Structuring Your Portfolio of Evidence File: Unit Standard: 116339
Uploaded by
zibabalontolosiStructuring Your Portfolio of Evidence File: Unit Standard: 116339
Uploaded by
zibabalontolosiStructuring Your Portfolio of Evidence File
Unit Standard: 116339
In order to assist you we have listed each activity by page.
Remove these documents and place them in your POE file.
As you will see the content of each section is listed and we have also given you some tips on
what should be contained in the section.
Please read the activity question carefully and make sure that the evidence you select is
what is asked for. Failure to do so will result in the assessor returning your POE to you for
additional information.
When submitting evidence, please make sure that you write a short report as to why you
have selected this evidence so that the assessor can see the evidence in context.
Please ensure that the evidence supplied is your own work
The Structure of the Assessment
The assessment of this unit standard will take place in the form of formative and summative
assessments.
Formative assessments as well as preparation towards the summative assessment should
be conducted during the contact time in class.
Assessment Criteria
In assessing submitted work, the following will carry weight:
Originality of the work presented;
Knowledge of the preparation and analysis of municipal financial reports;
Insight into the application of municipal financial reports;
Ability to analyse identified problems and identify possible solutions;
Comprehension of the subject content; and
Ability to organise assignment content in a logical and structured manner.
National Treasury: POE Unit Standard 116339 1
Assessment Methods/Strategies
The assessment of this module will be conducted in a form of formative and summative
assessments. Formative assessments comprise of activities to be conducted in class as well
as a presentation to be presented during the last day of facilitation. The summative
assessment comprises of the submission of a Portfolio of Evidence by each learner on the
activities included in the manual.
NB: Please note that although formative assessment will take place in class when you are
working with your fellow learners, it is important that you ensure that you are an active part
of the discussion or activity.
You will be required to include your notes in your POE. It will also be advantageous for you
to review and add to your notes before placing them in your POE. It is your responsibility to
prove that you are competent against the unit standard
National Treasury: POE Unit Standard 116339 2
Divider 1:
Section 1: Background Information
1. Your CV
2. A Certified Copy of Your ID
3. Your Organisational Profile
NB: This refers to a brief overview of your council and its main focus regarding
products / services.
4. Departmental organogram
NB: Your departmental organogram enables the assessor to see where you fit into
the municipality. Highlight your position in the department.
If you do not work in the municipal finance department but serve on a related
committee, then indicate the portfolio or section in which you serve.
5. Your Job Profile
6. Your motivation for completing this programme
National Treasury: POE Unit Standard 116339 3
Divider 2:
Section 2: Unit Standards
This POE relates to Unit Standard 116339
Apply risk management in South African Municipalities
National Treasury: POE Unit Standard 116339 4
Unit Standard 116339
All qualifications and unit standards registered on the National
Qualifications Framework are public property. Thus the only
payment that can be made for them is for service and
reproduction. It is illegal to sell this material for profit. If the
material is reproduced or quoted, the South African Qualifications
Authority (SAQA) should be acknowledged as the source.
SOUTH AFRICAN QUALIFICATIONS AUTHORITY
REGISTERED UNIT STANDARD:
Apply risk management in South African municipalities
SAQA US ID UNIT STANDARD TITLE
116339 Apply risk management in South African municipalities
ORIGINATOR REGISTERING PROVIDER
SGB Public Administration and
Management
FIELD SUBFIELD
Field 03 - Business, Commerce and Public Administration
Management Studies
ABET BAND UNIT STANDARD NQF LEVEL CREDITS
TYPE
Undefined Regular Level 6 10
REGISTRATION REGISTRATION REGISTRATION SAQA
STATUS START DATE END DATE DECISION
NUMBER
Reregistered 2007-09-18 2010-09-18 SAQA 0160/05
LAST DATE FOR ENROLMENT LAST DATE FOR ACHIEVEMENT
2011-09-18 2014-09-18
This unit standard does not replace any other unit standard and is not replaced by
any other unit standard.
PURPOSE OF THE UNIT STANDARD
This Unit Standard is for all people involved in municipal financial management.
Persons credited with this unit standard are able to:
Apply the core concepts of risk management in a South African
municipality.
To inform policy decision and strategic decision-making processes about
the importance of risk management in municipalities.
LEARNING ASSUMED TO BE IN PLACE AND RECOGNITION OF PRIOR
LEARNING
It is assumed that Learners are competent in:
Communication at Level 4.
Mathematical Literacy at Level 4.
Economics at Level 4
National Treasury: POE Unit Standard 116339 5
UNIT STANDARD RANGE
N/A
Specific Outcomes and Assessment Criteria:
SPECIFIC OUTCOME 1
Identify the role played by risk management in a municipality.
ASSESSMENT CRITERIA
ASSESSMENT CRITERION 1
The importance of risk management is explained with reference to institutions that
have failed because of poor risk management.
ASSESSMENT CRITERION 2
Different types of risk are identified and reasons are provided as to why these risks
need to be managed.
ASSESSMENT CRITERION 3
The objectives of a risk management plan are formulated so as to manage
identified risks.
SPECIFIC OUTCOME 2
Interpret and apply legislation relevant to municipal risk management in South
African municipalities.
ASSESSMENT CRITERIA
ASSESSMENT CRITERION 1
The requirements for risk management in South African municipalities are
interpreted in terms of relevant legislation.
ASSESSMENT CRITERION RANGE
Municipal Finance Management Act (Act 56 of 2003), National Treasury
Guidelines, Disaster Management Act, Occupational and Safety Health Act.
ASSESSMENT CRITERION 2
Threats to a risk management system are identified and evaluated in terms of the
degree of threat they pose.
ASSESSMENT CRITERION 3
The objectives of a risk management plan adopted by a municipality are identified
and evaluated against relevant legislative requirements.
SPECIFIC OUTCOME 3
Demonstrate how risk management contributes to good governance.
ASSESSMENT CRITERIA
ASSESSMENT CRITERION 1
The requirements for good governance are recognised and included in a risk
management plan.
ASSESSMENT CRITERION RANGE
National Treasury: POE Unit Standard 116339 6
King Report, Cadbury Report.
ASSESSMENT CRITERION 2
A professional code for risk management is formulated including statements of
ethical principles.
SPECIFIC OUTCOME 4
Develop a municipality wide risk management and reporting system.
ASSESSMENT CRITERIA
ASSESSMENT CRITERION 1
The rationale for implementing an enterprise-wide risk management system is
explained and benchmarked to best practice.
ASSESSMENT CRITERION 2
The accountability framework for risk management is developed in a municipal
context.
ASSESSMENT CRITERION 3
Risks are classified in terms of a risk classification systems.
ASSESSMENT CRITERION RANGE
Pure/speculative risk, credit, market, operational risk.
ASSESSMENT CRITERION 4
Roles, responsibilities and accountabilities are described in terms of generally
accepted risk principles.
ASSESSMENT CRITERION 5
Measures required to control and report risk are developed in line with generally
accepted risk management practice.
ASSESSMENT CRITERION 6
Mechanisms for risks to be reported are implemented in line with generally
accepted risk management practice.
SPECIFIC OUTCOME 5
Develop a risk management process.
ASSESSMENT CRITERIA
ASSESSMENT CRITERION 1
The risk management process is commented on in line with generally accepted
risk management practice.
ASSESSMENT CRITERION 2
Continuous and periodic review processes are consistently applied to risk
management procedures and policies.
ASSESSMENT CRITERION 3
Internal control processes in the risk management process are applied in line with
generally accepted risk management practice.
National Treasury: POE Unit Standard 116339 7
ASSESSMENT CRITERION 4
The link between risk of fraud and weaknesses in the internal control systems is
explained in line with generally accepted risk management practice.
UNIT STANDARD ACCREDITATION AND MODERATION OPTIONS
An individual wishing to be assessed (including through RPL) against this
Unit Standard may apply to an assessment agency, assessor or provider
institution accredited by the relevant ETQA, or an ETQA that has a
Memorandum of Understanding with the relevant ETQA.
Anyone assessing a learner against this Unit Standard must be registered
as an assessor with the relevant ETQA, or an ETQA that has a
Memorandum of Understanding with the relevant ETQA.
Any institution offering learning that will enable achievement of this Unit
Standard or assessing this Unit Standard must be accredited as a provider
with the relevant ETQA, or an ETQA that has a Memorandum of
Understanding with the relevant ETQA.
Moderation of assessment will be conducted by the relevant ETQA at its
discretion.
UNIT STANDARD ESSENTIAL EMBEDDED KNOWLEDGE
King Report.
UNIT STANDARD DEVELOPMENTAL OUTCOME
N/A
UNIT STANDARD LINKAGES
N/A
Critical Cross-field Outcomes (CCFO):
UNIT STANDARD CCFO IDENTIFYING
Identify and solve problems using critical and creative thinking processes, e.g. by
trying to find the best possible risk management options.
UNIT STANDARD CCFO WORKING
Work effectively with others as a member of a team, group, organization or
community, e.g. through communicating with others regarding risk management
issues and fostering team commitment for identifying and reducing risks.
UNIT STANDARD CCFO ORGANISING
Organise and manage oneself and ones activities responsibly and effectively, e.g.
through managing ones own risk effectively.
UNIT STANDARD CCFO COLLECTING
Collect, analyse, organise and critically evaluate information, e.g. through
researching all possible risk management solutions and presenting conclusions.
UNIT STANDARD CCFO COMMUNICATING
Communicate effectively using visual, mathematical and / or language skills in the
modes of oral and/or written persuasion, e.g. through advising and motivating
others with regard to risk management options.
National Treasury: POE Unit Standard 116339 8
UNIT STANDARD CCFO SCIENCE
Use Science and technology effectively and critically, showing responsibility to the
environment and health of others, e.g. use appropriate computer software for data
capturing and document storage purposes.
UNIT STANDARD CCFO DEMONSTRATING
Demonstrate an understanding of the world as a set of interrelated systems by
recognising that problem-solving contexts do not exist in isolation, e.g. in keeping
in mind that risk management effects the well being of not only the municipality but
the country as a whole.
UNIT STANDARD CCFO CONTRIBUTING
Participating as responsible citizens in the life of local, national and global
communities, e.g. acting as custodian of ethical behaviour and maintaining a high
level of commitment to providing effective risk management policies and practices.
QUALIFICATIONS UTILISING THIS UNIT STANDARD:
END
ID QUALIFICATION TITLE LEVEL STATUS
DATE
Certificate: Municipal Financial 2010-09-
Core 48965 Level 6 Reregistered
Management 18
Divider 3
Section 3: Formative Assignments
In this programme formative and summative assignments are integrated. For clarity
we have listed them in Section 4 of this POE Guide.
National Treasury: POE Unit Standard 116339 9
We would suggest that you include notes taken in class during your group and
individual activities in this section.
This will demonstrate to your assessor that you were an active participant in the
course activities and that you understand the concepts and material
National Treasury: POE Unit Standard 116339 10
Divider 4
Section 4: Collected Evidence
We require you to submit evidence, for the following activities to demonstrate that you are
able to effectively demonstrate the outcomes of the Unit Standards as indicated by this POE.
This module is assessed by one comprehensive individual assignment.
You must make and keep a copy of your individual assignment before submitting your POE
to your provider.
Please note that there is a separate page for each evidence activity
We suggest that you put a divider between each assignment
Please ensure that you have completed all the activities as listed below
National Treasury: POE Unit Standard 116339 11
Learning Tasks/ Activities
The purpose of this section is to apply the concepts taught and evaluate the learner’s
comprehension of the material. This section contains formative and summative
assessments.
The formative assessment is to be undertaken by each individual learner. Each
learner must submit two copies of their final report.
Submissions should consist of no less than 5 and no more than 20 pages of double spaced
text. Include your source data and detailed analyses, where appropriate, in an appendix.
Your submission should include an assessment of the following:
Assessment Criteria
Written Paper Mark Allocated
Structure
Clarity of Expression 10
Logical flow 10
Use of appendices, examples, illustrations 5
Referencing 5
Content
Comprehensive Coverage 40
Complexity of Issues 10
Relevance 10
Conclusions, Recommendations 10
Total 100
Divider 4.1 Classroom activities and assignments
National Treasury: POE Unit Standard 116339 12
Place a divider between each of the sections
Activities based on Unit 1:
Risk and the importance of managing risk in a municipal environment
ACTIVITY NO 1.1:
Evidence Activity Is Evidence Present in File
Activity 1.1 Learner Guide Managing
Risk in a Municipal Context
This activity will assist you to understand the Cape Winelands District
Municipality Enterprise Risk
definition
Management Strategy and
of risks and why its management is needed in
Framework
municipalities
1.1.1 Why did the wakeup call come from organisations to realise the importance of risk
management?
There are many examples of public and private entities that have failed due to poor risk
management practices, resulting in an increasingly common understanding in all
organizations of the need to manage risk.
If the Municipal Council and management are to achieve their objectives, any risks that
may impact on the achievement thereof will need to be considered and managed
proactively according to the degree of probability or likelihood that they will arise and the
possible consequence of such a risk.
Whilst there has been increased focus on risk management in recent years, it would be
incorrect to assume that risk management is new. There have always been traditional
forms of risk management, such as insuring assets against theft or loss, and implementing
systems of internal control to mitigate risks that policies and procedures may not be
adhered to or assets adequately safeguarded. However, these were typically once-off
management processes and were not updated to incorporate the increased sophistication
in business processes that have evolved in recent years. There were also no attempts to
coordinate risk management at the organizational level.
National Treasury: POE Unit Standard 116339 13
What has changed is that the importance of considering risk in a broader spectrum has
now been recognized. It is now treated as an integral part of management’s
responsibilities. Previously risk was considered in isolation from an organization’s strategic
objectives; this is where there has been change.
1.1.2 Why did government decide to take action on failing municipalities?
Both officials and political office-bearers should be held accountable for the way the
community’s tax money is spent and utilized and ensure this is done expressly to deliver
the services to which that community has a constitutional right.
South African municipalities of all sizes operate in a very challenging environment where
decisions have to be made today for an uncertain future. Future events that have a
possible negative or positive influence on municipal objectives represent risks such as
limited or no service delivery, lack of accountability and corporate governance processes
and increase in fraud and corruption. The responsibility of municipal risk management is to
identify the areas of uncertainty and manage them in a manner that optimizes the balance
between growth and return goals and risks.
1.1.3 How does risk management contribute to good governance?
It contributes to good governance by:
achieving the municipality’s objectives and directorate’s key performance
indicators;
prevention of fraud and corruption;
proactively managing risk by minimising operational surprises, reputation
exposures and credibility and financial losses;
identifying and managing the municipality’s emerging risks and opportunities;
preventing redundancies, inconsistencies and gaps in the municipality’s policies,
procedures, guidelines, frameworks and methodologies related to risk
management.
effective and efficient service delivery;
continuity of service delivery;
greater transparency in decision making and on-going management processes,
National Treasury: POE Unit Standard 116339 14
and
enhancing accountability.
Activities based on Unit 2:
The legislative frameworks
ACTIVITY NO 2.1:
Evidence Activity Is Evidence Present in File
Learner Guide Managing Risk in a
Municipal Context
Municipal Finance Management
Act (No. 56 of 2003) - Section
Activity 2.1 62(1) (c), Section 165(2)(b)(iv)
Disaster Management Act (No. 57
of 2002) - Section 47
Occupational Health and Safety
Act (No. 85 of 1993) - Sections 9,
10, 12 and 13
2.1.1 Why was the responsibility of risk management enacted?
All layers of legislation, national, provincial and local are drafted to implement policy,
promote good governance and mitigate certain risks that are common to local
governments. Implicit in the responsibilities of Councilors and officials is that risks will be
managed to ensure municipal objectives are met and that public funds are safeguarded.
And to ensure that there if no misunderstanding as to who is accountable and responsible
for risk management.
2.1.2 Describe 3 Acts which refer specifically to risk management in a municipality.
Hint: List / name these Acts.
I. Municipal Finance Management Act (No. 56 of 2003)
Section 62(1) (c) requires the Accounting officer to ensure that the
municipality has an effective, efficient and transparent system of financial
and risk management that is supported by a system of internal control.
National Treasury: POE Unit Standard 116339 15
Section 165(2)(b)(iv) requires that the Internal Audit function, which every
municipality must have, must advise the Accounting officer and the audit
committee on risk and risk management, amongst other legislated
responsibilities.
The Act therefore requires the Accounting officer to implement a system of
risk management which should be reviewed by the Internal Audit function
whose findings should be reported to the Audit Committee.
II. Disaster Management Act (No. 57 of 2002)
The Disaster Management Act requires that every metropolitan and district
municipality set up a Disaster Management Centre. One of the
responsibilities of the Disaster Management Centre in terms of Section 47
is to undertake a risk assessment and to take adequate steps, within its
financial capacity, to ensure that such risks are mitigated.
Typically these will focus on those risks that impact on the health and
safety of citizens or on major disasters such as cyclones, floods, terrorism
and other incidents that could affect public safety and security.
III. Occupational Health and Safety Act (No. 85 of 1993)
Sections 9, 10, 12 and 13 of the Occupational Health and Safety Act clearly
spell out what the municipality as an employer must do in order to provide
for the health and safety of its employees in the conduct of their work. Work
is broken down into general work and ‘listed work’ as declared by the
minister. The latter is recognized as having a higher risk rating due to the
extremity of hazard associated with it.
2.1.3 Is your municipality only complying with the laws or has risk management been
embedded in the day-to-day operation?
Hint:
Explain why it is important for risk management to be embedded in the day-to-day
operation.
I am of the opinion that my Municipality is complying with the law, as it has appointed a
risk management officer and has a committee that meets regularly. But sadly the day-to-
National Treasury: POE Unit Standard 116339 16
day operations are not embedded with a culture of risk management. Mainly because only
Senior Management is informed of risk management and are requested to make risk
assessments inputs.
Effective risk management assists municipalities to achieve their performance and service
delivery targets, and to reduce the potential loss of resources. This is only possible if risk
management becomes a part of municipal culture. It should be a part of everything that a
municipality does – its mission, values, strategic planning, business process design and
operations. Risk management cannot be viewed or practiced as a separate activity. This
approach to risk management ensures that everyone from Municipal Councilors to junior
clerks is involved in managing risk.
2.1.4 How would you change the
management mind-set to view risk http://
management as an opportunity rather en.wikipedia.org/
than an extra compliance liability. wiki/
Risk_management
Hint:
http://
Explain the steps that you would take to
portal.surrey.ac.uk/
ensure that you get management ” buy-
portal/page?
in” _pageid=823,1811
This should include an explanation of 32&_dad=portal&_
what risk management is and the schema=PORTAL
benefits of risk management.
Municipal staff needs to understand what risk management is and that it is supported and
modelled by Senior Management; why it is being implemented; how it is going to be
implemented and by whom. Through this they can also understand and appreciate their
role in the risk management process and when they will be expected to fulfill that role. An
informed municipality will experience less difficulty in getting ‘buy in’ from its staff for the
execution of risk management strategies.
Risk management is the identification, assessment, and prioritization of risks followed by
coordinated and economical application of resources to minimize, monitor, and control the
probability and/or impact of unfortunate events or to maximize the realization of
opportunities.
National Treasury: POE Unit Standard 116339 17
Risk management is a process which provides assurance that:
objectives are more likely to be achieved;
damaging things will not happen or are less likely to happen;
beneficially things will be or are more likely to be achieved.
It is not a process for avoiding risk. The aim of risk management is not to eliminate risk,
rather to manage the risks involved, to maximize opportunities and minimize adverse
effects.
The potential benefits from risk management are :
supporting strategic and business planning;
supporting effective use of resources;
promoting continuous improvement;
fewer shocks and unwelcome surprises;
quick grasp of new opportunities;
enhancing communication with internal and external stakeholders;
reassuring stakeholders;
helping focus internal audit programme.
National Treasury: POE Unit Standard 116339 18
Activities based on Unit 3:
An integrated risk management framework
ACTIVITY NO 3.1:
Evidence Activity Is Evidence Present
in File
Learner Guide
Activity 3.1
Managing Risk in a
Municipal Context
3.1.1 Describe the main steps of a typical risk model.
Communicate and Consult
Communicate and consult with internal and external stakeholders as appropriate at
each stage of the risk management process and concerning the process as a
whole.
Establish the context
Establish the strategic, organizational and risk management context in which the
rest of the risk management process will take place. Every municipality must collect
information about the internal and external environment in which it operates. This
information can then be used to identify the criteria against which risks will be
evaluated and also identify the structure of the analysis. It’s important to emphasize
that risks are examined in terms of their threats and opportunities within the context
of the municipality’s “mandate, objectives and available resources.”
Identify the risk
Identify what, how and why things can arise in the municipality as a basis for further
analysis and scenario planning.
Analyze risk
Determine the existing controls and analyze risks in terms of consequence and
likelihood in the context of those controls. The analysis should consider the range of
potential consequences and how likely those consequences are to occur.
Consequence and likelihood may be combined to produce an estimated level of
risk. Internal.
National Treasury: POE Unit Standard 116339 19
Evaluate risk
Compare estimated levels of risk against the pre-established criteria. It is the
responsibility of Municipal Management to determine and define risk evaluation
criteria. This enables risks to be ranked so as to identify management priorities. If
the levels of risk established are low, then risks may fall into an acceptable category
and treatment may not be required.
Treat risks
Accept and monitor low-priority risks. All risks will be reviewed, however, only
extreme or high risks will be treated.
Monitor and Review
Monitor and Review the performance of the risk management system and changes
which might affect it.
3.1.2 What is meant by the risk http://en.wikipedia.org/wiki/
maturity model and what is Enterprise_risk_management#RIMS_Risk_Mat
the risk continuum? urity_Model
Learner Guide Managing Risk in a Municipal
Context
The Risk Maturity Model (RMM) for Enterprise Risk Management (ERM), published in
2008, is an umbrella framework of content and methodology that detail the requirements for
sustainable and effective enterprise risk management. The RMM model consists of twenty-
five competency drivers for seven attributes that create ERM’s value and utility in an
organization. The 7 attributes are:
ERM-based approach
ERM process management
Risk appetite management
Root cause discipline
Uncovering risks
Performance management
Business resiliency and sustainability
The Risk Continuum is evaluated from the hazards that should be mitigated; to the
uncertainties that characterise most of the activities in the operating environment and must
National Treasury: POE Unit Standard 116339 20
be managed; to most importantly, the myriad of opportunities that are presented through
the execution of the business strategy.
3.1.3 Describe the rating model and the action for each rating.
The rating model indicates:
Maximum Risk
High Risk
Medium Risk
Low Risk
Rating = impact x likelihood
The action for each rating is set out below:
Risk Rating Risk Magnitude Risk
Acceptability
20 - 25 Maximum Unacceptable
15 - 19 High Unacceptable
10 - 14 Medium Unacceptable
5-9 Low Acceptable
1-4 Minimum Acceptable
Proposed actions per risk acceptability:
Unacceptable:
Take action to reduce risk with highest priority, Municipal Management attention
imperative.
Acceptable:
No risk reduction - control, monitor, inform Municipal Management.
National Treasury: POE Unit Standard 116339 21
Activities based on Unit 4:
The identification of different types of risks in municipalities
ACTIVITY NO 4.1
Evidence Activity Is Evidence
Present in File
Activity 4.1 Learner Guide
Does management understand the full range of risk facing the Managing Risk in
Municipality service delivery? a Municipal
Context
4.1.1 Describe the main objectives of your municipality and the risks
which will prevent them from achieving the objectives?
Hint:
Your explanation should include the two levels at which municipality
objectives can be viewed.
You should explain the purpose of these objectives at each level.
You should list the risks that may prevent the municipality from
achieving
its objectives.
You should list at least 9 risks.
Municipal objectives can be viewed at two levels. The first level is the organizational level
and the second is the risk management level. A municipality’s objectives at an
organizational level give an insight for the municipality’s reason for existence – its mission,
vision and values. In order to adequately address municipal risk there is a need to
understand what the
Municipality is trying to achieve in the first place. A risk is only as significant as the extent
to which it impacts on municipal organizational objectives. All management and staff must
be fully conversant of their municipality’s organizational objectives and the different
contexts within which they are achieved. The setting of these objectives is usually
completed during the strategic planning and budgetary process. Below are some risks that
might affect the municipality from achieving its objectives:
• external environment risk
• strategic risk
National Treasury: POE Unit Standard 116339 22
• financial risk
• compliance risk
• process risk
• intellectual property risk
• human resource management risk
• ethics, integrity and fraud risk
• information technology risk
• reputation risk
• ageing infrastructure and equipment
Evidence Activity Is Evidence Present in File
Activity 4.2 http://en.wikipedia.org/wiki/Risk_management
Do the risk management practices Learner Guide Managing Risk in a Municipal
improve operating performance and Context
do they assist with the achievement
of objectives?
Hint:
Your answer of yes/no should be
accompanied by an explanation as
to
why you have answered yes or no.
You should explain what the aim of
risk management is.
Risk management is the identification, assessment, and prioritization of risks (defined in
ISO 31000 as the effect of uncertainty on objectives) followed by coordinated and
economical application of resources to minimize, monitor, and control the probability
and/or impact of unfortunate events or to maximize the realization of opportunities.
Risk management practices improves operating performance and therefore
simultaneously assist with achieving objectives by ensuring:
Effective and efficient service delivery. This is achieved by determining what can
go right or wrong in the service delivery process – maximizing on the former
while minimizing the impact of the latter;
A rigorous basis for strategic management through consideration of key elements
National Treasury: POE Unit Standard 116339 23
of risk. Strategic management is one of the key considerations for the
establishment of risk management criteria;
Enhanced risk management strategy decision through quantification or
qualification or qualification of risk tolerances. During the Eskom power crisis all
municipalities would have determined how long their infrastructure can continue to
operate under a load shedding cycle and how long it would take before a complete
breakdown – window of opportunity. Once this has been established contingent
plans may then be put in place;
Identification and management of risk affecting different municipalities and/or
different processes;
Identification and implementation of cost effective, integrated responses to multiple
risks;
Minimizing operational surprises, costly and time-consuming litigation and
unexpected losses. A municipality that manages risks protects its reputation and
has a plan for almost every significant outcome – good or bad;
Rationalization of capital and financial resources. A municipality’s budget is a key
component of risk management as it includes an analysis of all risks and their
financial impact;
Continuity of service delivery;
Greater transparency in decision making and ongoing management processes.
Risk management helps to ensure timely reporting to Municipal Management and
efficient discharge of municipal responsibilities in compliance with relevant laws.
Enhanced accountability and corporate government processes.
Evidence Is Evidence Present in File
Activity
Cape Winelands District Municipality Enterprise Risk Management
Activity 4.3 Strategy and Framework.
Risk register
http://oag.treasury.gov.za/RMF/Pages/s101ExecutiveSummary.aspx
Identify and discuss the role played by risk management in your municipality.
Hint:
The following are questions that should be addressed / answered with explanations.
National Treasury: POE Unit Standard 116339 24
Is there a policy dealing with risk management?
Who is accountable for risk management in the municipality?
Has a risk assessment been done?
Yes, the amended risk management policy will be presented to Council for approval. In
terms of Section 62(1)(c)(i) of the Local Government: Municipal Finance Management Act,
2003 (Act No. 56 of 2003) (MFMA), the accounting officer of a municipality is responsible
for managing the financial administration of the municipality, and must for this purpose
take all reasonable steps to ensure that the municipality has and maintains effective,
efficient and transparent systems of financial and risk management and internal control. A
risk assessment has been conducted for the Municipality as a whole and risk registers has
been produced.
ACTIVITY NO 4.4
Evidence Activity Is Evidence
Present in File
Activity 4.4
How do you identify relevant techniques and legislation to manage risk
in
your municipality?
Hint:
Techniques such as ongoing review by management and the
performance management system should be discussed.
You should explain where the legislation should be kept and how
management should go about keeping up to date with current and
expected changes in management.
Monitor, evaluate, review and modify the action plan
•The Chief Risk Officer monitors the plan’s implementation and evaluates its effectiveness
•The Risk Committee or project team continue to meet – quarterly or more often – to
review the implementation of the action plan and make changes if needed
Risk action plan is a dynamic document and:
•If initially piloted for a few departments or operational areas, the plan should be extended
National Treasury: POE Unit Standard 116339 25
and reviewed on an on-going basis
•The Risk Committee or Project Team should monitor changes in the entity’s operations
(identify new activities or operational areas, changes in the way operations are carried out)
and modify the action plan to address new areas of risk.
Performance Management System
Institutions should periodically evaluate the value add of risk management by measuring
outcomes against pre-set key performance indicators aligned to the overall goals and
objectives of the Institution.
Everyone in the Institution has a part to play in achieving and sustaining a vibrant system
of risk management and to that extent must function within a framework of responsibilities
and performance indicators.
The Accounting Officer / Authority should evaluate its own performance in leading the risk
management process in the Institution through the following and other relevant indicators:
a) the risk management maturity trend as measured in terms of an appropriate index
such as the Financial Capability Maturity Model;
b) the Institution's performance against key indicators, including comparison of year-
on-year performance;
c) the Institution’s “avoided risk” record when compared against the peer group or
quasi-peer group;
d) percentage change in unauthorised expenditure, fruitless and wasteful
expenditure and irregular expenditure based on year-on-year comparisons;
e) percentage change in incidents and quantum of fraud based on year-on-year
comparisons; and
f) progress in securing improved audit outcomes in regularity and performance
audits.
Insofar as it concerns the responsibilities of the Audit Committee for risk management, the
Accounting Officer / Authority should evaluate the performance of the Committee through
National Treasury: POE Unit Standard 116339 26
the following and other relevant indicators:
a) the Auditor-General’s report on the effectiveness of the Audit Committee;
b) the results of the Audit Committee’s own 360 assessment;
c) the Committee’s co-ordination of the work of Internal Auditing, External Audit and
other assurance providers in respect of risk management; and
d) the quality and timeliness of the Audit Committee’s counsel and recommendations
on matters concerning the system of risk management.
The Accounting Officer / Authority should evaluate the performance of the Risk
Management Committee through the following and other relevant indicators:
a) the results of the Risk Management Committee’s own 360? assessment;
b) the pace and quality of the implementation of the risk management framework;
c) the Internal Audit report on the state of risk management;
d) the Auditor-General’s report on the effectiveness of the Risk Management
Committee; and
e) the quality and timeliness of the Risk Management Committee’s counsel and
recommendations.
The Accounting Officer / Authority, in consultation with the Risk Management Committee,
should evaluate the performance of the Chief Risk Officer through the following and other
relevant indicators:
a) development and implementation of the risk management policy, strategy and
implementation plan;
b) the Institution’s collective awareness, skill and participation in risk management;
c) risk management maturity;
d) quality and timeliness of support to Management, other officials and the Risk
National Treasury: POE Unit Standard 116339 27
Management Committee;
e) quality and timeliness of risk intelligence; and
f) absence of surprises.
The Accounting Officer / Authority should evaluate the performance of Management
through the following and other relevant indicators:
a) business unit performance against key indicators, including comparison of year-on
year performance;
b) implementation of risk management action plans;
c) co-operation with the Risk Management Unit, Risk Management Committee, Risk
Champion and relevant stakeholders involved in risk management;
d) quality and timeliness of risk identification, assessment and reporting;
e) proactive identification of new and emerging risks;
f) absence of surprises;
g) year-on-year reduction in adverse incidents and realised losses;
h) elimination of unauthorised expenditure, fruitless and wasteful expenditure and
irregular expenditure;
i) reduction in fraud; and
j) progress in securing improved Internal Audit and Auditor-General outcomes in
regularity and performance audits.
The Accounting Officer / Authority should evaluate the performance of Risk Champions
through the following and other relevant indicators:
a) resolution of delegated problems.
National Treasury: POE Unit Standard 116339 28
Insofar as it concerns the responsibilities of Internal Auditing for risk management, the
Accounting Officer / Authority should evaluate the performance of Internal Auditing
through the following and other relevant indicators:
a) timeliness and quality of assurance on risk management;
b) timeliness and quality of recommendations to improve risk management; and
c) adoption of risk based auditing.
Management should evaluate the performance of their staff through the following and
other relevant indicators:
a) implementation of risk management action plans.
Compliance to legislation
Existing legislation should be kept by the legal department and they should be requested
to inform management of any changes to them and also expected new legislation which
would affect the achievement of municipality objectives.
Evidence Activity Is Evidence Present in File
Activity 4.5 Learner Guide Managing Risk in a Municipal
4.5.1 Explain why internal Context
control process is very http://en.wikipedia.org/wiki/Internal_control
important to the
management of risk in
your municipality and
4.5.1.1 recommend ways of
improving:
4.5.1.1.1 internal control in risk
mitigation risk
4.5.1.1.2 management of risk in
your municipality and
4.5.1.1.3 recommend ways of
improving internal
control in risk
National Treasury: POE Unit Standard 116339 29
Internal control, as defined in accounting and auditing, is a process for assuring
achievement of an organization's objectives in operational effectiveness and efficiency,
reliable financial reporting, and compliance with laws, regulations and policies. A broad
concept, internal control involves everything that controls risks to an organization.
It is a means by which an organization's resources are directed, monitored, and
measured. It plays an important role in detecting and preventing fraud and protecting the
organization's resources, both physical (e.g., machinery and property) and intangible (e.g.,
reputation or intellectual property such as trademarks).
At the organizational level, internal control objectives relate to the reliability of financial
reporting, timely feedback on the achievement of operational or strategic goals, and
compliance with laws and regulations. At the specific transaction level, internal control
refers to the actions taken to achieve a specific objective (e.g., how to ensure the
organization's payments to third parties are for valid services rendered.) Internal control
procedures reduce process variation, leading to more predictable outcomes.
All municipalities should have documentation in place for key processes. This
documentation can be in the form of departmental procedure manuals or internal audit
systems process documentation. Internal audit process flows can be descriptive or in a
flow chart format. Their primary purpose is to help auditors to understand the systems flow
and internal control structure. Management can use internal control test results to
ascertain the impact of internal controls on the likelihood and consequence of risks. Risks
with a high likelihood and consequence should then be subjected to further assessment
using qualitative and quantitative techniques. Subsequent to this each of the risks is then
allocated or assigned
to the individual project members who are responsible for putting risk contingency and
action plans in place based on the results of risk evaluation.
Control procedures to improve internal control include:
reporting, reviewing and approving reconciliations;
checking the arithmetical accuracy of records;
controlling applications and environment of computer information systems;
maintaining and reviewing control accounts and trial balances;
approving and controlling documents;
comparing internal data with external sources of information;
National Treasury: POE Unit Standard 116339 30
comparing the results of cash, security and inventory counts with accounting
records;
comparing and analyzing the financial results with budgeted amounts; and
limiting direct physical access to records.
Activities based on Unit 5:
The process to prepare an integrated risk model and risk monitoring
ACTIVITY NO 5.1
Evidence Activity Is Evidence
Present in File
Activity 5.1
Perform a comprehensive on-site risk maturity assessment of your
municipality using the questionnaire in Annexure K from page 150
Hint:
File your completed assessment behind this activity
Total score available Actual score Average score
CULTURE 40 27 3
PROCESS 32 24 3
EXPERIENCE 24 19 6
APPLICATION 28 22 3
OVERALL SCORE FOR THE MUNICIPALITY
4
National Treasury: POE Unit Standard 116339 31
ACTIVITY NO 5.2
Evidence Activity Is Evidence
Present in File
Activity 5.2
Do the risk management practices improve operating
performance and do they assist with the achievement of
objectives?
Hint: You should explain your reasons for answering
yes/no.
Yes it does improve operating performance, which assists in the achievement of the
Organizations objectives.
ACTIVITY NO 5.3
Evidence Activity Is Evidence
Present in File
Activity 5.3
Critically evaluate the process of risk management in your municipality.
Hint:
You should address the following factors in your answer:
• Is there a risk management process in place at the
municipality?
• Is there a designated person responsible for the risk
National Treasury: POE Unit Standard 116339 32
management within the municipality?
• When was the last risk assessment performed by the
municipality?
• For the 5 highest risks in the municipalities are there
measures put in place to reduce the risks to an
acceptable level.
Yes, the risk management process has been in operation for more than 5 years within the
Municipality. The risk management process is being facilitated by the Deputy Director:
Performance and Risk Management who has been employed since February 2014. A risk
assessment is performed on an annual basis by the Municipality. Mitigating action plans
are in place for all risk above the appetite level of 8.
Evidence Activity Is Evidence
Present in File
Cape Winelands
District
Activity 5.4
Municipality
Identify and discuss the role played by risk management in your
Enterprise Risk
municipality.
Management
Strategy and
Framework
Accountability for risk management in the municipality is assigned to the Accounting
Officer (Municipal Manager) and is sub-delegated to the Deputy Director: Performance
and Risk Management to facilitate and coordinate the development and implementation of
risk. Risk is primarily the responsibility of line management and risk ownership is a
management function.
The Deputy Director: Performance and Risk Management provides specialist expertise in
providing a comprehensive support service to ensure systematic, uniform and effective
enterprise risk management. The Deputy Director: Performance and Risk Management
plays a vital communication link between operational level, management, senior
management, risk management committee and other relevant committees. The Deputy
Director: Performance and Risk Management is thus the custodian of the Enterprise Risk
National Treasury: POE Unit Standard 116339 33
Management framework, the co-coordinator of the risk management throughout the
municipality and the municipality advisor on all risk management matters. This includes
ensuring the municipality remains constantly legislatively compliant, with the MFMA in
terms of risk management.
Evidence Activity Is Evidence Present in File
Activity 5.5 http://thetetechnologies.co.za/municipal_mun_risk.html
5.5.1.1 Develop a Learner Guide Managing Risk in a Municipal Context
comprehensive risk
management system
for your municipality.
5.5.1.2 Recommend modern
techniques for
minimizing risk
taking into
consideration the
capacity and
resources of your
municipality.
A Risk Management System provides the right tools to capture, track, and manage
municipal risks. The tool provides the perfect platform to manage the Municipality’s
complete risk register, and to execute risk audits on a regular basis. Key features include:
Risk register management, Risk evaluation & rating, Voting & score cards, Collaboration &
escalation, Dashboard & drill down reports, Legislative compliant reporting and alert
bursting.
There are a number of key success areas that a municipality must check as it takes on
and implements IRM. The same areas must be checked and included as part of a
municipal risk management plan. Every Accounting officer must perform an IRM readiness
check which has to include all the factors detailed below as a minimum. Any gaps that are
identified during this process should be filled before the IRM implementation process
National Treasury: POE Unit Standard 116339 34
commences.
People and skills level
The implementation of IRM is a long process that can take over a year to complete
depending on the readiness of a municipality. IRM is administratively intensive and
requires that some members of staff be dedicated to the IRM process on a full-time basis.
Municipal Management must include IRM implementation as part of the strategic planning
and budgeting process to ensure that a plan is in place for the recruitment of extra
qualified manpower.
The Municipality must also conduct a training needs analysis and provide staff with
necessary training to meet the needs of the risk management project. Training must
include mentoring and cross training as a basis for knowledge sharing. Internal risk
competencies can be developed by training all employees and involving them in the risk
management process for practical experience.
IT Resources
While most municipalities have an existing IT infrastructure, not all of them are ready for
the data and storage demands of IRM. A municipality whose operations are largely
automated may choose to purchase risk management automation tools. These have
specific hardware and software compliance requirements that must be met before the
programs can be used. In addition to purchasing and/ or upgrading hardware a
municipality would need to train staff
on how to use computerized risk management tools. CURA as a risk management tool
may be used to capture and facilitate risk management activities and is very useful for
generating risk management reports. This tool will also serve as a database for all
management information identified.
Other municipalities whose operations are largely manual may simply need an IT
infrastructure that allows them to have access to the internet and e-mail.
Every municipality should look to have a database and information storage
systems that allow it to:
record details of risks, controls and priorities and show any changes in them;
record risk treatments and associated resources requirements;
record details of incidents and loss events and the lessons learnt;
National Treasury: POE Unit Standard 116339 35
track accountability for risks, controls and treatments;
track progress and record the completion of risk treatments actions;
allow progress against the risk management plan to be measured;
trigger monitoring and assurance activity.
Management must not overlook the possibility that there are staff who may not know how
to use the internet and e-mail so training in that area would have to be included in the
Training Plan.
Municipal Operational Processes
Municipal operational processes and controls must be documented using consistent
terminology that allows for detailed risk identification and analysis. Risk management
processes that are already in place must be noted and perpetuated or adapted to the IRM
framework requirements. Processes that have shortcomings should be modified or
extended. Any operational constraints that may hinder the implementation of IRM must be
dealt with in good time.
Environment
The implementation of IRM represents a major shift in a municipality’s way of doing
business; therefore, a full scan of the municipal environment must be conducted.
Legislative or compliance requirements must be studied. Availability of external resources
for the full implementation of IRM should be considered. A municipality may base its risk
management in the area of housing for grants from National Treasury. These grants might
not have necessarily taken account of the costs associated with people migrating to a
municipality and setting up informal settlements.
Evidence Activity Is Evidence
Present in File
Activity 5.6 Cape Winelands
How will risk management lead to improved prioritisation of service District
delivery objectives in your municipality. Municipality
Enterprise Risk
Management
Hint: Explain the advantages or risk management and how these will
Strategy and
assist in improving the service delivery objectives in your
Framework
municipality.
National Treasury: POE Unit Standard 116339 36
The risk management will assist in the following:
achieving the municipality’s objectives and directorate’s key performance
indicators;
prevention of fraud and corruption;
proactively managing risk by minimising operational “surprises”, reputation
exposures and credibility and financial losses;
identifying and managing the municipality’s emerging risks and opportunities;
preventing redundancies, inconsistencies and gaps in the municipality’s policies,
procedures, guidelines, frameworks and methodologies related to risk
management.
effective and efficient service delivery;
a rigorous basis for strategic management through consideration of key elements
of risk;
enhanced risk management strategy decisions through quantification of risk
appetite;
identification and implementation of cost effective, integrated responses to multiple
risks;
rationalisation of capital and financial resources;
continuity of service delivery;
greater transparency in decision making and on-going management processes,
and
enhanced accountability and corporate governance processes.
ACTIVITY NO 5.7
Evidence Activity Is Evidence Present in File
Activity 5.7
5.7.1 Explain why internal http://oag.treasury.gov.za/RMF/Pages/
control process is very s203ControlActivities.aspx
important to the
management of risk in
your municipality and
5.7.2 Recommend ways of
improving internal
National Treasury: POE Unit Standard 116339 37
control in risk
mitigation risk.
The Municipality can respond to risk through various mechanisms such as avoidance,
transfer, accepting and managing of the risk. When the institution elects to manage the
risk, it will require control activities to support the management of the risk to within
tolerable levels. Control activities will produce detailed action plans for managing all
material risks.
The risk assessment will have produced a management's perspective of the effectiveness
of the existing controls. This would inform management of additional control interventions
required to better manage the risk exposures to an acceptable level. Management will be
able to consider the best control options from various alternative control types:
Management controls
These ensure that the institutions structure and systems support its policies, plans and
objectives and operate within laws and regulations;
Administrative controls
These ensure that policies and objectives are delivered in an efficient and effective
manner and that losses are minimised;
Accounting controls
These ensure that resources allocated are accounted for fully and transparently and are
properly documented;
Information Technology controls
These controls relate to IT systems and include access control, controls of system
software programmes, business continuity controls and other controls.
Each control type above can be classified as either:
Preventative controls
These controls are designed to discourage errors or irregularities from occurring e.g.
adequate physical security of assets to prevent losses such as theft or damage. If
properly enforced, these controls are usually the most effective type of controls;
Detective controls
These controls are designed to find errors or irregularities after they have occurred e.g.
performance of reconciliation procedures to identify errors;
National Treasury: POE Unit Standard 116339 38
Corrective controls
These controls usually operate together with detective controls in order to correct
identified errors or irregularities.
Internal controls established in a department should focus on the following areas:
Adequate segregation of duties
Custody and accountability for resources
Prompt and proper recording and classification of transactions
Authorization and execution of transactions
Documentation
Management supervision and review
Access controls
Divider 4.2 Integrated workplace assignments
We recommend that you place a divider between each of these assignments.
Risk Assessment
Assignment 1:
Evidence Activity Is Evidence
Present in File
Assignment 1: Cape Winelands
You have decided that the first task will be to ensure that the culture of District
the municipality is favourable for risk assessment. Municipality
Enterprise Risk
Management
Describe how you would evaluate the organizational culture and
Strategy and
improve the control environment
Framework
Hint:
Your evaluation of the organisational culture should include a detailed
explanation of the 2 factors below.
You should give an explanation of each factor and then give an
explanation as to how you would assess these 2 factors.
National Treasury: POE Unit Standard 116339 39
• Assessing Organizational readiness and roles
• Assessing whether a Risk Champion was assigned
The second part of your assignment should include Factors that should
be considered or re-inforced in order to improve the control
environment.
The readiness of the Municipality is defined in its Strategy and Framework document as a
Control Environment.
The department’s control environment is the foundation of risk management, providing
discipline and structure. The control environment influences how strategy and objectives
are established, department activities are structured, and risks are identified, assessed
and acted upon. It influences the design and functioning of control activities, information
and communication systems, and monitoring activities.
The control environment comprises many elements, including a department’s ethical
values, competence and development of personnel, management’s operating style and
how it assigns authority and responsibility.
As part of the control environment, management establishes a risk management
philosophy, establishes the department’s risk levels, inculcates a risk culture and
integrates risk management with related initiatives.
The control environment consists of ten different layers that should all be present and
functioning, being:
• risk management philosophy;
• risk appetite;
• risk culture;
• executive authority;
• integrity and values;
• commitment to competence;
• philosophy and operating style;
• organisational structure;
• authority and responsibility; and
• human resource policies and procedures.
National Treasury: POE Unit Standard 116339 40
The layers are discussed in detail below:
Risk management philosophy
Our philosophy reflects the value that we seek from applying risk management principles.
It facilitates our employees’ ability to recognize and effectively manages risks. The ERM
philosophy provides the building blocks for our risk management process and forms part
of our overall ERM Strategy and Framework. The CWDM’s risk management philosophy is
clearly stated in its risk management policy.
Risk appetite
Risk appetite can be defined as the amount of risk, on a broad level, that a municipality is
willing to take in pursuit of value. Or, in other words, the total impact of risk an organisation
is prepared to accept in the pursuit of its strategic objectives.
The risk appetite is directly related to a municipality’s strategy. It is considered in strategy
setting, where the desired return from a strategy should be aligned with the municipality’s
risk appetite. Management looks to align the department, human resources, processes
and infrastructure to facilitate successful strategy implementation and enable the
department to stay within its risk appetite levels. The appetite is established by
management and approved by Council. The CWDM’s risk appetite and risk tolerance is
clearly stated in its risk management policy.
Risk culture
Risk culture is the set of shared attitudes, values and practices that characterise how a
department considers risk in its day-to-day activities. Management should strive towards
establishing a risk management culture that explicitly considers risk in its day-to-day
activities.
Where misalignment exists, management may take steps to reshape the culture perhaps
by rethinking its risk philosophy and risk appetite or how it applies risk management.
Executive Authority
The executive authority is a critical part of the control environment and significantly
influences other control environment elements. Their independence from management,
experience and stature of its members, extent of its involvement and scrutiny of activities,
and appropriateness of its actions all play a role. Other factors include the degree to which
National Treasury: POE Unit Standard 116339 41
difficult questions are raised and pursued with management regarding strategy, plans and
performance, and interaction that the audit committee has with internal and external
auditors.
Integrity and values
Strategy and objectives and the way they are implemented and achieved are based on
preferences, value judgments and management styles. Management's integrity and
commitment to ethical values influence these preferences and value judgments, which are
translated into standards of behavior.
Management integrity is a prerequisite for ethical behavior in all aspects of the
department’s activities. The effectiveness of risk management cannot rise above the
integrity and ethical values of those who create administer and monitor activities.
Formal codes of corporate conduct are important to the foundation of an effective ethics
program. Codes address a variety of behavioral issues, such as integrity and ethics,
conflicts of interest, illegal or otherwise improper payments, and anti-competitive
arrangements. Upward communications channels where employees feel comfortable
bringing relevant information is also important. Compliance with ethical standards, whether
or not embodied in a written code of conduct, is best ensured by top management's
actions and examples.
Of particular importance are resulting penalties to employees who violate such codes.
Mechanisms should encourage employees to report a suspicion of fraud, corruption and
theft, and where possible disciplinary actions should be taken against employees who fail
to report violations.
Commitment to competence
Competence reflects the knowledge and skills needed to perform assigned tasks.
Management should decide how well these tasks need to be accomplished weighing the
department's strategy and objectives against plans for strategy implementation and
achievement of the objectives. A trade-off often exists between competence and cost.
The competency levels for particular jobs should be specified and translated into requisite
knowledge and skills. The necessary knowledge and skills in turn may depend on
individuals' training and experience.
National Treasury: POE Unit Standard 116339 42
Factors considered in developing knowledge and skill levels include the nature and degree
of judgment to be applied to a specific job. Often a trade-off can be made between the
extent of supervision and the requisite competence level of the individual.
Philosophy and operating style
Management's philosophy and operating style affect the way the department is managed,
including the kinds of risks accepted. A department that has been successful accepting
significant risks may have a different outlook on risk management than one that has faced
harsh economic or regulatory consequences as a result of venturing into dangerous
territory. An informally managed department may control operations largely by face-to-face
contact with key managers. A more formally managed one may rely more on written
policies, standards of behavior, performance indicators and exception reports. Other
elements of management's philosophy and operating style include conscientiousness and
conservatism with which accounting estimates are developed and attitudes toward
financial reporting, information technology, business processes and personnel.
The attitude and daily operating style of top management affect the extent to which actions
are aligned with risk philosophy and risk appetite. An effective environment does not
require that risks be avoided; rather it reinforces the need to be knowledgeable about the
risks associated with strategic choices and the department’s operating environment, both
internal and external.
Organisational structure
A department’s organizational structure provides the framework to plan, execute, control
and monitor its activities. A relevant organizational structure includes defining key areas of
authority and responsibility and establishing appropriate lines of reporting. A department
develops an organizational structure suited to its needs. Some are centralized, others
decentralized. Some have direct reporting relationships; others are more of a matrix
organisation.
The appropriateness of a department's organizational structure depends, in part, on its
size and the nature of its activities. A highly structured organisation with formal reporting
lines and responsibilities may be appropriate for a large department that has numerous
operating divisions. However, such a structure could impede the necessary flow of
National Treasury: POE Unit Standard 116339 43
information in a small department. Whatever the structure, a department should be
organized to enable effective risk management, and to carry out its activities so as to
achieve its objectives.
Authority and responsibility
Assignment of authority and responsibility involves the degree to which individuals and
teams are authorized and encouraged to use initiative to address issues and solve
problems. It also includes the establishment of reporting relationships and authorization
protocols, and it pertains to policies that describe appropriate departmental practices,
knowledge and experience of key personnel, and resources provided for carrying out
duties.
Alignment of authority and accountability often is designed to encourage individual
initiatives, within limits. Delegation of authority, or “empowerment,” means surrendering
central control of certain decisions to lower levels – to the individuals whom are closest to
everyday business transactions.
A critical challenge is to delegate only to the extent required to achieve objectives. This
means ensuring that risk acceptance is based on sound practices for risk identification and
assessment, including a comparison between the risks and any potential losses versus
gains in arriving at good service delivery decisions. Another challenge is ensuring that all
personnel understand the department's objectives and how their actions interrelate and
contribute to achievement of the objectives.
The control environment is greatly influenced by the extent to which individuals recognize
that they will be held accountable. This holds true all the way to the Accounting Officer,
who, with Council oversight, has ultimate responsibility for all activities within a
department.
Human resources policies and procedures
Human resource policies and practices pertaining to hiring, orientation, training,
evaluating, counseling, promoting, compensating and taking remedial actions send a
message to employees regarding expected levels of integrity, ethical behavior and
competence. For example, standards for hiring the most qualified individuals, with
emphasis on educational background, prior work experience, past accomplishments and
evidence of integrity and ethical behavior, demonstrate a department's commitment to
National Treasury: POE Unit Standard 116339 44
competent and trustworthy staff.
Transfers and promotions driven by periodic performance appraisals demonstrate the
department's commitment to the advancement of qualified employees.
Competitive compensation programs that can include bonus incentives serve to motivate
and reinforce outstanding performance. Similarly disciplinary actions send a message that
violations of expected behavior would not be tolerated.
It is essential that employees be equipped to tackle new challenges as issues and risks
throughout the department change and become more complex – driven in part by rapidly
changing technologies and increasing political influence.
A Risk Champion is usually an existing member of the management within the
directorate. Cape Winelands District Municipality have a Risk Champion for each and
every directorate who will work closely with the Deputy Director: Performance and Risk
Management. A directorate can have more than one Risk Champion where appropriate.
Risk Champions support the risk management process in specific allocated areas or
functions.
A Risk Champion has sufficient authority to drive ERM as required by the municipality’s
risk management policy and strategy. A key part of the Risk Champion’s responsibility
involves escalating instances where the risk management efforts are stifled, such as when
individuals try to block ERM initiatives. In addition, he/she should co-ordinate the
implementation of action plans for the risk and report on any developments regarding the
risk.
The Risk Champion also adds value to the risk management process by providing
guidance and support to manage “problematic” risks and risks of a transversal nature.
In order to be an effective and efficient risk champion, he / she must:
• have a good understanding of risk concepts, principles and processes;
• have good analytical skills to assist with the analysis of root causes to risk
problems;
• leadership and motivational qualities; and
• have good communication skills.
National Treasury: POE Unit Standard 116339 45
The Risk Champion should not assume the role of the Risk Owner but should assist the
Risk Owner to resolve problems.
Assignment 2:
Evidence Activity Is Evidence Present in File
Assignment 2:
Part a: http://en.wikipedia.org/wiki/Chief_audit_executive
List the major challenges of
Learner Guide Managing Risk in a Municipal
City X and assess how the Context
city should address these Risk registers
challenges. Prepare an
Integrated Risk Profile for the
top twenty risks;
Part b:
Recommend which risk could
be addressed by the Chief
Audit Executive and what
role the Chief Audit
Executive should play in
assisting management in
developing action plans to
mitigate those risks
National Treasury: POE Unit Standard 116339 46
Part A – Major Challenges of City X
Major Challenges Action Plans
1 Political risk 1 Training of Municipal Council and Staff
in terms legislation, policies and
procedures.
2 Reputation risk 2 Proactive communication policy to keep
the public informed.
3 Asset Management, development and 3 Regular asset audits and ensure that
maintenance risk maintenance of plant and machinery is
done as prescribed by the
manufacturer’s guidelines.
4 Staff Risk 4 Provide and maintain systems
of work, plant and machinery
that are safe and without risk to
health.
Take steps to mitigate or
eliminate any hazard to the
health and safety of employees,
before resorting to personal
protective equipment.
Assess hazards and evaluate
risks associated with the job
and the steps (controls) that
need to be taken to make the
environment safe.
5 Technology Risk 5 Backup data. Back-up routine
should be part of a
municipality’s IT security policy.
Plan how particular tasks will be
carried out manually if
technology breaks down.
Involve staff in a risk
National Treasury: POE Unit Standard 116339 47
assessment and in regular
reviews of your procedures.
6 Financial Risk 6 Monitor compliance with
regulations that require Council
officials to declare their
business interests and
bar Councillors from serving on
municipal tender committees.
Conduct surprise management
review of cashier balances and
reconcile to cash on hand.
Regularly assess fraud risks.
Implement municipal training
and awareness of fraud.
Training should be updated
regularly and should capture
context specific risk of fraud.
7 Economic Risk 7 Economic factors must be considered
when evaluating long term plans
because of interest rates, exchange
rates, inflation
8 Legal and Contractual Risk 8 Municipal Council should include tender
processes in financial management
policies.
9 Regulatory Risk 9 Accounting Officer should ensure
supply chain management strategy is
developed and applied in a consistent
manner
10 Environmental Risk 10 Fuel consumption, pollution, climate
change must be considered when plans
are drafted
11 Business Interruption and Natural 11 Council is responsible for
Disaster Risk ensuring that a Disaster
Management Policy is in place.
Municipal Management should
test compliance with policy and
National Treasury: POE Unit Standard 116339 48
ensure municipal employees
rehearse disaster recovery
procedures frequently.
12 Staff exposure to high risk emergency 12 Standard operating procedures
incidents Training received
Monitoring by management
when on duty that PPE clothing
must be worn
13 Inappropriate disposing of property 13 Policy and procedure
Plant and equipment SCM policy and framework
Consultation with all required
banks
Cash and Investment Policy
SCM Committees
SCM Unit
Segregation of duties
Declaration - related parties
Tax Clearance
Internal Audit
AG review
SCM Deviation report
14 Delayed procurement of goods and 14 SCM Committee meetings
services. attended by directors
Monthly meetings
Outstanding orders report i.e.
ageing
Departments follow up
themselves
15 Non-performance of staff 15 Individual Balance Scorecards
Job descriptions
Conditions of Service
Disciplinary Action
Attendance Registers
Section 57 contracts
Performance Management
Contracts - section 57Budget
National Treasury: POE Unit Standard 116339 49
for performance incentives -
only section 57
16 Personnel: availability and retention of 16 Basic Conditions of
suitable staff Employment Act
Bargaining Council -
Standardisation of Conditions of
Service
Cash Flow Statement
Job Evaluation - TASK
Union Intervention
Local Labour Forum
Conditions of Services"
17 Health and Safety: well-being of 17 Health and Safety committees are
people established and runs effectively for the
benefit of both the Employee and
Employer
18 Liability: the right to sue or be sued in 18 Ensure that Municipal matters are
certain circumstances conducted with given legislation and
that approved policies and procedures
are adhered to.
19 Fraud or theft: unproductive loss of 19 Annual stock take performed
resources Internal Audit
Asset reconciliation done
monthly
Assets are bar-coded
Assets to remove from premises
by employees only with
authorisation by Senior
Manager
Unused vehicles kept in locked
designated areas
20 Capital investment: 20 Council must make appropriate
investment decisions, in
consultation with accredited
investment firms and within the
law and policies
National Treasury: POE Unit Standard 116339 50
Part B – Risks to be addressed by the CAE (Chief Audit Executive)
The CAE is intrinsically an independent function; otherwise it may become dysfunctional and
of low quality (but there are many degrees in the level of independence and efficiency). The
CAE function exists only to constitute a third-level of control in the organization, which must
be independent from the first-level control (the first-level layer belongs to the management of
an organization, who is responsible in the first instance for acting in compliance with the
organization’s rules) and consecutively second-level (which are the supporting units i.e.
Legal, HR, Risk function, Financial Control etc.). An effective independence is the result of
both an attitude of CAE, and of prerogatives/guarantees conceded by the organization or
given by the organization’s principals (e.g., the Board of Directors or Audit Committee).
Major Challenges Role of the CAE
1 Fraud or theft: unproductive loss of 1
Status, strategy and organization of
resources
the internal audit department
Ensure that the status (e.g.
stipulated in an audit charter),
strategy, resources of the
internal audit department are
aligned and are consistent with
the organization's objectives and
National Treasury: POE Unit Standard 116339 51
governance policy.
Establish appropriate policies
and procedures to guide the
internal audit function, and
ensure the quality of the
assurance services delivered.
2 Asset Management, 2 Management, supervision of the
development and maintenance internal audit activity
risk
Obtain or manage the
Financial Risk
production of a risk analysis;
1. Ensure that the risk
assessment is done at
least annually;
2. Establish risk-based
audit plans to set out the
priorities of the internal
audit function, consistent
with the organizational
objectives.
Considers the input of senior
management, senior departmental
management, of the audit committee; -
the internal audit plan usually address
financial reporting and other
fundamental controls, to be coordinated
with the audit plan of the statutory
auditor
Coordinate internal auditing
activities and plans with other
internal and external providers of
assurance and consulting
activities to ensure proper
coverage and minimize
National Treasury: POE Unit Standard 116339 52
duplication of effort.
Communicate plan of
engagements and resource
requirements for the internal
audit function, including
significant interim changes to the
audit committee. This
communication shall include the
impact of resource limitations.
Ensure that internal audit
resources are appropriate,
sufficient and effectively
deployed to achieve the internal
audit plan approved by the Audit
Committee or the Board.
Ensure that internal auditors have
appropriate professional qualifications
and skills, and opportunities for
sufficient training and development to
maintain and develop their internal
auditing competence and to obtain
Certified Internal Auditor certification.
Ensure the timely completion of
internal auditing engagements.
Ensure that reports on internal
auditing engagements are
provided to the audit committee
with a minimum of delay.
Provide an annual holistic
opinion on the effectiveness and
adequacy of risk management,
control, and governance
processes.
National Treasury: POE Unit Standard 116339 53
3 Financial Risk 3 Quality management
The CAE is responsible for assuring
that appropriate engagement
supervision is provided. Supervision is a
process begins with planning and
continues throughout the examination,
evaluation, communication, and follow-
up phases of the engagement.
Develop and maintain a quality
assurance and improvement
program that covers all aspects
of the internal audit function, and
continuously monitor its
effectiveness.
In collaboration with the audit
committee, ensure that a
practice inspection or other
external review of the internal
audit function is conducted at
least every 3 years, by a
qualified, independent external
review team, and that the results
of this external assessment are
communicated to the audit
committee.
Ensure that professional internal
auditing standards are followed
(e.g. IIA standards or local
standards).
NB: Generally accepted auditing
standards and International Standards
on Auditing are external audit
National Treasury: POE Unit Standard 116339 54
standards.
Report at least annually to the
audit committee on the internal
audit function's conformance
with professional internal
auditing standards.
4 Financial Risk 4 Reporting of critical findings
Reputation risk
Inform the Audit Committee
without delay of any issue of
risk, control or management
practice that may be of
significance.
The Chief Audit Executive (CAE)
reports the most critical issues to
the Audit Committee quarterly,
along with management's
progress towards resolving
them.
Critical issues typically have a
reasonable likelihood of causing
substantial financial or
reputational damage to the
company. For particularly
complex issues, the responsible
manager may participate in the
discussion. Such reporting is
critical to ensure the function is
respected, that the proper "tone
at the top" exists in the
organization, and to expedite
resolution of such issues.
It is a matter of considerable
judgment to select appropriate
National Treasury: POE Unit Standard 116339 55
issues for the Audit Committee's
attention and to describe them in
the proper context.
Assignment 3:
Evidence Activity Is Evidence
Present in File
Finance
Assignment 3: Department’s
Identify the financial risks and list the mitigation plans to improve the risk register
financial performance, and cash flow position of the City.
Ensure that you comply with National Government Policies
Financial Risks and mitigating plans
Financial Risks Mitigating Plans
1 Misstatements in the Annual financial 1 Appointed of independent audit firm to
statements verify the annual financial statements
National Treasury: POE Unit Standard 116339 56
2 Non-compliance to Supply Chain 2 Approved Supply Chain
Management Policy. Management (SCM) policy,
frameworks and guidelines
Training of other departments
SCM Committee in place
Disclosure of conflict of interest
(SIPRO checks)
Monthly, quarterly and yearly
reporting
Audits
Use of centralised procurement
functions.
New supplier data base in
process (in-house)
Minimum quotes required for
procurement policy - deviations
authorised by Executive
Director Finance.
Delegations in place
Code of conduct for staff
Segregation of duties
Transactions check by senior
person
TAX clearance certificates
Staff members sign a code of
SCM conduct annually
3 Fraudulent payments. 3 Audit trials
Checks and balance
Reconciliations
Delegation Register
Monthly reporting
SAMRAS financial information
system (FIS) access limitations
Creditors reconciliation of
National Treasury: POE Unit Standard 116339 57
statements
Payment listing
SLA with suppliers/contractors
Creditor blocking mechanism -
SAMRAS - (FIS)
4 Unauthorised amendment to payroll 4 VIP payroll system restricted to
employee details authorised users
Monthly audit trail of masterfile
changes reviewed by
independent senior person
Internal audits done
5 Non-compliance to Asset 5 Annual stock take performed
Management Policy. Internal Audit
Asset reconciliation done
monthly
Monthly acquisition and
disposals
Assets are bar-coded
Assets to remove from
premises by employees only
with authorisation by Senior
Manager
Unused vehicles kept in locked
designated areas
6 Non-compliance with financial 6 Internal Audit
guidelines - GRAP AG review
Monthly circulars
Asset policy
Accounting policy
Monthly section 71 report
Budget monitoring
NT guidelines
Delegations
Revaluation every four years
7 Inadequate controls over payroll 7 Internal controls in place
National Treasury: POE Unit Standard 116339 58
system.
VIP system calculate all
payments via formulas
Formulas are tested by vendor
before implementation
All transactions checked by
senior person
Head of Dept. (Ed's) to
authorised salary payment each
month
Part of internal Audit program
Senior person at HR check list
send to payroll section for
correctness
8 Financial Viability
8 Saving measures put in place
9 Reliance on transfer levies
9 No control over allocations
Inadequate management of grants and Claim application
transfers
Policy and procedure
Monthly Section 71 reporting
Source of Funding Schedule
GRAP
Legislation - MFMA and MSA
Accounting Policy
KPI's of Head of Income and CFO
Designated person for DoRA
10 Under spending of capital budget
10 Section 71
Mid-year report
Monthly meetings
Monthly reports to Council and
managers
Budget monitoring by the budget
department
Communication
11 Failure to pay creditors timely.
11 Ageing
Monthly reports
Reconciliations
Follow up on outstanding
National Treasury: POE Unit Standard 116339 59
information by SCM
Monitoring of outstanding orders
monthly
12 Unauthorised payment to third parties
12 Third party payments via creditor
system
Payment check by senior person
Internal audits
13 Inadequate insurance cover
13 Annual review of insurance policy
Regular update of asset register
Internal Audit
National Treasury: POE Unit Standard 116339 60
Divider 5
Section 5: Supporting Evidence
1. Witness testimonies to authenticate your evidence
2. Witness status list (personal details of all witnesses)
3. Resource list (Acknowledgement of resources used (Internet sites; Textbooks)
National Treasury: POE Unit Standard 116339 61
FINAL COMMENTS
This may appear to be a lot of work, but it is based on what you should be doing and the
knowledge you should have if you wish to manage your data and reports and understand
your organisation’s IT systems and requirements. Much of this information should be
available. Gather what information you can and then organise it in the manner listed above.
Where you find gaps - address them.
Your POE must be completed and submitted to us by __________________________
If you wish to send us sections as you work on them for comment, please feel free to do so.
We will then be able to assess your progress and give you direction.
Remember, we are here to help you.
COMPLETED KNOWLEDGE ASSIGNMENTS CAN BE:
E-mailed to:
Faxed to:
Posted to:
PORTFOLIO ASSISTANCE OR GENERAL ASSISTANCE
You are welcome to contact us at:
POE’s must be posted to the above address or delivered to:
NB: Please keep copies of all documents in case of loss.
Please indicate if you would like your assessed POE to be returned to you at your
own cost.
National Treasury: POE Unit Standard 116339 62
You might also like
- Porfolio of Evidence - Guide - US 116363 THERESA100% (1)Porfolio of Evidence - Guide - US 116363 THERESA104 pages
- AUN-QA Self Assessment and IQA Plan TemplateNo ratings yetAUN-QA Self Assessment and IQA Plan Template89 pages
- Portfolio of Evidence - Guide - US 116344 Revised - 20-10-2020 Maki100% (1)Portfolio of Evidence - Guide - US 116344 Revised - 20-10-2020 Maki50 pages
- National N Diploma - Public Management LogbookNo ratings yetNational N Diploma - Public Management Logbook16 pages
- Structuring Your Portfolio of Evidence File: Unit Standard: 116343No ratings yetStructuring Your Portfolio of Evidence File: Unit Standard: 11634368 pages
- Learner GuideLearning Material For RIIQUA601E Establish and Maintain A Quality SystemNo ratings yetLearner GuideLearning Material For RIIQUA601E Establish and Maintain A Quality System364 pages
- OG - Audit Report - Part 2 - Group No. 9No ratings yetOG - Audit Report - Part 2 - Group No. 924 pages
- Portfolio of Evidence Guide - US 116358 Revised - MakiNo ratings yetPortfolio of Evidence Guide - US 116358 Revised - Maki41 pages
- POE U S 116345 Budgeting - Group Work Doc Updated Nov 20111No ratings yetPOE U S 116345 Budgeting - Group Work Doc Updated Nov 2011159 pages
- BSBPMG632 Program Risk - Learner Guide - V1.04.22No ratings yetBSBPMG632 Program Risk - Learner Guide - V1.04.2299 pages
- 2022 City of Winnipeg Compensation DisclosureNo ratings yet2022 City of Winnipeg Compensation Disclosure70 pages
- Structuring Your Portfolio of Evidence File: Unit Standard: 116345No ratings yetStructuring Your Portfolio of Evidence File: Unit Standard: 11634559 pages
- US116340 Apply Costing Principles To Municipal OperationsNo ratings yetUS116340 Apply Costing Principles To Municipal Operations106 pages
- Icom111 2023 Group Assignment Final 6 March 2023 2No ratings yetIcom111 2023 Group Assignment Final 6 March 2023 215 pages
- Government of Ghana MLGRD A Operational Manual For Dpat 2016 A 1st CycleNo ratings yetGovernment of Ghana MLGRD A Operational Manual For Dpat 2016 A 1st Cycle84 pages
- 7.1 Learning Objective 7-1: Chapter 7 Plant Assets, Natural Resources, & Intangibles0% (1)7.1 Learning Objective 7-1: Chapter 7 Plant Assets, Natural Resources, & Intangibles75 pages
- ICOM111 2023 Group Assignment Ground Rules and Task AgreementNo ratings yetICOM111 2023 Group Assignment Ground Rules and Task Agreement7 pages
- Portfolio of Evidence - Guide - US 116345 - DecemberNo ratings yetPortfolio of Evidence - Guide - US 116345 - December44 pages
- CIO Key Findings From The Anatomy of A World Class PMONo ratings yetCIO Key Findings From The Anatomy of A World Class PMO56 pages
- APPENDIX 1: Objectives and Principles of The NQFNo ratings yetAPPENDIX 1: Objectives and Principles of The NQF1 page
- 1994 RA 7740 Southern Leyte Founding Anniversary (Non-Working Holiday)No ratings yet1994 RA 7740 Southern Leyte Founding Anniversary (Non-Working Holiday)3 pages
- Introduction, Function and Limits With Derivatives: Module OutlineNo ratings yetIntroduction, Function and Limits With Derivatives: Module Outline10 pages
- 2021 09 Private Equity Venture Capital (6QQMN562) - Assessment Overview and Marking CriteriaNo ratings yet2021 09 Private Equity Venture Capital (6QQMN562) - Assessment Overview and Marking Criteria5 pages
- Planning Conducting and Monitoring Pilot Tests: Trainers ManualNo ratings yetPlanning Conducting and Monitoring Pilot Tests: Trainers Manual119 pages
- FT CRD 133 01 Performance Appraisal Template2No ratings yetFT CRD 133 01 Performance Appraisal Template21 page
- DRC-DDG - FCRM-South Sudan Feedback Complaints Response Mechanism Policy and Guidelines - FINAL PDF100% (1)DRC-DDG - FCRM-South Sudan Feedback Complaints Response Mechanism Policy and Guidelines - FINAL PDF22 pages
- Future of AI and Its Impact On Finance Industry-47No ratings yetFuture of AI and Its Impact On Finance Industry-4749 pages
- Regional Project Monitoring and Evaluation SystemNo ratings yetRegional Project Monitoring and Evaluation System24 pages
- Palawan in Commonwealth Period A Reaction Paper0% (1)Palawan in Commonwealth Period A Reaction Paper2 pages
- University of Limpopo Strategic Plan 2024 2028 Final Approved by COUNCIL 241123 Branded 3No ratings yetUniversity of Limpopo Strategic Plan 2024 2028 Final Approved by COUNCIL 241123 Branded 340 pages
- LECTURE 8 Sharing and Devolution of PowerNo ratings yetLECTURE 8 Sharing and Devolution of Power11 pages
- Giz2022 en Strengthening Good Financil Governance in SambiaNo ratings yetGiz2022 en Strengthening Good Financil Governance in Sambia2 pages
- Daad Helmut-Schmidt-Programme Information About The Master S CoursesNo ratings yetDaad Helmut-Schmidt-Programme Information About The Master S Courses11 pages
- 2.0 Information Security - Establish A Strong Defense in CyberspaceNo ratings yet2.0 Information Security - Establish A Strong Defense in Cyberspace13 pages
- Good Leadership and Sustainable Governance A Critical Assessment of Governance in NigeriaNo ratings yetGood Leadership and Sustainable Governance A Critical Assessment of Governance in Nigeria8 pages
- Artificial Intelligence (AI) and Information Systems - Perspectives To Responsible AINo ratings yetArtificial Intelligence (AI) and Information Systems - Perspectives To Responsible AI7 pages
- Board Reso BOARD RESOLUTION J029 - 092321No ratings yetBoard Reso BOARD RESOLUTION J029 - 0923211 page
