HSRC Integrated Annual Report 2018/2019

Compliance with Laws and Regulations A compliance office was established in the Legal Department in January 2019 and is responsible for drafting the compliance policy, charter and regulatory universe. In addition the compliance office is responsible for assessing, monitoring and reporting organisational compliance to senior management and the Board. The HSRC has adopted a proactive, risk-based approach to compliance. This allows the HSRC to mitigate its risks, and protect the organisation and its stakeholders. The following initiatives will be implemented in the upcoming year: • Compliance Policy and Charter; • Compilation of a regulatory universe for each business unit; and • A Compliance Risk Management Plan for core legislation that impacts the organisation and individual units. Fraud and Corruption Risk Management Governance The Board is accountable for risk management and reviewing the effectiveness of mitigating strategies to reduce, eliminate and/or transfer risks. The Board has delegated oversight responsibilities to the Audit and Risk Committee (ARC), which provides assurance to the Board through review of reports from the Enterprise Risk Management Unit on a quarterly basis. Responsibility for implementation of enterprise risk management has been delegated to the chief executive officer. A Risk Management Committee has been established and is chaired by an independent specialist who also serves as a specialist member of the ARC. Management of Risk The HSRC defines a risk as anything that adversely affects our ability to meet strategic and business objectives, maintain our reputation and comply with regulatory standards. We seek to understand and harness risk in the pursuit of our objectives and aim to operate within an acceptable level of risk taking. Our Risk Management Framework In order to deliver on its objectives, the HSRC is required to identify, assess and manage a wide range of risks. These are managed through an overarching framework in order to consistently and transparently apply risk management strategies across the organisation. The framework identifies the roles and responsibilities of key parties in the risk management process, the policies for how risks are managed, the tools and processes used and the reporting outputs that are generated. The approach to risk management is based on the underlying principle of linemanagement accountability for effective implementation of internal controls to manage risk. The strategic risks, with their response plans, are reviewed at the Executive Directors Committee, Risk Management Committee and the Audit and Risk Committee to provide assurance of the effectiveness of risk management. There is an ongoing process of identifying, evaluating and managing the strategic and operational risks faced by the HSRC. Our Control Framework The HSRC has an internal control framework in place for both financial reporting and IT processes, which falls under our self-assessment regime. In addition, the HSRC has implemented a suite of policies, which define the minimum control standards we expect to be performed within the applicable business areas. Code of Conduct The HSRC developed a code of research ethics which was approved by its governing body in 2002. The code outlines principles and values underpinning HSRC research. Its preamble confirms that the HSRC is committed to using the public funds allocated to it to undertake and promote research that will benefit all the people of South Africa. It also confirms that its research belongs in the public domain and as such should be able to withstand public scrutiny at all times. The HSRC code of ethics importantly highlights the interest of research participants, and the imperative of respecting the rights and dignity of participants in all research undertaken by the HSRC. For more information, see http://www.hsrc.ac.za/ en/about/research-ethics/code-of-research-ethics HSRC INTEGRATED ANNUAL REPORT 2018/19 / 71