3rd Quarter Risk
3rd Quarter Risk
3rd Quarter Risk
Section 38(1)(a)(i) and 51(1)(a)(i) of the Public Finance Management Act, (Act No 1 of 1999
as amended by Act No. 29 of 1999), require Accounting officers to ensure that their
institutions have and maintain effective, efficient and transparent systems of risk
management. The primary objective of the risk management function is to ensure that the
Department of Women improves and sustains its performance by protecting the organisation
from adverse outcomes and optimising on opportunities.
To give effect to this objective, a risk assessment was undertaken with all business units in
the Department in order to identify risks that could impede the attainment of objectives and
to determine the levels of controls and action plans that are currently in place to mitigate the
risks.
SECTION A
Executive Summary
SECTION B:
SECTION C:
SECTION D:
2. Executive Summary
2.1. Summary of Strategic Risk Mitigation Progress for Quarter 3
Below is summary of Strategic Risk Mitigation Progress for Quarter 3. In each there is
progress in terms of implementation even through the mitigation action are not fully
implemented:
Legends:
Fully
Implemented
5 Reputational Risk
Interpretation:
The total number of Strategic Risks identified is seven (7) and twenty (20) mitigation plans
were identified. Out of the 20 mitigation plans identified five (9) have been fully implemented
of which translates into 45% and fifteen (11) are still work in progress this translates into
55%
Interpretation:
The risk assessment report reflects a total of 71 risk mitigation plans that were due
for reporting in the 3rd quarter excluding strategic risks. It is recorded that 58 (82%)
have been fully implemented, 12 (17%) partially implemented and 1 (1%) not
implemented.
0
Not Achieved
10
13
QUARTER 3
Partially Achieved(Work in Progress)
21 QUARTER 2
58
Achieved
40
0 10 20 30 40 50 60
The Risk Management Plan is developed to effect the implementation of the Risk
Management Strategy and outlines what risk management activities aimed at
entrenching a risk aware culture and a risk smart workforce within the department.
The planned activities form the basis for quarterly risk management reporting to the
Audit and Risk Committee.
1. The following were planned overall key activities against this plan which have been
fully or partially achieved since 2015/16 to date.
Page 8 of 51
# Planned Risk Expected output Progress to date
Management activities
as per the plan
Strategy) during the fourth quarter of
2015/16.
5 Establish a Risk Mitigation Risk Mitigation Risk Mitigation
Committee and draft the Committee Committee was
ToRs thereof. established and members
were formally appointed by
the Director General.
6 Facilitate the execution of Approved progress Progress reports
ERM processes and reports: Present are presented to various
infrastructure progress reports at stakeholders at various
various intervals intervals e.g. bi weekly at
EXCO, monthly at MANCO
and quarterly at ARC.
Overall achievement as a percentage: The plan has 11 planned actions of which only
6(55%) have been achieved and 5 (45%) are still outstanding.
Page 9 of 51
SECTION C
4. Detailed Progress against Strategic Risk Mitigation Action for 3rd Quarter
Below is a detailed progress against strategic risk mitigation action for each risk:
1.Non achievement of - Non achievement of the desired -Develop departmental strategic - Planning, Monitoring and - To develop departmental
DoW mandate impact on women lives plan procedures Reporting Policy has been strategic plan procedures
developed and approved. this will be prioritised in the
-Insufficient budget allocated to The departmental strategic next financial year.
the department plan procedure will be
developed to align to the
-Non alignment and inefficient
policy
utilization of the resources
activities
Page 10 of 51
MITIGATION PLAN(S) PROGRESS ON ACTION PLAN
STRATEGIC RISK RISK CONSEQUENCE
/CONTROLS MITIGATION PLANS
2.Non Compliance with - Fruitless, Wasteful & irregular - Training & awareness on All policies are circulated to To provide awareness on
Governance legislations expenditure legislations staff via email and policies to all staff in the
-Adverse Audit opinion displayed on the Intranet fourth quarter
-Possible litigation
-Poor service delivery -Review Delegations Approved and signed HR
Delegations in terms of the
Public Service Act, 2007,
and Public Service
Regulations, 2016 which
are:
Page 11 of 51
MITIGATION PLAN(S) PROGRESS ON ACTION PLAN
STRATEGIC RISK RISK CONSEQUENCE
/CONTROLS MITIGATION PLANS
3. Inadequate -non achievement of the desired - Monitor and publish progress on -The Report was presented
Implementation of impact on socio-economic the implementation of policies, to ESEID cluster
legislation to promote the empowerment of women and programmes and efforts for department on the 12
women agenda (socio- advancement of gender equality women's empowerment for October 2016.
economic empower,) domestic, national and international
-Subsequently, a follow-up
meeting with DST EXCO to
present individual
departmental report took
place on the 21 November
2016.
Page 12 of 51
MITIGATION PLAN(S) PROGRESS ON ACTION PLAN
STRATEGIC RISK RISK CONSEQUENCE
/CONTROLS MITIGATION PLANS
Distribution of information
material during the 16 days
of activism which is part of
knowledge sharing.
Page 13 of 51
MITIGATION PLAN(S) PROGRESS ON ACTION PLAN
STRATEGIC RISK RISK CONSEQUENCE
/CONTROLS MITIGATION PLANS
4. Inadequate ICT - Fruitless, Wasteful & irregular -Review & finalization of the costed - ICT Governance
Infrastructure & Systems expenditure ICT strategy Framework of the
-Adverse Audit opinion Department is under
-Monitor implementation of the ICT
-Possible litigation development stage (work in
strategy
-Poor service delivery progress).
-Testing of systems for service - Systems are tested on a - Continue system testing
continuity quarterly basis for service on a quarterly basis
continuity
st
5. Reputational Risks -poor public image -Monitor implementation of the - 1 phase of the - Communication Strategy
-Lack of public confidence communication strategy Communication Strategy, is being implemented in
-Delays & reversal in women's -Quality assurance standards for viz. the annual phases
socio economic empowerment publications communication plan
and societal transformation -Standard operating procedures implemented
-gender equality manual
6. Fraud, Corruption & -Misappropriation and abuse of -Training and awareness on - Ethics training has been - To conduct fraud and
Misconduct assets/power policies & procedures conducted with all staff ethics management
- Adverse Audit opinion awareness sessions on the
-Irregular ,fruitless and wasteful - Fraud Prevention Policy fourth quarter.
expenditure 15/16 and Fraud
-Reputation risk Prevention Plan 15/16 Awareness on key policies
developed and approved on SCM and Finance to be
conducted in the fourth
quarter.
7. Inadequate capacity -Poor service delivery -HRD based on classification of the List of improved
(Human & Skill) required skills qualifications was
-Monitoring the implementation of submitted to DPSA for
the recruitment, selection process
Page 14 of 51
MITIGATION PLAN(S) PROGRESS ON ACTION PLAN
STRATEGIC RISK RISK CONSEQUENCE
/CONTROLS MITIGATION PLANS
Page 15 of 51
5. 3rd quarter Progress on Implementation of Risk Mitigation
Plans per Programme.
Programme 1 had 48 risk mitigation plans that were due for reporting in the third
quarter. Out of the 48 mitigation plans 36 are fully implemented, which translates into
75%, and 12 are partially implemented/still work in progress of which translates into
25%.
Commentary Note:
Substantial progress has been made towards implementing all risk mitigation
plans.
Page 16 of 51
PROGRAMME 1: ADMINISTRATION
48
50
45
36
40
35
30
25
20
12
15
10
0
5
0
Total Achieved Partially Achieved Not Achieved
Page 17 of 51
Below is the progress against each risk mitigation action for Programme 1:
Strategic Inadequate '- Lack of branch meetings - Standardised reporting template - To issue non- Branches and Units This is going to be
Planning and and to discuss quarterly - Performance management policy compliance letters to submitted on time done when non-
Reporting misaligned performance reports DDG's and Heads of however , it was compliance is
reporting of Unit for non- returned back to noted.
performance address some
Page 18 of 51
ROOT CAUSES CURRENT CONTROLS MITIGATION PROGRESS ON CORRECTIVE
UNIT RISK PLAN(S) MITIGATION ACTION
/CONTROLS PLANS
information incomplete quarterly in place compliance comments from
submitted by reports - Circular for operational SMU
branches - Submission in a form of procedure for reporting
malicious compliance - Quality assurance and internal
-Non-compliance of due audit report
dates - Non- compliance report issued
for programmes
- Reports and evidence files are
signed off by DDGs and Heads
Page 19 of 51
ROOT CAUSES CURRENT CONTROLS MITIGATION PROGRESS ON CORRECTIVE
UNIT RISK PLAN(S) MITIGATION ACTION
/CONTROLS PLANS
Further more
evidence was
loaded on the
MPAT system on
20 October 2016.
This was
delegations in
terms of the Public
Service
Regulations which
were signed off
after 30 September
2016
3rd
Internal Inability to - Lack of risk governance - Risk Mitigation Committee - Quarterly reports quarter reportThe fourth quarter
Operations institutionalise structures Members appointed on risk mitigation developed and report is going to
Efficiency risk - Lack of risk - Risk Management Framework in action presented to the be developed and
management understanding by braches place Audit and Risk presented to the
and business units - Operational Risk workshops Committee Audit and Risk
- Risk management may conducted Committee
not be integrated into - Risk mitigation quarter progress scheduled to take
strategic management report developed place in April.
processes - Risk Mitigation Risk Mitigation The next meeting
- Lack of monitoring for Committee to meet Committee met on is going to take
rd
risk mitigation action every quarter the 3 of February place in March
2017 before the end of
this financial year.
Page 20 of 51
ROOT CAUSES CURRENT CONTROLS MITIGATION PROGRESS ON CORRECTIVE
UNIT RISK PLAN(S) MITIGATION ACTION
/CONTROLS PLANS
Internal Audit Failure to - Insufficient human - Resourced planning of the The Office of the National Treasury Continue to work
complete resources internal audit activities Accountant-General provides Internal with National
Internal Audit - Lack sufficient skills to - The Department entered into will periodically Audit Support to the Treasury as and
plans perform audit work agreement with National Treasury second an official to Department’s when necessary
- Ad hoc internal audit to provide internal audit support to provide internal audit Internal Audit
assignment from the internal audit activity of the support to the function as when
management and the Department Directorate: Internal necessary.
Audit and Risk Committee - Audit and Risk Committee to Audit
assess the resource requirements
of the Directorate: internal audit
and recommend appropriate staff
composition to Management of the
Department
Internal Audit Lack of '- Audit scope limitation - Internal Audit Charter Review Internal Internal Audit This will continue
independence - Interference with audit - Internal Audit activity overseen Audit Charter Charter was tabled, as required.
and objectivity work by the Audit and Risk Committee annually discussed and
in - Inadequate internal audit - Dedicated internal audit budget approved by the
performance authority - Internal Audit Plans are ARC in the ARC
of audit work - Status of internal audit in endorsed by MANCO and meeting held on the
the Department's approved by the Audit and Risk 27 October 2016.
Page 21 of 51
ROOT CAUSES CURRENT CONTROLS MITIGATION PROGRESS ON CORRECTIVE
UNIT RISK PLAN(S) MITIGATION ACTION
/CONTROLS PLANS
organisational structure Committee Quarterly Reporting Quarterly Internal This is going to
- Internal Audit plans that - Internal Audit dual reporting lines to the Audit and Risk Audit Reports are continue as
are not informed by the to the Director-General and the Committee presented at planned.
risk assessment results Audit and Risk Committee MANCO, EXCO
- Annual Departmental Risk and Audit
Report Committee
Presentation of Internal Audit Plans This process is
Internal Audit Plans were presented and going to continue
to MANCO and the accepted by annually until the
Audit and Risk MANCO. They final approval.
Committee were also
presented and
discussed and
subsequently
approved by the
Audit and Risk
Committee
Financial Non - Inadequate alignment of -SCM and financial delegations in -Strengthening of Enforcing of
Management Compliance financial and SCM policies place awareness and procurement
with and procedures - Financial instructions issued to enforcing SCM processes has
Governance -Non-payment of suppliers officials policies and been done to
legislations : within the prescribed 30 - Financial Policies are in place procedures eliminate irregular
• Sec 38 days period - Awareness creation expenditure.
• Sec 39 – .-Circumvention of SCM - Strengthening of financial SCM policy have
Budget and financial policies controls been drafted,
Responsibiliti - Unauthorised - Asset register in maintained on approved and
es expenditure excel implemented
• Sec 40 - - Irregular expenditure - Enforcing controls on movement SCM circular has
Reporting - Lack of understanding of assets been issued on
Responsibiliti from officials in the Abuse of SCM
es processes
- Implementation of Consequence Continuous
consequence management monitoring of
Page 22 of 51
ROOT CAUSES CURRENT CONTROLS MITIGATION PROGRESS ON CORRECTIVE
UNIT RISK PLAN(S) MITIGATION ACTION
/CONTROLS PLANS
management implemented on deviations will take
payments outside place
of 30 days
department -Bi-annual and annual physical - Training people to SCM staff attended none
- Late submissions of verification of asset register migrate to LOGIS Logis training since
required reports -Budget committee in plan Nov 2015 in phases
- Lack of policies and -Continuous monitoring of the
guidelines budget
- Inadequate internal - Budget committee Monthly Budget The monthly
controls to meet monthly and Committee in place, meetings to
- Inadequate practices in go through budget chaired by the continue as
management of assets expenditure Accounting Officer scheduled.
- Incomplete asset
register
- Movement of assets not
properly control and
documented
Human Mismanagem -Lack of monitoring of -Leave management policy -Develop HR Draft HRM in Finalise business
Resource ent of leave leave trends and patterns -Leave administrators standard operating process of processes.
Management by supervisors -Leave plan circular procedures for the development and
-Lack of monitoring the -Warning letters for late administration of consultation
personnel attendance leave.
- Submission for re-
appointment of
Leave
Administrators
submitted to DG for
approval.
- Submission sent
to the DG for
approval.
Page 23 of 51
ROOT CAUSES CURRENT CONTROLS MITIGATION PROGRESS ON CORRECTIVE
UNIT RISK PLAN(S) MITIGATION ACTION
/CONTROLS PLANS
- A communiqué
approved by the
DG was circulated
to employees for
submission of
annual leave plans.
- Circulated to all
staff
- A standard
warning letter was
developed to
address non-
compliance. On-going as the
need arises
Standard letter for
non-compliance
developed, signed
by DG/CD: CM and
given to respective
employees/supervis
or
Page 24 of 51
ROOT CAUSES CURRENT CONTROLS MITIGATION PROGRESS ON CORRECTIVE
UNIT RISK PLAN(S) MITIGATION ACTION
/CONTROLS PLANS
register by supervisors submission of leave forms -Consequence Standard letter for On-going as the
-Late and non-submission -Manual Register and management for non-compliance need arises
of leave forms reconciliation of leave forms non-compliant developed, signed
-Non-compilation of -Attendance registers employees by DG/CD: CM and
annual leave plan and/or -Attachment of the leave credits given to respective
adherence to annual available employees/supervis
leave plan or
-Lack of leave verification
and reconciliation
-Absenteeism, late
coming and early leaving
by staff
-Late capturing of leave
Human Lack of -Lack of departmental -Dedicated training budget Quarterly training Quarterly training On-going as the
Resource adequate skills development plan -Skills audit conducted report report submitted to need arises
Management training -Employees' non- PSETA on 07
opportunities availability or non- October 2016
attendance of scheduled
Page 25 of 51
ROOT CAUSES CURRENT CONTROLS MITIGATION PROGRESS ON CORRECTIVE
UNIT RISK PLAN(S) MITIGATION ACTION
/CONTROLS PLANS
Human Ineffective -Late/non-submission of '-PMDS policy and SMS Consequence Standard letter for None
Resource performance performance work plans Handbook management for non-compliance
Management management and agreements -Circular on implementation of non-compliant developed, signed
of employees -Lack of system employees by DG/CD: CM
understanding/commitme -Workshops provided on
nt of PMDS policies and implementation of system
procedures by managers, -Progress reported to
supervisors and EXCO/MANCO
employees -Moderating Committees
-Performance agreements
and work plans not
aligned to the Annual
Performance Plan
-Late/non-submission of
prescribed performance
assessments
-Late/non-submission of
prescribed performance
moderations
-Inadequate interventions
for poor performance
Human Delayed -Jobs not profiled and -Recruitment and Selection policy -Finalise job 88.0% of job Finalise job
Resource recruitment evaluated prior to -1 contract worker descriptions and evaluated descriptions and
Management and selection advertisement of posts -1 employee temporarily from evaluate all jobs evaluation process
processes to -Limited capacity to Facilities by the 31 March
fill funded handle responses to 2017.
vacancies applications received
-Limited capacity to -Monitor Progress reported
manage recruitment and implementation in Q2 HR Oversight
selection volumes Report
-Delayed security
screening of qualifying
candidates
ICT Lack of ICT -Lack of policy on ICT -Anti-virus contract with the -Approval of ICT Monthly meeting To be presented to
security security to guide the external service provider in place security policy held with Info Gaud the ICT Steering
Page 26 of 51
ROOT CAUSES CURRENT CONTROLS MITIGATION PROGRESS ON CORRECTIVE
UNIT RISK PLAN(S) MITIGATION ACTION
/CONTROLS PLANS
controls implementation of the -Reporting of the monitoring of and SITA regarding Committee that is
controls security activities conducted activities and scheduled for the
th
-Lack of monitoring of the fortnightly security access 4 Quarter
implementation of the ICT -ICT policy draft implemented controls. Their
security controls -ICT security infrastructure in provision of report
- Exposure to logical place is used to
attacks such as malware determine the
and viruses accountability of
-Breach of IT contractual functions rendered
compliance with IT service with respect to the
providers agreed SLA.
-Logical access rights Register to
trespassing by users or physically access
unauthorized persons on the Server Room
active directory exist. For internal
--Exposure of sensitive or people Biometric
confidential information Access Control
due to media System is used.
loss/disclosure to Remote access is
unauthorized persons provided only upon
-Limited or inadequate IT a singed and
infrastructure and systems approved SLA with
to effectively support the the department. An
current and future needs option of bringing
of the department in an Dashboards
efficient, cost-effective systems which are
and well controlled to be used to pull
manner remote access logs
-Disclosure of has been discussed
department's information with Service
to unauthorized persons Providers
ICT 'Disruption of '-Loss of IT services due '-Monitoring tool in place to Finalise the Engagement with Sourcing
ICT services to Interrupted/ failure of monitor the servers implementation of SITA are in assistance from
utilities performance. -Disaster recovery plan in place disaster recovery progress to assist in SITA
-Exposure to business -Disaster recovery site has been operationalizing the
Page 27 of 51
ROOT CAUSES CURRENT CONTROLS MITIGATION PROGRESS ON CORRECTIVE
UNIT RISK PLAN(S) MITIGATION ACTION
/CONTROLS PLANS
and operational built DR Site
interruptions emanating -Backups are running every day
from loss of IT and are being monitored
services(down time) -IT personnel that are able to
-Absence of a functional attend to issues
Disaster Recovery Site -ICT contracts with SITA to Conduct testing on Test has been Continuous testing
may cause inability to support with disruption backups conducted and it to take place until
recover critical systems has been all the challenges
and applications in the determined that the are resolved.
event of a disaster systems are not
-Lack of backup policy backing up data,
implementation and and restoring also
testing posing some
-Lack of up to date challenges.
working equipment
Page 28 of 51
ROOT CAUSES CURRENT CONTROLS MITIGATION PROGRESS ON CORRECTIVE
UNIT RISK PLAN(S) MITIGATION ACTION
/CONTROLS PLANS
ICT Lack of -Misalignment of IT -Approved ICT Operational Plan -Continue with ICT A meeting is held Review the ICT
alignment of Projects with the strategic -ICT governance Committee and governance every quarter, Strategic Plan.
ICT activities objectives/outcomes of structure committee meetings minutes are kept as ITC Operational
to the the department -ICT up to date infrastructure in -Implement evidence. 2nd Plan as per
strategic -Separate or non- place approved ICT quarter meeting resolution of ICT
objectives of integration of IT within Draft ICT Strategic Plan Operational Plan was held on the Strategic
the business processes developed in 2015 will be -Continue monitor 28th of September. committee of the
department -Failure of the new IT reviewed ICT up to date The current 29 Sept 2016
systems and software’s to infrastructure operational plan for 5 year plan is
deliver the intended 2016/17 has been expected to be
results. approved. KPA 1 - completed by end
-Lack of up to date ICT Availability of of financial
policy infrastructure is year.Q4
-Lack of ICT governance managed through
implementation service level
agreement with
SITA .KPA2 -
Implementation of
system has been
reviewed as a
proposition of the
ICT strategic
committee due to
its lack of
measurability.
Critical deliverables
out of KPA 2 will be
indicated in the 5
year plan which is
expected to be
completed by end
of financial year.
SITA and InfoGaurd
reports within
meetings held to
Page 29 of 51
ROOT CAUSES CURRENT CONTROLS MITIGATION PROGRESS ON CORRECTIVE
UNIT RISK PLAN(S) MITIGATION ACTION
/CONTROLS PLANS
assess the findings
and outcome of the
infrastructure on a
monthly bases,
which is derived
from the monitoring
of systems and
functions provided
to the department.
Also used to assess
the business
continuity reliability.
Legal Exposure to - Failure to consult with -Legal services drafts contracts -Develop contract New contract To be finalised and
Services commitments legal services prior into only when consulted management management policy approved in
without valid entering into contracts register is still work in quarter 4
or binding - End-users utilise legal progress, inputs
contracts services as a reactive have been received
measure as oppose to from various
proactive stakeholders
- Non-involvement of legal
services timeously on the
inception/conceptualisatio
n stage of
agreements/decision
Page 30 of 51
ROOT CAUSES CURRENT CONTROLS MITIGATION PROGRESS ON CORRECTIVE
UNIT RISK PLAN(S) MITIGATION ACTION
/CONTROLS PLANS
-No contract management
systems in place
-Lack of policy on contract
management
Legal Failure to -Failure to explore all -Litigation register updated -Continuous Quarterly reports None
Services manage available avenues to regularly updating of the compiled for
litigations remedy existing situation -Quarterly reports on litigations litigation register submission to
properly -Inadequate capacity management submitted to DPSA DPSA
within the legal services -Services of the Offices of the Services of the
unit State Attorney and the State Law OSA and OCSLA
-Lack of litigations register Adviser utilised by the department utilised for legal
-Lack of clear instructions advice and
or conflicting instructions litigations
-Lack or limited
information to defends
actions instituted against
the department such as
original documents that
are supposed to be kept
by legal service but are
kept by end users or SCM
Inadequate contract
management
Legal Exposure of Lack of adequate Human -Guidelines for drafting and vetting '- Utilise circular on Circular on Finalise the
Services the Resources in the labour of departmental agreements in workflow process workflow process implementation
department to relations unit place being implemented and monitor
litigations -Lack of clear instructions utilisation thereof
or conflicting interactions
-Lack of
awareness/different
understanding of public
service prescripts by
those providing
instructions
Page 31 of 51
ROOT CAUSES CURRENT CONTROLS MITIGATION PROGRESS ON CORRECTIVE
UNIT RISK PLAN(S) MITIGATION ACTION
/CONTROLS PLANS
Auxiliary Partial - Minimal participation of -Awareness meetings and Quarterly Security Meetings were held -None
Services compliance some senior managers campaigns Committee Meeting with the landlord
with OHS act and junior staff on OHS -Communications circular and have resulted
issues in a joint evacuation
-Lack of an approved drill that took place
smoking policy and on 10/11/2016.
designated smoking room Buy microwaves for New microwaves -None
each floor bought, some
moved to the
kitchen from offices
Set up sickbay for Majority of Finalize the set-up
the department materials have of the sickbay
been delivered, we
are awaiting a bed
to be delivered.
Approval of the Smoking room Smoking policy will
smoking policy established be developed and
th
approved in the 4
quarter
-Appointment of OHS Committee None
OHS committee members appointed
members by the Accounting
Officer
Security Physical -Inappropriate security -Perimeter Fence -Monthly meetings Monthly meetings Continue with the
services security locks -Infra-Red beams with Security held with the monthly meetings
breaches -Inconsistence application -Metal detector Company security company as scheduled.
of security measures -High security locks installed in
ministry and top management
offices
Security - Loss or theft - Lack of control of Assets -Awareness raising & circulars - Engage ICT / SCM ICT has been Continue with the
services of assets taken out of the building on the control of engaged, there has engagements and
- Lack of guidelines on the assets outside office been a reduction on monitor the results
measures to safeguard the number of
Page 32 of 51
ROOT CAUSES CURRENT CONTROLS MITIGATION PROGRESS ON CORRECTIVE
UNIT RISK PLAN(S) MITIGATION ACTION
/CONTROLS PLANS
State Assets outside the assets lost outside
office the office
- Register for Vehicle entrance None
security to include register bear the
serial number and registration of the
barcode of laptops vehicle and
and tablets Departmental
Barcode
Security Compromise - Delays in the finalization - MISS document of 1996 Awareness raising Awareness None
services of classified of security clearance of - Security policy conducted through
information personnel. - Circular on security screening of e-mails and
- Improper handling of service providers circulars
classified info - Security - Follow-ups with State Security Distribute Security Secure envelopes None
screening of service Agency envelopes and distributed to
providers register relevant offices
- Lack of records Approval of the Information None
management Information Security Security Policy
Policy approved by the
Accounting Officer
Records Lack of -Lack of departmental file -Ministry file plan approved -Consultation Workshops have To finalise
Management adequate plan -Department file plan submitted to workshops been conducted workshops with the
record -Lack of approved records National Archive for approval with various Ministry
management and registry policy -Draft registry manual business units on
implementatio -Lack of file plan -Draft record management policy the file plan (95%)
n in the implementation -Human Resource Management
department -Lack of awareness of records filed
registry functions by -Management of incoming and
employees outgoing mails
Development of the Plan for
Reengineering of the Registry
Page 33 of 51
Programme 2: Social Transformation and Economic Empowerment
Programme 2 had 6 mitigation plans that were due for reporting in the 3rd quarter. Out of
the 6 mitigation plans, all these mitigation plans have been fully implemented.
Commentary note:
Major progress has been made towards the implementation of all risk mitigation plans
thus far.
Page 34 of 51
Graphical Presentation of the above analysis
PROGRAMME 2:STEE
6 6
1
0 0
0
Total Achieved Partially Achieved Not Achieved
Page 35 of 51
3rd quarter detailed Progress on Implementation of Risk Mitigation Plans
Economic Fewer women -Departments not -Presidential Directive on -Follow-up -The Report was None
Empowerment economically responding, timeously reporting requirements by engagements with presented to ESEID
and Participation empowered and with the relevant departments sector departments cluster department on
through information (Correspondence bi- the 12 October 2016.
government -Reports by departments lateral, telephonic or
programs -Lack of skilled human analysed and feedback provided electronic) -Subsequently, a
resources follow-up meeting with
DST EXCO to present
-Lack of gender individual
mainstreaming departmental report
expertise in sector took place on the 21
departments November 2016.
-Other departmentsi.e.
DoE, DoL, and
DRDLR with
outstanding reports
were telephoned and
the results were
incorporated in the
report.
Page 36 of 51
ROOT CAUSES CURRENT CONTROLS MITIGATION PROGRESS ON CORRECTIVE
UNIT RISK PLAN(S) MITIGATION PLANS ACTION
/CONTROLS
Social Delays in - No policy framework -Convene Steering Committee -Development of Steering Committee None
Empowerment women's social in place on sanitary Government Wide Working Group
and empowerment dignity project. -Reports by departments Sanitary Dignity convened and
Transformation and societal analysed and feedback provided Policy Framework Sanitary Dignity
transformation Indaba to develop
Framework scheduled
in February 2017
Governance Delays in -Inconsistent -Stakeholder engagements -Consultation on the Consultation with None
Transformation, gender institutionalisation of National Policy Governance &
Justice and mainstreaming Gender Focal Points in -Analysis of VAWC management Framework on Administration cluster
Security terms of placement and to inform an integrated approach gender departments on the
level mainstreaming and position paper/concept
-Draft national policy framework
GFPs note held.
-Lack of standardisation on gender mainstreaming and
of GFP functions GFPs Cabinet Memo has
been Developed
-Inadequate integrated
approach to VAWC
-Out-dated National
gender policy
framework
-Delays in consultation
process
Page 37 of 51
ROOT CAUSES CURRENT CONTROLS MITIGATION PROGRESS ON CORRECTIVE
UNIT RISK PLAN(S) MITIGATION PLANS ACTION
/CONTROLS
National dialogues
Pilot Report has been
drafted
Page 38 of 51
ROOT CAUSES CURRENT CONTROLS MITIGATION PROGRESS ON CORRECTIVE
UNIT RISK PLAN(S) MITIGATION PLANS ACTION
/CONTROLS
-Other departments
with outstanding
reports were
telephoned and the
results were
incorporated in the
report.
Subsequently, a
follow-up meeting with
DST EXCO to present
individual
departmental report
took place on the 21
November 2016.
Other departments
with outstanding
Page 39 of 51
ROOT CAUSES CURRENT CONTROLS MITIGATION PROGRESS ON CORRECTIVE
UNIT RISK PLAN(S) MITIGATION PLANS ACTION
/CONTROLS
reports were
telephoned and the
results were
incorporated in the
report.
Page 40 of 51
Programme 3: Policy, Stakeholder and Knowledge Management
Programme 3 had 18 mitigation plans that were due for reporting in the 3r quarter. Out
of the 18 mitigation plans sixteen (16) are fully implemented, this translates into 88%.
One (1) partially implemented of which it translates into 6% and one (1) not
implemented this translates into 6%. This is depicted in the graph below
Page 41 of 51
Graphical presentation of the above interpretation
PROGRAMME 3:PSKM
18
18 16
16
14
12
10
4
1 1
2
0
Total Achieved Partially Achieved Not Achieved
Page 42 of 51
3rd quarter detailed Progress on Implementation of Risk Mitigation Plans
Page 43 of 51
ROOT CAUSES CURRENT CONTROLS MITIGATION PROGRESS ON CORRECTIVE
UNIT RISK PLAN(S) MITIGATION ACTION
/CONTROLS PLANS
Q3 Developing a Research Strategy None
research strategy with including the
a national research Research agenda
agenda that is finalised in quarter
focused on the nine 3
point plan
Information Limited - No formal -Individual units currently -Resourcing of the The engagement
and access to institutional sourcing their own IKM unit with the National
Knowledge information arrangements that information though Office of Treasury on
Management and gives the department the Director-General resourcing for IKM
knowledge access to information -Establishment of IKM unit was incorporated
and knowledge -Open access to internet as part of the bigger
-Lack of coordinated engagement for the
approach to gathering whole departmental
information needs with National
-Absence of DoW Treasury; this has
knowledge repository yielded results in
-Lack of knowledge that DoW has
sharing platform with received additional
stakeholders funding for human
capacity needs as
Page 44 of 51
ROOT CAUSES CURRENT CONTROLS MITIGATION PROGRESS ON CORRECTIVE
UNIT RISK PLAN(S) MITIGATION ACTION
/CONTROLS PLANS
of 2018/19 financial
year.
During this quarter
(Q3), there was a
strategic
engagement
initiated by the
Minister on the
most appropriate
location of IKM into
the Research and
Policy Analysis unit.
This would assist in
appropriately
resourcing IKM in
terms of human
capacity
Page 45 of 51
ROOT CAUSES CURRENT CONTROLS MITIGATION PROGRESS ON CORRECTIVE
UNIT RISK PLAN(S) MITIGATION ACTION
/CONTROLS PLANS
- Collaborations withIn quarter 3, there
stakeholders in was an external
preparation for the consultation with
knowledge audit GCIS to benchmark
the Knowledge
Audit process. A
questionnaire
template was
provided for DoWs
Gender Sector; IK benchmarking
Repository developed exercise
The taxonomy was
developed in
August and
maintained through
the use of
taxonomic
organization
categories in
quarter 3
Stakeholder Inadequate - Lack of positive -Outreach initiatives that Circular signed by the Circular has not Request for the
Coordination awareness on support from raise awareness and give DG appointing been drafted meeting with the
out
Page 46 of 51
ROOT CAUSES CURRENT CONTROLS MITIGATION PROGRESS ON CORRECTIVE
UNIT RISK PLAN(S) MITIGATION ACTION
/CONTROLS PLANS
and socio- Stakeholders information on what the internal task team DG to discuss and
Outreach economic especially civil society government offers in Meetings with key finalise will take
empowerment - Lack of knowledge improving the lives of stakeholder place in the 4th
and women's about the department women quarter
rights in some community -Inter-departmental
- Lack of a referral committees facilitated to
system that is implement issues raised
functioning within the during community
department engagements Meetings with
- Lack of tracking -Working closely with stakeholders took
system on issues sectors to make sure that place in preparation
Personnel to young women are of the 16 days of
continuously update empowered Activism including
the stakeholder meetings with
database. stakeholders on
365 Days of
Activism
Page 47 of 51
ROOT CAUSES CURRENT CONTROLS MITIGATION PROGRESS ON CORRECTIVE
UNIT RISK PLAN(S) MITIGATION ACTION
/CONTROLS PLANS
National Dialogues
in Limpopo
provided a platform
for knowledge
sharing and
awareness rising
with grassroots
communities.
Stakeholder Tarnished -Lack of timely -Forward planning and -To request the Chief Director has
Coordination image of the procurement of meetings for events department to explore been appointed to
and department services by SCM -Involvement of other key the possibility of manage outreach
Outreach -Lack of transparency participants within internally appointing an events initiatives
from SCM on the and externally coordinator Submission for
preferred suppliers -Constance engagements -Improve on the procurement are
-Lack of local with political and timeous appointment being submitted to
economic management to get of the service SCM on time
empowerment in line directions and guidance on providers
with Preferential coming events
Procurement Act -Seeking financial
-Lack of benchmarking sponsorship
Stakeholder Lack of -Lack of proper -Department is participating - Multi-sectorial The Director- The first sitting of
Coordination coordination planning for in the Inter-departmental committee across all General has just the task team will
and mechanisms international Committee on international sectors to coordinate approved the be held before the
Outreach engagements reporting international establishment of the end of the fourth
-Lack of proper -Stakeholder consultation commitments Interdepartmental quarter
coordination -Reports on International Task Team that will
Page 48 of 51
ROOT CAUSES CURRENT CONTROLS MITIGATION PROGRESS ON CORRECTIVE
UNIT RISK PLAN(S) MITIGATION ACTION
/CONTROLS PLANS
-Lack of feedback from obligations are submitted be responsible for
international -Department participate in international
engagements international engagements Relations Reporting
-Lack of systems to -Participation reports Obligations and
monitor international developed management of
commitments multilateral
-Lack of internal engagements
coordination -Finalise concept Concept paper
- Lack the departments paper. finalised
fully participation in the
inter-departmental -Regular attendance -CSW Consultative
committee on the Meeting with Civil
interdepartmental Society organisation
committee was held on 9
November 2016
st
-1 Consultation
meeting with DIRCO
st
on 61 Session of the
CSW was held 23
November 2016
-Inter-departmental
meeting on the
African Union 2017
theme was held 7
December 2016
-Interdepartmental
Task Team meeting
on International
reporting was held 20
October 2016
Monitoring Lack of -Availability of -Letter signed by DG to -Letter signed by DG The letter to various None
and Reporting Strategic Plans and departments requesting to departments DGs was written
Evaluation systems to APPs of other information requesting information and 44 APPs were
provide departments -Reports received from received for
Page 49 of 51
ROOT CAUSES CURRENT CONTROLS MITIGATION PROGRESS ON CORRECTIVE
UNIT RISK PLAN(S) MITIGATION ACTION
/CONTROLS PLANS
guidance to -Timeously and quality other departments analysed analysis
sector of Strategic Plans and -Follow-ups with
departments APPs departments that have not
-In year review of submitted
Strategic Plans and -Concepts documents on -Reports received Reports received None
APPs and lack of the M & E systems from other from other
influence departments analysed departments have
-Departments been analysed
reporting on irrelevant -Follow-ups with All departments None
information than what departments that have have submitted
is required not submitted
-Lack of response from
sector departments on -Concept document M&E Framework None
the required on the M & E systems has been approved
information by the Minister
-Lack of clear
guidelines from the
department on
required information
Page 50 of 51
SECTION D
The cooperation and support from business units is improving in respect of risk
management and the risk management unit is continually striving to improve in all
areas of the risk management function.
Page 51 of 51