1 / 15

Andre Nel CAE NW PIA- CIA, CCSA, CISA, RGA

Provincial Internal Audit perspective of the status in implementation of risk management in the province. Andre Nel CAE NW PIA- CIA, CCSA, CISA, RGA. What do we want to achieve?. The objective of risk management?. Substance over form. It is the impact that matters not how we write it.

severin
Download Presentation

Andre Nel CAE NW PIA- CIA, CCSA, CISA, RGA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Provincial Internal Audit perspective of the status in implementation of risk management in the province Andre Nel CAE NW PIA- CIA, CCSA, CISA, RGA

  2. What do we want to achieve? • The objective of risk management?

  3. Substance over form • It is the impact that matters not how we write it.

  4. What are the risks that we have to manage? [1] • In terms of paragraphs 14 and 16 of the Public Sector Risk Management Framework, risk identification and assessment should be systematic and should focus on a comprehensive inventory of risks.

  5. What are the risks that we have to manage?[2] • In terms of risk mitigation in response to risks, the Framework emphasizes the need to develop response strategies for all material risks, whether or not within management’s direct control.

  6. What are the risks that we have to manage?[3] • Regular and effective monitoring processes in paragraph 20 of the PSRMF should ensure that risk management systems are in line with the Department’s plan, policy and strategy.

  7. What risks are we talking about? • Unsatisfactory embedding of risk management due to lack of commitment to manage and report risk management -par. 10 (3) of PSRMF, • Risk of the Department’s identified risks being incomplete based on the approved APP - par. 14 (2) and (4) of PSRMF, • Compliance risks are not adequately identified/mitigated and aligned to specific legislative provisions - par. 13 (5) of PSRMF,

  8. What risks are we talking about? • Risk of incorrect cause being identified which affects the nature and extent of mitigation interventions - par. 17 (1) of PSRMF, • Risk of risks being incorrectly assessed inherently - par. 16 (5) (a) of PSRMF, • Risk of incorrect assessment of controls, which would affect the residual rating and consequently extent of mitigation - par. 16 (5) (b) of PSRMF, (inclusive of incorrect control identification etc)

  9. What risks are we talking about? • Incorrect development and application of the risk treatment matrix to ensure that the mitigation intervention is appropriate in relation to the risk appetite - par. 16 (5) (b) and 17 (4) of PSRMF, • Risk of inappropriate mitigating/ treatment plans developed (ie repeating current controls, treatment plans not responding to identified causes, treatment plans not assessed for practicality) - par. 17 and 18 of PSRMF,

  10. What risks are we talking about? • Incorrect development and application of the risk treatment matrix to ensure that the mitigation intervention is appropriate in relation to the risk appetite - par. 16 (5) (b) and 17 (4) of PSRMF, • Risk of inappropriate mitigating/ treatment plans developed (ie repeating current controls, treatment plans not responding to identified causes, treatment plans not assessed for practicality) - par. 17 and 18 of PSRMF,

  11. What risks are we talking about? • Inappropriate timeframes developed in alignment with the targets/ indicators in the APP. The timeframes should be in alignment with the APP to ensure that application of mitigation plans is timely - par. 17 (7) of PSRMF, • Failure by task owners to report adequately and effectively on risk managed- par. 19 (2) of PSRMF, • Inadequate and ineffective oversight by the Risk Management Committee - par. 24 of PSRMF.

  12. The vision- internal and external

  13. The risk identification and assessment process • Master risk management assessment • Strategic risk assessment • Operation assessment

  14. Introspection One of the greatest attributes of any leader is the ability to do introspection.

  15. The end • Be passionate, • have an inspired vision and share it, • never stop learning, and • motivate people to walk the road in search of excellence together with you. Andre Nel

More Related