The purpose of this guideline is to assist the Executive Authority in discharging his/her responsibility for risk management.
An Executive Authority means:
· In a Constitutional Institution: The Chairperson of the Constitutional Institution in relation to a Constitutional Institution with a body of persons, and in relation to a Constitutional Institution with a single office bearer, the incumbent of that office;
· In a National department: The Cabinet member who is accountable to Parliament for that department;
· In a Provincial department: The Member of the Executive Council of a province who is accountable to the Provincial Legislature for that department;
· In a National Public Entity: The Cabinet member who is accountable to Parliament for that public entity or in whose portfolio it falls;
· In a Provincial public entity: The Member of the Provincial Executive Council who is accountable to the Provincial Legislature for that public entity or in whose portfolio it falls;
· In a Municipality: The Municipal Council; and
· In a Municipal Entity: The Municipal Council of its parent municipality.
The guideline is designed to:
· Provide the Executive Authority with information to enable him/her to fully understand the roles and responsibilities of his/her office in terms of risk management;
· Provide templates to assist the Executive Authority to effectively discharge such roles and responsibilities.
3. How to navigate the guideline
The guideline has been structured according to the sections noted below. Each of the sections contains underlying information that can be accessed by clicking on the title.
· Strategic value of the Executive Authority in risk management (Section 4)
· ERM architecture and high level responsibilities of the Executive Authority (Section 5)
· Evaluation criteria (Section 6)
· Additional reading / reference (Section 7)
4. Strategic role of the Executive Authority in risk management
The Executive Authority is accountable to the legislature / parliament in terms of the achievement of the goals and objectives of the Institution. The Executive Authority should take an interest in risk management to the extent necessary to obtain comfort that properly established and functioning systems of risk management are in place to protect the Institution against significant risks. As risk management is an important tool to support the achievement of this goal, it is important that the Executive Authority should provide leadership to governance and risk management
5. High level responsibilities of the Executive Authority
To derive optimal benefits, risk management ought to be conducted in a systematic manner, using proven methodologies, tools and techniques.
High level responsibilities of the Executive Authority in risk management should include:
· ensuring that the Institutional strategies are aligned to its government mandate;
· obtaining assurance from management that the Institution’s strategic choices were based on rigorous assessment of risk;
· obtaining assurance that key risks inherent in the Institution’s strategies were identified and assessed, and are being properly managed;
· assisting the Accounting Officer / Authority to deal with fiscal, intergovernmental, political and other risks beyond their direct control and influence;
· insisting on the achievement of objectives, effective performance management and value for money.
· Awareness of and concurring with the Institution's risk appetite and tolerance levels;
· Oversight over the Institution's portfolio view of risks and considers it against the Institution's risk tolerance;
· Requiring that management should have an established set of values by which every employee should abide by;
· Assign responsibility and authority (excluding Local Government where the municipal council will approve the risk management delegations prepared by the Accounting Officer); and
· Insist on accountability.
In addition to the above responsibilities the Executive Authority of a municipality or municipal entity should also:
· approve the risk management policy, strategy and implementation plan; and
· approve the fraud prevention policy, strategy and implementation plan.
The Executive Authority should consider the following aspects below which if not considered could affect the Institution's risk culture:
· The design and functioning of control activities, information and communication systems, and monitoring activities;
· The quality and frequency of reporting;
· The way the Institution is managed including the type of risks accepted;
· The appropriateness of reporting lines.
Everyone in the Institution has a part to play in achieving and sustaining a vibrant system of risk management and to that extent must function within a framework of responsibilities and performance indicators. These indicators should be able to measure the Executive Authority's effectiveness in the Institution's risk management in contributing to the Institution's goals and objectives. Possible key performance indicators for the Executive Authority could include the following and other relevant indicators:
· Year-on-year performance that requisite outcomes are achieved.
7. Additional reading / reference
A catalogue of additional resources is included below to assist the Executive Authority to facilitate implementation of risk management. Click on the relevant link to access these documents.
Guidelines: Additional reading / reference