ANNUAL REPORT 2012 - University of South Africa
ANNUAL REPORT 2012 - University of South Africa
ANNUAL REPORT 2012 - University of South Africa
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
UNISA <strong>ANNUAL</strong> <strong>REPORT</strong> <strong>2012</strong><br />
Report on Risk Exposure<br />
Assessment and Risk Management<br />
Risk Management<br />
Framework<br />
The university is committed to<br />
a continuous, systematic and<br />
integrated process <strong>of</strong> enterprisewide<br />
risk management that<br />
focuses on identifying risks as<br />
well as managing and monitoring<br />
all known forms <strong>of</strong> risk across the<br />
institution. The features <strong>of</strong> this<br />
process are outlined in the Enterprise<br />
Risk Management (ERM)<br />
Policy Framework (amended and<br />
approved by Council in November<br />
<strong>2012</strong>). It aligns with industry best<br />
practice, King III and the global<br />
leading practice, ISO 31000, and<br />
the 2009 Risk Management<br />
Standard.<br />
The university’s risk appetite is<br />
defined as the level <strong>of</strong> risk we are<br />
willing to accept in fulfilling our<br />
objectives. The risk appetite statement<br />
was developed using a qualitative<br />
method and has been approved<br />
by Council. Unisa’s risk appetite<br />
can be categorised into five broad<br />
areas as illustrated in the table at<br />
the bottom <strong>of</strong> the page.<br />
Managing risks in accordance with<br />
the risk appetite statement allows<br />
the university to reasonably and<br />
responsibly compete in the sector, be<br />
regarded as a good corporate citizen,<br />
achieve its objectives and enhance<br />
its reputation as a higher education<br />
institution which may be trusted<br />
equally by stakeholders and the<br />
regulatory authorities.<br />
Risk management<br />
governance structure<br />
The Council has established the<br />
university’s risk management governance<br />
structures, roles and responsibilities<br />
which have been detailed in<br />
the ERM Policy Framework.<br />
n The Council is responsible for<br />
overseeing the adequacy and overall<br />
effectiveness <strong>of</strong> the university’s<br />
risk management performance.<br />
n The Audit and Enterprise Risk<br />
Management Committee <strong>of</strong><br />
Council is mandated to oversee the<br />
implementation <strong>of</strong> the university’s<br />
enterprise risk management framework,<br />
receives the risk reports <strong>of</strong><br />
the university from the Management<br />
Committee and reports to<br />
Council on key risks facing the<br />
university and associated risk<br />
mitigation responses.<br />
n Central to the risk management<br />
process at Unisa is the Risk, Ethics<br />
and Controls Committee, a subcommittee<br />
<strong>of</strong> the Management<br />
Committee, which comprises<br />
members <strong>of</strong> the Executive<br />
Management. This committee<br />
met four times during <strong>2012</strong> to<br />
review, evaluate and coordinate the<br />
management <strong>of</strong> identified strategic<br />
and operational risks (financial and<br />
non-financial), faced by the university.<br />
Management, with the advice<br />
from the Risk, Ethics and Controls<br />
Committee, is accountable to<br />
Council for designing, implementing<br />
and monitoring the process <strong>of</strong><br />
risk management and integrating it<br />
into the day-to-day activities <strong>of</strong> the<br />
university.<br />
n The Directorate <strong>of</strong> Enterprise Risk<br />
Management is tasked primarily<br />
with the responsibility <strong>of</strong> facilitating<br />
the deployment and embedding <strong>of</strong><br />
risk management principles across<br />
the university.<br />
Risk management<br />
process<br />
Enterprise risk management at<br />
Unisa comprises two integrated and<br />
well-aligned components: strategic<br />
risk management and operational<br />
risk management.<br />
Strategic risk<br />
management<br />
The identification,<br />
analysis, evaluation<br />
and treatment <strong>of</strong><br />
significant or material<br />
risks which could have<br />
an effect on the<br />
sustainability <strong>of</strong> the<br />
university<br />
Enterprise<br />
risk<br />
management<br />
Operational risk<br />
management<br />
The identification,<br />
analysis, evaluation<br />
and treatment<br />
<strong>of</strong> risks related to<br />
people, systems and<br />
processes, regulatory<br />
compliance and legal<br />
and business continuity<br />
The strategic risk management<br />
process involves extensive consultations<br />
with Council members and<br />
Executive Management to identify the<br />
key risks relating to the university’s<br />
challenging and competitive environment<br />
and market dynamics. As part<br />
<strong>of</strong> the strategic planning, a rigorous<br />
risks assessment process is followed<br />
to ensure that the university’s top<br />
risks are identified and managed.<br />
AREA<br />
<strong>Africa</strong>n footprint, areas <strong>of</strong> patents, contract management and new emerging technologies<br />
Teaching and learning; research and training quality<br />
Ethical conduct, staff and student safety, business continuity management<br />
(including ICT), financial and asset management<br />
Compliance with prescribed higher education regulatory and legislative requirements<br />
Fraud, corruption and other irregularities<br />
APPETITE LEVEL<br />
MODEST<br />
LOW<br />
LOW<br />
ZERO<br />
ZERO<br />
31
Change language