RISK ASSESSMENT 2010/2011 M.J Ramakgolo

THE PURPOSE The aim of the risk assessment session is to develop the Strategic Risk Profile for the municipality as well as to determine strategies to deal with the most important risks. The objective of the risk assessment report is to document the strategic risks and intervention plans as decided by the Management. The top ten risks should then be included in the Annual Performance Plans for 2012/2013 to be funded and well monitored 2

FOUNDATION MFMA Trasury Regulations King Report on Corporate Governance Batho Pele Principles on Service Delivery Municipal System Act Municipal Structures Act

WHY RISK ASSESSMENT? Reduction in Lost Time, Reduction in Claims, Improved Employee Morale, More Efficient Processes, Increased Productivity, Prestige, Legal Compliance It is not an indication of the things that Management is doing wrong, it rather indicates the things that could go wrong which would have an impact on the achievement of the objectives / performance (IDP) of Capricorn District Municipality, which might also not be mitigated through existing controls. To set-up a framework for managing the risks of Capricorn District Municipality.

People do risk assessments every day and don’t even think of them that way. “If I don’t get my wife a Christmas present, she’s going to kill me” Risk = Loss (life) * Probability (definitely going to happen = 1) In this example, an appropriate control is buying a gift, right?

DEFINITIONS “Enterprise Risk Management is a process, effected by the Board, Executive Management and personnel, applied in strategy setting and across the operations of the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.” “Risk Management is a continuous, proactive and systematic process, effected by a entity’s executive authority, accounting officer, management and other personnel, applied in strategic planning and across the entity, designed to identify potential events that may affect the department, and manage risks to be within its risk tolerance, to provide reasonable assurance regarding the achievement of entity’s objectives.”

WHAT IS A RISK “A risk is any threat or event that is currently occurring, or that has a reasonable chance of occurring in the future, which could undermine the institution’s pursuit of its goals and objectives.” “A risk is the chance of something happening or not happening that will have negative impact upon the objectives of the Municipality and/or individual department. ” “The threat that an event or action/inaction will adversely affect the ability of an organization to achieve its business objectives and successfully execute its strategies. ”

Key Risk Terminology Likelihood This refers to the likelihood of a risk occurring within an activity of the Municipality Inherent Risk Inherent risk is the product of the impact and the likelihood of the risk occurring before the implementation of the control Impact This refers to the significance of the effect that the identified risks may have on the activities, should management not adequately and effectively control these. Residual Risk Inherent risk is the product of the impact and the likelihood of the risk occurring after the implementation of the control

Severity RankingAssessmment CriticalNegative outcomes or missed opportunities that are of critical importance to the achievement of objectives 5 MajorNegative outcomes or missed opportunities that are likely to have a relatively substantial impact on the ability to meet objectives 4 ModerateNegative outcomes or missed opportunities that are likely to have a relatively moderate impact on the ability to meet objectives 3 MinorNegative outcomes or missed opportunities that are likely to have a relatively low impact on the ability to meet objectives 2 InsignificantNegative outcomes or missed opportunities that are likely to have a relatively negligible impact on the ability to meet objectives 1 IMPACT RATINGS

Likelihood categoryCategory definitionFactor CommonThe risk is already occurring, or is likely to occur more than once within the next 12 months 5 LikelyThe risk could easily occur, and is likely to occur at least once within the next 12 months 4 ModerateThere is an above average chance that the risk will occur at least once in the next three years 3 UnlikelyThe risk occurs infrequently and is unlikely to occur within the next three years 2 RareThe risk is conceivable but is only likely to occur in extreme circumstances 1 LIKELIHOOD RATINGS

high risk medium risk low risk impact likelihood > 12 < 5 risk index Risk Index

Strategic Internal Audit Plan – 3 Years Source: Methodware – Risk Advisor V3 I The results of the risk assessments will inform the internal audit three year rolling plan. Identification of audit universe Classification of review types Development of organisational & departmental plans Development of the review objectives Allocation of resources

1.Setting the risk appetite 2.Confirm the Objectives 3.Risk Identification, the cause and consequence 4.Inherent Risk Ranking (impact and likelihood) 5.Identification and evaluation of current controls 6.Residual risk exposure 7.Identification of risk mitigating factors 8.Identification of risk owners 9.Cost of risk mitigation 10.Time frames Risk assessment process

CONCLUSIONS AND WAY FORWARD The advantage of undertaking the Risk Assessment prior to the finalisation of the Annual Performance Plan is that the management actions that need to be undertaken to address the strategic risks that have been identified and prioritised can still be incorporated into the plan. The Risk Management Committee will review risk management progress on a quarterly basis. Each department will draft a risk management report for submission to the Risk Management Committee on a quarterly basis. This will focus on all the risks per department as per risk profile and any risk developments (changes/ incidents / losses). Council will independently review the key risks of CDM at least once a year Buy-in in the Process Management’s Ownership of the activities of the Risk Assessment is imperative 16

THANK YOU HA KHENSA RHO LIVHUWA DANKIE RE A LEBOGA TA ZWAKANAKA