A Review of Risk Management Planning and Reporting in South Africa’s Public Institutions
This exploratory work attempts to review the risk management planning and reporting practices applied in South Africa’s public institutions by defining variables that were deemed indicators of risk management planning and reporting practices, namely: the timing of the institutions’ strategic and combined assurance planning, documentation and active management of risks appearing in strategic risk registers and operational risk registers and the availability of risk management software (including its nature and usefulness).
The results point to the fact that there is confusion regarding the timing of both strategic and combined assurance planning sessions. Some institutions conduct these in the preceding year, whereas others appear to be conducting these during the year of implementation. Results further suggest that the practice of implementing combined assurance has not yet been embedded in the majority of public institutions, pointing to uncoordinated assurance activities that could lead to ‘assurance fatigue’. Results further point to the fact that there are still public institutions that are unable to prepare the strategic and operational risk registers. This raises the question of how these risks are managed if they have not been measured and documented.
Only papers not published or submitted for publication elsewhere, will be considered. The author(s) is/are also responsible for any violations of the copyright regulations.