3rd QUARTER RISK MANAGEMENT REPORT TO THE AUDIT
3rd QUARTER RISK MANAGEMENTREPORT TO THE AUDIT AND RISKCOMMITTEE
Contents1.Introduction. 32.Executive Summary . 42.1.Summary of Strategic Risk Mitigation Progress for Quarter 3 . 42.2.Summary of Operational Risk Mitigation Progress for Quarter 3 . 63.Progress against the Risk Management implementation plan 2015/16 . 84.Detailed Progress against Strategic Risk Mitigation Action for 3rd Quarter. 105.3rd quarter Progress on Implementation of Risk Mitigation Plans per Programme. . 166.Conclusion and way forward . 51Quarter 3 Risk Management ReportPage 2
1. IntroductionSection 38(1)(a)(i) and 51(1)(a)(i) of the Public Finance Management Act, (Act No 1 of 1999as amended by Act No. 29 of 1999), require Accounting officers to ensure that theirinstitutions have and maintain effective, efficient and transparent systems of riskmanagement. The primary objective of the risk management function is to ensure that theDepartment of Women improves and sustains its performance by protecting the organisationfrom adverse outcomes and optimising on opportunities.To give effect to this objective, a risk assessment was undertaken with all business units inthe Department in order to identify risks that could impede the attainment of objectives andto determine the levels of controls and action plans that are currently in place to mitigate therisks.The report layout;SECTION A Executive SummarySECTION B: Progress against the Risk Management implementation plan 2015/16SECTION C: Summary of risk progress for Quarter 3 Assessment of performance against the implementation of risk mitigation plans2016/17.SECTION D: Conclusion and way forwardQuarter 3 Risk Management ReportPage 3
SECTION A2. Executive Summary2.1.Summary of Strategic Risk Mitigation Progress for Quarter 3Below is summary of Strategic Risk Mitigation Progress for Quarter 3. In each there isprogress in terms of implementation even through the mitigation action are not fullyimplemented:Legends:FullyImplementedQuarter 3 Risk Management ReportPage 4
#STRATEGIC RISKS1Non Achievement of DoW Mandate2Non Compliance with Governance legislations3Inadequate Implementation of legislation to promote thewomen agenda (socio-economic empower)4Inadequate ICT Infrastructure & Systems5Reputational Risk6Fraud, Corruption & Misconduct7Inadequate capacity (Human & Skill)ProgressStatus2016/17Q3Interpretation:The total number of Strategic Risks identified is seven (7) and twenty (20) mitigation planswere identified. Out of the 20 mitigation plans identified five (9) have been fully implementedof which translates into 45% and fifteen (11) are still work in progress this translates into55%Quarter 3 Risk Management ReportPage 5
2.2. Summary of overall Operational Risk Mitigation Progress for Quarter 3Interpretation:The risk assessment report reflects a total of 71 risk mitigation plans that were duefor reporting in the 3rd quarter excluding strategic risks. It is recorded that 58 (82%)have been fully implemented, 12 (17%) partially implemented and 1 (1%) notimplemented.Quarter 3 Risk Management ReportPage 6
Summary of the overall progress on the implementation of risk mitigation plans for Quarter 3DEPARTMENTAL RISK MITIGATION Q2 AND Q30Not Achieved1013QUARTER 3Partially Achieved(Work in Progress)QUARTER 22158Achieved400Quarter 3 Risk Management Report102030405060Page 7
SECTION B3. Progress against the Risk Management implementation plan2015/16The Risk Management Plan is developed to effect the implementation of the RiskManagement Strategy and outlines what risk management activities aimed atentrenching a risk aware culture and a risk smart workforce within the department.The planned activities form the basis for quarterly risk management reporting to theAudit and Risk Committee.1. The following were planned overall key activities against this plan which have beenfully or partially achieved since 2015/16 to date.#1Planned RiskManagement activitiesas per the planConduct risk assessmentson all major projects andevents of the department.Facilitate risk identificationand assessment sessions2Development of riskresponse strategies3Maintain and continuouslyimprove capacity within thedepartment throughtraining(accredited) andawareness4Review of the RiskManagement Frameworkdocuments( Policy,Page 8 of 51Expected outputProgress to dateApproved Risk RiskassessmentRegisters:Strattegic sessions were conductedand Operationalwith all business units tofacilitate the identificationand assessment of riskduring the fourth quarter of2015/16. StrategicRiskAssessmentwasconducted in Dec/Jan 2016and approved in 21 March2016Action plans Mitigationplansimplemented perhave been drafted for allagreed milestonesRisks identified and arecurrently being tracked forimplementation as peragreed milestones Training Two officials fromStrategic Management Unit Completedorientation for all attended training in riskduringofficials on risk managementOctober 2016.management The Chief Director Makepresentations on presents at EXCO and therisk management CRO presents at Manco.atmanagementForaandmeetingsApprovedRisk Risk ManagementManagementFramework document werePolicy and Strategy reviewed and approved
#Planned RiskManagement activitiesas per the planStrategy)Expected output5Establish a Risk MitigationCommittee and draft theToRs thereof.RiskMitigationCommittee6Facilitate the execution ofERM processes andinfrastructureApproved progressreports:Presentprogress reports atvarious intervalsProgress to dateduring the fourth quarter of2015/16. RiskMitigationCommitteewasestablished and memberswere formally appointed bythe Director General. Progressreportsare presented to variousstakeholders at variousintervals e.g. bi weekly atEXCO, monthly at MANCOand quarterly at ARC.Overall achievement as a percentage: The plan has 11 planned actions of which only6(55%) have been achieved and 5 (45%) are still outstanding.#123452. Activities still outstanding as per the plan and remedial ActionsPlanned Risk ManagementExpected outputRemedial Actionactivities as per the planPublication of Risk Management Communicated risk The policy is going toPolicymanagementbe posted on thepolicy toall intranetofficialsinthe Awarenessdepartmentworkshop on ment Approvedrisk RiskMethodologyMethodologies and processesassessmentwill be reviewed andmethodologies and approval soughtprocessesDrafting of individual key risk Analysis report Analysis of key riskindicators for the top risksofkeyrisk indicators will beindicatorsper conductedagreedfrequencyEvaluate control effectivenessRiskManagement Combinedunit will collaborateassurance Planwith Internal Audit to AssurancetheReporton developcombined assurancecontrolsplan.assessedEnsureriskmanagement PerformanceCollaborationwithprocesses and methodologies areinternal audit will beAudit reportreviewed independently Status report on sought in order torisk management review the entire riskmanagementimplementationprocess.Page 9 of 51
SECTION C4. Detailed Progress against Strategic Risk Mitigation Action for 3rd QuarterBelow is a detailed progress against strategic risk mitigation action for each risk:STRATEGIC RISKRISK CONSEQUENCEMITIGATION PLAN(S)/CONTROLSPROGRESS ONMITIGATION PLANSACTION PLAN1.Non achievement ofDoW mandate- Non achievement of the desiredimpact on women lives-Develop departmental strategicplan procedures- Planning, Monitoring andReporting Policy has beendeveloped and approved.The departmental strategicplan procedure will bedeveloped to align to thepolicy- To develop departmentalstrategic plan proceduresthis will be prioritised in thenext financial year.-Monthly reporting andengagements to improveperformance reporting-Use of performance reporting toevaluate and improve theperformance and service- Quarterly Performancereports are discussed bothat EXCO and MANCO toensure improvedperformance-Insufficient budget allocated tothe department-Non alignment and inefficientutilization of the resourcesactivities-Development of the business case -The Business Case hasfor improved budget allocationsbeen finalised andpresented to NationalPage 10 of 51
STRATEGIC RISKRISK CONSEQUENCE2.Non Compliance withGovernance legislations- Fruitless, Wasteful & irregularexpenditure-Adverse Audit opinion-Possible litigation-Poor service deliveryMITIGATION PLAN(S)/CONTROLSPROGRESS ONMITIGATION PLANS- Training & awareness onlegislationsAll policies are circulated to To provide awareness onstaff via email andpolicies to all staff in thedisplayed on the Intranet fourth quarter-Review DelegationsApproved and signed HRDelegations in terms of thePublic Service Act, 2007,and Public ServiceRegulations, 2016 whichare:ACTION PLAN(a) EA to the HoD in termsof the Public Service Act;(b) HoD to PerformerLevels in terms of thePublic Service Act;(c) EA to the HoD in termsof the Public ServiceRegulations; and(d) HoD to PerformerLevels in terms of thePublic Service Regulations.Page 11 of 51
STRATEGIC RISKRISK CONSEQUENCEMITIGATION PLAN(S)/CONTROLSPROGRESS ONMITIGATION PLANS- Implementation of departmentalMPAT,HR,AGSA improvementplans- Monitoring of improvement plans- MPAT Improvement Plan - Continue with quarterlydeveloped and monitored Monitoring of MPATon a quarterly basisImprovement Plan-Action plan on issuesraised by AGSA developedand monitored on thequarterly basis andpresented to the AuditSteering Committee3. InadequateImplementation oflegislation to promote thewomen agenda (socioeconomic empower,)-non achievement of the desiredimpact on socio-economicempowerment of women andadvancement of gender equality- Monitor and publish progress onthe implementation of policies,programmes and efforts forwomen's empowerment fordomestic, national and internationalACTION PLAN- Continue with monitoringimplementation of actionplan on issues raised byAGSA-The Report was presentedto ESEID clusterdepartment on the 12October 2016.-Subsequently, a follow-upmeeting with DST EXCO topresent individualdepartmental report tookplace on the 21 November2016.Page 12 of 51
STRATEGIC RISKRISK CONSEQUENCEMITIGATION PLAN(S)/CONTROLSPROGRESS ONMITIGATION PLANS- Information & knowledge sharing- Knowledge repositorymaintenance took place inthe quarter using simplecategories for internalknowledge sharing.ACTION PLANDoW documents such asthe Status of WomenReport, CEDAW Reportetc. uploaded on internet(department website) forexternal sharing.Distribution of informationmaterial during the 16 daysof activism which is part ofknowledge sharing.The National Dialogue inLimpopo provided aplatform for knowledgesharing and awarenessraising with grassrootscommunities/municipalitiesPage 13 of 51
STRATEGIC RISKRISK CONSEQUENCE4. Inadequate ICTInfrastructure & Systems- Fruitless, Wasteful & irregularexpenditure-Adverse Audit opinion-Possible litigation-Poor service deliveryMITIGATION PLAN(S)/CONTROLSPROGRESS ONMITIGATION PLANS-Review & finalization of the costedICT strategy- ICT GovernanceFramework of theDepartment is underdevelopment stage (work inprogress).- Systems are tested on a - Continue system testingquarterly basis for service on a quarterly basiscontinuity-Monitor implementation of the ICTstrategy-Testing of systems for servicecontinuitystACTION PLAN5. Reputational Risks-poor public image-Lack of public confidence-Delays & reversal in women'ssocio economic empowermentand societal transformation-gender equality-Monitor implementation of thecommunication strategy-Quality assurance standards forpublications-Standard operating proceduresmanual- 1 phase of theCommunication Strategy,viz. the annualcommunication planimplemented- Communication Strategyis being implemented inphases6. Fraud, Corruption &Misconduct-Misappropriation and abuse ofassets/power- Adverse Audit opinion-Irregular ,fruitless and wastefulexpenditure-Reputation risk-Training and awareness onpolicies & procedures- Ethics training has beenconducted with all staff- To conduct fraud andethics managementawareness sessions on thefourth quarter.-Poor service delivery-HRD based on classification of the List of improvedrequired skillsqualifications was-Monitoring the implementation ofsubmitted to DPSA forthe recruitment, selection process7. Inadequate capacity(Human & Skill)- Fraud Prevention Policy15/16 and FraudPrevention Plan 15/16developed and approvedAwareness on key policieson SCM and Finance to beconducted in the fourthquarter.Page 14 of 51
STRATEGIC RISKRISK CONSEQUENCEMITIGATION PLAN(S)/CONTROLSPROGRESS ONMITIGATION PLANS- Monitoring the implementation ofthe PDP'sconcurrence in SeptemberACTION PLAN- Workplace skills plan wasdeveloped and submittedto PSETA in April2016.Quarterly reports aresubmitted to PSETA on aquarterly basis.Page 15 of 51
5. 3rd quarter Progress on Implementation of Risk MitigationPlans per Programme.Programme1 consists of 10 units/directorates which are: Strategic Planning and ReportingInternal Operations EfficiencyInternal AuditFinancial ManagementHuman Resources ManagementInformation Communication and TechnologyLegal ServicesAuxiliary Services, Security Services and Records Management.Programme 1 had 48 risk mitigation plans that were due for reporting in the thirdquarter. Out of the 48 mitigation plans 36 are fully implemented, which translates into75%, and 12 are partially implemented/still work in progress of which translates into25%.Commentary Note: Substantial progress has been made towards implementing all risk mitigationplans.Page 16 of 51
PROGRAMME 1: evedPartially AchievedNot AchievedPage 17 of 51
Below is the progress against each risk mitigation action for Programme 1:ROOT CAUSESUNITRISKStrategicPlanning andReportingStrategicobjective ofeachbusiness unitor programmemay not bealigned to thevision andmandate ofthedepartmentStrategicPlanning andReportingInadequateandmisalignedreporting ofperformanceCURRENT CONTROLS'-Programme may put'- Integrated strategic planning ofstrategic objectives that the departmentare convenient to them- Lack of understanding of - Consultation with Programmesthe department's mandate to make sure that there is an- Ignoring the broaderalignmentdepartmental strategicobjectives- Insufficient situational- Strategic documents areanalysis by Programme presented to managementstructures before approvalMITIGATIONPLAN(S)/CONTROLS- Conduct integratedplanningPROGRESS ONMITIGATIONPLANSIntegrated planningis a continuousprocess until thefinalisation of thestrategic planningThis is a processthat is integrated inthe whole strategicplanning- Monitor quarterlyreports for alignmentwith thedepartmentalstrategic objectives-Quarterly reportspresented at EXCOQuarterly reportsmonitored foralignment'- Lack of branch meetings - Standardised reporting template - To issue nonto discuss quarterly- Performance management policy compliance letters toperformance reportsDDG's and Heads ofUnit for non-CORRECTIVEACTIONContinue with theprocess until thefinalisation ofstrategic planningprocess.This is going to bea continuousprocessQuarterly reports at This is going to bepresented at EXCO done quarterlyBranches and Units This is going to besubmitted on time done when nonhowever , it wascompliance isreturned back tonoted.address somePage 18 of 51
UNITinformationsubmitted bybranchesInternalOperationsEfficiencyROOT CAUSESCURRENT CONTROLSincomplete quarterlyreports- Submission in a form ofmalicious compliance-Non-compliance of duedatesin place- Circular for operationalprocedure for reporting- Quality assurance and internalaudit report- Non- compliance report issuedfor programmes- Reports and evidence files aresigned off by DDGs and HeadsRISKInadequatemonitoringandcompliancewith MPAT-Non-compliance with theManagementPerformance AssessmentTool (MPAT)- Poor planning andmanagement of MPATProcessesLack of quality assuranceon evidence submitted byrelevant managers- Lack of on-goingmonitoring on theimprovement plan byrelevant managers- MPAT Key Performance Arrearscoordinators appointed- MPAT improvement plandeveloped and monitored on aquarterly basis-MPAT share folder created to fileevidence-MPAT checklist ESS ONMITIGATIONPLANScomments fromSMUCORRECTIVEACTION- Branches to submit Branches submitThis is going to beanalysis reportquarterly reportsa continuousand StrategicprocessManagementthroughout thedevelops anquartersanalysis report on aquarterly basis- MPAT reporting to MPAT status report This is going to bebe done on adeveloped anddone on aquarterly basissigned off by thequarterly basis.Director-GeneralMonthly MPATprogress meetingMPAT progressmeeting held on amonthly basisMonitoring of MPATevidence on theshare folderMPAT evidencefiled with DPME onthe 30 September2016There would be acontinuousmonitoring andverification of theevidence.Page 19 of 51
UNITRISKInternalOperationsEfficiencyInability toinstitutionaliseriskmanagementROOT CAUSESCURRENT CONTROLSMITIGATIONPLAN(S)/CONTROLS- Lack of risk governancestructures- Lack of riskunderstanding by brachesand business units- Risk management maynot be integrated intostrategic managementprocesses- Lack of monitoring forrisk mitigation action- Risk Mitigation CommitteeMembers appointed- Risk Management Framework inplace- Operational Risk workshopsconducted- Risk mitigation quarter progressreport developed- Quarterly reportson risk mitigationaction- Risk MitigationCommittee to meetevery quarterPROGRESS ONMITIGATIONPLANSFurther moreevidence wasloaded on theMPAT system on20 October 2016.This wasdelegations interms of the PublicServiceRegulations whichwere signed offafter 30 September20163rdquarter reportdeveloped andpresented to theAudit and RiskCommitteeCORRECTIVEACTIONThe fourth quarterreport is going tobe developed andpresented to theAudit and RiskCommitteescheduled to takeplace in April.Risk MitigationThe next meetingCommittee met on is going to takerdthe 3 of February place in March2017before the end ofthis financial year.Page 20 of 51
ROOT CAUSESUNITRISKInternal AuditFailure tocompleteInternal AuditplansInternal AuditLack ofindependenceand objectivityinperformanceof audit workCURRENT CONTROLSMITIGATIONPLAN(S)/CONTROLS- Insufficient human- Resourced planning of theThe Office of theresourcesinternal audit activitiesAccountant-General- Lack sufficient skills to - The Department entered intowill periodicallyperform audit workagreement with National Treasury second an official to- Ad hoc internal auditto provide internal audit support to provide internal auditassignment fromthe internal audit activity of thesupport to themanagement and theDepartmentDirectorate: InternalAudit and Risk Committee - Audit and Risk Committee toAuditassess the resource requirementsof the Directorate: internal auditand recommend appropriate staffcomposition to Management of theDepartment'- Audit scope limitation- Internal Audit Charter- Interference with audit - Internal Audit activity overseenworkby the Audit and Risk Committee- Inadequate internal audit - Dedicated internal audit budgetauthority- Internal Audit Plans are- Status of internal audit in endorsed by MANCO andthe Department'sapproved by the Audit and RiskPROGRESS ONCORRECTIVEMITIGATIONACTIONPLANSNational Treasury Continue to workprovides Internalwith NationalAudit Support to the Treasury as andDepartment’swhen necessaryInternal Auditfunction as whennecessary.The Directorate:Internal Audit willestablishcollaboration withinternal auditfunctions of othergovernmentdepartments andentities to share andtransfers of skills.During the thirdThe Directoratethere was nowill havecollaborationscollaborations withformed between the IA functions ofDepartment’sother departmentsinternal auditas an when thefunction andneed arises.internal auditfunctions of othergovernmentdepartments andentities.Review InternalAudit CharterannuallyInternal AuditThis will continueCharter was tabled, as required.discussed andapproved by theARC in the ARCmeeting held on the27 October 2016.Page 21 of 51
ROOT Governancelegislations : Sec 38 Sec 39 –BudgetResponsibilities Sec 40 ReportingResponsibilitiesCURRENT CONTROLSMITIGATIONPLAN(S)/CONTROLSorganisational structure CommitteeQuarterly Reporting- Internal Audit plans that - Internal Audit dual reporting lines to the Audit and Riskare not informed by theto the Director-General and theCommitteerisk assessment results Audit and Risk Committee- Annual Departmental RiskReportPresentation ofInternal Audit Plansto MANCO and theAudit and RiskCommitteePROGRESS ONCORRECTIVEMITIGATIONACTIONPLANSQuarterly Internal This is going toAudit Reports are continue aspresented atplanned.MANCO, EXCOand AuditCommitteeInternal Audit Plans This process iswere presented and going to continueaccepted byannually until theMANCO. Theyfinal approval.were alsopresented anddiscussed andsubsequentlyapproved by theAudit and RiskCommittee- Inadequate alignment of -SCM and financial delegations infinancial and SCM policies placeand procedures- Financial instructions issued to-Non-payment of suppliers officialswithin the prescribed 30 - Financial Policies are in placedays period- Awareness creation.-Circumvention of SCM - Strengthening of financialand financial policiescontrols- Unauthorised- Asset register in maintained onexpenditureexcel- Irregular expenditure- Enforcing controls on movement- Lack of understanding of assetsfrom officials in theEnforcing ofprocurementprocesses hasbeen done toeliminate irregularexpenditure.SCM policy havebeen drafted,approved andimplementedSCM circular hasbeen issued onAbuse of SCMprocessesConsequencemanagement-Strengthening ofawareness andenforcing SCMpolicies andprocedures- Implementation ofconsequenceContinuousmonitoring ofPage 22 of 51
ROOT CAUSESUNITHumanResourceManagementCURRENT nual and annual physicalverification of asset register-Budget committee in plan-Continuous monitoring of thebudget- Training people tomigrate to LOGIS- Budget committeeto meet monthly andgo through budgetexpenditureMonthly BudgetThe monthlyCommittee in place, meetings tochaired by thecontinue asAccounting Officer scheduled.-Leave management policy-Leave administrators-Leave plan circular-Warning letters for late-Develop HRstandard operatingprocedures for theadministration ofleave.Draft HRM inprocess ofdevelopment andconsultationRISKdepartment- Late submissions ofrequired reports- Lack of policies andguidelines- Inadequate internalcontrols- Inadequate practices inmanagement of assets- Incomplete assetregister- Movement of assets notproperly control anddocumentedMismanagem -Lack of monitoring ofent of leaveleave trends and patternsby supervisors-Lack of monitoring thepersonnel attendancePROGRESS ONCORRECTIVEMITIGATIONACTIONPLANSimplemented ondeviations will takepayments outside placeof 30 daysSCM staff attended noneLogis training sinceNov 2015 in phasesFinalise businessprocesses.- Submission for reappointment ofLeaveAdministratorssubmitted to DG forapproval.- Submission sentto the DG forapproval.Page 23 of 51
ROOT CAUSESUNITRISKCURRENT CONTROLSMITIGATIONPLAN(S)/CONTROLSPROGRESS ONCORRECTIVEMITIGATIONACTIONPLANS- A communiquéapproved by theDG was circulatedto employees forsubmission ofannual leave plans.- Circulated to allstaff- A standardwarning letter wasdeveloped toaddress noncompliance.On-going as theneed arisesStandard letter fornon-compliancedeveloped, signedby DG/CD: CM andgiven to respectiveemployees/supervisor- Annual leave plancircular alreadycirculated to all staffPage 24 of 51
UNITHumanResourceManagementROOT CAUSESCURRENT CONTROLSregister by supervisors-Late and non-submissionof leave forms-Non-compilation ofannual leave plan and/oradherence to annualleave plan-Lack of leave verificationand reconciliation-Absenteeism, latecoming and early leavingby staff-Late capturing of leave-Lack of departmentalskills development plan-Employees' nonavailability or nonattendance of scheduledsubmission of leave forms-Manual Register andreconciliation of leave forms-Attendance registers-Attachment of the leave creditsavailableRISKLack e managementof bursary scheme-Dedicated training budget-Skills audit agement fornon-compliantemployeesPROGRESS ONCORRECTIVEMITIGATIONACTIONPLANSStandard letter for On-going as thenon-complianceneed arisesdeveloped, signedby DG/CD: CM andgiven to respectiveemployees/supervisorQuarterly trainingreportQuarterly training On-going as thereport submitted to need arisesPSETA on 07October 2016-Nomination forms tohold employeesaccountable for nonattendance oftrainingNomination forms Nonecontain declarationby employees tocomply withrequirements,failure which theywill be held liablefor the paymentcoursesDraft HRMSOP for thebusiness processes management ofin process ofbursaries will bedevelopment and finalised during theconsultationfirst quarter of thenext financial yearDevelop SOPs forthe management ofbursariesPage 25 of 51
ROOT rformancemanagementof and selectionprocesses tofill fundedvacanciesICTLack of ICTsecurityCURRENT CONTROLS-Late/non-submission of '-PMDS policy and SMSperformance work plans Handbookand agreements-Circular on implementation of-Lack ofsystemunderstanding/commitme -Workshops provided onnt of PMDS policies and implementation of systemprocedures by managers, -Progress reported tosupervisors andEXCO/MANCOemployees-Moderating Committees-Performance agreementsand work plans notaligned to the AnnualPerformance Plan-Late/non-submission ofprescribed performanceassessments-Late/non-submission ofprescribed performancemoderations-Inadequate interventionsfor poor performance-Jobs not profiled and-Recruitment and Selection policyevaluated prior to-1 contract workeradvertisement of posts-1 employee temporarily from-Limited capacity toFacilitieshandle responses toapplications received-Limited capacity tomanage recruitment andselection volumes-Delayed securityscreening of qualifyingcandidates-Lack of policy on ICT-Anti-virus contract with thesecurity to guide theexternal service provider in nt fornon-compliantemployeesPROGRESS ONCORRECTIVEMITIGATIONACTIONPLANSStandard letter for Nonenon-compliancedeveloped, signedby DG/CD: CM-Finalise jobdescriptions andevaluate all jobs88.0% of jobevaluated-MonitorimplementationProgress reportedin Q2 HR OversightReport-Approval of ICTsecurity policyMonthly meetingTo be presented toheld with Info Gaud the ICT SteeringFinalise jobdescriptions andevaluation processby the 31 March2017.Page 26 of 51
ROOT CAUSESUNITcontrolsICTCURRENT CONTROLSRISK'Disruption ofICT servicesimplementation of the-Reporting of the monitoring ofcontrolssecurity activities conducted-Lack of monitoring of the fortnightlyimplementation of the ICT -ICT policy draft implementedsecurity controls-ICT security infrastructure in- Exposure to logicalplaceattacks such as malwareand viruses-Breach of IT contractualcompliance with IT serviceproviders-Logical access rightstrespassing by users orunauthorized persons onactive directory--Exposure of sensitive orconfidential informationdue to medialoss/disclosure tounauthorized persons-Limited or inadequate ITinfrastructure and systemsto effectively support thecurrent and future needsof the department in anefficient, cost-effectiveand well controlledmanner-Disclosure ofdepartment's informationto unauthorized persons'-Loss of IT services due '-Monitoring tool in place toto Interrupted/ failure ofmonitor the serversutilities performance.-Disaster recovery plan in place-Exposure to business-Disaster recovery site has beenMITIGATIONPLAN(S)/CONTROLSFinalise theimplementation ofdisaster recoveryPROGRESS ONCORRECTIVEMITIGATIONACTIONPLANSand SITA regarding Committee that isactivities andscheduled for thethsecurity access4 Quartercontrols. Theirprovision of reportis used todetermine theaccountability offunctions renderedwith respect to theagreed SLA.Register tophysically accessthe Server Roomexist. For internalpeople BiometricAccess ControlSystem is used.Remote access isprovided only upona singed andapproved SLA withthe department. Anoption of bringingDashboardssystems which areto be used to pullremote access logshas been discussedwith ServiceProvidersEngagement with SourcingSITA are inassistance fromprogress to assist in SITAoperationalizing thePage 27 of 51
UNITROOT CAUSESCURRENT CONTROLSand operationalinterruptions emanatingfrom loss of ITservices(down time)-Absence of a functionalDisaster Recovery Sitemay cause inability torecover critical systemsand applications in theevent of a disaster-Lack of backup policyimplementation andtesting-Lack of up to dateworking equipmentbuilt-Backups are running every dayand are being monitored-IT personnel that are able toattend to issues-ICT contracts with SITA tosupport with disruptionRISKMITIGATIONPLAN(S)/CONTROLSPROGRESS ONMITIGATIONPLANSDR SiteCORRECTIVEACTIONConduct testing onbackupsTest has beenconducted and ithas beendetermined that thesystems are notbacking up data,and restoring alsoposing somechallenges.Continuous testingto take place untilall the challengesare resolved.Page 28 of 51
UNITRISKICTLack ofalignment ofICT activitiesto thestrategicobjectives ofthedepartmentROOT CAUSESCURRENT CONTROL
Facilitate risk identification and assessment sessions and assessment of risk Approved Risk Registers:Strattegic and Operational Risk assessment sessions were conducted with all business units to facilitate the identification during the fourth quarter of 2015/16. Strategic Risk Assessment was conducted in Dec/Jan 2016
Standard Bank Group risk management report for the six months ended June 2010 1 Risk management report for the six months ended 30 June 2010 1. Overview 2 2. Risk management framework 3 3. Risk categories 6 4. Reporting frameworks 8 5. Capital management 10 6. Credit risk 17 7. Country risk 36 8. Liquidity risk 38 9. Market risk 42 10 .
81. Risk Identification, page 29 82. Risk Indicator*, page 30 83. Risk Management Ω, pages 30 84. Risk Management Alternatives Development, page 30 85. Risk Management Cycle, page 30 86. Risk Management Methodology Ω, page 30 87. Risk Management Plan, page 30 88. Risk Management Strategy, pages 31 89. Risk
Risk is the effect of uncertainty on objectives (e.g. the objectives of an event). Risk management Risk management is the process of identifying hazards and controlling risks. The risk management process involves four main steps: 1. risk assessment; 2. risk control and risk rating; 3. risk transfer; and 4. risk review. Risk assessment
Phishing Activity Trends Report 3rd Quarter 2020 www.apwg.org info@apwg.org 4 Phishing Activity Trends Report, 3rd Quarter 2020 0 50,000 100,000 150,000 200,000 250,000 Aug-19 Sep-19 Oct-19 Nov-19 Dec-19 Jan-20 Feb-20 Mar-20 Apr-20 May-20 Jun-20 Jul-20 Aug-20 Sep-20 Phishing Activity, 3Q 2019 to 3Q 2020 Phishing sites Unique email subjects .
Tunnelling Risk Assessment 0. Abstract 1. Introduction and scope 2. Use of risk management 3. Objectives of risk assessment 4. Risk management in early design stages 5. Risk management during tendering and contract negotiation 6. Risk management during construction 7. Typical components of risk management 8. Risk management tools 9. References .
TROPICAL BATTERY ANNUAL REPORT 2020 2nd Quarter Financial Year 2021 vs 2nd Quarter Financial Year 2020 REVENUE 7.5% OPERATING EXPENSES 11.6% EBIDTA 49.6% NET INCOME AFTER TAX 314.4% Tropical Battery Compant Limited Interim Report 2nd Quarter Period Ended March 31, 2021 2nd Quarter Interim Report to our Shareholders 1 Unaudited Financial Statements:
Risk Matrix 15 Risk Assessment Feature 32 Customize the Risk Matrix 34 Chapter 5: Reference 43 General Reference 44 Family Field Descriptions 60 ii Risk Matrix. Chapter 1: Overview1. Overview of the Risk Matrix Module2. Chapter 2: Risk and Risk Assessment3. About Risk and Risk Assessment4. Specify Risk Values to Determine an Overall Risk Rank5
ASME SA312 ASTM A 312 TP310S Stainless-Steel Tubes ASTM A312 / A 312M, ASME SA312 TP310S is the standard including seamless and welded stainless pipes ASME SA312 TP310S Stainless Steel Pipes ASTM A312 /A312M ASME SA312 Covers seamless, straight-seam welded, and heavily cold worked welded austenitic stainless-steel pipe intended for high-temperature and general corrosive service. ASTM A312 .
