Previous Page  85 / 172 Next Page
Information
Show Menu
Previous Page 85 / 172 Next Page
Page Background

83

HSRC Annual Report 2016/17

Risk

Management

The HSRC’s risk management strategies, roles and responsibilities are described in its Risk Management Framework.

The PFMA; National Treasury’s Public Sector Risk Management Framework; the King III principles; the Committee of

Sponsoring Organisations of the Treadway Commission (COSO) principles; and ISO Standard 31000, all of which are

important references that inform the framework.

The Board formally communicates its position on enterprise risk management through its Enterprise Risk Management

Policy Statement. The position is informed by the risk profile of the organisation, its risk appetite, risk tolerance levels,

the regulatory framework within which the HSRC operates and governance requirements.

The Board adopts an affirmative view, and considers risk to be an integral part of the HSRC’s efforts towards opportunity

maximisation and sets the tone for ERM processes. Thus, every key risk in each part of the entity should be included

in a structured and systematic process of risk management and actively managed towards the attainment of the

organisational goals and objectives.

In pursuit of its strategic mandate, the HSRC Board continues to strengthen the enterprise risk management infrastructure

of the organisation. Such infrastructure includes the Audit and Risk and Risk Management committees, which are chaired

by independent members. The ARC has a statutory obligation, as delegated to it by the Board, to maintain effective,

efficient and transparent systems of financial and risk management and internal control. The RMC asssits management in

implementing risk policies and frameworks. Both these forums convene on a regular basis during the course of the year.

The CEO is ultimately responsible for embedding good enterprise risk management practices across the organisation,

and is assisted in this by the CFO and Risk Manager. Risk is, however, every employee’s responsibility and not just that

of management, the Board, the CEO or the Risk Manager.

Regular risk assessments of the research and the administration programmes of the organisation are conducted, and

mitigating plans are implemented under the guidance of the RMC and ARC. The key risks identified in both programmes

are reflected in the HSRC’s Strategic Plan and APP. The top three strategic risks identified at the most recent risk assessment

workshop of executive directors, are:

Insufficient external and internal funding to deliver on the HSRC mandate;

Insufficient critical skills and human resources; and

Fraud and corruption.

1 80 81 82 83 84 85 86 87 88 89 90 91 172