In today’s complex operating environment the importance of risk management has become more evident. There are several national initiatives guiding this process, yet many public sector organisations face serious challenges regarding the implementation of the risk process.
In terms of prevailing legislation (the PFMA and MFMA) an accounting officer should ensure that their organisation has and maintains effective, efficient and transparent systems of financial accounting, risk management and internal control. Most of us know what financial accounting and internal control are, but what exactly is risk management?
Is it a number of risk profiles and a framework vested in one or a few officials, or is it a deeper process that needs to be embedded into the behaviour of an organisation?
An analysis of the various definitions of enterprise risk management (ERM) revealed that a number of similarities are evident:
• it is a process
• effected by people
• applied across the entity
• designed to identify events potentially affecting the entity’s ability to manage risk in accordance with its risk appetite and
• to provide reasonable assurance, and
• it is geared to the achievement of objectives.
So do we implement ERM merely to comply with the prevailing legislation, or do we implement it because it is value-adding and designed to improve service delivery?
The reality is that although a large number of organisations do possess a strategic and the occasional operational risk profile and have adopted a risk management framework, these organisations are usually in the very basic stages of the ERM implementation process.
This is due to a number of challenges, including:
• Lack of ownership of the risk management process.
• Lack of understanding of ERM and the benefits of ERM.
• The risk management department is set up at the incorrect level.
• Risk management is viewed as a compliance exercise.
For enterprise risk management to be effectively implemented, these challenges need to be carefully considered and addressed.
This will help ensure that the ERM process adds value to the achievement of the strategic objectives.
This will ultimately result in improved service delivery for the organisation, better accountability and, in the long run, a more satisfied community.