Print Page   |   Contact Us   |   Sign In   |   Apply online
Community Search

2017-10-30 » 2017-10-31
Operational Risk Management Training - 30 & 31 October 2017 Cape Town

2017-11-02 » 2017-11-03
Operational Risk Management Training - 2 & 3 November 2017 - Durban

2017 IRMSA Gala Dinner & Awards Ceremony (3 November)

2017-11-06 » 2017-11-07
Risk Framework - 6&7 November 2017

2017-11-09 » 2017-11-10
Business Continuity Management 09&10 November 2017 (Namibia)

IRMSA Risk Chat
Blog Home All Blogs
Search all posts for:   


View all (61) posts »

The Use Of Best Practice In The Public Sector - Risk Chat - 26 September 2016

Posted By Administration, 26 September 2016





According to the results of the Financial Management Capability Maturity Model that has been rolled out throughout the public sector, it has become evident that the majority of public sector institutions are still battling with integrating risk management with other institutional processes. It appears as if many of these institutions are more comfortable with adopting a “tick box” exercise as opposed to implementing best practice. As much as  complying with risk management prescripts is necessary, it is just as important to ensure that risk management is fully integrated so that there is a quantifiable  benefit to an institution’s performance. The structure of the risk management function is crucial and should address the considerations below:

  • Whether or not institutions should form a separate independent Risk Management Committee (RMC) vs. a combined one; and how to effectively measure whether or not the RMC does add value through the system of risk management within an institution.
  • Who the Chief Risk Officer (CRO) reports to.
  • The use of Risk Champions within institutions.

With the view that public sector institutions have been struggling, particularly in successfully embedding risk management, it is of important that we understand and identify where these hindrances could arise from.

Many institutions often attempt to implement every “risk management buzzword” without considering its suitability.  Below are examples of what could negatively influence progress in effectively embedding risk management:

Risk Management Not Given Priority

The CRO is an expert in risk management that operates at a senior level, and is employed to ensure that risk management is embedded within the institution. The Accounting Officer and Executive Management team expect that whatever the CRO introduces will bring value to the institution and will enhance performance.

Structural Roles Overlap

Institutions should be extra careful when addressing risk management responsibilities in order to avoid a duplication of effort.  For example, if existing structures within an institution already cater for risk management reporting and control, the institution could just work on strengthening and formalising these risk management structures, instead of introducing additional structures.

It is unfortunate that that the public sector is still stuck on ensuring that risk management prescripts are complied with.  Institutions appear to be more concerned about making sure that the Auditor – General places all of the ticks in the desired places following an audit. This does not suggest that compliance is not important.  However, it is also important that one should understand the underlying reasons for compliance and should assess how certain prescripts can be best implemented within the unique nature of the South African Public Sector.

Considering that institutions are unique, it is vital that the approach pertaining to system implementations, particularly related to risk management, should be equally unique. Therefore, before making a decision on how to best implement certain risk management processes, it is necessary for an institution to consider the following:

  • Whether the existing structures within the institution do not already play a role, and have responsibilities, in the management of risks; identifying the extent of involvement with regard to those roles and responsibilities.
  • Whether the considered prescripts bring value to institutions.
  • Whether the institution is actually ready for the considered risk management recommended prescripts.
  • The state of the institution, for example, whether the institution is in distress or whether it is business as usual.
  • Whether the implementation of the considered prescript would enhance or undermine the perception of the CRO by Executive Management and the Accounting Officer (as well as other relevant stakeholders).

Best practice pertaining to the embedding of risk management should not be followed blindly and requires an understanding of where the content is drawn from. In most cases, information that advises the recommended risk management prescript is drawn from corporate institutions, which are structured differently from the South African Public Sector.

As the saying goes, “A good CRO ultimately works himself out of a job”.  It is therefore important to remember that, ultimately, CROs should create a system of risk management that is designed for, and is compatible with, the institutional nature and culture. Going forward, public sector institutions would benefit tremendously by using the existing risk management frameworks and tailoring it in line with the nature of the organisation. In doing so, these institutions will uncover the benefit of having an effective risk management programme.

You are currently signed up to IRMSA's mailing list.
To unsubscribe click here.

144 Katherine Street, Grayston Ridge Office Park, Block A, First Floor, Sandton


Copyright © 2016 IRMSA - All rights reserved.

This email was sent to '@@email@@' from The Institute of Risk Management South Africa. If you wish to stop receiving email from us, you can simply remove yourself by visiting: @@unsubscribe_url@@

This post has not been tagged.

Share |
Permalink | Comments (1)

Comments on this post...

Christelle Marais says...
Posted 26 September 2016
There is a lot of value shared in this article. I think often, the very capable risk managers in the public sector are drawn in different directions by (i) good guidance by oversight structures such as National Treasury, Audit and Risk Committees with independent chairpersons and Portfolio Committees vs (ii) conflicting demands from the political administration vs (iii) constrained resources, processes and access to expertise. In my experience, risk managers (on all levels) in the public sector are usually well qualified and able to drive the right agenda but come up against the "tick box" approach mentioned in the article that is often forced down from the top. I do believe the capability to lead public organizations beyond the "tick box" approach is seated in some of these very capable risk managers - their strong participation in IRMSA and IRMSA's focus on this area is evidence of this. One area where further support can be developed is in PRACTICAL application expertise and training as well as case studies and other examples of REAL value derived from good risk management practice. This will enable the risk management practitioners in the public sector to deliver with more confidence and to become leaders their discipline in Africa.
Permalink to this Comment }

Sign In
Sign In securely