Sign In

Guidelines for Management

Print this Guideline


1. Purpose

The purpose of this guideline is to assist Management in discharging their responsibility for risk management.

Management is defined as:

·   All officials of the Institution with management responsibilities except for the Chief Risk Officer and officials reporting to him/her.

2. Application

The guideline is designed to:

·    Provide Management with information to enable them to fully understand their roles and responsibilities in terms of risk management;

3. How to navigate the guideline

The guideline has been structured according to the sections noted below.  Each of the sections contains underlying information that can be accessed by clicking on the title.

·         Legal mandate (Section 4)

·         Strategic value of Management in risk management (Section 5)

·         High level responsibilities of Management (Section 6)

·         Evaluation criteria (Section 7)

·         Additional reading / reference (Section 8)

4. Legal mandate and corporate governance

4.1 Legal mandate

Legislating the implementation of risk management in public sector institutions is part of a macro strategy of Government towards ensuring the achievement of national goals and objectives.

The following legislative instruments provide the legal foundation for the Management's responsibility for risk management:

National Departments

·         Section 45 of the Public Finance Management Act (Act 1 of 1999 as amended by Act 29 of 1999) (PFMA).

Constitutional Institutions

·         Section 45 of the Public Finance Management Act (Act 1 of 1999 as amended by Act 29 of 1999) (PFMA).

Provincial Departments

·         Section 45 of the Public Finance Management Act (Act 1 of 1999 as amended by Act 29 of 1999) (PFMA).

Public Entity

·         Section 57 of the Public Finance Management Act (Act 1 of 1999 as amended by Act 29 of 1999) (PFMA).

Provincial Entity

·         Section 57 of the Public Finance Management Act (Act 1 of 1999 as amended by Act 29 of 1999) (PFMA).


·         Section 78 of the Municipal Finance Management Act (Act 56 of 2003) (MFMA).

Municipal Entities

·         Section 105 of the Municipal Finance Management Act (Act 56 of 2003) (MFMA).

4.2 Corporate Governance

The Institution can draw guidance from the following:

·         King III Report on Corporate Governance; and

·         Batho Pele principles.

5. Strategic value of Management in risk management

Management is accountable to the Accounting Officer / Authority for designing, implementing and monitoring risk management, and integrating it into the day-to-day activities of the institution. As such Management should ensure that it is satisfied with the management of risk and prevent risk management from becoming a series of activities that are detached from the realities of the Institution’s business. Risk management, when integrated into the decision making process, becomes a valuable strategic management tool for underpinning the efficacy of service delivery and value for money.  Risk Management should be standing agenda item in Management meetings.

6. High level responsibilities of Management

To derive optimal benefits, risk management ought to be conducted in a systematic manner, using proven methodologies, tools and techniques. 

Management is responsible for executing their responsibilities outlined in the risk management strategy and for integrating risk management into the operational routines.  The risk management reports submitted by Management to the Risk Management Committee or Audit Committee include:

·         Non-compliance risks with key laws and regulations;

·         Fraud related risks;

·         Risks associated with the breakdown in key internal controls;

·         Review of business continuity and disaster recovery plans;

·         New risks that emerged during the reporting period; and

·         Significant changes in current risk or risks that materialized during the reporting period.

High level responsibilities of Management should include:

·     executing their responsibilities as set out in the risk management strategy;

·     empowering officials to perform effectively in their risk management responsibilities through proper communication of responsibilities, comprehensive orientation and ongoing opportunities for skills development;

·     aligning the functional risk management methodologies and processes with the Institutional process;

·     devoting personal attention to overseeing the management of key risks within their area of responsibility;

·     maintaining a co-operative relationship with the Risk Management Unit and Risk Champion;

·     providing risk management reports;

·     presenting to the Risk Management and Audit Committees as requested;

·     maintaining the proper functioning of the control environment within their area of responsibility;

·     monitoring risk management within their area of responsibility;

·     holding officials accountable for their specific risk management responsibilities.

·    Maintaining the functional risk profile within the Institution's risk tolerance (ability to tolerate) and appetite (risk that it is willing to take);

·      implementing the directives of the Accounting Officer / Authority concerning risk management;

·     prioritizing and ranking risks in their area of responsibility to focus responses and interventions on risks outside the Institution’s tolerance levels;

·     benchmarking risk and risk mitigation activities;

·     assessing the effectiveness of risk management within area of responsibility; and

·     developing and implementing a fraud risk response plan.

7. Evaluation

Everyone in the Institution has a part to play in achieving and sustaining a vibrant system of risk management and to that extent should function within a framework of responsibilities and performance indicators. Evaluation of Management’s effectiveness in risk management is vital to maximize the value created through risk management practices.

Clear objectives and key performance indicators should be set for the Management in respect of risk management and included in the performance agreements of Management.  These indicators should be able to measure the Management's effectiveness in the Institution's risk management in contributing to the Institution's goals and objectives.  The Accounting Officer / Authority should evaluate the performance of Management through the following and other relevant indicators:

·       business unit performance against key indicators, including comparison of year-on year performance;

·       implementation of risk management action plans;

·  co-operation with the Risk Management Unit, Risk Management Committee, Risk Champion and relevant stakeholders involved in risk management;

·       quality and timeliness of risk identification, assessment and reporting;

·       proactive identification of new and emerging risks;

·       absence of surprises;

·       year-on-year reduction in adverse incidents and realised losses;

·       elimination of unauthorised expenditure, fruitless and wasteful expenditure and irregular expenditure;

·       reduction in fraud;

·       progress in securing improved Internal Audit and Auditor-General outcomes in regularity and performance audits;

·       Implementation of credible risk management structures within their business unit;

·       service delivery performance and improvement;

·       improvement in efficiency ratios for service delivery; and

·       actual effectiveness of controls instituted.

8. Additional reading / reference

A catalogue of additional resources is included below to assist Management to facilitate implementation of risk management.  Click on the relevant link to access these documents.

Guidelines: Additional reading / reference

Print this Guideline

© Maintained by the National Treasury. All Rights Reserved.