![Show Menu](styles/mobile-menu.png)
![Page Background](./../common/page-substrates/page0085.png)
83
HSRC Annual Report 2016/17
Risk
Management
The HSRC’s risk management strategies, roles and responsibilities are described in its Risk Management Framework.
The PFMA; National Treasury’s Public Sector Risk Management Framework; the King III principles; the Committee of
Sponsoring Organisations of the Treadway Commission (COSO) principles; and ISO Standard 31000, all of which are
important references that inform the framework.
The Board formally communicates its position on enterprise risk management through its Enterprise Risk Management
Policy Statement. The position is informed by the risk profile of the organisation, its risk appetite, risk tolerance levels,
the regulatory framework within which the HSRC operates and governance requirements.
The Board adopts an affirmative view, and considers risk to be an integral part of the HSRC’s efforts towards opportunity
maximisation and sets the tone for ERM processes. Thus, every key risk in each part of the entity should be included
in a structured and systematic process of risk management and actively managed towards the attainment of the
organisational goals and objectives.
In pursuit of its strategic mandate, the HSRC Board continues to strengthen the enterprise risk management infrastructure
of the organisation. Such infrastructure includes the Audit and Risk and Risk Management committees, which are chaired
by independent members. The ARC has a statutory obligation, as delegated to it by the Board, to maintain effective,
efficient and transparent systems of financial and risk management and internal control. The RMC asssits management in
implementing risk policies and frameworks. Both these forums convene on a regular basis during the course of the year.
The CEO is ultimately responsible for embedding good enterprise risk management practices across the organisation,
and is assisted in this by the CFO and Risk Manager. Risk is, however, every employee’s responsibility and not just that
of management, the Board, the CEO or the Risk Manager.
Regular risk assessments of the research and the administration programmes of the organisation are conducted, and
mitigating plans are implemented under the guidance of the RMC and ARC. The key risks identified in both programmes
are reflected in the HSRC’s Strategic Plan and APP. The top three strategic risks identified at the most recent risk assessment
workshop of executive directors, are:
•
Insufficient external and internal funding to deliver on the HSRC mandate;
•
Insufficient critical skills and human resources; and
•
Fraud and corruption.