3rd Quarter Risk

3rd QUARTER RISK MANAGEMENT
REPORT TO THE AUDIT AND RISK

COMMITTEE
Contents
1. Introduction.................................................................................................................................... 3
2. Executive Summary ..................................................................................................................... 4
2.1. Summary of Strategic Risk Mitigation Progress for Quarter 3 ...................................... 4
2.2. Summary of Operational Risk Mitigation Progress for Quarter 3 ................................. 6
3. Progress against the Risk Management implementation plan 2015/16 .............................. 8
4. Detailed Progress against Strategic Risk Mitigation Action for 3rd Quarter...................... 10
5. 3rd quarter Progress on Implementation of Risk Mitigation Plans per Programme. ........ 16
6. Conclusion and way forward .................................................................................................... 51
Quarter 3 Risk Management Report Page 2

1. Introduction
Section 38(1)(a)(i) and 51(1)(a)(i) of the Public Finance Management Act, (Act No 1 of 1999
as amended by Act No. 29 of 1999), require Accounting officers to ensure that their
institutions have and maintain effective, efficient and transparent systems of risk
management. The primary objective of the risk management function is to ensure that the
Department of Women improves and sustains its performance by protecting the organisation
from adverse outcomes and optimising on opportunities.
To give effect to this objective, a risk assessment was undertaken with all business units in
the Department in order to identify risks that could impede the attainment of objectives and
to determine the levels of controls and action plans that are currently in place to mitigate the
risks.
The report layout;
SECTION A
 Executive Summary
SECTION B:
 Progress against the Risk Management implementation plan 2015/16
SECTION C:
 Summary of risk progress for Quarter 3

 Assessment of performance against the implementation of risk mitigation plans
2016/17.
SECTION D:
 Conclusion and way forward

SECTION A
2. Executive Summary
2.1. Summary of Strategic Risk Mitigation Progress for Quarter 3
Below is summary of Strategic Risk Mitigation Progress for Quarter 3. In each there is
progress in terms of implementation even through the mitigation action are not fully
implemented:
Legends:
Fully
Implemented

Progress
# STRATEGIC RISKS Status
2016/17
Q3
1 Non Achievement of DoW Mandate
2 Non Compliance with Governance legislations
3 Inadequate Implementation of legislation to promote the

women agenda (socio-economic empower)
4 Inadequate ICT Infrastructure & Systems
5 Reputational Risk
6 Fraud, Corruption & Misconduct
7 Inadequate capacity (Human & Skill)
Interpretation:
The total number of Strategic Risks identified is seven (7) and twenty (20) mitigation plans
were identified. Out of the 20 mitigation plans identified five (9) have been fully implemented
of which translates into 45% and fifteen (11) are still work in progress this translates into
55%

2.2. Summary of overall Operational Risk Mitigation Progress for Quarter 3
Interpretation:
The risk assessment report reflects a total of 71 risk mitigation plans that were due
for reporting in the 3rd quarter excluding strategic risks. It is recorded that 58 (82%)
have been fully implemented, 12 (17%) partially implemented and 1 (1%) not
implemented.

Summary of the overall progress on the implementation of risk mitigation plans for Quarter 3
DEPARTMENTAL RISK MITIGATION Q2 AND Q3
0
Not Achieved
10
13
QUARTER 3
Partially Achieved(Work in Progress)
21 QUARTER 2
58
Achieved
40
0 10 20 30 40 50 60

SECTION B
3. Progress against the Risk Management implementation plan

2015/16
The Risk Management Plan is developed to effect the implementation of the Risk
Management Strategy and outlines what risk management activities aimed at
entrenching a risk aware culture and a risk smart workforce within the department.
The planned activities form the basis for quarterly risk management reporting to the
Audit and Risk Committee.
1. The following were planned overall key activities against this plan which have been
fully or partially achieved since 2015/16 to date.
# Planned Risk Expected output Progress to date

Management activities
as per the plan
1 Conduct risk assessments Approved Risk  Risk assessment
on all major projects and Registers:Strattegic sessions were conducted
events of the department. and Operational with all business units to
Facilitate risk identification facilitate the identification
and assessment sessions and assessment of risk
during the fourth quarter of
2015/16.
 Strategic Risk
Assessment was
conducted in Dec/Jan 2016
and approved in 21 March
2016
2 Development of risk Action plans  Mitigation plans
response strategies implemented per have been drafted for all
agreed milestones Risks identified and are
currently being tracked for
implementation as per
agreed milestones
3 Maintain and continuously  Training  Two officials from
improve capacity within the  Completed Strategic Management Unit
department through orientation for all attended training in risk
training(accredited) and officials on risk management during
awareness management October 2016.
 Make  The Chief Director
presentations on presents at EXCO and the
risk management CRO presents at Manco.
at management
For a and
meetings
4 Review of the Risk Approved Risk  Risk Management
Management Framework Management Framework document were
documents( Policy, Policy and Strategy reviewed and approved
Page 8 of 51
# Planned Risk Expected output Progress to date
Management activities
as per the plan
Strategy) during the fourth quarter of
2015/16.
5 Establish a Risk Mitigation Risk Mitigation  Risk Mitigation
Committee and draft the Committee Committee was
ToRs thereof. established and members
were formally appointed by
the Director General.
6 Facilitate the execution of Approved progress  Progress reports
ERM processes and reports: Present are presented to various
infrastructure progress reports at stakeholders at various
various intervals intervals e.g. bi weekly at
EXCO, monthly at MANCO
and quarterly at ARC.
Overall achievement as a percentage: The plan has 11 planned actions of which only
6(55%) have been achieved and 5 (45%) are still outstanding.
2. Activities still outstanding as per the plan and remedial Actions

# Planned Risk Management Expected output Remedial Action
activities as per the plan
1 Publication of Risk Management Communicated risk The policy is going to
Policy management be posted on the
policy to all intranet
officials in the Awareness
department workshop on risk
management is
going to be
conducted
2 Review Risk Management Approved risk Risk Methodology
Methodologies and processes assessment will be reviewed and
methodologies and approval sought
processes
3 Drafting of individual key risk  Analysis report Analysis of key risk
indicators for the top risks of key risk indicators will be
indicators per conducted
agreed
frequency
4 Evaluate control effectiveness  Combined Risk Management
assurance Plan unit will collaborate
 Assurance with Internal Audit to
Report on develop the
controls combined assurance
assessed plan.
5 Ensure risk management  Performance Collaboration with
processes and methodologies are Audit report internal audit will be
reviewed independently  Status report on sought in order to
risk management review the entire risk
implementation management
process.
Page 9 of 51
SECTION C
4. Detailed Progress against Strategic Risk Mitigation Action for 3rd Quarter
Below is a detailed progress against strategic risk mitigation action for each risk:
MITIGATION PLAN(S) PROGRESS ON ACTION PLAN

STRATEGIC RISK RISK CONSEQUENCE
/CONTROLS MITIGATION PLANS
1.Non achievement of - Non achievement of the desired -Develop departmental strategic - Planning, Monitoring and - To develop departmental
DoW mandate impact on women lives plan procedures Reporting Policy has been strategic plan procedures
developed and approved. this will be prioritised in the
-Insufficient budget allocated to The departmental strategic next financial year.
the department plan procedure will be
developed to align to the
-Non alignment and inefficient
policy
utilization of the resources
activities
-Monthly reporting and - Quarterly Performance

engagements to improve reports are discussed both
performance reporting at EXCO and MANCO to
-Use of performance reporting to ensure improved
evaluate and improve the performance
performance and service
-Development of the business case -The Business Case has

for improved budget allocations been finalised and
presented to National
Page 10 of 51
2.Non Compliance with - Fruitless, Wasteful & irregular - Training & awareness on All policies are circulated to To provide awareness on
Governance legislations expenditure legislations staff via email and policies to all staff in the
-Adverse Audit opinion displayed on the Intranet fourth quarter
-Possible litigation
-Poor service delivery -Review Delegations Approved and signed HR
Delegations in terms of the
Public Service Act, 2007,
and Public Service
Regulations, 2016 which
are:
(a) EA to the HoD in terms

of the Public Service Act;
(b) HoD to Performer

Levels in terms of the
Public Service Act;
(c) EA to the HoD in terms

of the Public Service
Regulations; and
(d) HoD to Performer

Levels in terms of the
Public Service Regulations.
Page 11 of 51
- Implementation of departmental - MPAT Improvement Plan - Continue with quarterly

MPAT,HR,AGSA improvement developed and monitored Monitoring of MPAT
plans on a quarterly basis Improvement Plan
- Monitoring of improvement plans
-Action plan on issues - Continue with monitoring
raised by AGSA developed implementation of action
and monitored on the plan on issues raised by
quarterly basis and AGSA
presented to the Audit
Steering Committee
3. Inadequate -non achievement of the desired - Monitor and publish progress on -The Report was presented
Implementation of impact on socio-economic the implementation of policies, to ESEID cluster
legislation to promote the empowerment of women and programmes and efforts for department on the 12
women agenda (socio- advancement of gender equality women's empowerment for October 2016.
economic empower,) domestic, national and international
-Subsequently, a follow-up
meeting with DST EXCO to
present individual
departmental report took
place on the 21 November
2016.
Page 12 of 51
- Information & knowledge sharing - Knowledge repository

maintenance took place in
the quarter using simple
categories for internal
knowledge sharing.
DoW documents such as

the Status of Women
Report, CEDAW Report
etc. uploaded on internet
(department website) for
external sharing.
Distribution of information
material during the 16 days
of activism which is part of
knowledge sharing.
The National Dialogue in

Limpopo provided a
platform for knowledge
sharing and awareness
raising with grassroots
communities/municipalities
Page 13 of 51
4. Inadequate ICT - Fruitless, Wasteful & irregular -Review & finalization of the costed - ICT Governance
Infrastructure & Systems expenditure ICT strategy Framework of the
-Adverse Audit opinion Department is under
-Monitor implementation of the ICT
-Possible litigation development stage (work in
strategy
-Poor service delivery progress).
-Testing of systems for service - Systems are tested on a - Continue system testing
continuity quarterly basis for service on a quarterly basis
continuity
st
5. Reputational Risks -poor public image -Monitor implementation of the - 1 phase of the - Communication Strategy
-Lack of public confidence communication strategy Communication Strategy, is being implemented in
-Delays & reversal in women's -Quality assurance standards for viz. the annual phases
socio economic empowerment publications communication plan
and societal transformation -Standard operating procedures implemented
-gender equality manual
6. Fraud, Corruption & -Misappropriation and abuse of -Training and awareness on - Ethics training has been - To conduct fraud and
Misconduct assets/power policies & procedures conducted with all staff ethics management
- Adverse Audit opinion awareness sessions on the
-Irregular ,fruitless and wasteful - Fraud Prevention Policy fourth quarter.
expenditure 15/16 and Fraud
-Reputation risk Prevention Plan 15/16 Awareness on key policies
developed and approved on SCM and Finance to be
conducted in the fourth
quarter.
7. Inadequate capacity -Poor service delivery -HRD based on classification of the List of improved
(Human & Skill) required skills qualifications was
-Monitoring the implementation of submitted to DPSA for
the recruitment, selection process
Page 14 of 51
- Monitoring the implementation of concurrence in September

the PDP's
- Workplace skills plan was
developed and submitted
to PSETA in April
2016.Quarterly reports are
submitted to PSETA on a
quarterly basis.
Page 15 of 51
5. 3rd quarter Progress on Implementation of Risk Mitigation
Plans per Programme.
Programme1 consists of 10 units/directorates which are:
 Strategic Planning and Reporting

 Internal Operations Efficiency
 Internal Audit
 Financial Management
 Human Resources Management
 Information Communication and Technology
 Legal Services
 Auxiliary Services, Security Services and Records Management.
Programme 1 had 48 risk mitigation plans that were due for reporting in the third
quarter. Out of the 48 mitigation plans 36 are fully implemented, which translates into
75%, and 12 are partially implemented/still work in progress of which translates into
25%.
Commentary Note:
 Substantial progress has been made towards implementing all risk mitigation
plans.
Page 16 of 51
PROGRAMME 1: ADMINISTRATION
48
50
45
36
40
35
30
25
20
12
15
10
0
5
0
Total Achieved Partially Achieved Not Achieved
Page 17 of 51
Below is the progress against each risk mitigation action for Programme 1:
ROOT CAUSES CURRENT CONTROLS MITIGATION PROGRESS ON CORRECTIVE

UNIT RISK PLAN(S) MITIGATION ACTION
/CONTROLS PLANS
Strategic Strategic '-Programme may put '- Integrated strategic planning of - Conduct integrated Integrated planning Continue with the
Planning and objective of strategic objectives that the department planning is a continuous process until the
Reporting each are convenient to them process until the finalisation of
business unit - Lack of understanding of - Consultation with Programmes finalisation of the strategic planning
or programme the department's mandate to make sure that there is an strategic planning process.
may not be - Ignoring the broader alignment This is a process
aligned to the departmental strategic that is integrated in
vision and objectives the whole strategic
mandate of - Insufficient situational - Strategic documents are planning
the analysis by Programme presented to management
department structures before approval
- Monitor quarterly Quarterly reports This is going to be

reports for alignment monitored for a continuous
with the alignment process
departmental
strategic objectives
-Quarterly reports Quarterly reports at This is going to be
presented at EXCO presented at EXCO done quarterly
Strategic Inadequate '- Lack of branch meetings - Standardised reporting template - To issue non- Branches and Units This is going to be
Planning and and to discuss quarterly - Performance management policy compliance letters to submitted on time done when non-
Reporting misaligned performance reports DDG's and Heads of however , it was compliance is
reporting of Unit for non- returned back to noted.
performance address some
Page 18 of 51
/CONTROLS PLANS
information incomplete quarterly in place compliance comments from
submitted by reports - Circular for operational SMU
branches - Submission in a form of procedure for reporting
malicious compliance - Quality assurance and internal
-Non-compliance of due audit report
dates - Non- compliance report issued
for programmes
- Reports and evidence files are
signed off by DDGs and Heads
- Branches to submit Branches submit This is going to be

analysis report quarterly reports a continuous
and Strategic process
Management throughout the
develops an quarters
analysis report on a
quarterly basis
Internal Inadequate -Non-compliance with the - MPAT Key Performance Arrears - MPAT reporting to MPAT status report This is going to be
Operations monitoring Management coordinators appointed be done on a developed and done on a
Efficiency and Performance Assessment - MPAT improvement plan quarterly basis signed off by the quarterly basis.
compliance Tool (MPAT) developed and monitored on a Director-General
with MPAT - Poor planning and quarterly basis
management of MPAT -MPAT share folder created to file
Processes evidence Monthly MPAT MPAT progress
Lack of quality assurance -MPAT checklist developed progress meeting meeting held on a
on evidence submitted by monthly basis
relevant managers
- Lack of on-going Monitoring of MPAT MPAT evidence There would be a
monitoring on the evidence on the filed with DPME on continuous
improvement plan by share folder the 30 September monitoring and
relevant managers 2016 verification of the
evidence.
Page 19 of 51
/CONTROLS PLANS
Further more
evidence was
loaded on the
MPAT system on
20 October 2016.
This was
delegations in
terms of the Public
Service
Regulations which
were signed off
after 30 September
2016
3rd
Internal Inability to - Lack of risk governance - Risk Mitigation Committee - Quarterly reports quarter reportThe fourth quarter
Operations institutionalise structures Members appointed on risk mitigation developed and report is going to
Efficiency risk - Lack of risk - Risk Management Framework in action presented to the be developed and
management understanding by braches place Audit and Risk presented to the
and business units - Operational Risk workshops Committee Audit and Risk
- Risk management may conducted Committee
not be integrated into - Risk mitigation quarter progress scheduled to take
strategic management report developed place in April.
processes - Risk Mitigation Risk Mitigation The next meeting
- Lack of monitoring for Committee to meet Committee met on is going to take
rd
risk mitigation action every quarter the 3 of February place in March
2017 before the end of
this financial year.
Page 20 of 51
/CONTROLS PLANS
Internal Audit Failure to - Insufficient human - Resourced planning of the The Office of the National Treasury Continue to work
complete resources internal audit activities Accountant-General provides Internal with National
Internal Audit - Lack sufficient skills to - The Department entered into will periodically Audit Support to the Treasury as and
plans perform audit work agreement with National Treasury second an official to Department’s when necessary
- Ad hoc internal audit to provide internal audit support to provide internal audit Internal Audit
assignment from the internal audit activity of the support to the function as when
management and the Department Directorate: Internal necessary.
Audit and Risk Committee - Audit and Risk Committee to Audit
assess the resource requirements
of the Directorate: internal audit
and recommend appropriate staff
composition to Management of the
Department
The Directorate: During the third The Directorate

Internal Audit will there was no will have
establish collaborations collaborations with
collaboration with formed between the IA functions of
internal audit Department’s other departments
functions of other internal audit as an when the
government function and need arises.
departments and internal audit
entities to share and functions of other
transfers of skills. government
departments and
entities.
Internal Audit Lack of '- Audit scope limitation - Internal Audit Charter Review Internal Internal Audit This will continue
independence - Interference with audit - Internal Audit activity overseen Audit Charter Charter was tabled, as required.
and objectivity work by the Audit and Risk Committee annually discussed and
in - Inadequate internal audit - Dedicated internal audit budget approved by the
performance authority - Internal Audit Plans are ARC in the ARC
of audit work - Status of internal audit in endorsed by MANCO and meeting held on the
the Department's approved by the Audit and Risk 27 October 2016.
Page 21 of 51
/CONTROLS PLANS
organisational structure Committee Quarterly Reporting Quarterly Internal This is going to
- Internal Audit plans that - Internal Audit dual reporting lines to the Audit and Risk Audit Reports are continue as
are not informed by the to the Director-General and the Committee presented at planned.
risk assessment results Audit and Risk Committee MANCO, EXCO
- Annual Departmental Risk and Audit
Report Committee
Presentation of Internal Audit Plans This process is
Internal Audit Plans were presented and going to continue
to MANCO and the accepted by annually until the
Audit and Risk MANCO. They final approval.
Committee were also
presented and
discussed and
subsequently
approved by the
Audit and Risk
Committee
Financial Non - Inadequate alignment of -SCM and financial delegations in -Strengthening of Enforcing of
Management Compliance financial and SCM policies place awareness and procurement
with and procedures - Financial instructions issued to enforcing SCM processes has
Governance -Non-payment of suppliers officials policies and been done to
legislations : within the prescribed 30 - Financial Policies are in place procedures eliminate irregular
• Sec 38 days period - Awareness creation expenditure.
• Sec 39 – .-Circumvention of SCM - Strengthening of financial SCM policy have
Budget and financial policies controls been drafted,
Responsibiliti - Unauthorised - Asset register in maintained on approved and
es expenditure excel implemented
• Sec 40 - - Irregular expenditure - Enforcing controls on movement SCM circular has
Reporting - Lack of understanding of assets been issued on
Responsibiliti from officials in the Abuse of SCM
es processes
- Implementation of Consequence Continuous
consequence management monitoring of
Page 22 of 51
/CONTROLS PLANS
management implemented on deviations will take
payments outside place
of 30 days
department -Bi-annual and annual physical - Training people to SCM staff attended none
- Late submissions of verification of asset register migrate to LOGIS Logis training since
required reports -Budget committee in plan Nov 2015 in phases
- Lack of policies and -Continuous monitoring of the
guidelines budget
- Inadequate internal - Budget committee Monthly Budget The monthly
controls to meet monthly and Committee in place, meetings to
- Inadequate practices in go through budget chaired by the continue as
management of assets expenditure Accounting Officer scheduled.
- Incomplete asset
register
- Movement of assets not
properly control and
documented
Human Mismanagem -Lack of monitoring of -Leave management policy -Develop HR Draft HRM in Finalise business
Resource ent of leave leave trends and patterns -Leave administrators standard operating process of processes.
Management by supervisors -Leave plan circular procedures for the development and
-Lack of monitoring the -Warning letters for late administration of consultation
personnel attendance leave.
- Submission for re-
appointment of
Leave
Administrators
submitted to DG for
approval.
- Submission sent
to the DG for
approval.
Page 23 of 51
/CONTROLS PLANS
- A communiqué
approved by the
DG was circulated
to employees for
submission of
annual leave plans.
- Circulated to all
staff
- A standard
warning letter was
developed to
address non-
compliance. On-going as the
need arises
Standard letter for
non-compliance
developed, signed
by DG/CD: CM and
given to respective
employees/supervis
or
- Annual leave plan

circular already
circulated to all staff
Page 24 of 51
/CONTROLS PLANS
register by supervisors submission of leave forms -Consequence Standard letter for On-going as the
-Late and non-submission -Manual Register and management for non-compliance need arises
of leave forms reconciliation of leave forms non-compliant developed, signed
-Non-compilation of -Attendance registers employees by DG/CD: CM and
annual leave plan and/or -Attachment of the leave credits given to respective
adherence to annual available employees/supervis
leave plan or
-Lack of leave verification
and reconciliation
-Absenteeism, late
coming and early leaving
by staff
-Late capturing of leave
Human Lack of -Lack of departmental -Dedicated training budget Quarterly training Quarterly training On-going as the
Resource adequate skills development plan -Skills audit conducted report report submitted to need arises
Management training -Employees' non- PSETA on 07
opportunities availability or non- October 2016
attendance of scheduled
training -Nomination forms to Nomination forms None

-Ineffective management hold employees contain declaration
of bursary scheme accountable for non- by employees to
attendance of comply with
training requirements,
failure which they
will be held liable
for the payment
courses
Develop SOPs for Draft HRM SOP for the
the management of business processes management of
bursaries in process of bursaries will be
development and finalised during the
consultation first quarter of the
next financial year
Page 25 of 51
/CONTROLS PLANS
Human Ineffective -Late/non-submission of '-PMDS policy and SMS Consequence Standard letter for None
Resource performance performance work plans Handbook management for non-compliance
Management management and agreements -Circular on implementation of non-compliant developed, signed
of employees -Lack of system employees by DG/CD: CM
understanding/commitme -Workshops provided on
nt of PMDS policies and implementation of system
procedures by managers, -Progress reported to
supervisors and EXCO/MANCO
employees -Moderating Committees
-Performance agreements
and work plans not
aligned to the Annual
Performance Plan
-Late/non-submission of
prescribed performance
assessments
-Late/non-submission of
prescribed performance
moderations
-Inadequate interventions
for poor performance
Human Delayed -Jobs not profiled and -Recruitment and Selection policy -Finalise job 88.0% of job Finalise job
Resource recruitment evaluated prior to -1 contract worker descriptions and evaluated descriptions and
Management and selection advertisement of posts -1 employee temporarily from evaluate all jobs evaluation process
processes to -Limited capacity to Facilities by the 31 March
fill funded handle responses to 2017.
vacancies applications received
-Limited capacity to -Monitor Progress reported
manage recruitment and implementation in Q2 HR Oversight
selection volumes Report
-Delayed security
screening of qualifying
candidates
ICT Lack of ICT -Lack of policy on ICT -Anti-virus contract with the -Approval of ICT Monthly meeting To be presented to
security security to guide the external service provider in place security policy held with Info Gaud the ICT Steering
Page 26 of 51
/CONTROLS PLANS
controls implementation of the -Reporting of the monitoring of and SITA regarding Committee that is
controls security activities conducted activities and scheduled for the
th
-Lack of monitoring of the fortnightly security access 4 Quarter
implementation of the ICT -ICT policy draft implemented controls. Their
security controls -ICT security infrastructure in provision of report
- Exposure to logical place is used to
attacks such as malware determine the
and viruses accountability of
-Breach of IT contractual functions rendered
compliance with IT service with respect to the
providers agreed SLA.
-Logical access rights Register to
trespassing by users or physically access
unauthorized persons on the Server Room
active directory exist. For internal
--Exposure of sensitive or people Biometric
confidential information Access Control
due to media System is used.
loss/disclosure to Remote access is
unauthorized persons provided only upon
-Limited or inadequate IT a singed and
infrastructure and systems approved SLA with
to effectively support the the department. An
current and future needs option of bringing
of the department in an Dashboards
efficient, cost-effective systems which are
and well controlled to be used to pull
manner remote access logs
-Disclosure of has been discussed
department's information with Service
to unauthorized persons Providers
ICT 'Disruption of '-Loss of IT services due '-Monitoring tool in place to Finalise the Engagement with Sourcing
ICT services to Interrupted/ failure of monitor the servers implementation of SITA are in assistance from
utilities performance. -Disaster recovery plan in place disaster recovery progress to assist in SITA
-Exposure to business -Disaster recovery site has been operationalizing the
Page 27 of 51
/CONTROLS PLANS
and operational built DR Site
interruptions emanating -Backups are running every day
from loss of IT and are being monitored
services(down time) -IT personnel that are able to
-Absence of a functional attend to issues
Disaster Recovery Site -ICT contracts with SITA to Conduct testing on Test has been Continuous testing
may cause inability to support with disruption backups conducted and it to take place until
recover critical systems has been all the challenges
and applications in the determined that the are resolved.
event of a disaster systems are not
-Lack of backup policy backing up data,
implementation and and restoring also
testing posing some
-Lack of up to date challenges.
working equipment
Page 28 of 51
/CONTROLS PLANS
ICT Lack of -Misalignment of IT -Approved ICT Operational Plan -Continue with ICT A meeting is held Review the ICT
alignment of Projects with the strategic -ICT governance Committee and governance every quarter, Strategic Plan.
ICT activities objectives/outcomes of structure committee meetings minutes are kept as ITC Operational
to the the department -ICT up to date infrastructure in -Implement evidence. 2nd Plan as per
strategic -Separate or non- place approved ICT quarter meeting resolution of ICT
objectives of integration of IT within Draft ICT Strategic Plan Operational Plan was held on the Strategic
the business processes developed in 2015 will be -Continue monitor 28th of September. committee of the
department -Failure of the new IT reviewed ICT up to date The current 29 Sept 2016
systems and software’s to infrastructure operational plan for 5 year plan is
deliver the intended 2016/17 has been expected to be
results. approved. KPA 1 - completed by end
-Lack of up to date ICT Availability of of financial
policy infrastructure is year.Q4
-Lack of ICT governance managed through
implementation service level
agreement with
SITA .KPA2 -
Implementation of
system has been
reviewed as a
proposition of the
ICT strategic
committee due to
its lack of
measurability.
Critical deliverables
out of KPA 2 will be
indicated in the 5
year plan which is
expected to be
completed by end
of financial year.
SITA and InfoGaurd
reports within
meetings held to
Page 29 of 51
/CONTROLS PLANS
assess the findings
and outcome of the
infrastructure on a
monthly bases,
which is derived
from the monitoring
of systems and
functions provided
to the department.
Also used to assess
the business
continuity reliability.
Legal Exposure to - Failure to consult with -Legal services drafts contracts -Develop contract New contract To be finalised and
Services commitments legal services prior into only when consulted management management policy approved in
without valid entering into contracts register is still work in quarter 4
or binding - End-users utilise legal progress, inputs
contracts services as a reactive have been received
measure as oppose to from various
proactive stakeholders
- Non-involvement of legal
services timeously on the
inception/conceptualisatio
n stage of
agreements/decision
Page 30 of 51
/CONTROLS PLANS
-No contract management
systems in place
-Lack of policy on contract
management
Legal Failure to -Failure to explore all -Litigation register updated -Continuous Quarterly reports None
Services manage available avenues to regularly updating of the compiled for
litigations remedy existing situation -Quarterly reports on litigations litigation register submission to
properly -Inadequate capacity management submitted to DPSA DPSA
within the legal services -Services of the Offices of the Services of the
unit State Attorney and the State Law OSA and OCSLA
-Lack of litigations register Adviser utilised by the department utilised for legal
-Lack of clear instructions advice and
or conflicting instructions litigations
-Lack or limited
information to defends
actions instituted against
the department such as
original documents that
are supposed to be kept
by legal service but are
kept by end users or SCM
Inadequate contract
management
Legal Exposure of Lack of adequate Human -Guidelines for drafting and vetting '- Utilise circular on Circular on Finalise the
Services the Resources in the labour of departmental agreements in workflow process workflow process implementation
department to relations unit place being implemented and monitor
litigations -Lack of clear instructions utilisation thereof
or conflicting interactions
-Lack of
awareness/different
understanding of public
service prescripts by
those providing
instructions
Page 31 of 51
/CONTROLS PLANS
Auxiliary Partial - Minimal participation of -Awareness meetings and Quarterly Security Meetings were held -None
Services compliance some senior managers campaigns Committee Meeting with the landlord
with OHS act and junior staff on OHS -Communications circular and have resulted
issues in a joint evacuation
-Lack of an approved drill that took place
smoking policy and on 10/11/2016.
designated smoking room Buy microwaves for New microwaves -None
each floor bought, some
moved to the
kitchen from offices
Set up sickbay for Majority of Finalize the set-up
the department materials have of the sickbay
been delivered, we
are awaiting a bed
to be delivered.
Approval of the Smoking room Smoking policy will
smoking policy established be developed and
th
approved in the 4
quarter
-Appointment of OHS Committee None
OHS committee members appointed
members by the Accounting
Officer
Security Physical -Inappropriate security -Perimeter Fence -Monthly meetings Monthly meetings Continue with the
services security locks -Infra-Red beams with Security held with the monthly meetings
breaches -Inconsistence application -Metal detector Company security company as scheduled.
of security measures -High security locks installed in
ministry and top management
offices
Security - Loss or theft - Lack of control of Assets -Awareness raising & circulars - Engage ICT / SCM ICT has been Continue with the
services of assets taken out of the building on the control of engaged, there has engagements and
- Lack of guidelines on the assets outside office been a reduction on monitor the results
measures to safeguard the number of
Page 32 of 51
/CONTROLS PLANS
State Assets outside the assets lost outside
office the office
- Register for Vehicle entrance None
security to include register bear the
serial number and registration of the
barcode of laptops vehicle and
and tablets Departmental
Barcode
Security Compromise - Delays in the finalization - MISS document of 1996 Awareness raising Awareness None
services of classified of security clearance of - Security policy conducted through
information personnel. - Circular on security screening of e-mails and
- Improper handling of service providers circulars
classified info - Security - Follow-ups with State Security Distribute Security Secure envelopes None
screening of service Agency envelopes and distributed to
providers register relevant offices
- Lack of records Approval of the Information None
management Information Security Security Policy
Policy approved by the
Accounting Officer
Records Lack of -Lack of departmental file -Ministry file plan approved -Consultation Workshops have To finalise
Management adequate plan -Department file plan submitted to workshops been conducted workshops with the
record -Lack of approved records National Archive for approval with various Ministry
management and registry policy -Draft registry manual business units on
implementatio -Lack of file plan -Draft record management policy the file plan (95%)
n in the implementation -Human Resource Management
department -Lack of awareness of records filed
registry functions by -Management of incoming and
employees outgoing mails
Development of the Plan for
Reengineering of the Registry
Page 33 of 51
Programme 2: Social Transformation and Economic Empowerment
Programme 2: Social Transformation and Economic Empowerment consists of three

chief directorates which are:
 Economic Empowerment and Participation,

 Social Empowerment and Transformation and Governance Transformation,
 Justice and Security.
Programme 2 had 6 mitigation plans that were due for reporting in the 3rd quarter. Out of
the 6 mitigation plans, all these mitigation plans have been fully implemented.
Commentary note:
Major progress has been made towards the implementation of all risk mitigation plans
thus far.
Page 34 of 51
Graphical Presentation of the above analysis
PROGRAMME 2:STEE
6 6
1
0 0
0
Page 35 of 51
3rd quarter detailed Progress on Implementation of Risk Mitigation Plans

UNIT RISK PLAN(S) MITIGATION PLANS ACTION
/CONTROLS
Economic Fewer women -Departments not -Presidential Directive on -Follow-up -The Report was None
Empowerment economically responding, timeously reporting requirements by engagements with presented to ESEID
and Participation empowered and with the relevant departments sector departments cluster department on
through information (Correspondence bi- the 12 October 2016.
government -Reports by departments lateral, telephonic or
programs -Lack of skilled human analysed and feedback provided electronic) -Subsequently, a
resources follow-up meeting with
DST EXCO to present
-Lack of gender individual
mainstreaming departmental report
expertise in sector took place on the 21
departments November 2016.
-Other departmentsi.e.
DoE, DoL, and
DRDLR with
outstanding reports
were telephoned and
the results were
incorporated in the
report.
Page 36 of 51
/CONTROLS
Social Delays in - No policy framework -Convene Steering Committee -Development of Steering Committee None
Empowerment women's social in place on sanitary Government Wide Working Group
and empowerment dignity project. -Reports by departments Sanitary Dignity convened and
Transformation and societal analysed and feedback provided Policy Framework Sanitary Dignity
transformation Indaba to develop
Framework scheduled
in February 2017
Governance Delays in -Inconsistent -Stakeholder engagements -Consultation on the Consultation with None
Transformation, gender institutionalisation of National Policy Governance &
Justice and mainstreaming Gender Focal Points in -Analysis of VAWC management Framework on Administration cluster
Security terms of placement and to inform an integrated approach gender departments on the
level mainstreaming and position paper/concept
-Draft national policy framework
GFPs note held.
-Lack of standardisation on gender mainstreaming and
of GFP functions GFPs Cabinet Memo has
been Developed
-Inadequate integrated
approach to VAWC
-Out-dated National
gender policy
framework
-Delays in consultation
process
Page 37 of 51
/CONTROLS
-Discussion A refined Discussion None

document on the Document on VAWC
analysis of VAWC was developed
management
'VAWC discussion
document/concept
note incorporated into
National Dialogues,
National dialogues
Pilot Report has been
drafted
-Consultation with Discussions with UN None

key government Women Organization
departments on GRB on Gender
(Quarterly Responsive Budget
were held, Draft
Internal discussion
position paper was
consulted with
National Treasury,
DPME and Stats SA.
-Follow-up -The Report was None

engagements with presented to ESEID
sector departments cluster department on
(Correspondence bi- the 12 October 2016.
Page 38 of 51
/CONTROLS
lateral or telephonic) -Subsequently, a

follow-up meeting with
DST EXCO to present
individual
departmental report
took place on the 21
November 2016.
-Other departments
with outstanding
reports were
telephoned and the
results were
incorporated in the
report.
The Report was None

presented to ESEID
cluster department on
the 12 October 2016.
Subsequently, a
follow-up meeting with
DST EXCO to present
individual
departmental report
took place on the 21
November 2016.
Other departments
with outstanding
Page 39 of 51
/CONTROLS
reports were
telephoned and the
results were
incorporated in the
report.
Page 40 of 51
Programme 3: Policy, Stakeholder and Knowledge Management
Programme 3: Policy, Stakeholder and Knowledge Management consist of
 Research and Policy Analysis,

 Information and Knowledge Management,
 Stakeholder Coordination and Outreach and
 Monitoring and Evaluation.
Programme 3 had 18 mitigation plans that were due for reporting in the 3r quarter. Out
of the 18 mitigation plans sixteen (16) are fully implemented, this translates into 88%.
One (1) partially implemented of which it translates into 6% and one (1) not
implemented this translates into 6%. This is depicted in the graph below
Page 41 of 51
Graphical presentation of the above interpretation
PROGRAMME 3:PSKM
18
18 16
16
14
12
10
4
1 1
2
0
Page 42 of 51
3rd quarter detailed Progress on Implementation of Risk Mitigation Plans

/CONTROLS PLANS
Research Insufficient -Lack of single -One on one interactions Collaborations with Meeting held with None
and Policy research and cohesive coordinated with relevant departments specific departments the Chief Director:
Analysis information process for research and stakeholders to obtain and research Agri-Parks at the
on policy on gaps in women's information institutions Department of
development socio-economic -Gender perspective inputs Rural Development
nationally on empowerment and on draft policies and Land reform on
the nine point gender equality the inclusion of
plan to impact -Fragmented nature of women in access to
government research topics, policy and benefit on the
priorities, makers and Agri-parks
plans and Implementers programme.
programmes - Irrelevant and gender Contacts
for women's insensitive research established with the
socio- with minimal impact to Medical Research
economic current government Council and the
empowerment priorities and plans research strategy
and gender -Dependency on shared with them.
equality external partners for The research
research and data strategy also
inputs causes shared with the
lack/poor of analysis of CGE and the
data Department of
Basic Education
Page 43 of 51
/CONTROLS PLANS
Q3 Developing a Research Strategy None
research strategy with including the
a national research Research agenda
agenda that is finalised in quarter
focused on the nine 3
point plan
Information Limited - No formal -Individual units currently -Resourcing of the The engagement
and access to institutional sourcing their own IKM unit with the National
Knowledge information arrangements that information though Office of Treasury on
Management and gives the department the Director-General resourcing for IKM
knowledge access to information -Establishment of IKM unit was incorporated
and knowledge -Open access to internet as part of the bigger
-Lack of coordinated engagement for the
approach to gathering whole departmental
information needs with National
-Absence of DoW Treasury; this has
knowledge repository yielded results in
-Lack of knowledge that DoW has
sharing platform with received additional
stakeholders funding for human
capacity needs as
Page 44 of 51
/CONTROLS PLANS
of 2018/19 financial
year.
During this quarter
(Q3), there was a
strategic
engagement
initiated by the
Minister on the
most appropriate
location of IKM into
the Research and
Policy Analysis unit.
This would assist in
appropriately
resourcing IKM in
terms of human
capacity
Page 45 of 51
/CONTROLS PLANS
- Collaborations withIn quarter 3, there
stakeholders in was an external
preparation for the consultation with
knowledge audit GCIS to benchmark
the Knowledge
Audit process. A
questionnaire
template was
provided for DoWs
Gender Sector; IK benchmarking
Repository developed exercise
The taxonomy was
developed in
August and
maintained through
the use of
taxonomic
organization
categories in
quarter 3
Stakeholder Inadequate - Lack of positive -Outreach initiatives that Circular signed by the Circular has not Request for the
Coordination awareness on support from raise awareness and give DG appointing been drafted meeting with the
out
Page 46 of 51
/CONTROLS PLANS
and socio- Stakeholders information on what the internal task team DG to discuss and
Outreach economic especially civil society government offers in Meetings with key finalise will take
empowerment - Lack of knowledge improving the lives of stakeholder place in the 4th
and women's about the department women quarter
rights in some community -Inter-departmental
- Lack of a referral committees facilitated to
system that is implement issues raised
functioning within the during community
department engagements Meetings with
- Lack of tracking -Working closely with stakeholders took
system on issues sectors to make sure that place in preparation
Personnel to young women are of the 16 days of
continuously update empowered Activism including
the stakeholder meetings with
database. stakeholders on
365 Days of
Activism
Reports with Back to office

recommendations to reports following
the DG stakeholder
engagements have
been written and
submitted
-Lack of awareness Liaise with the Distribution of

raising on the Communication Unit information material
existence and to print pamphlets on during the 16 days
mandate of the the mandate of the of activism which is
department departments and part of knowledge
women’s rights sharing. The
Page 47 of 51
/CONTROLS PLANS
National Dialogues
in Limpopo
provided a platform
for knowledge
sharing and
awareness rising
with grassroots
communities.
Stakeholder Tarnished -Lack of timely -Forward planning and -To request the Chief Director has
Coordination image of the procurement of meetings for events department to explore been appointed to
and department services by SCM -Involvement of other key the possibility of manage outreach
Outreach -Lack of transparency participants within internally appointing an events initiatives
from SCM on the and externally coordinator Submission for
preferred suppliers -Constance engagements -Improve on the procurement are
-Lack of local with political and timeous appointment being submitted to
economic management to get of the service SCM on time
empowerment in line directions and guidance on providers
with Preferential coming events
Procurement Act -Seeking financial
-Lack of benchmarking sponsorship
Stakeholder Lack of -Lack of proper -Department is participating - Multi-sectorial The Director- The first sitting of
Coordination coordination planning for in the Inter-departmental committee across all General has just the task team will
and mechanisms international Committee on international sectors to coordinate approved the be held before the
Outreach engagements reporting international establishment of the end of the fourth
-Lack of proper -Stakeholder consultation commitments Interdepartmental quarter
coordination -Reports on International Task Team that will
Page 48 of 51
/CONTROLS PLANS
-Lack of feedback from obligations are submitted be responsible for
international -Department participate in international
engagements international engagements Relations Reporting
-Lack of systems to -Participation reports Obligations and
monitor international developed management of
commitments multilateral
-Lack of internal engagements
coordination -Finalise concept Concept paper
- Lack the departments paper. finalised
fully participation in the
inter-departmental -Regular attendance -CSW Consultative
committee on the Meeting with Civil
interdepartmental Society organisation
committee was held on 9
November 2016
st
-1 Consultation
meeting with DIRCO
st
on 61 Session of the
CSW was held 23
November 2016
-Inter-departmental
meeting on the
African Union 2017
theme was held 7
December 2016
-Interdepartmental
Task Team meeting
on International
reporting was held 20
October 2016
Monitoring Lack of -Availability of -Letter signed by DG to -Letter signed by DG The letter to various None
and Reporting Strategic Plans and departments requesting to departments DGs was written
Evaluation systems to APPs of other information requesting information and 44 APPs were
provide departments -Reports received from received for
Page 49 of 51
/CONTROLS PLANS
guidance to -Timeously and quality other departments analysed analysis
sector of Strategic Plans and -Follow-ups with
departments APPs departments that have not
-In year review of submitted
Strategic Plans and -Concepts documents on -Reports received Reports received None
APPs and lack of the M & E systems from other from other
influence departments analysed departments have
-Departments been analysed
reporting on irrelevant -Follow-ups with All departments None
information than what departments that have have submitted
is required not submitted
-Lack of response from
sector departments on -Concept document M&E Framework None
the required on the M & E systems has been approved
information by the Minister
-Lack of clear
guidelines from the
department on
required information
Page 50 of 51
SECTION D
6. Conclusion and way forward
The cooperation and support from business units is improving in respect of risk
management and the risk management unit is continually striving to improve in all
areas of the risk management function.
Page 51 of 51

3rd Quarter Risk

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

3rd Quarter Risk

Uploaded by

Copyright:

Available Formats

3rd QUARTER RISK MANAGEMENT

REPORT TO THE AUDIT AND RISK

Quarter 3 Risk Management Report Page 2

The report layout;

 Progress against the Risk Management implementation plan 2015/16

 Summary of risk progress for Quarter 3

 Conclusion and way forward

Quarter 3 Risk Management Report Page 3

Quarter 3 Risk Management Report Page 4

2 Non Compliance with Governance legislations

3 Inadequate Implementation of legislation to promote the

4 Inadequate ICT Infrastructure & Systems

6 Fraud, Corruption & Misconduct

7 Inadequate capacity (Human & Skill)

Quarter 3 Risk Management Report Page 5

Quarter 3 Risk Management Report Page 6

DEPARTMENTAL RISK MITIGATION Q2 AND Q3

Quarter 3 Risk Management Report Page 7

3. Progress against the Risk Management implementation plan

# Planned Risk Expected output Progress to date

2. Activities still outstanding as per the plan and remedial Actions

MITIGATION PLAN(S) PROGRESS ON ACTION PLAN

-Monthly reporting and - Quarterly Performance

-Development of the business case -The Business Case has

(a) EA to the HoD in terms

(b) HoD to Performer

(c) EA to the HoD in terms

(d) HoD to Performer

- Implementation of departmental - MPAT Improvement Plan - Continue with quarterly

- Information & knowledge sharing - Knowledge repository

DoW documents such as

The National Dialogue in

- Monitoring the implementation of concurrence in September

Programme1 consists of 10 units/directorates which are:

 Strategic Planning and Reporting

ROOT CAUSES CURRENT CONTROLS MITIGATION PROGRESS ON CORRECTIVE

- Monitor quarterly Quarterly reports This is going to be

- Branches to submit Branches submit This is going to be

The Directorate: During the third The Directorate

- Annual leave plan

training -Nomination forms to Nomination forms None

Programme 2: Social Transformation and Economic Empowerment consists of three

 Economic Empowerment and Participation,

ROOT CAUSES CURRENT CONTROLS MITIGATION PROGRESS ON CORRECTIVE

-Discussion A refined Discussion None

-Consultation with Discussions with UN None

-Follow-up -The Report was None

lateral or telephonic) -Subsequently, a

The Report was None

Programme 3: Policy, Stakeholder and Knowledge Management consist of

 Research and Policy Analysis,

ROOT CAUSES CURRENT CONTROLS MITIGATION PROGRESS ON CORRECTIVE

Reports with Back to office

-Lack of awareness Liaise with the Distribution of

6. Conclusion and way forward

You might also like