1. Empowering CROs to Navigate the Current Risk Management Culture – Learnings from CoE M KHUMALO

2. General Challenges Facing the Risk Management Function No uniform/standardised or prescribed guidance on how and where we must be positioned (both a Threat & Opportunity) – still at the core of our challenges Our existence is still subject to varying views and perception on our roles and mandate in an organisation Models, structures, roles vary across organizations Ownership of practice – Risk, Internal Control, Audit Political and Financial limits and considerations vs. competing needs

3. Why is That? Risk Management can mean and can be many things to different organizations: Strategy focused – leads in Strategy & Planning Assurance focused – varying forms of independence Driver of systems of governance Just another additional advisor service? Vs. Legal Vs. Finance Vs. Audit The function is still maliciously there for compliance

4. How GRC is Positioned in the City of Ekurhuleni Fully fledged independent department headed by a CRO directly accountable to the City Manager (Accounting Officer) CRO is standing invitee on the Mayoral Committee Independent Risk Committee (5 external members) Risk Champions in all departments with at least 55% weighting on GRC on Performance Agreements – Focusing on process and content Focus on Governance, Risk Management & Compliance Primarily a Level 2 Assurance Provider Diverse portfolio of responsibilities and functions Greater control over maturity of governance, risk and compliance in the institution

5. GRC Model of Operation - CoE Risk Management Department Risk Committee Audit Committee Council Departments Entities GRC Forum

6. Core Functions RISK MANAGEMENT DEPT Business Risk Enterprise Risk Management Combined Assurance Occupational Health and Safety Business Continuity Management Projects Risk Management Governance & Compliance Compliance Management Ethics Management & Anti Corruption Municipal Entities Oversight & Support Governance Systems Risk Financing Insurance portfolio Management Public, Private Partnerships Funding Risk Data Mining

7. What Have Been the Main Challenges? Decentralisation of functions to Depts. requiring substantial capacitation Steep learning curve for Departmental Risk Practitioners Thin budget Many functions are still new and at low levels of Maturity for different reasons: – BCM: Technical Capability – OHS: Change in function – Compliance Management – Risk Financing

8. Successes Greater visibility at key management levels Greater management confidence on governance, risk and compliance management as an advisory service – and assurance provider Greater accountability in appearance (championing and culture) and fact (performance, oversight and practical implementation)

9. Immediate Focus & Priorities Adapt with organisational needs & expectations,in light of potential changes Gain visibility at political oversight structures to empower their roles Objectively demonstrate value add – KPAs and Measurable outcome-based KPIs critical Intensified focus on Training, Awareness and championing Enhance GRC data analysis to generate better intelligence Enhance levels of capability maturity for key functions – BCM – OHS – Compliance Management – Risk Financing

10. Key strategic thrusts for CROs to consider in an evolving environment Focused and structured reporting to oversight structures – including risk disclosures – started with 2 thick packs for Risk Committee – Target is much lesser Drive risk management towards business (part of management assurance – championing) Don’t try to be everything to everyone – too many ‘best’ practices – implementing through conferences Invest in research capacity – and build own capacity Participation in practice development (Our frameworks are largely dependent on standards set outside of public service) – signed MoU with Ethics Institute Increased focus on Risk and Opportunity Management Adjust to changes in internal and external context Locate risk management within your environment How our efforts translate to performance

11. Thank You