Risk and Advisory Services

Risk and Advisory Services

Why Integrated Risk Management is Important

March 2017

Risk and Advisory Services

ERM Department and Service Offerings

Legislative Mandate

What is integrated risk management

Integration of External and Internal Risk Universe

Building Risk Profile from Global/ National/ Sector/ eThekwini

Monitoring and Evaluation of Risk Profile (Risk Indicators)

Recommendations

Channels Customers

eThekwini Municipality Business Operating Model v0.3

Governance Funding

Support Services

Legislation And Acts • The Constitution of the Republic

of S.A (1996) • Electricity related Acts • Housing related Acts • Municipal Management related

Acts • Water related Acts • Transport related Acts

• Health Services related Acts

• Pension related Acts • Rates related Acts • Waste Management related Acts • Security related Acts • FICA • POPI • King III

eThekwini Municipality Governance and Strategy

Grants

Digital • Call Centres • Website • Email • Social Media

Loans

Service Charges

Alliances / Partners

Government

Rates

Residential

Face-to-Face • Door to Door • Imbizos • Branches • Service

Delivery Staff

Business • Commercial • Institutions • Industrial • Retail

Government • Health • Education • Other

Municipalities

SA Government Departments Tourism

Markets

Academia Businesses Event

Organisers Suppliers

Social Housing Institutions

Service Providers

Global Partnerships

…..growing the economy and meeting people's needs…..

Planning Development Management Maintenance Research

and Innovation

Promotion Provision Billing Customer

Service

Community and Stakeholder Engagement

Services

Facilities • Roads Infrastructure • Storm Water

Infrastructure • Electricity Infrastructure • Landfills • Housing • Public Libraries • Community Halls • Durban Art Galleries • Museums • Cemeteries • Parks and Nature

Reserves • Disaster Sites

Essential Services • Electricity • Cleansing and Solid

Waste • Water and Sanitation • Broadband Connectivity?

Protection Services • Health • Police • Fire and Emergency • Disaster Management

Value-Added Services • Rentals • Transport Services • Facility Access • Tourism and Trade • Economic Development • Community Services • IT Services • ?

Other • Mail • Fax • Other Media

Finance HR Governance,

Risk and Compliance

Legal City

Administration

ICT Fleet Strategy and

Planning Internal Audit PMO?

City Enterprises

Economic Development

Agencies • Durban Fresh

Produce Market

• Durban Film Office

• Durban Tourism

• Durban IPA • Moses

Mabhida Stadium

City Entities • uShaka

Marine World • ICC

Other

ETHEKWINI MUNICIPALITY BUSINESS OPERATING MODEL V0.3

ERM AS PART OF MUNICIPAL STRATEGY

• “Good Governance and Responsive Local Government”.

• Objective of Plan 7 is to “Create an efficient, effective and accountable administration”.

• To achieve this, the municipality adopted an Enterprise-wide Risk Management process to assess and manage the risks that might impact the achievement of the municipality’s objectives.

Plan 7 - IDP

• OCM Cluster Internal Audit Risk & Advisory Services (BCM)

ERM Structural Positioning

• Council approved the Enterprise Risk Management Policy and Framework for implementation throughout the municipality and its’ entities.

Approved ERM Policy and

Framework • Enterprise Risk Management provides a formalised approach used

to proactively manage uncertainties linked to the strategic objectives of the municipality and its’ entities.

• The Enterprise Risk and Advisory Services Department’s mandate is to champion the establishment of the risk management processes and provide advice and guidance on risk management matters.

Enterprise Risk Management

ERM Service Offerings

Value adding risk advisory through informed, proactive decision making

Protect municipal reputation and brand image

Optimise achievement of strategic goals

Championing integrated enterprise wide risk management

Anticipate and communicate uncertainties inherent in performance goals

Improve management of common risks across the municipality and its’ entities

Promote Risk Ownership and Accountability

Eliminate redundant and unnecessary activities

Reduce operational losses and surprises

To support the delivery of capital projects within municipalities clusters/units by ensuring

that risks associated with projects delivery are identified, analysed, monitored and reported

to various project stakeholders for decision making therefore maximizing the opportunity

of delivering projects on time, right quality and within allocated budget.

Business Continuity Management and Resilience

MFMA:

1. S 62 (1) ( c ) states that “the Accounting Officer must ensure that the municipality has and maintains effective, efficient and transparent systems of financial and risk management and internal control”

2. S 78 and 105 further assigns the responsibilities to other officials to ensure “effective, efficient, economical and transparent use of financial and other resources within that official’s area of responsibility”

3. S 165 (2) (b) requires Internal Audit unit to advise the Accounting Officer on matters related to……(iv) risk and risk management

4. S166 (1) requires the Audit Committee to advise municipal Council, Political Office-bearers, the Accounting Officer and Management on matters related to …(ii) risk management

Other guidelines/best practice:

King III Code on corporate governance and Public Sector Risk Management Framework states:

“The Council/ Board is responsible for the total process of risk management, as well as for forming its own opinion on the effectiveness of the process.”

Generally:

– it makes sense

6

LEGISLATIVE MANDATE

7

What is integrated Risk Management

Integrated risk management =

incorporating risk information into the

strategic direction - setting of the

organization + making decisions that

consider the department's established

risk tolerance limits.

Stronger risk management practice

across government is essential to

managing resources more effectively,

making better decisions, and ultimately

improving the effectiveness of the public

service

The Integrated Reporting Framework has

been endorsed by the Integrated

Reporting Committee (IRC) of South

Africa as a guidance on good practice on

how to prepare an integrated report.

IT GOVERNANCE

SUSTAINABILITY FACTORS

INTERNAL CONTROL ENVIRONMENT

LAWS AND REGULATION

IT GOVERNANCE

SUSTAINABILITY FACTORS

INTERNAL CONTROL ENVIRONMENT

LAWS AND REGULATION

IT GOVERNANCE

SUSTAINABILITY FACTORS

INTERNAL CONTROL ENVIRONMENT

LAWS AND REGULATION

INTERNAL RISK UNIVERSE IDP Goals

Business Plans

Prior Years’ Strategic/ Cluster/ Unit Risk Registers

Key Performance Information/Areas

Annual Report

OPEX/CAPEX Spend

Intern Audit Logs

EXTERNAL RISK UNIVERSE

Global/Continental/National/Industry/Sector Risks

Local Government Risks

Laws & Regulations/Regulators/Licence Conditions

Professional Risk Standards & Guidelines

Stakeholder Expectations

(COGTA/SONA/SALGA/IGR)

Public Sector Risk Management Forum

Media/Feedback on Customer Survey Questionnaires Council/EXCO

Decisions CM Key Business

Issues AGSA

Risk Universe

2016/2017 Focus Areas

Approval of ERM Governance Doc

Development of risk appetite and tolerances

Training and Awareness on ERM Governance Municipal –wide (Annual Training Plan)

Category Risk Profiles (OHS/Infrastructure/ Finance & Supply Chain)

Integrated Risk Reporting

Special Value Add Projects

Portfolio Committees

National Treasury

Risk Categories Emerging Risks Materialised Risks Media

Sustainable Developmental Goals

Municipal Responses

Ensure availability and sustainable management of

water and sanitation for all

Plan 3 Programme 4,5

Build resilient infrastructure, promote inclusive and

sustainable industrialization and foster innovation

Plan 2: Programme 1,3,4,5,7,8,10,13

Plan 3: Programme 4,5,6

Make cities and human settlements inclusive, safe,

resilient and sustainable

Plan 3 Programme 1

Plan 4 Programme 1,2,3,4,5

Conserve and sustainable use the oceans, seas and

marine resources for sustainable development

Plan 3 Programme 7

Alignment of IDP to National Programs

Aligning IDP and Strategic Risks

10

Key Performance Area 8 point plan Strategic Focus Area Key Risks Areas

Basic Service Delivery Develop and Sustain our

Spatial, Natural and Built Environment

Develop, manage and regulate the

Built and Natural Environment

Rapid urbanization

Pace of Economic

Transformation with regards

to city spend

Sustainability of Water

Climate protection planning

Creating a Quality Living

Environment Meet infrastructure and household

service needs and backlogs

Integrated Rapid Transport

Services

Human settlement

expectations

Provision of public transport

services

Infrastructure Impact on

Service Delivery

Address community service

backlogs

Fostering a Socially

Equitable Environment Promoting the safety of citizens Safety and Security

Prevalence of Social Ills Promoting the health of citizens

Financially Accountable

and Sustainable City Durban Energy Office Financial sustainability

Contravention of supply

chain management policy,

regulations and circulars

INK ABM

Other Risk Management Units within the municipality

Legal & Complianc

e CIIU

Insurance - Treasury

Disaster Mgt

Fire & Emergency

Financial Risks & SCM -

Treasury

Infrastructure Risk Mgt

Enviro Health

Safety & Security

Enviro – ECD

Business Continuity

Occupational Health

Other Risk Management Units

RISK MANAGEMENT AS PART OF THE INTEGRATED PROCESS

Integrated Process

Integrated

Process

Performance Targets (Monthly

& Quarterly Integrated

reporting to Combined &

IRMC

IA & AG Logs (Effect of unresolved to

control environment &

delivery) (Monthly & Quarterly to

Combined/IRMC & AC

Integrated Report to include

Materialized/

Emerging Risks/

Opportunities per cluster and units

(Monthly & Quarterly)

Integrated Risk Profile Review including other category Risks (OHS/Fraud/

Compliance etc)

IDP Review

Business Plan/Risk

Assessment (Link

Goals/Perf Targets & Risk)

(Feb- April)

Final IDP/Scorecard

& Strategic Risk Register Approval

(May )

Risk Mitigations

requiring budget

Budget/Projects linked to

SDBIP

GLOBAL RISKS - WEF: TOP

RISKS BY CATEGORY

Food security risk in the context of climate

change

WEF: Risk in focus and trends

South Africa experienced

extreme drought

conditions in 2016/17

How changing climate

and weather patterns

could jeopardize weather,

food security and

agriculture production

across geographies.

STAKEHOLDER / REGULATORS

WATER AND SANITATION

17

Umngeni vs eThekwini Risks Profiles

Umgeni Risks EThekwini Risks Short Water Resource Availability

Implementation of the Asset Management Plan

Infrastructure Investment to Meet Service Delivery mandate and growth plan

Non Revenue Water

Performance of bulk waste water Infrastructure Assets Revenue Protection Measures

Breach of materiality and significant framework Business Continuity

Sustainable Tariffs Staffing - Recruitment and Retention

Protection and Safeguarding of assets Service Delivery

Ability to deliver Project on time and within Budget Infrastructure Impact on service delivery

Ability to secure funding to meet development goal Security of Water Supply

Long term Water resource availability

Performance of bulk portable water infrastructure Assets

Risk and Advisory Services

Strategic Risks for

2016/17

Risks are rated

Priority 2 Priority 3

Risks are rated

Risk and Advisory Services

Compliance Economic Development & Job Creation

Safety, Health & Social Inclusion

SustainabilityDisruption to Operations

Talent ManagementCorporate IT Governance

Fraud, Theft & Corruption

Governance Infrastructure

Absence of coordinated and centralised compliance

function which may lead to non-compliance with

applicable legislation and result in fines and penalties.

The city may not be able to meet its broader socio

economic objectives due to mainly weak economic

development and job creation.

City's inability to provide adequate protection for EMA

citizens, linked to safety, health and social inclusion.

Limited resources to address the growing demand for

services which may result in the municipality may not being able

to meet city’s objectives and ultimately threaten

sustainability.

Possible disruption to municipal services and economic activities

in the city.

Challenges experienced in implementing Talent

Management Framework therefore the municipality may not be able to create capacity to

enable efficient and effective service delivery.

The Municipality may not be

able to fully comply with the IT governance requirements due to

the non-adherence to IT governance principles thus

leading to the municipality not getting full value out of the IT

investments and also not being able to take full advantage of

strategic opportunities.

Activities and decisions undertaken in an unethical or

illegal manner.

Governance processes are not well coordinated for optimal

delivery and hence the municipality may not effectively

employ its resources thus leading to inefficiencies and

duplication.

Increasing demand on existing aging infrastructure managed in a predominantly reactive mode,

may result in reduced service

delivery levels with increased life cycle cost thus reducing the

investment potential of eThekwini.

Priority 2 Priority 2 Priority 2 Priority 2Priority 2

Priority 2 Priority 3 Priority 3 Priority 3 Priority 3

GOVERNANCE AND

OVERSIGHT

a

a

GO

VER

NA

NC

E

OV

ERSI

GH

T A

SSU

RA

NC

E ST

EWA

RD

SHIP

MA

NA

GEM

ENT

Council and Key Committees

Mayor/EXCO

Portfolio Committees

Audit Committee

Integrated Risk Management

Committee (IRMC)

Finance and Investment Committee

DCM Forum

Stratman All IT Steering Committee

Combined Risk & Managing the Municipality Sub Committee

Integrated Cluster/Units Risk Management Forums (ICRMF)

Integrated Risk Managment

Committee (IRMC)

Integrated Risk Managment

Committee (IRMC)

Integrated Risk Managment

Committee (IRMC)

First line of Defence Second line of Defence Third line of Defence

DCM Forum

Integrated Cluster

Meetings

Chief Risk Officer

Legal City Integrity and Investigations

Risk Champions Internal Audit Services

and Independent Assurers

Risk Category Forum

Three Lines of Defence

1ST LINE OF DEFENSE:

• The City Manager, the Executive

Management supported by

StratManAll has an overall

responsibility for the

management of municipal

operations.

• Management and staff within

each business unit, take

ownership for the operational

processes, budget, asset

management, performance

monitoring compliance, risk

management and reporting

requirements within their areas

of responsibility.

• Risk champions who assist

management in embedding the

risk management framework and

culture within operations.

2nd LINE OF DEFENSE:

• Risk Management, • Finance, • Legal • Human Resources • City Integrity &

Investigations.

• These functions provide support (technical or otherwise) and advice to the management at EXCO level and Business Units.

3RD LINE OF DEFENSE:

• Internal Audit

• External Audit

• External Regulators

• Provides independent

objective review and assurance through evaluating the effectiveness and integrity of the system of controls, performance management and compliance with applicable legislation

WATER AND SANITATION FIVE

YEAR RESIDUAL RISK ANALYSIS

Risks 2011/2012 2012/2013 2013/2014 2014/2015 2015/2016

Implementation of the Asset Management Plan priority 1 priority 1 priority 1 priority 1 priority 1

IT Systems priority 1

Supply Chain Management priority 4 priority 1 priority 1 priority 1

Non Revenue Water priority 1 priority 1 priority 1

Revenue Protection Measures priority 1 priority 1 priority 1

Theft Fraud and Corruption priority 1 priority 1 priority 1

Pace of Service Delivery priority 1 priority 1 priority 1

Business Continuity priority 1 priority 1 priority 1 priority 3

Staffing - Recruitment and Retetion priority 1 priority 2 priority 2 priority 2 priority 2

Bulk Water Supply Assurance priority 4 priority 4 priority 4

Infrastructure Challenges priority 1

Sustainability of Water Supply priority 1

Service Delivery priority 1

Infrastructure Impact on Service Delivery priority 2

Proposed actions Rating

•Take urgent action

•Report to CM/ CEO/RC/AC and Council/Board attention

• Detailed risk analysis, qualitative and quantitative, where

possible

•Mandatory business continuity plans

Priority 1

•Take immediate action

• Report to CM/ CEO,RC/AC and Council/Board attention.

•Detailed risk analysis, qualitative and quantitative, where possible

•Mandatory business continuity plans

Priority 2

•Proactive management

•Report up to CM.

Priority 3

•Active management

•Report up to DCM

•Mainly control and monitor

Priority 4

•Routine management

•No risk reduction - control, monitor, inform management.

Priority 5

PRIORITIES

Risk and Advisory Services

Limited resources to address the growing demand for services which may result in the municipality may not being able to meet city’s objectives and ultimately threaten sustainability.

Priority 2

Control environment change:

Recommendation

Change priority to a

Priority 1

Requires mitigations to

immediately address the risk

exposure

Satisfactory to Weak

Drought Response mechanisms not budgeted for

Water Reduction in water sales and high water losses

Electricity Increased electricity losses and reduction in sales

Infrastructure Competing demands for social and economic services and

growing backlog

Rapid Urbanisation

IRPTN Roll out & continued cost of operations

Risk and Advisory Services

2015/16

NON REVENUE WATER - stats

R711mil loss

132 mil kl

Non Revenue Water

40.7%2015/16

Risk and Advisory Services

Sustainability of water supply

eThekwini Municipality subscribes to Blue and Green Drop requirements

REGULATOR: BLUE AND GREEN

DROP STATUS

• Internal Audit Reports

• AGSA Management Letter

• National Treasury/ Metro Benchmark

• MPAC

• EXCO/ Council Resolutions/ Ward Committees

• Media – Reputational Risks

• SALGA/ COGTA

• Complaints from Citizens and Community Forums

Constitutional Mandate

Integration

Cross Sectors

Synchronisation/

businesses/

Achievement of societal common

goals

Drive efficiency &

Effectiveness in delivering

services

29

Risk and Advisory Services

Practical integrated processes (planning) process resulting in integrated output

Create platform for communication and sharing best practice

Understand stakeholder dynamics and its implications

Competition is good but should not defeat the bigger purpose

Encourage innovation – link with universities and global innovative platforms

Avoid silos and understand unintended consequences emanating from decisions

Embedding integrated risk management into business operations

Risk and Advisory Services

Risk and Advisory Services