TREASURY REGULATIONS’ CHANGES AND POTENTIAL IMPACT OFFICE OF THE ACCOUNTANT-GENERAL Presenter:...
-
Upload
lucas-malone -
Category
Documents
-
view
216 -
download
0
Transcript of TREASURY REGULATIONS’ CHANGES AND POTENTIAL IMPACT OFFICE OF THE ACCOUNTANT-GENERAL Presenter:...
TREASURY REGULATIONS’ CHANGES AND POTENTIAL IMPACT
OFFICE OF THE ACCOUNTANT-GENERAL
Presenter: Risk Management Support | National Treasury | August 2014
BACKGROUND
2
CURRENT TREASURY REGULATIONS
Part 2 Management Arrangements
3. Internal control
“3.2.1 The accounting officer must ensure that a risk assessment is conducted regularly to identify emerging risks of the institution. A risk management strategy, which must include a fraud prevention plan, must be used to direct internal audit effort and priority, and to determine the skills required of managers and staff to improve controls and to manage these risks.
The strategy must be clearly communicated to all officials to ensure that the risk management strategy is incorporated into the language and culture of the institution”.
TRs Updated October 2012
3
CURRENT TREASURY REGULATIONS Cont...
“3.2.7 An internal audit unit must prepare, in consultation with and for approval by the audit committee –
(a) a rolling three-year strategic internal audit plan based on its assessment of key areas of risk for the institution, having regard to its current operations, those proposed in its strategic plan and its risk management strategy”.
TRs Updated October 2012
4
PROPOSED RISK MANAGEMENT CHANGES
Chapter 4: Corporate Governance
Part 1: Internal control
16 (2) The system of internal control referred to in sub-regulation (1) must consist of the following components:
(a) Control environment;
(b) risk assessment;
(c) control activities;
(d) information and communication; and
(e) monitoring activities.
5
PROPOSED RISK MANAGEMENT CHANGES Cont…
Part 2: Risk Management
22 (2) The system of risk management referred to in subregulation (1) must at least include –
systematic process to identify and document the key risks in a risk register regardless of whether or not such risks are within the direct control of the institution;
a fraud and corruption prevention strategy and plan; review of the business continuity plan; assessment of risks within SCM processes, including the awarding of
bids; assessment of occupational health and safety risks; establishing the risk tolerance and risk appetite levels of the
institution; and an assessment of operational losses
6
FORA FOCUS AREAS
Previous Fora Topics
• Business Continuity Plan
• Fraud Risk Assessment
• Risk Appetite and Tolerance
• Information Technology
• Combined Assurance
Other Topics
• Supply Chain Management
• Assessment of Operational
Losses
• Assessment of OHS Risks
7
BCP ISSUES DISCUSSED
• What is a business continuity plan?
• What should be considered when developing a business continuity plan?
• Who are the key stakeholders in developing a BCP?
• Is it a function for risk officers?
• How does a BCP relate to identified risks?
• Is there an acceptable standard or framework that should be followed in
developing BCPs?
• What are the typical issues raised by assurance providers about BCPs?
8
THE 6 ELEMENTS OF THE BCM LIFECYCLE
1. Understand the Organisation
2. Determine the BCM strategy
3. Develop & implement a BCM
response
4. Exercise, maintain & review
5. Establish BCM policy and
programme management
6. Embed a BCM Culture
9
SERVICE CONTINUITY PLANS
SOUTH AFRICA EARTHQUAKE KILLS ONE, 17 MINERS INJURED
POWER FAILURE AT SITA CENTURION
10
FRAUD RISK ASSESSMENT ISSUES DISCUSSED
• What is Fraud Risk Management
• Minimum Requirements for an Effective Risk Management Programme
• Fraud Risk Management Reports
• Role of Chief Risk Officer
• Expectations of Assurance Providers on the Assessment and
Management of Fraud Risks
• Challenges that Affect the Successful Implementation of FRM Plans
11
IT RISK GOVERNANCE ISSUES DISCUSSED
• IT risk is a business risk specifically associated with the use, ownership, operation,
involvement, influence and adoption of IT within an enterprise.
• It consists of IT-related events that could potentially impact the business. It can occur
with both uncertain frequency and magnitude, and it creates challenges in meeting
strategic goals and objectives;
• Aims to prioritize and manage IT risk;
• Senior executives need a frame of reference and a clear understanding of the IT
function and IT risk associated with it;
• IT risk is not just a technical issue; and
• Organisation managers determine what IT needs to do to support their business;
they set the targets for IT and are accountable for managing the associated risks.
12
DPSA
THE RELATIONSHIP BETWEEN IT RISK & IT AUDIT
Source: National Treasury Internal Audit - Information Systems Audit Methodology 13
RISK APPETITE & TOLERANCE ISSUES DISCUSSED
14
RISK APPETITE & TOLERANCE ISSUES DISCUSSED
• ;
15
SCM & OPERATIONAL LOSSES
..
16