Risk and Advisory Services. Risk and Advisory Services Why Integrated Risk Management is Important

Transcription

1 Risk and Advisory Services Risk and Advisory Services Why Integrated Risk Management is Important March 2017

2 Risk and Advisory Services ERM Department and Service Offerings Legislative Mandate What is integrated risk management Integration of External and Internal Risk Universe Building Risk Profile from Global/ National/ Sector/ ethekwini Monitoring and Evaluation of Risk Profile (Risk Indicators) Recommendations

3 ETHEKWINI MUNICIPALITY BUSINESS OPERATING MODEL V0.3 Funding Rates Service Charges Grants Government Loans Other Research and Innovation Finance ICT Suppliers Service Providers Legislation And Acts The Constitution of the Republic of S.A (1996) Electricity related Acts Housing related Acts Municipal Management related Acts Water related Acts Transport related Acts Event Organisers Social Housing Institutions Governance Channels Waste Management related Acts Electricity Infrastructure ethekwini Security Municipality related Acts Business Operating Model Service v0.3 Support Services Governance, Risk and Compliance Strategy and Planning Health Services related Acts Pension related Acts Rates related Acts FICA POPI King III ethekwini Municipality Governance and Strategy..growing the economy and meeting people's needs.. Planning Development Management Maintenance Promotion Provision Billing Community and Stakeholder Engagement HR Fleet Alliances / Partners Academia Global Partnerships Legal Internal Audit Businesses Tourism Markets Customer Service City Administration PMO? SA Government Departments Services Facilities Roads Infrastructure Storm Water Infrastructure Landfills Housing Public Libraries Community Halls Durban Art Galleries Museums Cemeteries Parks and Nature Reserves Disaster Sites Essential Services Electricity Cleansing and Solid Waste Water and Sanitation Broadband Connectivity? Protection Services Health Police Fire and Emergency Disaster Management Value-Added Services Rentals Transport Services Facility Access Tourism and Trade Economic Development Community Services IT Services? Face-to-Face Door to Door Imbizos Branches Delivery Staff Digital Call Centres Website Social Media Other Mail Fax Other Media City Enterprises City Entities ushaka Marine World ICC Economic Development Agencies Durban Fresh Produce Market Durban Film Office Durban Tourism Durban IPA Moses Mabhida Customers Residential Business Commercial Institutions Industrial Retail Government Health Education Other Municipaliti es

4 ERM AS PART OF MUNICIPAL STRATEGY Plan 7 - IDP ERM Structural Positioning Good Governance and Responsive Local Government. Objective of Plan 7 is to Create an efficient, effective and accountable administration. To achieve this, the municipality adopted an Enterprise-wide Risk Management process to assess and manage the risks that might impact the achievement of the municipality s objectives. OCM Cluster Internal Audit Risk & Advisory Services (BCM) Approved ERM Policy and Framework Enterprise Risk Management Council approved the Enterprise Risk Management Policy and Framework for implementation throughout the municipality and its entities. Enterprise Risk Management provides a formalised approach used to proactively manage uncertainties linked to the strategic objectives of the municipality and its entities. The Enterprise Risk and Advisory Services Department s mandate is to champion the establishment of the risk management processes and provide advice and guidance on risk management matters.

5 ERM Service Offerings Value adding risk advisory through informed, proactive decision making Protect municipal reputation and brand image Optimise achievement of strategic goals Championing integrated enterprise wide risk management Anticipate and communicate uncertainties inherent in performance goals Improve management of common risks across the municipality and its entities Promote Risk Ownership and Accountability Eliminate redundant and unnecessary activities Reduce operational losses and surprises To support the delivery of capital projects within municipalities clusters/units by ensuring that risks associated with projects delivery are identified, analysed, monitored and reported to various project stakeholders for decision making therefore maximizing the opportunity of delivering projects on time, right quality and within allocated budget. Business Continuity Management and Resilience

6 LEGISLATIVE MANDATE MFMA: 1. S 62 (1) ( c ) states that the Accounting Officer must ensure that the municipality has and maintains effective, efficient and transparent systems of financial and risk management and internal control 2. S 78 and 105 further assigns the responsibilities to other officials to ensure effective, efficient, economical and transparent use of financial and other resources within that official s area of responsibility 3. S 165 (2) (b) requires Internal Audit unit to advise the Accounting Officer on matters related to (iv) risk and risk management 4. S166 (1) requires the Audit Committee to advise municipal Council, Political Office-bearers, the Accounting Officer and Management on matters related to (ii) risk management Other guidelines/best practice: King III Code on corporate governance and Public Sector Risk Management Framework states: The Council/ Board is responsible for the total process of risk management, as well as for forming its own opinion on the effectiveness of the process. Generally: it makes sense 6

7 What is integrated Risk Management Integrated risk management = incorporating risk information into the strategic direction - setting of the organization + making decisions that consider the department's established risk tolerance limits. Stronger risk management practice across government is essential to managing resources more effectively, making better decisions, and ultimately improving the effectiveness of the public service The Integrated Reporting Framework has been endorsed by the Integrated Reporting Committee (IRC) of South Africa as a guidance on good practice on how to prepare an integrated report. 7

8 Risk Universe INTERNAL RISK UNIVERSE IDP Goals Business Plans Prior Years Strategic/ Cluster/ Unit Risk Registers Key Performance Information/Areas Annual Report OPEX/CAPEX Spend Intern Audit Logs Council/EXCO Decisions Portfolio Committees National Treasury EXTERNAL RISK UNIVERSE Global/Continental/National/Industry/Sector Risks Local Government Risks Laws & Regulations/Regulators/Licence Conditions Professional Risk Standards & Guidelines Stakeholder Expectations (COGTA/SONA/SALGA/IGR) Public Sector Risk Management Forum Media/Feedback on Customer Survey Questionnaires AGSA CM Key Business Issues Risk Categories Emerging Risks Materialised Risks Media 2016/2017 Focus Areas Approval of ERM Governance Doc Development of risk appetite and tolerances Training and Awareness on ERM Governance Municipal wide (Annual Training Plan) Category Risk Profiles (OHS/Infrastructure/ Finance & Supply Chain) Integrated Risk Reporting Special Value Add Projects

9 Alignment of IDP to National Programs Sustainable Developmental Goals Ensure availability and sustainable management of water and sanitation for all Municipal Responses Plan 3 Programme 4,5 Build resilient infrastructure, promote inclusive and sustainable industrialization and foster innovation Plan 2: Programme 1,3,4,5,7,8,10,13 Plan 3: Programme 4,5,6 Make cities and human settlements inclusive, safe, resilient and sustainable Plan 3 Programme 1 Plan 4 Programme 1,2,3,4,5 Conserve and sustainable use the oceans, seas and marine resources for sustainable development Plan 3 Programme 7

10 Aligning IDP and Strategic Risks Key Performance Area 8 point plan Strategic Focus Area Key Risks Areas Basic Service Delivery Develop and Sustain our Develop, manage and regulate the Rapid urbanization Spatial, Natural and Built Built and Natural Environment Environment Pace of Economic Transformation with regards Climate protection planning to city spend Creating a Quality Living Environment Fostering a Socially Equitable Environment Meet infrastructure and household service needs and backlogs Address community service backlogs Promoting the safety of citizens Promoting the health of citizens Sustainability of Water Integrated Rapid Transport Services Human settlement expectations Provision of public transport services Infrastructure Impact on Service Delivery Safety and Security Prevalence of Social Ills Financially Accountable and Sustainable City Durban Energy Office INK ABM Financial sustainability Contravention of supply chain management policy, regulations and circulars 10

11 Other Risk Management Units Occupationa l Health Legal & Complianc e CIIU Business Continuity Insurance - Treasury Enviro ECD Disaster Mgt Safety & Security Fire & Emergency Enviro Health Infrastructur e Risk Mgt Financial Risks & SCM - Treasury

12 RISK MANAGEMENT AS PART OF THE INTEGRATED PROCESS Risk Mitigations requiring budget Budget/Project s linked to SDBIP Performance Targets (Monthly & Quarterly Integrated reporting to Combined & IRMC IA & AG Logs (Effect of unresolved to control environment & delivery) (Monthly & Quarterly to Combined/IRMC & AC Final IDP/Scorecard & Strategic Risk Register Approval (May ) IDP Review Business Plan/Risk Assessment (Link Goals/Perf Targets & Risk) (Feb- April) Integrated Process Process Integrated Integrated Risk Profile Review including other category Risks (OHS/Fraud/ Compliance etc) Integrated Report to include Materialized/ Emerging Risks/ Opportunities per cluster and units (Monthly & Quarterly)

13 GLOBAL RISKS - WEF: TOP RISKS BY CATEGORY

14 WEF: Risk in focus and trends Food security risk in the context of climate change How changing climate and weather patterns could jeopardize weather, food security and agriculture production across geographies. South Africa experienced extreme drought conditions in 2016/17

15

16 STAKEHOLDER / REGULATORS WATER AND SANITATION

17 Umngeni vs ethekwini Risks Profiles Umgeni Risks Short Water Resource Availability Infrastructure Investment to Meet Service Delivery mandate and growth plan Performance of bulk waste water Infrastructure Assets Breach of materiality and significant framework Sustainable Tariffs Protection and Safeguarding of assets Ability to deliver Project on time and within Budget Ability to secure funding to meet development goal Long term Water resource availability Performance of bulk portable water infrastructure Assets EThekwini Risks Implementation of the Asset Management Plan Non Revenue Water Revenue Protection Measures Business Continuity Staffing - Recruitment and Retention Service Delivery Infrastructure Impact on service delivery Security of Water Supply 17

18 Risk and Advisory Services Strategic Risks for 2016/17 Risks are rated Risks are rated Priority 2 Priority 3

19 Risk and Advisory Services Compliance Economic Development & Job Creation Safety, Health & Social Inclusion Sustainability Disruption to Operations Absence of coordinated and centralised compliance function which may lead to non-compliance with applicable legislation and result in fines and penalties. The city may not be able to meet its broader socio economic objectives due to mainly weak economic development and job creation. City's inability to provide adequate protection for EMA citizens, linked to safety, health and social inclusion. Limited resources to address the growing demand for services which may result in the municipality may not being able to meet city s objectives and ultimately threaten sustainability. Priority 2 Possible disruption to municipal services and economic activities in the city. Priority 2 Priority 2 Priority 2 Priority 2 Talent Management Corporate IT Governance Fraud, Theft & Corruption Governance Infrastructure Challenges experienced in implementing Talent Management Framework therefore the municipality may not be able to create capacity to enable efficient and effective service delivery. The Municipality may not be able to fully comply with the IT governance requirements due to the non-adherence to IT governance principles thus leading to the municipality not getting full value out of the IT investments and also not being able to take full advantage of strategic opportunities. Activities and decisions undertaken in an unethical or illegal manner. Governance processes are not well coordinated for optimal delivery and hence the municipality may not effectively employ its resources thus leading to inefficiencies and duplication. Increasing demand on existing aging infrastructure managed in a predominantly reactive mode, may result in reduced service delivery levels with increased life cycle cost thus reducing the investment potential of ethekwini. Priority 2 Priority 3 Priority 3 Priority 3 Priority 3

20 ASSURANCE GOVERNANCE STEWARDSHIP MANAGEMENT OVERSIGHT GOVERNANCE AND OVERSIGHT Council and Key Committees Mayor/EXCO Portfolio Committees Audit Committee Integrated Risk Management Committee (IRMC) Finance and Investment Committee Risk Category Forum DCM Forum Stratman All IT Steering Committee Combined Risk & Managing the Municipality Sub Committee Integrated Cluster/Units Risk Management Forums (ICRMF) Integrated DCM Forum Risk Managment Committee Risk Champions (IRMC) a First line of Defence Second line of Defence Third line of Defence Integrated Cluster Meetings a Chief Integrated Risk Officer Risk Managment Legal Committee City Integrity (IRMC) and Investigations Integrated Risk Managment Committee (IRMC) Internal Audit Services and Independent Assurers

21 Three Lines of Defence 1 ST LINE OF DEFENSE: 2 nd LINE OF DEFENSE: 3 RD LINE OF DEFENSE: The City Manager, the Executive Management supported by StratManAll has an overall responsibility for the management of municipal operations. Management and staff within each business unit, take ownership for the operational processes, budget, asset management, performance monitoring compliance, risk management and reporting requirements within their areas of responsibility. Risk champions who assist management in embedding the risk management framework and culture within operations. Risk Management, Finance, Legal Human Resources City Integrity & Investigations. These functions provide support (technical or otherwise) and advice to the management at EXCO level and Business Units. Internal Audit External Audit External Regulators Provides independent objective review and assurance through evaluating the effectiveness and integrity of the system of controls, performance management and compliance with applicable legislation

22 WATER AND SANITATION FIVE YEAR RESIDUAL RISK ANALYSIS Risks 2011/ / / / /2016 Implementation of the Asset Management Plan priority 1 priority 1 priority 1 priority 1 priority 1 IT Systems priority 1 Supply Chain Management priority 4 priority 1 priority 1 priority 1 Non Revenue Water priority 1 priority 1 priority 1 Revenue Protection Measures priority 1 priority 1 priority 1 Theft Fraud and Corruption priority 1 priority 1 priority 1 Pace of Service Delivery priority 1 priority 1 priority 1 Business Continuity priority 1 priority 1 priority 1 priority 3 Staffing - Recruitment and Retetion priority 1 priority 2 priority 2 priority 2 priority 2 Bulk Water Supply Assurance priority 4 priority 4 priority 4 Infrastructure Challenges priority 1 Sustainability of Water Supply priority 1 Service Delivery priority 1 Infrastructure Impact on Service Delivery priority 2

23 PRIORITIES Proposed actions Rating Take urgent action Report to CM/ CEO/RC/AC and Council/Board attention Detailed risk analysis, qualitative and quantitative, where possible Mandatory business continuity plans Take immediate action Report to CM/ CEO,RC/AC and Council/Board attention. Detailed risk analysis, qualitative and quantitative, where possible Mandatory business continuity plans Proactive management Report up to CM. Active management Report up to DCM Mainly control and monitor Routine management No risk reduction - control, monitor, inform management. Priority 1 Priority 2 Priority 3 Priority 4 Priority 5

24 Risk and Advisory Services Limited resources to address the growing demand for services which may result in the municipality may not being able to meet city s objectives and ultimately threaten sustainability. Priority 2 Recommendation Change priority to a Priority 1 Requires mitigations to immediately address the risk exposure Control environment change: Satisfactory to Weak Drought Response mechanisms not budgeted for Infrastructure Competing demands for social and economic services and growing backlog Rapid Urbanisation IRPTN Roll out & continued cost of operations Electricity Increased electricity losses and reduction in sales Water Reduction in water sales and high water losses

25 Risk and Advisory Services NON REVENUE WATER - stats Non Revenue Water 40.7% 2015/ /16 R711 mil loss 132 mil kl

26 Sustainability of water supply Risk and Advisory Services

27 REGULATOR: BLUE AND GREEN DROP STATUS ethekwini Municipality subscribes to Blue and Green Drop requirements

28 Internal Audit Reports AGSA Management Letter National Treasury/ Metro Benchmark MPAC EXCO/ Council Resolutions/ Ward Committees Media Reputational Risks SALGA/ COGTA Complaints from Citizens and Community Forums

29 Constitutional Mandate Integration Cross Sectors Synchronisa tion/ businesses/ Achievement of societal common goals Drive efficiency & Effectiveness in delivering services 29

30 Risk and Advisory Services Practical integrated processes (planning) process resulting in integrated output Create platform for communication and sharing best practice Understand stakeholder dynamics and its implications Competition is good but should not defeat the bigger purpose Encourage innovation link with universities and global innovative platforms Avoid silos and understand unintended consequences emanating from decisions Embedding integrated risk management into business operations

31 Risk and Advisory Services

32 Risk and Advisory Services