CHAPTER 4 - INTEGRATION OF RISK MANAGEMENT ACTIVITIES
13. Enterprise-wide risk management (ERM)
(1) ERM is a systematic, co-ordinated and inclusive process which uses the Institution's strategy (IDP) and objectives (SDBIP) as the focal points to manage the range of risks and optimise opportunities to enhance the achievement of the strategy and objectives.
(2) ERM represents a response to the dilemma that risks (including opportunities) are dynamic and often highly interdependent and need to be managed through a portfolio approach rather than as separate and static events, to achieve comprehensive and integrated attention.
(3) ERM also calls for the Institution to look beyond itself, requiring the consideration of risks on performance regardless of whether events originate internally or externally. In other words, the Institution should also be concerned about risks created by other parties which could impact its performance.
(4) To give effect to 13(3), the Institution should:
a) consider the entire value chain for producing and delivering services or goods, to understand and act on the threats and opportunities posed by the value chain participants on the Institution’s performance;
b) communicate timeously with other organs of state and external parties in instances where the identification, evaluation and management of risk to the Institution require the participation of these organs, and
c) identify and communicate to other organs of state and other parties risks posed to them by the Institution’s own actions or inaction.
(5) The Institution must be aware of and comply with various legislations that prescribe specialised risk management, for example, Occupational Health and Safety Act, Disaster Management Act, Prevention of Fraud and Corruption Act and others, and integrate these within the ERM process.
(6) True to the concept of ERM and the principles of combined assurance, synergy should be established between the Risk Management Unit, Risk Management Committee and internal functions concerned with specialised risk management activities, including but not limited to those for:
a) strategy planning and management;
b) occupational health and safety;
c) environmental risk management;
d) disaster management;
e) business continuity management;
f) prevention of fraud and corruption;
g) contracts management;
h) internal audit;
i) performance monitoring and evaluation, and
j) oversight of municipal entities.