Transcript Slide 1
RISK ASSESSMENT 2010/2011
M.J Ramakgolo
THE PURPOSE
• The aim of the risk assessment session is to develop the Strategic Risk Profile for the municipality as well as to determine strategies to deal with the most important risks.
• The objective of the risk assessment report is to document the strategic risks and intervention plans as decided by the Management.
• The top ten risks should then be included in the Annual Performance Plans for 2012/2013 to be funded and well monitored 2
FOUNDATION
• MFMA • Trasury Regulations • King Report on Corporate Governance • Batho Pele Principles on Service Delivery • Municipal System Act • Municipal Structures Act
WHY RISK ASSESSMENT?
• Reduction in Lost Time, Reduction in Claims, Improved Employee Morale, More Efficient Processes, Increased Productivity, Prestige, Legal Compliance • It is not an indication of the things that Management is doing wrong, it rather indicates the things that could go wrong which would have an impact on the achievement of the objectives / performance (IDP) of Capricorn District Municipality, which might also not be mitigated through existing controls.
• To set-up a framework for managing the risks of Capricorn District Municipality.
People do risk assessments every day and don’t even think of them that way.
“If I don’t get my wife a Christmas present, she’s going to kill me” • Risk = Loss (life) * • Probability (definitely going to happen = 1) In this example, an appropriate
control
is buying a gift, right?
DEFINITIONS
•
“Enterprise Risk Management is a process, effected by the Board, Executive Management and personnel, applied in strategy setting and across the operations of the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.
”
•
“Risk Management is a continuous, proactive and systematic process, effected by a entity’s executive authority, accounting officer, management and other personnel, applied in strategic planning and across the entity, designed to identify potential events that may affect the department, and manage risks to be within its risk tolerance, to provide reasonable assurance regarding the achievement of entity’s objectives.”
WHAT IS A RISK
• “
A risk is any threat or event that is currently occurring, or that has a reasonable chance of occurring in the future, which could undermine the institution’s pursuit of its goals and objectives.
”
• “
A risk is the chance of something happening or not happening that will have negative impact upon the objectives department.
” of the Municipality and/or individual
• “
The threat that an event or action/inaction will adversely affect the ability of an organization to achieve its business strategies.
” objectives and successfully execute its
Impact
Key Risk Terminology
Likelihood
This refers to the significance of the effect that the identified risks may have on the activities, should management not adequately and effectively control these. This refers to the likelihood of a risk occurring within an activity of the Municipality
Inherent Risk
Inherent risk is the product of the impact and the likelihood of the risk occurring
before
the implementation of the control
Residual Risk
Inherent risk is the product of the impact and the likelihood of the risk occurring after the implementation of the control
1 5
Severity Ranking
Critical
IMPACT RATINGS
Assessmment
Negative outcomes or missed opportunities that are of critical importance to the achievement of objectives Major Negative outcomes or missed opportunities that are likely to have a relatively substantial impact on the ability to meet objectives
4
Moderate
3
Minor
2
Insignificant Negative outcomes or missed opportunities that are likely to have a relatively moderate impact on the ability to meet objectives Negative outcomes or missed opportunities that are likely to have a relatively low impact on the ability to meet objectives Negative outcomes or missed opportunities that are likely to have a relatively negligible impact on the ability to meet objectives
Likelihood category
Common Likely Moderate Unlikely Rare
LIKELIHOOD RATINGS
Category definition
The risk is already occurring, or is likely to occur more than once within the next 12 months The risk could easily occur, and is likely to occur at least once within the next 12 months There is an above average chance that the risk will occur at least once in the next three years The risk occurs infrequently and is unlikely to occur within the next three years The risk is conceivable but is only likely to occur in extreme circumstances
Factor 5 4 3 2 1
Risk Index likelihood 5 4 3 2 1 high risk medium risk low risk 1 2 3 4 5 impact > 12 < 5
I
Strategic Internal Audit Plan – 3 Years
The results of the risk assessments will inform the internal audit three year rolling plan. • Identification of audit universe • Classification of review types • Development of organisational & departmental plans • Development of the review objectives • Allocation of resources
Risk assessment process
1.Setting the risk appetite 2.Confirm the Objectives 3.Risk Identification, the cause and consequence 4.Inherent Risk Ranking (impact and likelihood) 5.Identification and evaluation of current controls 6.Residual risk exposure 7.Identification of risk mitigating factors 8.Identification of risk owners 9.Cost of risk mitigation 10.Time frames
CONCLUSIONS AND WAY FORWARD
• The advantage of undertaking the Risk Assessment prior to the finalisation of the Annual Performance Plan is that the management actions that need to be undertaken to address the strategic risks that have been identified and prioritised can still be incorporated into the plan.
• The Risk Management Committee will review risk management progress on a quarterly basis.
• Each department will draft a risk management report for submission to the Risk Management Committee on a quarterly basis.
This will focus on all the risks per department as per risk profile and any risk developments (changes/ incidents / losses).
• Council will independently review the key risks of CDM at least once a year • Buy-in in the Process • Management’s Ownership of the activities of the Risk Assessment is imperative 16