Annexure U Risk Assessment Report (IT)

(1)

Greater Tzaneen Municipality Information Technology (IT) Risk Register 2021/ 2022 FY

No Link to objective/goa

l

Risk

category Risk description

Background to the risk/Risk Root Cause

Risk Consequence Impact Likelihood Inherent risk Current controls

Perceived control effectiveness

Residual

risk Risk owner

Actions to improve management of the

risk

Action owner

1 To improve professionalis m of Council and its administration

Good Governance

Circulation of prohibited/restrict ed or classified information

non-adherence to ICT policies, standards and legislative prescripts,

Violation of ICT policies and Municipal Communication Strategy

Major 4 Moderate 3 Medium 12 ICT Policies and other related

legislation such as POPI, MISS,

Satisfactory 0.65 Low 7.8 Director:

Corporate Services

Adherence to ICT policies.

Conduct awareness campaigns on information security.

Manager: IT

Good Governance

Malware attacks and theft.

failure to adhere to ICT policies

Damage of information and disruption of services.

Major 4 Moderate 3 Medium 12 Antivirus software

ICT policies: Patch management policy, Firewall policy, internet usage policy,

Satisfactory 0.65 Low 7.8 Director:

Corporate Services

Awareness campaigns on ICT policies.

Manager: IT

Good Governance

Unauthorized access to the ICT systems (no access to the financial and other systems such as Payday, Promise, Action assist, mSCOA.

Inadequate integration of systems Poor account management control

fraudulent transactions, Data loss, Leakage of confidential information

Major 4 Likely 4 High 16 ICT Policies, user account

management policy,

Satisfactory 0.65 Medium 10.4 Director:

Corporate Services

Accounting Officer to intervene regarding access to financial and other systems;

Involving IT office when implementing new systems,

Manager: IT

Annexure U Risk Assessment Report Page 1 of 2 2021/06/07

(2)

Time scale

30/09/2021

Annexure U Risk Assessment Report Page 2 of 2 2021/06/07