RISK MANAGEMENT FRAMEWORK PRESENTATION TO THE PORTFOLIO COMMITTEE

RISK MANAGEMENT FRAMEWORK PRESENTATION TO THE PORTFOLIO COMMITTEE 23 MAY 2007

Setting the Scene “A dynamic organization is exposed to a staggering array of risks, as rich and diverse as the opportunities it enjoys. ” (Shimpi, 1999: 16).

Sources of SOE Risk Exposures E N V I R O N M E N T R I S K P R O C E S S I N F O R M A T I O N F O R R I S K D E C I S I O N M A K IN G R I S K

SOE Response to Ever Changing Risk Landscape • Includes the implementation of an enterprise-wide risk management process which helps ensure that all risks are timeously and systematically identified, analysed and mitigated to acceptable levels on a continuous basis, so that : – Operational surprises and unplanned adjustments to financial results are avoided – The SOE reputation and image is protected – The SOE complies with applicable laws and regulations – SOE personnel live out the SOE values and code of ethics – SOE reduce the impact of their operations to people and the environment – SOE develop and maintain a competitive edge – SOE business objectives are achieved

SOE Risk Management Processes • All SOE appreciate the need for and are committed to implementing and maintaining robust risk management processes • Currently SOE risk management processes are at relatively different levels of maturity • For those who are lagging, plans are in place/being developed to improve their processes

DPE Response to Ever Changing Risk Landscape • Ministry and department recognize that effective risk management oversight is a key imperative • Developed a new risk management framework which provides a more robust oversight approach to risk management which is : – – Proactive as opposed to reactive Continuous as opposed to ad-hoc Broadly focused as opposed to narrowly focused Integrated as opposed to fragmented • Significant investment in people and technology to develop and implement the risk management process

The Imperatives for Risk Management Oversight of SOE • Compliance with PFMA and Treasury regulations • Need for an early warning system for SOE risks which could have a significant impact on the economy at large and the environment. • Need to improve the decision making capabilities of the department • Need for a catalyst to drive continuous improvement of SOE risk management processes

Risk Management Framework • Work commenced on the framework in May 2006 • Collaborative effort between the department and its SOE • Purpose: To outline the department’s risk management approach relating to SOE risks (SOE focus) • Consulted extensively in its development (internal & external) • Approved by SOE Risk Forum and CEO Forum

DPE’s Risk Management Philosophy The following key principles underpin the DPE risk management framework : • SOE Boards are responsible for the total process of risk management and this must be respected • Certain levels of risk need to be monitored by the Shareholder as part of its oversight responsibility • Integral part of good management practice • Adopt a structured, consistent and continuous approach

Framework Focus Areas Shareholder level Enterprise Level Decision Support • Shareholder level : focus is on identifying, managing and monitoring specific risks that are of concern to the shareholder (includes SOE cross-cutting risks) • Enterprise level : focus is on facilitating a process to continuously improving SOE risk management practices • Decision support : focus is on improving internal SOE related decision making and review activities

Shareholder Level _ Risk Management Approach [1] Risk analysis Risks as reported by SOE (“top 10”) Risk evaluation Shareholder level Other risks identified by Shareholder Determine shareholder level risks Report & Monitor

Shareholder Level _ Risk assessment matrix [2] Level 1 Risk Level 2 Risk Level 1 Risk Level 3 Risk Level 2 Risk Level 3 Risk Low Possible Likely Almost Certain

Shareholder Level _ Activity Timeline [3] March Activities Shareholder level risk identification from SOE risk management plans X Evaluation of adequacy of risk treatment plans X Review adequacy of related KPA’s in Shareholder Compact X Monitor effectiveness of treatment plans Monitor changes to SOE risk profile Report risk information to committees, fora and Minister On-going intelligence gathering and industry benchmarking Q 1 Q 2 Q 3 Q 4

Shareholder Level_SOE risk management plans [4] • Annual plans to include , inter alia, the following information: – – – Areas of risk management focus, objectives and timeframes Details of significant risks Information on business continuity plans Fraud prevention plans Legal and regulatory compliance processes

Shareholder Level _ Oversight on corrupt practices [5] • Areas of high risk: Procurement and contracting • Mitigation measure: Fraud prevention plans submission by SOE. • Provisions of the Companies Bill relating to corrupt practices in relation to Public Interest companies (Section 161(6)) – Obligation on the Board to establish and maintain a system to receive disclosures confidentially and act on them – Routinely publicise the availability of that system

Shareholder Level _ Risk Reporting Protocol [6] Level 1 risk Level 2 risk Level 3 risk RMC Exco Minister Exco Not significant from shareholder perspective RMC = DPE Risk Management Committee

Enterprise Level [1] • Guidelines, tools and surveys to continuously improve the risk management processes of SOE ü guidelines for risk management (complete) ü guidelines for treasury risk management (draft approved by Risk and CFO and still to be reviewed by National Treasury) ü annual survey and benchmarking of SOE risk management practices (first survey planned for fiscal 2008)

Enterprise Level [2] • SOE Risk Forum formed in 2005 • Sub-forum of the CEO forum • Forum comprises risk managers of all SOE as well as DPE risk unit • Chaired by DDG : LGRS • Forum meets on a quarterly basis

Enterprise Level_ SOE Risk Forum [ 3 ] • Objective of the forum is the promotion of sound risk management practices in SOE through knowledge sharing and the development of common tools and guidelines • Also serves as a peer review platform • Deals with matters referred to it by the CEO forum • Engaged in various projects including: – – Enterprise Risk Management (ERM) implementation roadmap ERM Maturity Model Materiality and Significance framework 2010 Task Team

Enterprise Level_2010 Task Team [ 4 ] • Purpose: assist the department and its SOE in ensuring that those risks which could threaten the success of the 2010 Soccer World Cup and are responsibility of the SOE, are identified and effectively managed. • Also co-ordinates formal submissions on 2010 Soccer World Cup matters by the department and its SOE.

Decision Support _ Core Activities [1] LGRS SUPPORT (Finance, HR, IT etc. )

Decision Support _Risk Management Process [2] Decision Support Risks identified in conjunction with SOE team Risks analysed Risks reported in decision memo Evaluation of SOE responses

Risk Governance Structure [1] Executive Authority SOE Board Accounting Officer Audit/Risk sub-committee DPE Exec. Comm. CEO’s Forum DPE Risk Comm. SOE Risk Forum DPE Risk Unit Chairperson’s Forum

Governance Structure _ Roles & Responsibilities [2] –Executive Authority • Overall strategic responsibility for the total process of risk management from shareholder perspective –Accounting Officer (DG) • Accountable to the EA for establishing and maintaining effective, efficient and transparent risk management process

Governance Structure _ Roles & Responsibilities [3] – Risk Management Committee • Formal terms of reference approved by EXCO • Assists DG to execute risk management responsibilities

Governance Structure _ Roles & Responsibilities [4] – SOE Boards • Responsibility for the total process of risk management within SOE as well as forming an opinion on the effectiveness of the process • Approves SOE risk strategy and policy • Undertakes formal risk assessment process at least annually • Reviews reports on significant risks • Keeps Executive Authority informed about significant risks and risk management strategies • Makes required disclosures in annual report

Governance Structure _ Roles & Responsibilities [5] – DPE Risk Unit • To proactively identify and monitor significant Shareholder level risks ; • To support the SOE risk management efforts at the enterprise level; • To co-ordinate the activities of the SOE Risk Forum; and • To support the DPE SOE teams in identifying and analysing risks in their decision making activities relating to SOE matters

THANK YOU