Empowering CROs to Navigate the Current Risk

Transcript:Empowering CROs to Navigate the Current Risk:
Empowering CROs to Navigate the Current Risk Management Culture – Learnings from CoE M Khumalo General Challenges Facing the Risk Management Function No uniform/standardised or prescribed guidance on how and where we must be positioned (both a Threat & Opportunity) – still at the core of our challenges Our existence is still subject to varying views and perception on our roles and mandate in an organisation Models, structures, roles vary across organizations Ownership of practice – Risk, Internal Control, Audit Political and Financial limits and considerations vs. competing needs Why is That? Risk Management can mean and can be many things to different organizations: Strategy focused – leads in Strategy & Planning Assurance focused – varying forms of independence Driver of systems of governance Just another additional advisor service? Vs. Legal Vs. Finance Vs. Audit The function is still maliciously there for compliance How GRC is Positioned in the City of Ekurhuleni Fully fledged independent department headed by a CRO directly accountable to the City Manager (Accounting Officer) CRO is standing invitee on the Mayoral Committee Independent Risk Committee (5 external members) Risk Champions in all departments with at least 55% weighting on GRC on Performance Agreements – Focusing on process and content Focus on Governance, Risk Management & Compliance Primarily a Level 2 Assurance Provider Diverse portfolio of responsibilities and functions Greater control over maturity of governance, risk and compliance in the institution GRC Model of Operation - CoE Risk Management Department Risk Committee Audit Committee Council Departments Departments Departments Departments Entities GRC Forum Core Functions What Have Been the Main Challenges? Decentralisation of functions to Depts. requiring substantial capacitation Steep learning curve for Departmental Risk Practitioners Thin budget Many functions are still new and at low levels of Maturity for different reasons: BCM: Technical Capability OHS: Change in function Compliance Management Risk Financing Successes Greater visibility at key management levels Greater management confidence on governance, risk and compliance management as an advisory service – and assurance provider Greater accountability in appearance (championing and culture) and fact (performance, oversight and practical implementation) Immediate Focus & Priorities Adapt with organisational needs & expectations ,in light of potential changes Gain visibility at political oversight structures to empower their roles Objectively demonstrate value add KPAs and Measurable outcome-based KPIs critical Intensified focus on Training, Awareness and championing Enhance GRC data analysis to generate better intelligence Enhance levels of capability maturity for key