk management implementation plan should ideally be developed together to ensure connectivity and continuity. Both documents should be approved by the Accounting Authority / Officer and reviewed on an annual basis.[pic]
-----------------------
RISK
RISK MANAGEMENT
CONTROL
RISK MANAGEMENT
RISK
CONTROLS
-----------------------
© 2008 "" "Firm name" "KPMG " KPMG . All rights reserved.
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related searches
- nist risk management framework pdf
- nist risk management framework 2019
- enterprise risk management pdf
- coso enterprise risk management pdf
- enterprise risk management plan template
- enterprise risk management model
- enterprise risk management framework coso
- enterprise risk management framework template
- enterprise risk management framework examples
- risk management framework template
- enterprise risk management framework models
- enterprise risk management framework pdf