JOHANNESBURG RISK ASSURANCE SERVICES TABLE OF CONTENTS

Transcription

1 JOHANNESBURG RISK ASSURANCE SERVICES TABLE OF CONTENTS Section 1. Introduction...2 Section 2. Annual Departmental Scorecard...5 Section 3. Risk Assessment...8 Section 4 Programmes...10 Section 5. Programme Planning

2 Section 1. Introduction The current annual plan outlines in a more detailed and considered manner what the Department will be focusing on for the coming year and how it plans to deliver on the targets that have been set. The Annual Plan also serves as the implementation plan for the 3- year business plan and any other priorities that have been identified and will therefore need to be monitored and evaluated to assess progress against both the 3-year business plan targets and the annual targets. (Where a business plan exists) The Core Business The effective management of risks within the City of Johannesburg is of critical importance. To assist in the management of these risks the City has a division named Johannesburg Risk Assurance Services. The function is highly professional and is one of the three largest corporate members of the Institute of Internal Auditors in South Africa. In addition to assisting the City by providing assurance on its risk management procedures, the Johannesburg Risk Assurance Services also gives guidance to the City on its corporate governance and has additional specialised sections for integrity risk assessment. The integrity risk assurance service is responsible for the forensic investigations in the City and in introducing fraud prevention initiatives into the City. The enterprise risk management service section is responsible for designing and implementing an overall risk management process for the city It is the division's vision to be seen as a world-class function by 2004, not only in local government but also in the risk assurance fraternity as a whole. The Johannesburg Risk Assurance Services department is an independent, objective assurance and consulting service, designed to add value and improve the City of Johannesburg's operations. It assists the City in achieving its objectives by using a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. It achieves this by using people of the highest integrity, empowered to deliver professional world-class services that are a credit both to the City of Johannesburg and the Risk assurance profession. Some of the key responsibilities of the division outlined below: Developing and implementing a risk management process Providing assistance in conducting quality reviews on current projects The performing of traditional internal audits Conducting follow ups on previous audit assignments Facilitation of various workshops Compilation of fraud prevention programmes Conducting forensic investigations with regards to fraud cases Assessing the levels of compliance to corporate governance 3

3 Generic consulting on various issues relating to the key functions of the City Kwa Maritane Priorities Agenda setting is the manner in which politicians interpret the mayoral priorities and translate these into more specific areas of focus and priorities. Kwa Maritane was the first process of agenda setting. The Kwa Maritane workshop produced a range of focus areas in relation to each mayoral priority. Following the Kwa Maritane workshop, each of the core departments started their business planning process for the next financial year (2003/2004). The priorities that emerged from Kwa Maritane were built into the planning process from two perspectives: Firstly, in terms of checking whether existing programmes and initiatives were addressing the priorities and making them explicit; Secondly, in terms of generating new programmes and initiatives in relation to the KMP. Thirdly incorporating key performance indicators or key performance areas that will be utilised in giving effect to those particular priorities The table below outlines briefly the key issues that directly affected the Johannesburg Risk Assurance Services Department and how these will be covered in the departmental scorecard: Priority Batho Pele: Customer service training and monitoring Batho Pele: Eradication of corruption Key Activities/ Initiatives Besides the skills development plan that will implemented by the unit there is a further plan to train trainers with an emphasis on fraud awareness This focus area covers the audit committee and internal city structures (core departments, UAC s where services are provided, Regions) as the clients and it is the responsibility of the unit to ensure that they are servicing their clients effectively. This is a city-wide focus and critically depends on the effectiveness of the unit in ensuring the achievement of set objectives and targets in terms of awareness, prevention and effective investigations 4

4 Section 2. Annual Departmental Scorecard The table below lists the departmental scorecard. It incorporates the Key Performance areas for the department. These are drawn from the departmental business plan and are aligned to the city scorecard, the Kwa Maritane priorities, the core business of the department and the legislative/policy obligations of the department. The KPAs are linked to indicators and targets that outline the framework against which the departments will be performance will be measured. Indicators and targets also represent a key point of departure in terms of reporting and accountability. The Scorecard also represents the framework against which detailed plans are presented. This plan reflects an undated departmental score card which includes the risks identified. Key Performance Area Maximise client and stakeholder satisfaction and provision of professional services to the various clients and stakeholders To provide proactive anti fraud initiatives Customer Perspective Key Performance Indicator % Satisfaction rating received from client satisfaction questionnaires 75% (Project tool) % Reliance on IA work by the office of the AG 100% % Rating by audit committee 70% % Roll out of anti fraud plan 100% % Communication of policies 100% % Awareness of the manifestations of fraud to senior management level1-3 95% Number of fraud risk assessments performed 25 Number of staff trained in anti-fraud awareness (train the trainer) 40 Target 5

5 Key Performance Area To perform effective and efficient forensic investigations To implement initiatives to address enterprise risk management Internal Business Perspective Key Performance Indicator Number of disciplinary cases lost due to technical issues on the forensic investigation % Roll out of plan 100% % Assessment of business risks for departments 100% % Development of risk management strategy fro departments 100% % Completion of design and implementation of appropriate internal 100% controls % Completion of facilitation of coverage plan to monitor performance 100% controls % Implementation of electronic self assessment questionnaire at regional 100% level 0 Target 6

6 Growth and Learning Perspectives Key Performance Key Performance Indicator Target Area To facilitate the centralisation of risk Target date for Implementation of approved plan 6 months after approval assurance functions (forensics, computer auditing and enterprise risk management To provide professional Amount of additional revenue collected from other municipalities R1 million services to other local governments To ensure effective % Achievement of skills development targets as per JRAS training 100% human resources management within the calendar % Achievement of Employment Equity targets 50% department % Of staff within the unit with signed individual performance score cards 100% Key Performance Area To ensure effective financial management Financial Perspective Key Performance Indicator % Compliance to budget allocations 100% % Over-expenditure on total departmental budgets 0% % Completion of the Asset listing for the department 100% Target 7

7 Section 3. Risk Assessment The Risk Assurance Services Department underwent a process of identifying key risks that affect the department and its operations. This process involved the following activities: A facilitated discussion and brainstorming session to identify key risks per strategic objective. Electronic voting on all the risks identified: The workshop participants underwent a process of voting for which risks were likely to have a huge impact and which risks were likely to happen. This voting was done electronically. Discussion on results of voting: The results were then electronically analysed and 10 priority risks were identified. Discussion on current management of key risks (Controls or how these should be reflected in the departmental scorecard): During the process of the development of the departmental scorecard, the department developed key issues that will be considered in order to mitigate these risks. The scorecard then included activities that were aimed at the development of controls to deal with key risks that were identified. Crosscutting Risks In addition to the KPA specific risks, the group also identified a number of risks that are general in nature and are crosscutting. These are briefly outlined below: Inadequate succession planning Inadequate Business continuity plans in place Inadequate Management Information systems within council (Financial and operational) The Top 10 Ranked Risks Risk Ranking Risk # Risk Impact Likelihood Inherent Risk 1 35 Over dependence on key individuals Internal politics may break down the synergy of the department Lack of cohesion of the executive team JRAS will not be able to deliver on an important / high profile project Client environment (organisation culture) is not yet "ready" for world class

8 Risk Ranking Risk # Risk Impact Likelihood Inherent Risk 6 41 Lack of dedication of staff We do not retain the right staff Competitors are consulted prior to JRAS (consulting firms) Performance Management System is not consistently applied Security of laptops

9 Section 4 Programmes The table below indicates the programmes planned for the next financial year as well as the budgetary requirements for those programmes and the shortfall if any. The process of the development of programmes was done in relation to the draft departmental scorecard. Thus, there is a close correlation between the key performance areas and the programmes, which were developed. KPA To ensure effective human resource management within the department To facilitate the centralisation of risk assurance functions (forensics, computer auditing and enterprise risk management) Maximise client and stakeholder satisfaction and provision of professional services to the various clients and stakeholders Provision of pro-active anti-fraud initiatives To ensure effective human resource management within the department Project/Programme/Initiative Description Drafting of training calendar Centralisation of key risk assurance functions Development of a satisfaction questionnaire for completion by the Audit Committee Fraud Awareness Campaign Development of new individual scorecards 10

10 Section 5. Programme Planning The programmes that were developed were broken down into key projects that will be implemented by the department. These are briefly outlined below: KPA To ensure effective human resource management within the department Programme Programme Owner and Participants Drafting of training calendar Claudine & training focus group Project Timeframe Deliverable Milestone Drafting of training calendar By 31 August 2003 Determine individual training needs (ILP) Training needs established based on new annual development plan By Mid Sept Draft training calendar Draft Training calendar By End Sept Approve training calendar Final Training Calendar 11

11 KPA Programme Programme Owner and Participants To facilitate the centralisation of risk assurance functions (forensics, computer auditing and enterprise risk management) Centralisation of key risk assurance functions GD Hollyman and internal audit functions of UAC s and Council Project Timeframe Deliverable Milestone Centralisation Project 6 months after approval of plan Centralisation strategy and plan Centralisation of the functions as per the centralisation strategy Strategy and plan Achievement of targets as per strategy 12

12 KPA Programme Programme Owner and Participants Maximise client and stakeholder satisfaction and provision of professional services to the various clients and stakeholders Development of a satisfaction questionnaire for completion by the Audit Committee GD Hollyman and the Audit Committee Project Timeframe Deliverable Milestone Development of a client satisfaction questionnaire for the Audit Committee July 2003 Satisfaction questionnaire for Internal Audit for completion by the Audit Committee Surveys completed 13

13 KPA Provision of pro-active anti-fraud initiatives Programme Programme Owner and Participants Fraud Awareness Campaign Dave Boucher, IRAS Team and identified trainers/presenters in Central and Regions Project Timeframe Deliverable Milestone Communication of Anti-Fraud Policies and Code of Conduct January 2004 to July 2004 Communication Strategy Implementation of Strategy Strategy approved Achievement of targets as per strategy 14

14 KPA Provision of pro-active anti-fraud initiatives Programme Programme Owner and Participants Enterprise Risk Management Programme Berenice Francis Project Timeframe Deliverable Milestone First Implementation of Enterprise Risk Management Strategy Total Programme Cost January 2003 till August 2003 Customised risk model Risk management strategies for related key risks Internal audit work plan that supports the risk management process Core dept workshops -June 2003 Regional workshops- August 2003 Costs Opex R R

15 KPA Programme Programme Owner and Participants To ensure effective human resource management within the department Development of new individual scorecards Claudine Project Timeframe Deliverable Milestone Development of new individual scorecards End July 2003 Draft new scorecard per level i.e. levels 3, 4, 5 & 6 Scorecards completed Mid Aug Approve new scorecards (Director) Scorecards approved End Aug Distribute new scorecards to staff to review and sign Scorecards reviewed End Sept All staff to complete/sign off scorecards Scorecards instituted 16