intergrated risk management frame work and policy - MFMA

(1)

INTERGRATED RISK

MANAGEMENT FRAME WORK AND POLICY

DITSOBOTLA LOCAL MUNICIPALITY

(2)

1. INTRODUCTION

In terms of section 95(c) (i) of the Municipal Finance Management Act. Act 56 of 2003. As amended, (MFMA) the Account Officer of the Municipality has the responsibility to ensure that the

(3)

Municipality has and maintains an effective, efficient and transparent system of risk management.

the management of risk is the process by which the Accounting Officer, Chief Financial Officer and the other senior management of a Municipality will Pro-Actively, purposefully and regularly, but at least annually, identify and define current as well as emerging business, financial and operational risks and identify appropriate, business and cost effective methods of managing these risks within the municipality, as well as the risk to the stakeholders.

Risk management is designed to identify potential events that may significantly affect the

Municipal’s ability to achieve its strategic objectives or maintain its operations. Risk is chance of an event , either positive or negative that will have a significant impact on operations and/or the achievement of objectives. It is measured in terms of impact and likelihood.

RISK MANAGEMENT IS DEFINED AS

A continuous, proactive and systematic process , effected by a Municipality’s executive authority , accounting officer , management and other personnel , applied in strategic planning and across the Municipality ,designed to identify potential events that may affect the Municipality and manage risks to be within its risk tolerance , to provide reasonable assurance regarding the achievement of Municipal objectives.

Risk management is a central part of any organisations strategic management. it is the process whereby organisations methodically address the risks attached to their activities with the goal of achieving sustained benefit to all activities.

The focus of good risk management is the identification and treatment of these risks. The management of risk is shared responsibility at all levels of the Municipality.

Risk management increases the probability of success, and reduces both the probability of failure and the uncertainty of achieving the Municipality’s overall objectives. Risk management should be a continuous and developing process which runs throughout the Municipality’s strategy and the implementation of that strategy. It should address methodically all the risks surrounding the Municipality‘s activities past, present and future .

It must be integrated into the culture of the Municipality with an effective policy and a programme led by the most senior management. it must translate the strategy into tactical and operational objectives , assigning responsibility throughout the Municipality with each manager and employee responsible for the management of risk as part of their Job description . it supports accountability , performance measurement and reward, thus promoting operational efficiency y at all levels .the risks are documented and recorded in a risk register that reports to all participants and stakeholders of the process .the purpose of this policy is to provide guidance and direction to management and employees on the management of risking facing the Ditsobotla Local Municipality . the Municipality is committed to the philosophy of effective risk management as a core managerial capability that is aligned to the principle of the King II Report .

2. SCOPE AND GOALS

This policy addresses key elements of the risks management framework to be implemented and maintained by the Municipality, which will allow for the Management of risks within defined risk/

(4)

return parameters, risk appetite and tolerance as well as risk management standards. As such, it provides a frame for the effective identification, evaluation, management, measurement and reporting of the Municipality’s risks.

RISK IS OFTEN CREATED BY

Change that takes place within the Municipality (i.e people , systems , processes , technology , legislation and regulations)

External influence (i.e economics , availability of human resources and damages ) Operations and complexity of processes

Volume of activities within a Municipality and The nature of the control environment

By defining risk in terms of an impact upon the achievement of business objectives ,the

Municipality’s risk management framework should recognise the need to manage risk so that the Municipality is sustainable as well as able to timeously meets its obligation meets its obligations to the broader stakeholders (i.e the community , financiers and service provider ). The primary goals of the Municipality’s risk management programme are to support the overall mission of the

Municipality by :

Supporting balance sheet protection Supporting business continuity Supporting reputation risk

Defining risk management roles and responsibilities within the Municipality and outlining procedures to migrate risks so as to ensure a dynamic and demonstratable process in which responsibility rests with line management with overall responsibility vested in accounting officer and Chief Financial Officer .

Ensuring pro-active , consistent , integrated and acceptable management needs of the Municipality while maintaining control of the overall risk position.

Document the approved methodology for risk measurement and

Providing a system or process to accommodate the central accumulation of data such as the development and maintenance of a risk register , which must form part of operational support and procedures.

3. OBJECTIVE OF THE RISK POLICY

The objective of this policy document is to provide guidance to the risk management function within the Municipality on how to.

Develop and implement risk management as an integral part of all Municipal activities and

Identify and develop core capabilities to identify and manage risk.

Risk are assessed on their current and desired impact and likelihood.

(5)

Current Risk is defined as the likelihood that a risk may materialise, given current controls and risk responses in place, and the impact thereof if a risk materialises.

Desired Risk is defined as Management and stakeholders of an organization determining the risk appetite of an organisation i.e the level of risk exposure within which the organisation may operate and function . The desired risk is the contemplated future risk exposure , set within the risk appetite of an organisation , after taking into account .

Available resource

The effectiveness of current controls and risk responses and

The effectiveness of future (planned ) additional controls and risk responses.

Each of these risks must be assessed and likelihood and the frequency of cause of the risk occurring and the resulting impact severity of the risk on the functions and sustainability of the Municipality must be documented and considered by the accounting officer and Chief Financial Officer.

4. POLICY STATEMENT

It is the policy of the Municipality to adopt a common approach to the management of risk.

This approached involves a clearly stipulated strategy defining the risks that the Municipality is exposed to and the manner in which the risks shall be managed. The Municipality will identify and manage its risk in support of its vision , mission , goals and aims as ste out in the integrated Development Plan (IDP) , service Delivery and Budget implantation Plan (SDBIP) and its operations.

The risk policy guides the development of a strategic plan that should address the following An effective risk management architecture

A reporting system to facilitate risk reporting and An effective culture of risk assessment

The Municipality will promote the risk management language and culture in all sections of the Municipality and aim to demonstrate quality improvement resulting from effective risk management.

All risk management efforts will be focused on supporting the Municipality’s objective. Equally , they must ensure compliance with the MFMA , other relevant legislation and fulfil the requirements of the king II report on corporate Governance. This policy is based on minimum requirements and best practices as contained in the COSO Enterprise Risk Management – Integrated Framework ,

considered to be a globally accepted best practise methodology guideline on the topic of enterprise risk management and national treasury – Final Risk Management Framework , accepted within the South African Public Services as a definitive guideline and source of best practices on the topic of enterprise risk management I the public sector and the standards for Professional Practice Of international Auditors (SPPIA).

The risk management drives and oversees the implementation of and monitoring of compliance to the policy by facilitating and coordinating the process of :

(6)

 Identifying risks

 Reviewing and ranking of risks

 Assigning responsibility to manage identified risks

 Tracking and monitoring of risks and

 Reporting on the status of risk management initiatives to the Accounting Officer Audit Committee

5. Risk management methodology and frame work

The committee of sponsoring Organizations of the Tread Way Commission (COSO) developed a frame work that would be readily usable by management to evaluate and improve the Municipality’s Enterprise Risk Management. This provided

 Key principles and concepts

 A common language and

 Clean direction and guidance

This Enterprise Risk Management – Integrated Frame work provided a more robust extensive focus on the broader subject of enterprise risk management.

COSO’s enterprise risk management frame work is geared to achieving the following municipal activities :

 Strategic – High-level goals , aligned with a supporting its mission

 Operation -

intergrated risk management frame work and policy - MFMA