CITY OF JOHANNESBURG METROPOLITAN MUNICIPALITY GROUP RISK AND ASSURANCE SERVICES GROUP RISK MANAGEMENT POLICY

Size: px
Start display at page:

Download "CITY OF JOHANNESBURG METROPOLITAN MUNICIPALITY GROUP RISK AND ASSURANCE SERVICES GROUP RISK MANAGEMENT POLICY"

Transcription

1 CITY OF JOHANNESBURG METROPOLITAN MUNICIPALITY Effective Date 1 July 2015

2 TABLE OF CONTENTS 1. POLICY STATEMENT POLICY CONTEXT PURPOSE POLICY SCOPE AND APPLICATION RISK AND RISK MANAGEMENT OBJECTIVES AND BENEFITS RISK MANAGEMENT APPROACH RISK APPETITE AND RISK TOLERANCE APPROACH DEFINITION OF RISK APPETITE & RISK TOLERANCE RISK APPETITE AND RISK TOLERANCE MATURITY SETTING THE RISK APPETITE AND TOLERANCE RISK MONITORING AND REVIEW ASSURANCE OF RISK MANAGEMENT FUNCTION COMBINED ASSURANCE GROUP CITY-WIDE RISK UNIVERSE GROUP RISK MANAGEMENT MATURITY MODEL ROLES AND RESPONSIBILITIES ROLES AND RESPONSIBILITIES RISK APPETITE AND TOLERANCE PERFORMANCE MANAGEMENT SYSTEM PROVISION OF THIS POLICY EMBEDDING RISK MANAGEMENT POLICY REVIEW AUTHORITY AND APPROVAL Ownership Approval Implementation Review and Approval ANNEXURE A: GLOSSARY OF TERMS

3 1. POLICY STATEMENT The City Manager, as an Accounting Officer, has committed the City of Johannesburg Municipality ( the City ) to a process of risk management that is aligned to the principles of good corporate governance, as supported by the Municipal Finance Management Act (MFMA), Act no 56 of 2003, The Committee of Sponsoring Organisations of the Trade Commission (COSO) Enterprise Risk Management Integrated Framework, Institute of risk management (IRM) Risk Appetite & Tolerance Guidance Paper and the King III Code on Corporate Governance, as well as ISO Risk Management Principles and Guidelines (ISO 31000:2009), and ISO:22301 standards of Business Continuity Management. This risk management policy outlines the City s commitment to protecting the organisation against adverse outcomes, which may impact negatively on service delivery. It also confirm the City s commitment to legal and regulatory compliance. Risk management is recognised as an integral part of the City. The features of this process are outlined in this Policy and the City s Risk Management Framework. It is expected that all departments and Municipal Entities (MEs), operational processes and projects are subjected to this Group Risk Management Framework and Policy. The main aim is that city s departments and MEs should work together in a consistent and integrated manner, with the overall objective of reducing risk exposures to the organisation. In order for the City to fulfil its mandate and to meet service delivery expectations of the citizens, effective risk management is imperative. The realisation of City s Mission and Vision, including GDS2040 depends on the capabilities that the city has effected in order to manage the threats / uncertainties that could hinder the achievement of those objectives. A sound risk management principle enables the City to anticipate and respond to all the threats/ uncertainties effectively and to make most informed decisions under conditions of uncertainty. The City acknowledges that the adoption of a strategic and formal approach to Enterprise Risk Management will improve decision-making, enhance outcomes and accountability. In implementing this Policy, the City acknowledges and commits to:- Enterprise risk management as an integral part of all decision-making processes 3

4 Applying a structured risk management program to minimise reasonably foreseeable disruption to service delivery, harm to people, and damage to the environment and property. Identifying and taking advantage of opportunities as well as minimising adverse effects. Training all its employees to implement risk management effectively. Striving to continually improve risk management practices. Ensuring that the main risks that represent opportunities or hazards to meeting the City s objectives will be explicitly identified, assessed, controlled, monitored and reported. Ensuring that risks are prioritised and attention will be focused on these objectives. Identifying and implementing a control system to cover the risks. Adoption of Group Risk Management Framework as City s official document to be implemented city-wide In this case, all the employees within the city, at all levels, are compelled by this policy, to commit and apply risk management principles and methodology as set out by CoJ Group Risk Management Framework. The entities are expected to adopt both the policy and the framework, and implement them in alignment with each entity s functionality. 2. POLICY CONTEXT In terms of sections 62(1)(c)(i) and 95(c)(i) of the Municipal Finance Management Act (No 56 of 2003) (hereafter the MFMA), the Accounting Officer is required to ensure that the City has and maintains an effective, efficient and transparent systems of risk management. Further, section of the Treasury Regulations requires that the Accounting Officer should ensure that the identification of risks is conducted regularly and that a risk management strategy (Framework) is in place. Risk Management is widely recognised as a best practice element of corporate governance that integrates existing management processes and provides assurance in relation to the management of key risks. 4

5 3. PURPOSE The purpose of this Policy is to articulate the City s risk management philosophy to Executives, Management and all officials. This Risk Management Policy forms part of the City s internal control and governance arrangements. It sets out a high level overview for managing risk within the City. The objective is to pursue a structured approach to the effective management of risk in pursuit of public service delivery. This approach is set out in the Group Risk Management Framework, which details the continuous processes of integrated activities by which the potential impact of risks to the achievements of the organisation s objectives should be identified and managed. Management and staff as well as other stakeholders of the City should be aware and accept the fact that the operations of the City are subject to risk. Such risks could lead to a severe impact on the City s constitutional mandate of public service delivery, hence the need for the introduction of an effective Risk Management Policy for the City. The Risk Management Policy is designed to ensure that the following objectives are met: Financial, operational and management systems directly support the management of risks that threaten the achievement of the City s objectives. The Executive management at the City s departments and MEs (MEs) have an active, structured, and commonly shared knowledge of the whole range, and the relative priority, of risks that they have to manage. Managers at all levels share that understanding of risks and priorities. Staff objectives are set in terms that reflect the City s strategic and operational risk priorities. Responsibility for the management of risks is assigned to personnel that have the authority and skills to ensure that they are managed. Resources are assigned to the management of risks in such a way to optimise value for money. The City s Executive Management and MEs priorities in respect of risk are fully communicated. Risk management expenditure (including insurance) is centralised in the Office of the Executive: Group Risk and Assurance Services to enable the City to manage the total cost of risk. 5

6 The reporting of risk is structured and flows from employees, management, Group Risk and Governance Committee to Council. The risk management system is functioning efficiently and effectively integrates with the Corporate Planning processes. Creating the ability to be flexible and adapt to changes within our business environment. The Policy is to be read in conjunction with the Group Risk Management Framework. 4. POLICY SCOPE AND APPLICATION This Policy applies throughout the City in as far as the implementation of risk management is concerned; Core Departments Municipal Entities (MEs) All employees and officials of the City and its MEs irrespective of their location, function grade or standing The City s Council, Mayoral Committee and board of directors of MEs A city-wide approach to risk management should be applied by all Entities, therefore, every risk at any part of the City should be included in a structured and systematic risk management processes at entity level. This is to ensure responses to risk remain current and dynamic. All risk management efforts will be focused on supporting the City s objectives. Equally, they must ensure compliance with relevant legislation, and fulfil the expectations of employees, communities and other stakeholders in terms of corporate governance. The Risk Management Policy statement shall be reviewed annually to reflect the current stance on risk management. In successful implementation of risk management principles and processes, the City commits to; a) Effective, Efficient and Economical allocation of city s resources to enhance value-add service delivery; 6

7 b) management system containing the appropriate elements aimed at minimising risks and maximising opportunities in the interest of all the stakeholders; c) Education and training of all staff to ensure continuous improvement in knowledge management, skills and capabilities contributing towards service delivery and facilitating stakeholders expectations; d) Proper safeguarding of assets e) More informed decision Making f) Information security 5. RISK AND RISK MANAGEMENT Risk refers to an unwanted outcome, actual or potential, to City s service delivery and other performance objectives, caused by the presence of risk factors, or the uncertainty of an event occurring that could have an impact on the achievement of business objectives. Risk is measured in terms of its impact or consequence and its likelihood of occurrence. Some risk factors also present upside potential, which management should be aware of and prepared to exploit. The definition of risk encompasses such opportunities. Risk management is a systematic process to identify, evaluate, address and monitor risks on a continuous basis before such risks can impact negatively on the City s service delivery to its stakeholders. Risk management is regarded as the culture, processes and organisation structures that are directed towards the effective management of potential opportunities and adverse effects within the City. In the broadest sense, effective risk management ensures continuity of operations and service delivery, and protection of the interests of the City. It is apparent that successful service delivery is contingent upon, inter alia, effective and cohesive management of risks. 7

8 6. OBJECTIVES AND BENEFITS The Policy and risk management processes shall provide reasonable assurance that City s business objectives will be achieved. The risk management process will assist the City to achieve, among other things, the following benefits and outcomes needed to underpin and enhance its performance: More Informed decisions on regular management of achieving city s objectives Reduction of losses; Prevention of fraud and corruption; Value for money through more efficient use of resources; and Enhanced outputs and outcomes through improved project and programme management. 7. RISK MANAGEMENT APPROACH A City wide approach to risk management should be adopted. This approach increases risk awareness and promotes appropriate management of risks. Departments and MEs risk profiles shall be developed and risks compared and aggregated to allow for a portfolio approach for risk management. Each department, MEs or business unit director or manager shall identify and implement risk management systems within their areas of responsibility, and monitor progress to ensure full implementation of risk management processes. 8. RISK APPETITE AND RISK TOLERANCE APPROACH The City s risk appetite and risk tolerance is directly related to its business strategy. Risk management is included in the strategic planning process, to assists management in selecting a strategy that is in line with the City s risk appetite. This means that, as soon as risks are above low to moderate risk levels, strategies should be put in place to manage those risks to an acceptable level. A risk, or a portfolio of risks, which have a potential impact equal to or exceeding City s approved risk appetite or risk tolerance levels, or risks which are significant by nature, require immediate and urgent action by executive management or the City s Mayoral Committee, as may be appropriate. 8

9 Key to the decision(s) on internal control design is the qualitative and quantitative risk exposure, i.e. extreme, high, moderate or low, which are the set type of risk qualitative and quantitative risk appetite levels. Management s common objective is to manage risks to keep them at acceptable levels, within the set risk appetite and ideally to low levels. The risk appetite therefore sets quantifiable and quantitative level of residual risk exposure the City is prepared to retain after control and mitigation actions (risk treatment plans) have taken in in relation to the respective risks, whereas, risk tolerance set the boundaries of risks of which the City is prepared to venture in the pursuit of its service delivery and long term objective, taking into account the risk appetite levels. The risk appetite therefore aims to ensure that the City has a dynamic Policy: for risk governance and strategic risk decision making at the level of the City leadership; for the City to gain an understanding of the nature and extent of the key risks it is taking on and willing to embrace as part of the delivery of services in accordance with the IDP and the SDBIP; the executives or senior officials are enabled to translate the risk appetite when making tactical decisions as well as at operational levels; and therefore; Supports the embedding the culture of risk awareness and risk management. It is important for the City to make an informed decision on the amount of risk it is capable of bearing as part of normal management practice. The level of acceptable risk is known as tolerated risk or tolerance level and establishes the benchmark for the City s risk tolerance. 9. DEFINITION OF RISK APPETITE & RISK TOLERANCE The Institute of Risk Management (IRM) distinguishes between risk appetite as the pursuit of risk ; and risk tolerance as the risk you can allow the organisation to deal with ; while also acknowledging that this is not an easy concept. This can be illustrated in the diagrams below, source: Institute of Risk Management, Risk Appetite and Tolerance Guidance Paper: 9

10 The line AB will be the performance targets /indicators as articulated in the Organisational Scorecard/ SDBIP. 10

11 In order to further understand the meaning of risk appetite and risk tolerance, it is also important that there be an understanding of the risk universe. Risk universe is defined as the full range of risks which could impact either positively or negatively, on the ability of the organisation to achieve its long term objectives. 11

12 10. RISK APPETITE AND RISK TOLERANCE MATURITY Given the City size and structure, and the nature and extent of its business operations, a phased approach is taken for the development, implementation and establishment of a risk appetite and risk tolerance in line with maturity model of the City as set out in Group Risk Management Framework. The principles contained within this Policy thus; Articulate the phased approach for the transition of the City from an existing awareness state to the desired state of being enabled to develop and establish risk appetite and risk tolerance maturity; and Provide the recommended road map for the enhancement of the level of risk appetite and risk tolerance maturity within the City. 11. SETTING THE RISK APPETITE AND TOLERANCE Terms of policy, directives and strategies, determines that, those risks that are considered undesirable, should be avoided. This is also in relation to the City s current Priority Implementation Plans. Qualitative risk tolerance and appetite are as follow: Fraud and Corruption: Zero Non Compliance with Supply Chain Management Regulations: Zero Financial underperformance: Low Service delivery risks: Low Organisational & governance risks (accountability): Low Financial reporting - Adverse & Disclaimer audit outcomes: Zero Financial reporting Unqualified audit (with matters of emphasis): Low Significant risk is taken at strategic level, while at operational and activity levels focus is on reliable internal control systems to ensure that risks are managed to acceptable levels, as illustrated in the diagram below: 12

13 Risk Matrix: Qualitative risk appetite and risk tolerance (example) using the risk Heatmap: 13

14 5 LOW MEDIUM HIGH EXTREME EXTREME Risk tolerance LIKELIHOOD 4 LOW MEDIUM HIGH HIGH EXTREME 3 LOW MEDIUM MEDIUM HIGH HIGH 2 LOW LOW MEDIUM MEDIUM MEDIUM Risk appetite line 1 LOW LOW LOW LOW LOW IMPACT Based on the Heatmap, it is therefore important that there should be alignment between the risk tolerance levels that are set by the City and the risk assessment tables, in particular, the criteria for analysing the potential impact of a risk event. Risk level Low Medium High Extreme Description A low risk exists that management s objectives may not be achieved. A moderate risk exists that management s objectives may not be achieved. A significant risk exists that management s objectives may not be achieved. A very high risk exists that management s Risk treatment guidelines Effectively manage through routine procedures and internal controls Constant regular monitoring required as part of normal management process to ensure risk exposure is managed effectively. Immediate cost benefit analysis and mitigation strategy is required to assess extent to which risk should be treated and managed down constant monitoring required. Immediate action required to actively Escalation and retention guidelines Tolerate Monitor and manage at level of responsible persons/risk owners, retain risk Tolerate, treat or transfer. Escalate relevant risk to owner and specify risk management actions risks may potentially be retained. Treat, Transfer or Eliminate Escalate to Council, risks generally not retained. Specific risk management actions need to be put in place. Treat, Transfer or Eliminate. 14

15 Risk level Description objectives may not be achieved. Risk treatment Escalation and guidelines retention guidelines manage risk and limit exposure. Escalate to the Council, risks generally not accepted or retained. Specific risk management actions need to be put in place. Once the risk tolerance and appetite have been set, Executives and Management are accountable and responsible for managing risks to an acceptable level. As stated above, the risk appetite levels and risk tolerance levels should inform the risk response strategies or treatment plans. 12. RISK MONITORING AND REVIEW Effective monitoring of mitigating actions (action plans) is the responsibility of line management, who have ownership for the management of risk. The Group Risk Management and Advisory Unit, as facilitator of the risk management process and custodian of the risk data base will support the monitoring process, together with line management. Risk monitoring is the process for tracking identified risks, monitoring residual risks, identifying new risks, and reviewing the risk response plans. The results on proposed risk responses, which are integrated into managing and controlling the risk exposures, are therefore evaluated for adequacy. It is necessary to review, monitor and report on the mitigating actions developed, progress being made in managing the identified risk exposures, or taking advantage of opportunities so that the achievement of strategic and operational goals and objectives are optimised, and losses or negative implications minimised. The results of each risk assessment are documented on the standard risk tool (register). Progress in implementation of mitigating actions must be monitored and reported as follows: 15

16 Strategic risks monthly basis Project risks monthly basis Operational risks monthly basis As part of the reporting process, significant risks, as reviewed and monitored throughout, are reported to the Executive Management and to the Group Risk and Governance Committee, and other oversight Committees were appropriate. 13. ASSURANCE OF RISK MANAGEMENT FUNCTION The adequacy and effectiveness of the risk management process will be independently evaluated from time to time, as considered appropriate by the Group Risk and Governance Committee and by the Group Internal Audit Service Unit, as the independent assurance provider to management and the oversight Committees. The Annual Assurance Plan will be aligned to the risk profile and the assurance process will include the following: A review of the adequacy of design and effectiveness of current controls to mitigate key risks; and Assurance on management s implementation of further actions to mitigate key risks identified through the risk management process. 14. COMBINED ASSURANCE Greater emphasis is placed on the Council to ensure that it is satisfied with the management of risk and internal controls as a cornerstone of corporate governance. Combined assurance requires active consideration of the assurance that Council receives on the risks to which the organisation is exposed. To meet this requirement, the Council will rely on assurance providers to carry out the following (inter alia): Evaluate the City s governance processes. Objectively assess the effectiveness of risk management and internal controls. Analyse business processes and controls. Have an assurance plan that is informed by strategy and by risks. 16

17 This will be done, in line with the Group Combined Assurance Framework and combined assurance model which includes that respective levels of assurance as follows: First level of defence internal management and oversight processes Second level of defence risk management and peer reviews Third level of defence external review processes provided by internal and external audits This section is to be read in conjunction with the Group Combined Assurance Framework. 15. GROUP CITY-WIDE RISK UNIVERSE The diagram below, provides City- wide Risk Universe. 17

18 Flagship Programme: Corridors of Freedom Financial Sustainability and Resilience Safer Cities CITY RISK UNIVERSE GROWTH AND DEVELOPMENT STRATEGY 2040 OUTPUTS AND OUTCOMES FIVE YEAR INTEGRATED DEVELOPMENT PLAN (IDP) MAYORAL GAME CHANGER AND FLAGSHIP PROGRAMMES PRIORITY IMPLEMENTATION PLANS (PIPs) CITY OVERSIGHT STRUCTURES Flagship Programme: Engaged Active Citizenry Resource Sustainability Flagship Programme: Green and Blue Economy Mayoral Priority Implementation Plans Investment Attraction, Retention and Expansion Flagship Programme: Smart City Agriculture and Food Security Sustainable Services: City Service Delivery and Functional Areas Economic Growth: Human and Social Development: Administration and Governance: Development Planning Water and Electricity Rates and Taxes Waste Removal Housing Development Environmental Services Infrastructure Development Social Housing Community Development Economic Development Transport Roads Infrastructure Fresh Produce Market Metro Bus Property Management Health Services Social Development Traffic Management By-Law Compliance Licensing Prosecution and Courts Emergency Management Services City Theatres City Parks and Zoo City Billing and Revenue Collection Customer Relations and Urban Management Group Strategy Policy Coordination and Relations Corporate Shared Services Group Communications Group Legal and Contracts Group Risk and Assurance Services Office of the City Manager Public Office of the Executive Mayor Speaker s Office

19 Strategic Areas Operational Areas Reporting Areas Compliance Areas Stakeholder Management: National Government Provincial Government City Citizens and Communities Customers External Factors: Political Environment Natural Environment Economic Environment Socio-Economic Environment Governance: Strategic Planning Business Continuity Reputation Management Policy and Frameworks Combined Assurance Monitoring and Oversight Process: Revenue and Collection Management Cash Management Supply Chain Management Service Delivery Change Management Project Management Personnel and Culture: Human Capital Capacity Training and Development Occupational Health and Safety Financial: City Funding Centralised Financial Management Credit and Liquidity Interest Rates Insurance Portfolio Information Communication and Technology ICT Systems Information Management Knowledge Management Physical Assets: City Infrastructure City Vehicles Other City Assets Periodic Management Reporting: Operational and Strategic Management Reporting Actual Versus Budgeted Income and Expenditure Financial Reporting Project Management Reporting Combined Assurance Reporting: Risk Management Reports Compliance Management Reports Internal Audit Reports Security and Investigation Reports Statutory Reporting: Audited Annual Financial Statements Oversight Committee Reports Annual Report Legislative and Regulatory: Compliance: Regulatory Compliance Management Local Government Legislative Obligations and Oversight Legal: Investigations of Fraud and Corruption Contract Management Litigation Claim Management 19

20 16. GROUP RISK MANAGEMENT MATURITY MODEL The diagram below, provides the intended Maturity Model of the City, and therefore the implementation approach of the Risk Management Framework and this Policy. ERM Maturity 2014/ 2015 Financial Year 2015/ 2016 Financial Year Level Aware Defined Description The City is aware of the need for risk management and has developed a structured framework and approach to risk management. However it is still experimenting with the implementation of the approach and will therefore update the approach as required, relating to the PIPs and Flagships. The risk appetite and risk tolerance levels have not been fully defined and therefore do not form part of the risk management approach implementation, with the exception of qualitative risk appetite and risk tolerance quantitative levels applicable to strategic, PIPs and Flagship related risk.. Risk identification, risk ranking and assessment of capabilities are being performed on a strategic and operational level. Risks identified are in context to strategic objectives, plan or goals and however its quantitative risk tolerance and appetite impact not calculated. Risk management forms part of the Council meetings, Risk and oversight Committees. Risk are monitored for strategic risks. Risks Frameworks, policies and procedures are updated and formalised. Risk identification, risk ranking and assessment of capabilities are being completed within all operational departments. The risk management framework and approach is fully being finalised and implemented. However the risk appetite and risk tolerance levels have been defined on for strategic risk and core departments. Risk management forms part of the Council meetings, Risk and oversight Committees. Risk are monitored for strategic, PIP and Flagships risks. Risk are monitored for strategic risks and core departmental operational risk..

21 ERM Maturity 2016/ 2017 Financial Year Level Managed Description Risks Frameworks and policies are updated and formalised. The City has established a risk-aware culture that requires a proactive approach to the management of risks with certain aspects of the City. Risks Frameworks, policies and procedures are updated and formalised. The City has implemented a risk management process fully into the routine business processes and has implemented it in all, business units. Risks identified are placed in context to strategic objectives, plan and goals. The risk appetite and risk tolerance levels have been defined and approved for all departments and MEs risks. Risk are monitored for strategic risks, all departmental operational risk. The City has a fully effective risk-aware culture that requires a proactive approach to the management of risks with certain aspects of the City. 2017/ 2018 Financial Year Enabled Risk information is continually developed and actively used to improve all the processes and to increase the probability of success in operations. Council and executive management have the ability to identify, measure, manage and monitor risks across the City within the set risk appetite and risk tolerance levels. The process is dynamic and able to adapt to changing risks and varying business cycles. 21

22 17. ROLES AND RESPONSIBILITIES The Group Risk Management and Advisory Services Unit is responsible for the effective implementation of this Policy, through the guidance provided in the related Group Risk Management Framework and interaction with the respective core administration and MEs, who in turn are responsible to ensure that it is effectively implemented in their business units. In terms of this Policy, the Council has overall responsibility for risk management within the City, while the Group Risk and Governance Committee provides oversight on the implementation of the Policy. All senior staff is responsible for practicing good risk management practices within their areas of responsibility, and the implementation of the Risk Management Framework. Governance Structure Council and Mayoral Committee Council Section 79 Committee Group Audit Committee (GAC) & Group Performance Audit Committee (GPAC) Group Risk Governance Committee (GRMC) City Manager Executive Audit & Risk Management Committee Business Units Group CFO/ Shareholder Unit (SHU) Roles / responsibility o Oversight on the City Wide risk management system, processes, risk profile. Accountability ito MFMA, and assurance to stakeholders. o Oversight over the sectoral risk profile and appropriate risk management strategies. Provides Assurance on City-Wide ERM process and strategic and operational risk profiles. Provides oversight and advisory on City-Wide ERM Framework, Policies, Process, Group Risk Profile and Group Risk Tolerance / Appetite. o Accountability for development and implementation of ERM Governance, architecture and process in the City and management of identified major risks. o Set the tone at the top on risk management principles, processes and governance structures o Committee is to support the City Manager and EMT in ensuring effective implementation of risk management processes to enhance the City s ability to achieve its strategic objectives. o Responsible to design a risk controlled environment within day to day business operations, implement risk tracking model in order to address and manage identified risks to an acceptable levels, the accountability is to regularly report to Senior Management on effective management of identified risks within business units. o Financial risk management strategy. o Funding and resourcing key risk mitigation strategies. o Monitoring implementation of ERM by the City s entities. MOE Board of Directors Governance of ERM within the Municipal Entity MOE Audit and/or Risk Committee Managing Director/ Chief Executive Officer () & Determine the levels of risk appetite and risk tolerance Accountability to the GRMC and GAC on ERM through the MOE Audit & Risk Committee. The governance of risk through formal processes, which includes the total MOE system and process of risk management; Assurance and Oversight over Entity s Enterprise Risk Management o Senior Management is accountable to the Council/Board for designing, implementing and monitoring risk management, and integrating it into the day-to-

23 Executive Directors Group Risk and Audit Services (GRAS) MOE s Chief Risk Officers & Risk Management functions Chief Internal Auditors & Internal Audit function day activities. o Accountability for implementation of ERM Framework, policy and processes. o Ensure that the risk register is in place and is continuously updated through regular risk assessments and updates to the control environment; and o Providing reports and comment to the Group Risk and Governance Committee as and when require. o Acknowledge the ownership of risks within their business units or functional areas, and all responsibilities associated with managing such risks; o Cascade risk management into its functional responsibilities; o Monitor risk management within their area of responsibility; o Maintains the business unit risk profile within the City s risk tolerance and risk appetite levels; o Consulting and Advisory on ERM Framework, Policy, strategies & implementation throughout the City-wide (Departments & Entities). ERM Strategy and maturity planning. Defining risk assessment methodology. o Provide specialist expertise to assist the City to embed risk management and to leverage its benefits to enhance performance. o Provide advisory to management on determination of risk appetite and tolerance o Facilitate implementation of the ERM Framework, Policy and process. Annual Risk Management Plans o Assurance on risk management process city wide (departments and ME s); and reviewing effectiveness of risk mitigation controls and action plans. o 18. ROLES AND RESPONSIBILITIES RISK APPETITE AND TOLERANCE The roles and responsibilities relating to risk management, design and monitoring of risk appetite and tolerance are set out below. This section is to be read in conjunction with the previous section. Activity Responsibility Frequency 1.1. Setting the risk appetite levels Management assisted by Group risk At least 1.2. Review of the risk appetite levels advisory services annually 1.3. Approval of the risk appetite and risk tolerance levels 1.4. Management of risk managing risk against risk appetite 1.5. Monitoring residual risk against risk appetite and risk tolerance 1.6. Analyses of residual risk vs. appetite levels and against actual organisational performance on attainment of objectives 1.7. Review of risk appetite and tolerance framework Mayoral Committee upon recommendation by the City Manager and Group Risk Governance Committee Management Management Independent reviews by GRAS Management Independent assurance by GRAS GRAS Annually Continuous Continuous Quarterly Annually 23

24 Municipal Entities 1.8. Aligning risk appetite framework of municipal entity to City-wide framework 1.9. Approval of aligned risk appetite framework Setting and reviewing risk appetite level(s) Managing Director/ CEO assisted by Risk Management Unit and GRAS Municipal Entity Board upon recommendation of ME Audit &/or Risk Committee Managing Director/ CEO in consultation with City Manager Independent assurance Internal audit or independent assessor. Annually Annually Quarterly Annually 19. PERFORMANCE MANAGEMENT SYSTEM To facilitate and enhance the implementation of the City wide risk management discipline, and ensure that the process is embedded within the day-to-day employee and management activities, it is imperative that this process is included as part of management key performance areas within the City s performance management system. 20. PROVISION OF THIS POLICY The Council expects risks associated with the City s activities to be directed, assessed, controlled, reported and managed. The primary responsibility for management of risks is within the functional areas where the risk is taken. The Risk Owners must make sure that the provisions of this Policy and the Group Risk Management Framework are reflected in their approach to their management and control of risks within areas of their responsibilities. 21. EMBEDDING RISK MANAGEMENT The City has a system of internal control which incorporates risk management which enables the City to respond to variety of risks. Key elements of the system of internal control include, inter alia, the following: Policies and procedures 24

25 Attached to fundamental risks are a series of policies that underpin the internal control process. The policies are set and the written procedures support the policies where appropriate. Annual planning and performance reporting Risk management is also built into the annual planning and budgeting process which is used to set objectives and prioritise resources. Actual progress made towards the execution of the annual plans is reported and monitored on a quarterly basis. Risk management framework The Group Risk Management Framework and Methodology assists in setting direction in the identification, assessment and monitoring of key risks. From the annual key risk identification and assessment exercise a risk register, risk owners and action plans are documented. The MEs will also use this Group Risk Management Policy and the Group Risk Management Framework to ensure that risks are identified, assessed and monitored. External audit The Auditor General on an annual basis informs the Group Audit Committee on the operation of the City s internal financial controls which are reviewed as part of the regulatory audit. Third party reviews Reviews by independent specialists and consultants can be utilised as deemed necessary to verify the reliability of the internal control system, as advised by the Executive: Group Risk and Assurance Services. 22. POLICY REVIEW The City through the Group Risk and Governance Committee will undertake an annual review of the Group Risk Management Policy, and related risk management processes, to reflect the current City stance on risk management and to ensure that the responses to risk remain current and dynamic, and continue to facilitate the achievement of the City s objectives. 23. AUTHORITY AND APPROVAL Ownership 25

26 Ownership of this Policy vests with the Group Risk and Governance Committee, this in turn, has been delegated to the Group Risk and Assurance Services Department Approval The Group Risk and Assurance Services Department is responsible for the coordination, drafting and updates to this Policy and will submit it to the Group Risk and Governance Committee for review and approval Implementation The Group Risk and Assurance Services Department is responsible for the implementation and roll-out of the Policy and report on the status to the Group Risk and Governance Committee, in accordance with the maturity plan a quarterly basis. The Accounting Officers and Boards of the MEs are responsible for the adherence to and implementation of this Policy in their respective Entities Review and Approval This policy will be reviewed and approved annually or as necessitated by changes in legislation or the requirements the City s risk management landscape. 26

27 ANNEXURE A: GLOSSARY OF TERMS An explanation of the terms used within this Risk Management Policy is provided in alphabetical order below: No Term Definition or Explanation of Term 1. Assurance Assurance is an objective examination of evidence for the purpose of providing an assessment on governance, risk management and control processes for the City. 2. City Wide Top Strategic Risks City s strategic risks identified at organisational level (City wide) which should be managed and performance reported by Senior Management on regular basis i.e quarterly and financial year basis. 3. Combined Assurance Combined assurance refers to the integration and aligning of assurance processes in the institution to maximise risk and governance oversight and control efficiencies, thereby optimising overall assurance. 4. Governance The combination of processes and structures implemented by the City to inform, direct, manage and monitor its activities toward the achievement of its objectives. 5. Inherent Risk This means the risk exposure in the absence of management interventions (existing controls). 6. Residual Risk This means the remaining exposure of risk after taking into account management interventions (controls in place). 7. Internal Controls are processes for assuring achievement of city's objectives in operational effectiveness and efficiency, reliable financial reporting, and compliance with laws, regulations and policies. Controls involve means by which city's resources are allocated, monitored, measured and utilised towards achievement of objectives resulting into effective delivery of service. 8. Key Risks risks impacting on Mayoral priorities outco 9. Management includes employees of the City of Johannesburg who control or direct any directorate, department, unit, division, process or resources of the City. 10. Process set of activities designed by Council, Mayoral, and management within the city in order to achieve city s mandate 11. Risk is a probability of uncertain future events/ threats that could have negative impact towards achievement of objectives 12. Risk Appetite is the amount of risk, on a broad level, that the city is willing to accept in pursuit of value. 13. Risk Tolerance is the extent to which the city is willing to accept the degree of risk exposures 14. Risk Assessment is a process undertaken by management to identify, analyse and evaluate risks considering their likelihood and impact, as a basis for determining how the risk should be managed and reduced to an acceptable level. 15. Risk Impact is the consequences on risk occurrence 16. Likelihood Is the probability of risk occurring 16. Risk Management A continuous, proactive and systematic process, effected by Council, Mayoral Committee and Accounting Officer, management and other personnel, applied in strategic planning and across the City, designed to identify risks and to manage those risks, to the extent necessary and 27

28 No Term Definition or Explanation of Term possible, to provide reasonable assurance regarding the achievement of the City s objectives. 17. Risk Owner Is accountable to ensure proper management and control of all aspects on risks identified. The Risk Owner has responsibility over action owner in ensuring that mitigating plans are effectively and sufficiently implemented and risks are being reviewed periodically. 18. Action Owner A delegated role responsible for taking actions in relation to specific risk. Action Owner s responsibility is to effectively implement mitigating plans and keep the risk owner apprised on the progress. 19. Risk Rating The risk exposure classification (very high or extreme risk, high risk, moderate risk, or low risk) allocated to a risk, based on its probability of occurrence and potential impact on the City. 20. Risk Register A tool for capturing each risk or exposure, its likelihood of occurrence, potential impact and rating, and how the risk is currently being controlled, as well as additional risk mitigation measures that may be required for the effective management of each risk identified. 21. Strategic Goals and Objectives High-level City goals and objectives that are aligned with and support its mission and vision. 22 Risk Monitoring is the process for tracking identified risks, monitoring residual risks, identifying new risks, executing risk response plans, and evaluating their effectiveness on quarterly basis. It is necessary to review, monitor and report on the action plans developed, progress being made in managing the identified risks. Ms. SINAYE NXUMALO EXECUTIVE DIRECTOR GROUP RISK & ADVISORY SERVISES DATE: Mr. J. MAKORO CHAIRPERSON GROUP RISK & GOVERNANCE COMMITTEE DATE: Mr. TREVOR FOWLER CITY MANAGER CITY OF JOHANNESBURG METROPOLITAN MUNICIPALITY DATE: 28

BERGRIVIER MUNICIPALITY. Risk Management Risk Appetite Framework

BERGRIVIER MUNICIPALITY. Risk Management Risk Appetite Framework BERGRIVIER MUNICIPALITY Risk Management Risk Appetite Framework APRIL 2018 1 Document review and approval Revision history Version Author Date reviewed 1 2 3 4 5 This document has been reviewed by Version

More information

MEMORANDUM. To: From: Metrolinx Board of Directors Robert Siddall Chief Financial Officer Date: September 14, 2017 ERM Policy and Framework

MEMORANDUM. To: From: Metrolinx Board of Directors Robert Siddall Chief Financial Officer Date: September 14, 2017 ERM Policy and Framework MEMORANDUM To: From: Metrolinx Board of Directors Robert Siddall Chief Financial Officer Date: September 14, 2017 Re: ERM Policy and Framework Executive Summary Attached are the draft Enterprise Risk Management

More information

Risk Management Framework

Risk Management Framework Risk Management Framework Anglican Church, Diocese of Perth November 2015 Final ( Table of Contents Introduction... 1 Risk Management Policy... 2 Purpose... 2 Policy... 2 Definitions (from AS/NZS ISO 31000:2009)...

More information

Goodman Group. Risk Management Policy. Risk Management Policy

Goodman Group. Risk Management Policy. Risk Management Policy Goodman Group Contents 1. Overview... 3 1.1 Introduction... 3 1.2 Objectives of the... 3 1.3 Application... 3 1.4 Operative Provisions... 4 2. Risk Management... 5 2.1 Overview of Risk Management... 5

More information

Risk Management Policy Adopted by:

Risk Management Policy Adopted by: Risk Management Policy Adopted by: Infigen Energy Limited Infigen Energy (Bermuda) Limited Infigen Energy RE Limited in its capacity as Responsible Entity of Infigen Energy Trust Adopted: 17 December 2009

More information

West Coast District Municipality. Risk Management Policy

West Coast District Municipality. Risk Management Policy West Coast District Municipality Risk Management Policy TABLE OF CONTENTS Page No. RISK MANAGEMENT POLICY 5 1. OVERVIEW 6 1.1. Policy Objective 6 1.2. Policy Statement 6 1.3. Risk Management Approach 6

More information

SOL PLAATJE MUNICIPALITY

SOL PLAATJE MUNICIPALITY RISK MANAGEMENT AND INTERNAL CONTROL Approved As Per Resolution CR 500 dd 17-11-05 INDEX 1. INTRODUCTION 2. PURPOSE AND SCOPE 3. OBJECTIVE OF THE RISK POLICY 4. RISK MANAGEMENT FRAMEWORK 5. ACCOUNTABILTY

More information

Risk Management Policy

Risk Management Policy Risk Management Policy 1 Document configuration control Policy Title Author/Job Title Policy Version Version 1.0 Status Reference and guidance Consultation Forum Risk Management Policy Jonathan Sutton

More information

Risk Management. Policy No. 14. Document uncontrolled when printed DOCUMENT CONTROL. SSAA Vic

Risk Management. Policy No. 14. Document uncontrolled when printed DOCUMENT CONTROL. SSAA Vic Document uncontrolled when printed Policy No. 14 Risk Management DOCUMENT CONTROL Version: Date approved by Board: On behalf of Board: Jack Wegman 17 March 2015 26 March 2015 Denis Moroney President Next

More information

RISK MANAGEMENT FRAMEWORK

RISK MANAGEMENT FRAMEWORK RISK MANAGEMENT FRAMEWORK 1. INTRODUCTION (Company) acknowledges that risk is inherent in its business. The Company s risk management framework is an important tool to guide the organisation towards achieving

More information

Approved by: Diocesan Council 17 December 2015

Approved by: Diocesan Council 17 December 2015 DIOCESAN COUNCIL POLICY 39 Risk Management Approved by: Diocesan Council 17 December 2015 1 PREAMBLE The Perth Diocesan Trustees under the authority of the Diocesan Trustees Statute 1952 have the responsibility

More information

Risk Management Policy and Procedures.

Risk Management Policy and Procedures. Risk Management Policy and Procedures. Rev Date Purpose of Issue/Description of Change Date 1. June 2006 Initial Issue 2. November 2009 Revised and updated 6 th November 2009 3. September 2010 Revised

More information

Executive Board Annual Session Rome, May 2015 POLICY ISSUES ENTERPRISE RISK For approval MANAGEMENT POLICY WFP/EB.A/2015/5-B

Executive Board Annual Session Rome, May 2015 POLICY ISSUES ENTERPRISE RISK For approval MANAGEMENT POLICY WFP/EB.A/2015/5-B Executive Board Annual Session Rome, 25 28 May 2015 POLICY ISSUES Agenda item 5 For approval ENTERPRISE RISK MANAGEMENT POLICY E Distribution: GENERAL WFP/EB.A/2015/5-B 10 April 2015 ORIGINAL: ENGLISH

More information

Section Defining Risk Management. 11. Principles of Risk Management

Section Defining Risk Management. 11. Principles of Risk Management Section 2 10. Defining Risk Management Enterprise risk management is the process, affected by an entity's board of directors, management and other personnel, applied in strategy setting and across the

More information

Version: th November 2010 RISK MANAGEMENT POLICY

Version: th November 2010 RISK MANAGEMENT POLICY Version: 1.2-25th November 2010 RISK MANAGEMENT POLICY Document History Document Location To be completed. Revision History Date of this revision: 17/09/2010 Date of next revision: N/A Revision Number

More information

Risk Management. Webinar - July 2017

Risk Management. Webinar - July 2017 Risk Management Webinar - July 2017 Compiled by: Raaghieb Najjaar, Yaeesh Yasseen & Rashied Small Adapted and Facilitated by: Professor Enslin J. van Rooyen Risk Management - June 2017 2 Defining Risk

More information

ENTERPRISE RISK MANAGEMENT (ERM) POLICY Republic Glass Holdings Corporation. Purpose. Goals

ENTERPRISE RISK MANAGEMENT (ERM) POLICY Republic Glass Holdings Corporation. Purpose. Goals Purpose This Enterprise Risk Management Policy (the ERM policy) provides the framework for managing risks across ( RGHC or the Company ). It contains the policies to guide employees, management and the

More information

ก ก Tools and Techniques for Enterprise Risk Management (ERM)

ก ก Tools and Techniques for Enterprise Risk Management (ERM) ก ก Tools and Techniques for Enterprise Risk Management (ERM) COSO ERM ISO ERM 31 2554 10:45 12:15.. 301, 302, 307 ก ก COSO Internal Control ERM Integrated Framework Application Technique ISO 31000 Guide

More information

Nagement. Revenue Scotland. Risk Management Framework. Revised [ ]February Table of Contents Nagement... 0

Nagement. Revenue Scotland. Risk Management Framework. Revised [ ]February Table of Contents Nagement... 0 Nagement Revenue Scotland Risk Management Framework Revised [ ]February 2016 Table of Contents Nagement... 0 1. Introduction... 2 1.2 Overview of risk management... 2 2. Policy Statement... 3 3. Risk Management

More information

Risk Management. Seminar June Compiled by: Raaghieb Najjaar, Yaeesh Yasseen & Rashied Small

Risk Management. Seminar June Compiled by: Raaghieb Najjaar, Yaeesh Yasseen & Rashied Small Risk Management Seminar June 2017 Compiled by: Raaghieb Najjaar, Yaeesh Yasseen & Rashied Small Defining Risk Risk reflects the chance that the actual event may be different than the planned / expected

More information

Procedure: Risk management

Procedure: Risk management Procedure: Risk management Purpose To outline the procedures involved for identification, assessment and management of risks. Procedure Introduction 1. This procedure outlines the University s Risk Awareness

More information

SETSOTO LOCAL MUNICIPALITY

SETSOTO LOCAL MUNICIPALITY SETSOTO LOCAL MUNICIPALITY OFFICE OF THE MUNICIPAL MANAGER: RISK MANAGEMENT UNIT RISK MANAGEMENT STRATEGY Table of Contents 1. INTRODUCTION...3 2. THE NEED...3 3. OBJECTIVES...4 4. DEFINITIONS...4 5. RISK

More information

Risk Management Strategy

Risk Management Strategy Resources Risk Management Strategy Successful organisations are not afraid to take risks; Unsuccessful organisations take risks without understanding them. Issue: Version 3 - November 2011 Group: Resources

More information

Applying COSO s Enterprise Risk Management Integrated Framework. September 29, 2004

Applying COSO s Enterprise Risk Management Integrated Framework. September 29, 2004 Applying COSO s Enterprise Risk Management Integrated Framework September 29, 2004 Today s organizations are concerned about: Risk Management Governance Control Assurance (and Consulting) ERM Defined:

More information

Nagement. Revenue Scotland. Risk Management Framework

Nagement. Revenue Scotland. Risk Management Framework Nagement Revenue Scotland Risk Management Framework Table of Contents 1. Introduction... 2 1.2 Overview of risk management... 2 2. Policy statement... 3 3. Risk management approach... 4 3.1 Risk management

More information

Practical aspects of determining and applying a risk appetite for SMEs

Practical aspects of determining and applying a risk appetite for SMEs Practical aspects of determining and applying a risk appetite for SMEs By Tim Timchur acis, Director, ActivePro Consulting Pty Ltd Important to determine appetite for risk before determining what risk

More information

Policy (Board Approved) Public Version

Policy (Board Approved) Public Version Policy (Board Approved) Public Version Business Resilience and Risk Management Document Number GOV-POL-37 1.0 Policy Statement Stanwell is committed to delivering a business resilience platform across

More information

INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS

INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS Guidance Paper No. 2.2.x INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS GUIDANCE PAPER ON ENTERPRISE RISK MANAGEMENT FOR CAPITAL ADEQUACY AND SOLVENCY PURPOSES DRAFT, MARCH 2008 This document was prepared

More information

Applying COSO s Enterprise Risk Management Integrated Framework

Applying COSO s Enterprise Risk Management Integrated Framework Applying COSO s Enterprise Risk Management Integrated Framework COSO COSO stands for the Committee Of Sponsoring Organizations of the Treadway Commission. The sponsoring organizations are: Institute of

More information

RISK MANAGEMENT FRAMEWORK

RISK MANAGEMENT FRAMEWORK RISK MANAGEMENT FRAMEWORK 1. INTRODUCTION (Company) acknowledges that risk is inherent in its business. The Company faces a broad range of risks as a listed entertainment organisation. The Company s risk

More information

BERGRIVIER MUNICIPALITY

BERGRIVIER MUNICIPALITY BERGRIVIER MUNICIPALITY ENTERPRISE RISK MANAGEMENT POLICY November 2016 P217 HISTORY OF REVIEW AND APPROVAL Author of Document: Version Author 1.0 Chief Risk Officer: Madell Lihou 1.1 1.2 1.3 Date Compiled

More information

Enterprise Risk Management Integrated Framework

Enterprise Risk Management Integrated Framework ISACA S IT Audit, Information Security & Risk Insights Africa 2014, Alisa Hotel Enterprise Risk Management Integrated Framework Tony Bediako May 20, 2014 Today s organizations are concerned about: Risk

More information

INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS

INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS Guidance Paper No. 2.2.6 INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS GUIDANCE PAPER ON ENTERPRISE RISK MANAGEMENT FOR CAPITAL ADEQUACY AND SOLVENCY PURPOSES OCTOBER 2007 This document was prepared

More information

RISK MANAGEMENT POLICY

RISK MANAGEMENT POLICY RISK MANAGEMENT POLICY 1. INTRODUCTION Seven West Media Limited (SWM) is the leading, listed national multi-platform media business based in Australia, which exposes the company to a wide range of risks.

More information

ENTERPRISE RISK MANAGEMENT POLICY FRAMEWORK

ENTERPRISE RISK MANAGEMENT POLICY FRAMEWORK ANNEXURE A ENTERPRISE RISK MANAGEMENT POLICY FRAMEWORK CONTENTS 1. Enterprise Risk Management Policy Commitment 3 2. Introduction 4 3. Reporting requirements 5 3.1 Internal reporting processes for risk

More information

Risk Management Strategy January NHS Education for Scotland RISK MANAGEMENT STRATEGY

Risk Management Strategy January NHS Education for Scotland RISK MANAGEMENT STRATEGY NHS Education for Scotland RISK MANAGEMENT STRATEGY January 2016 1 Contents 1. NES STATEMENT ON RISK MANAGEMENT 2 RISK MANAGEMENT STRATEGY 3 RISK MANAGEMENT STRUCTURES 4 RISK MANAGEMENT PROCESSES 5 RISK

More information

Scouting Ireland Risk Management Framework

Scouting Ireland Risk Management Framework No. SID 124A/15 Gasóga na héireann/scouting Ireland Issued Amended 20 th June 2015 Deleted Source: National Management Committee Scouting Ireland Risk Management Framework Revision Date Description # 20/06/2015

More information

28 July May October 2016

28 July May October 2016 Policy Name Risk Management Policy & Procedure Related Policies and Legislation AISWA Guidelines Risk Management Policy Category Planning & Management Relevant Audience Date of Issue / Last Revision All

More information

1 July Guideline for Municipal Competency Levels: Chief Financial Officers

1 July Guideline for Municipal Competency Levels: Chief Financial Officers 1 July 2007 Guideline for Municipal Competency Levels: Chief Financial Officers issued in terms of the Local Government: Municipal Finance Management Act, 2003 Introduction This guideline is one of a series

More information

Risk Management Strategy

Risk Management Strategy Risk Management Strategy 2016 2019 Version: 6 Policy Lead/Author & Deputy Director of Quality position: Ward / Department: Nursing Directorate Replacing Document: Version 5 Approving Committee Quality

More information

University Risk Management Policy

University Risk Management Policy Preamble University Risk Management Policy Approving Authority: Board of Governors Original Approval Date: June 7, 2007 Date of Most Recent Review/Revision: October 20, 2017 Responsible Officer: Vice-President

More information

RISK MANAGEMENT POLICY October 2015

RISK MANAGEMENT POLICY October 2015 RISK MANAGEMENT POLICY October 2015 1. INTRODUCTION 1.1 The primary objective of risk management is to ensure that the risks facing the business are appropriately managed. 1.2 Paringa Resources Limited

More information

Risk Management Framework

Risk Management Framework Risk Management Framework Introduction The outgoing Corporate Strategy 2013-18 and incoming University Strategy 2018-23 continues on a trajectory towards Vision 2025 in an increasingly competitive Higher

More information

UNIVERSITY OF ABERDEEN RISK MANAGEMENT FRAMEWORK

UNIVERSITY OF ABERDEEN RISK MANAGEMENT FRAMEWORK UNIVERSITY OF ABERDEEN RISK MANAGEMENT FRAMEWORK 1 TABLE OF CONTENTS FIGURES AND TABLES... 3 1. INTRODUCTION... 4 2. KEY TERMS AND DEFINITIONS... 5 2.1 Risk... 5 2.2 Risk Management... 5 2.3 Risk Management

More information

Risk Management Strategy and Board Assurance Framework

Risk Management Strategy and Board Assurance Framework Risk Management Strategy and Board Assurance Framework Version 1.1 Ratified by Health Commissioning Board Date ratified Audit Committee in Common: 10 th October 2017 Heath Commissioning Board: 8 th November

More information

Merrill Lynch Kingdom of Saudi Arabia Company. Pillar 3 Disclosure. As at 31 December 2017

Merrill Lynch Kingdom of Saudi Arabia Company. Pillar 3 Disclosure. As at 31 December 2017 Merrill Lynch Kingdom of Saudi Arabia Company Pillar 3 Disclosure As at 31 December 2017 Contents 1. Introduction 5 2. Capital Resources and Minimum Capital Requirements 8 3. Liquidity Position 12 4. Risk

More information

GRINDROD SOUTH AFRICA//Policy Risk and opportunity governance framework

GRINDROD SOUTH AFRICA//Policy Risk and opportunity governance framework Document number GP24 Revision number 02 Issue date 23 May 2017 Author name Andrew Davies Approval Risk Committee 02 CONTENTS 1 Purpose 04 2 Objective 04 3 Risk and opportunity governance policy 04 4 Governance

More information

Risk Management Framework

Risk Management Framework Risk Management Framework Risk Management Framework 1. The University views Risk Management as integral to the successful execution of its Strategy. In order to achieve the aims set out in our strategy,

More information

Thirty-Second Board Meeting Risk Management Policy

Thirty-Second Board Meeting Risk Management Policy Thirty-Second Board Meeting Risk Management Policy 00 Month 2014 Location, Country Page 1 Board Decision THE RISK MANAGEMENT POLICY Purpose: 1. This document, Risk Management Policy (), presents: i) a

More information

Perpetual s Risk Management Framework

Perpetual s Risk Management Framework Perpetual s Risk Management Framework Perpetual s Risk Management Framework Context Perpetual Limited (Perpetual) is a diversified financial services firm, listed on the Australian Securities Exchange.

More information

RISK MANAGEMENT POLICY

RISK MANAGEMENT POLICY RISK MANAGEMENT POLICY Approved by Governing Authority February 2016 1. BACKGROUND 1.1 The focus on governance in corporate and public bodies continues to increase. It resulted in an expansion from the

More information

Risk Appetite Survey Current state of the Insurance Industry

Risk Appetite Survey Current state of the Insurance Industry Risk Appetite Survey Current state of the Insurance Industry Deloitte Belgium and The Netherlands Financial Services Industry The survey was conducted during July 2013 till December 2013 Introduction The

More information

Risk Management Strategy Highland Council Pension Fund

Risk Management Strategy Highland Council Pension Fund Risk Management Strategy Highland Council Pension Fund Approved Pensions Committee 9 August 2018 3 1. Introduction 1.1 Risk management is a key element of Corporate Governance and the Highland Council

More information

ENTERPRISE RISK MANAGEMENT (ERM) GOVERNANCE POLICY PEDERNALES ELECTRIC COOPERATIVE, INC.

ENTERPRISE RISK MANAGEMENT (ERM) GOVERNANCE POLICY PEDERNALES ELECTRIC COOPERATIVE, INC. 1. Purpose: 1.1. Pedernales Electric Cooperative ( PEC ) is committed to delivering low-cost, reliable and safe energy solutions for the benefit of our members. In order to improve the likelihood of achieving

More information

There are many definitions of risk and risk management.

There are many definitions of risk and risk management. Definition of risk There are many definitions of risk and risk management. The definition set out in ISO Guide 73 is that risk is the effect of uncertainty on objectives. In order to assist with the application

More information

Introduction. The Assessment consists of: A checklist of best, good and leading practices A rating system to rank your company s current practices.

Introduction. The Assessment consists of: A checklist of best, good and leading practices A rating system to rank your company s current practices. ESG / CSR / Sustainability Governance and Management Assessment By Coro Strandberg President, Strandberg Consulting www.corostrandberg.com September 2017 Introduction This ESG / CSR / Sustainability Governance

More information

APPENDIX 1. Transport for the North. Risk Management Strategy

APPENDIX 1. Transport for the North. Risk Management Strategy APPENDIX 1 Transport for the North Risk Management Strategy Document Details Document Reference: Version: 1.4 Issue Date: 21 st March 2017 Review Date: 27 TH March 2017 Document Author: Haddy Njie TfN

More information

Integrated Risk Management Framework

Integrated Risk Management Framework Integrated Risk Management Framework Author Patient Safety Manager Version 4.0 Version Date May 2017 Implementation/Approval Date May 2017 Review Date May 2018 Review Body Governing Body Policy Reference

More information

Risk Management Policy and Framework

Risk Management Policy and Framework Risk Management Policy and Framework Risk Management Policy Statement ALS recognises that the effective management of risks is a fundamental component of good corporate governance and is vital for the

More information

Fathom Wealth Management Advisors Ltd Risk Management Disclosures Year Ended 31 December 2017

Fathom Wealth Management Advisors Ltd Risk Management Disclosures Year Ended 31 December 2017 Fathom Wealth Management Advisors Ltd Risk Management Disclosures Year Ended 31 December 2017 According to Directives DI144-2014-14 and DI144-2014-15 of the Cyprus Securities & Exchange Commission for

More information

Risk Management Policy. September 2015

Risk Management Policy. September 2015 Risk Management Policy September 2015 Contents Policy Statement... 3 AA s Commitment to Risk Management... 3 Risk Management Principles... 4 Governance Framework... 6 Roles and Responsibilities... 7 Board...

More information

Risk Management Policy

Risk Management Policy DYNAMIC ARCHISTRUCTURES LIMITED Risk Management Policy DYNAMIC ARCHISTRUCTURES LIMITED Regd. Address: 409, Swaika Centre, 4A Pollock Street, Kolkata - 700001 (West Bengal) CONTENTS Sr. Particulars Page

More information

UNITED NATIONS JOINT STAFF PENSION FUND. Enterprise-wide Risk Management Policy

UNITED NATIONS JOINT STAFF PENSION FUND. Enterprise-wide Risk Management Policy UNITED NATIONS JOINT STAFF PENSION FUND Enterprise-wide Risk Management Policy 15 April 2016 Page 1 Table of Contents Page Preface I. Introduction 3 II. Definition 4 III. UNSJFP Enterprise-wide Risk Management

More information

Policy (Board Approved)

Policy (Board Approved) Policy (Board Approved) Business Resilience and Risk Management Document Number GOV-POL-37 1.0 Policy Statement Stanwell is committed to delivering a business resilience platform across all levels of the

More information

The Central Bank of Ireland Risk Appetite: A Discussion Paper

The Central Bank of Ireland Risk Appetite: A Discussion Paper CONTRIBUTION FROM THE CREDIT UNION DEVELOPMENT ASSOCIATION IN RESPONSE TO The Central Bank of Ireland Risk Appetite: A Discussion Paper 1 st September 2014 Introduction CUDA (Credit Union Development Association)

More information

Risk Management Policy

Risk Management Policy Risk Management Policy Contents Executive summary... 3 Aim & introduction... 3 Definitions... 3 Consequence... 3 Event... 3 Likelihood... 3 Risk... 4 Risk Appetite... 4 Risk Management... 4 Risk Management

More information

An Introductory Presentation for ECU Staff

An Introductory Presentation for ECU Staff Risk Management at ECU An Introductory Presentation for ECU Staff Phillip Draber Manager, Risk and Assurance Outcomes By the end of this session you should: Be able to complete and document risk management

More information

Risk Management Policy

Risk Management Policy Risk Management Policy 1 Purpose and scope of this Policy 1.1 CSG Limited (CSG) is committed to managing its risks in a consistent and practical manner. Effective risk management is directly focussed on

More information

PILLAR 3 DISCLOSURES MERCER UK AUGUST 2016

PILLAR 3 DISCLOSURES MERCER UK AUGUST 2016 PILLAR 3 DISCLOSURES MERCER UK AUGUST 2016 CONTENTS 1. Background... 1 1.1 Basis of Disclosures... 2 1.2 Frequency of Publication... 2 1.3 Verification... 2 1.4 Media & Location of Publication... 2 2.

More information

Pillar 3 Disclosure ICAP Europe Limited

Pillar 3 Disclosure ICAP Europe Limited Pillar 3 Disclosure 31 st March 2017 1. INTRODUCTION AND SCOPE The purpose of this report is to meet Pillar 3 requirements laid out by the European Banking Authority (EBA) in Part Eight of the Capital

More information

Risk Management Guideline

Risk Management Guideline Risk Management Guideline [Selected Pages] Version 1.1 (August 2012) 1 P a g e 1 Objective This Guideline outlines the processes used at Panoramic Resources Limited (Panoramic) to identify and manage risk

More information

FRAUD PREVENTION POLICY

FRAUD PREVENTION POLICY Page 1 of 13 FRAUD PREVENTION POLICY POLICY NO: 0094 Page 2 of 13 TABLE OF CONTENT Page 3 of 13 AMENDMENT AND APPROVAL RECORD TITLE: FRAUD PREVENTION POLICY Policy Number 0094 Effective Date From date

More information

Kidsafe NSW Risk Management Plan. August 2014

Kidsafe NSW Risk Management Plan. August 2014 Kidsafe NSW Risk Management Plan August 2014 Document Control Document Approval Name & Position Signature Date Document Version Control Version Status Date Prepared By Comments Document Reviewers Name

More information

GENERAL RISK CONTROL AND MANAGEMENT POLICY

GENERAL RISK CONTROL AND MANAGEMENT POLICY GENERAL RISK CONTROL AND MANAGEMENT POLICY OF SIEMENS GAMESA RENEWABLE ENERGY, S.A. (Text approved by resolution of the Board of Directors dated September 12, 2018) GENERAL RISK CONTROL AND MANAGEMENT

More information

EPWP INCENTIVE GRANT MANUAL

EPWP INCENTIVE GRANT MANUAL EPWP Incentive Grant Manual 2009/10 EPWP INCENTIVE GRANT MANUAL FROM THE NATIONAL DEPARTMENT OF PUBLIC WORKS FOR THE IMPLEMENTATION OF THE EPWP INCENTIVE GRANT BY IMPLEMENTING PUBLIC BODIES Version 1 May

More information

Risk Management Plan PURPOSE: SCOPE:

Risk Management Plan PURPOSE: SCOPE: Management Plan Authority Source: Vice-Chancellor Approval Date: 16/05/2018 Publication Date: 17/05/2018 Review Date: 17/05/2021 Effective Date: 16/05/2018 Custodian: General Counsel and University Secretary

More information

Risk Management Policy

Risk Management Policy Risk Management Policy October 2014 Risks 1. Risks can be identified under four principal headings a. Financial risks b. Strategic Risks c. Operational Risks, and d. Hazard Risks 2. These are either externally

More information

HSC Business Services Organisation Board

HSC Business Services Organisation Board Paper BSO 25/2009 HSC Business Services Organisation Board Risk Management 1. Purpose of this report The purpose of this report is to brief the Board on the BSO Risk Management process. 2. Background HSC

More information

M_o_R (2011) Foundation EN exam prep questions

M_o_R (2011) Foundation EN exam prep questions M_o_R (2011) Foundation EN exam prep questions 1. It is a responsibility of Senior Team: a) Ensures that appropriate governance and internal controls are in place b) Monitors and acts on escalated risks

More information

Bournemouth Primary MAT Risk Management Policy

Bournemouth Primary MAT Risk Management Policy Bournemouth Primary MAT Risk Management Policy 1. Introduction The Bournemouth Primary Multi-Academy Trust (the Trust) operates a risk management system in order to identify and manage key exposures and

More information

University of the Sunshine Coast (USC) Risk Appetite Statement

University of the Sunshine Coast (USC) Risk Appetite Statement Vision and strategic goals University of the Sunshine Coast (USC) Risk Appetite Statement The University of the Sunshine Coast will be a university of international standing, a driver of capacity building

More information

Risk Management Policy and Strategy

Risk Management Policy and Strategy Risk Management Policy and Strategy Version: 2.1 Bodies consulted: Approved by: Directors and Managers responsible for risk Board of Directors Date Approved: 28 March 2017 Lead Manager: Lead Director:

More information

Enterprise Risk Management Program

Enterprise Risk Management Program Enterprise Risk Management Program David W Sundvall, Risk Manager 3/2/2016 Page 0 of 12 Table of Contents Introduction... 2 Approach... 2 Risk Appetite... 3 Roles and Responsibilities... 3 Process... 4

More information

OECD guidelines for pension fund governance

OECD guidelines for pension fund governance DIRECTORATE FOR FINANCIAL AND ENTERPRISE AFFAIRS OECD guidelines for pension fund governance RECOMMENDATION OF THE COUNCIL These guidelines, prepared by the OECD Insurance and Private Pensions Committee

More information

Business Auditing - Enterprise Risk Management. October, 2018

Business Auditing - Enterprise Risk Management. October, 2018 Business Auditing - Enterprise Risk Management October, 2018 Contents The present document is aimed to: 1 Give an overview of the Risk Management framework 2 Illustrate an ERM model Page 2 What is a risk?

More information

Day 2: Session 2 Tax governance, risk and control

Day 2: Session 2 Tax governance, risk and control Day 2: Session 2 Tax governance, risk and control The Westin, Singapore 26 February 2016 James Paul Deloitte 1 Agenda 1. The changing tax environment and business response 2. Focus on tax governance, policy

More information

Integrated Risk Management Framework Sept Page 1 of 17

Integrated Risk Management Framework Sept Page 1 of 17 Integrated Risk Management Framework 2017-2018 Sept 2017 Page 1 of 17 Reference: Title: Author/Nominated Lead: Approval Date: Approving Committee: Review Date: Target Audience: Circulation List: Cross

More information

Risk Management Policy

Risk Management Policy Risk Management Policy Version: 3 Board Endorsement: 11 January 2014 Last Review Date: 3 January 2014 Next Review Date: July 2014 Risk Management Policy 1 Table of Contents 1 Introduction... 3 2 Overview...

More information

RISK MANAGEMENT FRAMEWORK

RISK MANAGEMENT FRAMEWORK RISK MANAGEMENT FRAMEWORK 1 RISK MANAGEMENT FRAMEWORK... 1 INTRODUCTION... 3 AN EFFECTIVE ENTERPRISE RISK MANAGEMENT SYSTEM... 4 Guiding Principles... 4 RISK GOVERNANCE... 5 Mandate and Commitment... 5

More information

Risk Management Procedure

Risk Management Procedure Risk Management Procedure 2017 Number: Date Written: Authorised by: Review Date: Version 4.0 15 December 2016 Bernie Wilson 30 December 2018 Contents Amendment and Review... 2 Document Control / Amendments...

More information

Risk Management Policy

Risk Management Policy Version: 2.0 New or Replacement: Policy number: Document author(s): Replacement ULHT-MD-GOV-RM-PMIMSI Paul White, Risk Manager Contributor(s): Members of the Trust Board & Senior Leadership Team Approved

More information

Energize Your Enterprise Risk Management

Energize Your Enterprise Risk Management Energize Your Enterprise Risk Management Presented By Mark Caiazzo, CISA, CISM, CRISC Tammy Michaud, CPA May 15, 2017 Reviewed: Agenda Enterprise Risk Management Defined Benefits of ERM Key Components

More information

CORPORATE RISK MANAGEMENT POLICY

CORPORATE RISK MANAGEMENT POLICY 11/8/2017 INFORMAÇÃO INTERNA ÍNDICE 1 PURPOSE... 3 2 SCOPE... 3 3 REFERENCES... 3 4 CONCEPTS... 4 5 GUIDELINES... 6 6 RESPONSABILITIES... 8 7 CONTROL INFORMATION... 14 2 INFORMAÇÃO INTERNA 1 PURPOSE The

More information

RISK MANAGEMENT FRAMEWORK OVERVIEW

RISK MANAGEMENT FRAMEWORK OVERVIEW Perpetual Limited RISK MANAGEMENT FRAMEWORK OVERVIEW September 2017 Classification: Public Page 1 of 6 COMMITMENT TO RISK MANAGEMENT As a publicly listed company and provider of financial products and

More information

How we manage risk. Risk philosophy. Risk policy. Risk framework

How we manage risk. Risk philosophy. Risk policy. Risk framework How we manage risk Risk management is integral to the daily operations of our businesses. As a multinational group with activities in over 130 countries, Naspers is exposed to a wide range of risks that

More information

JOB DESCRIPTION FORM Job title:

JOB DESCRIPTION FORM Job title: Overall Purpose of the Job: To provide strategic and oversight support to the CEO, as Accounting Officer of JOSHCO in the key areas of Financial and Budgetary Management, Supply Chain and Asset Management

More information

GOV : Enterprise Risk Management Policy

GOV : Enterprise Risk Management Policy Name: Responsibility: Complements: Enterprise Risk Management Framework Coordinator, Enterprise Risk Management GOV-080-005: Enterprise Risk Management Policy Draft Date: November 2006; January 2012 Revised

More information

RISK MANAGEMENT FRAMEWORK

RISK MANAGEMENT FRAMEWORK RISK MANAGEMENT FRAMEWORK Approving authority Approval date University Council 5 August 2013 (3/2013 meeting) Advisor Vice President (Corporate Services) vpcorporateservices@griffith.edu.au (07) 373 57343

More information

1.1. This document forms the Council s Risk Management Strategy. It sets out:

1.1. This document forms the Council s Risk Management Strategy. It sets out: 1. Introduction Bovey Tracey Town Council RISK MANAGEMENT STRATEGY 1.1. This document forms the Council s Risk Management Strategy. It sets out: - What is risk management - Why the Council needs a risk

More information

Corporate Governance of Federally-Regulated Financial Institutions

Corporate Governance of Federally-Regulated Financial Institutions Draft Guideline Subject: -Regulated Financial Institutions Category: Sound Business and Financial Practices Date: I. Purpose and Scope of the Guideline The purpose of this guideline is to set OSFI s expectations

More information