FASSET ANNUAL REPORT

RISK MANAGEMENT

how the organisation should approach and address information technology (IT); ii. Oversee the management of IT, including overseeing that IT risks are integrated into organisation-wide risk management; iii. Management responds to security and social media incidents with a breach coach; iv. IT is used ethically and responsibly through an IT policy; v. IT laws are complied with; vi. Information management sustains and enhances the intellectual property protection of the organisation; vii. Data protection and information security law aspects are in place; viii. The risks pertaining to the sourcing of IT and IT contracts are managed; ix. The organisation responds to disruptive technologies; and x. Disclose the governance and management of IT by the organisation, including disclosing an overview, focus areas, actions taken and plans. Remuneration of Board members Board members and independent members of the Audit and Risk Committee are remunerated in line with National Treasury and DHET guidelines. Board meetings are remunerated at a daily rate aligned to Category S. Board members are reimbursed for out-of-pocket expenses. Table 11: Board Remuneration in 2020/21 Designation Preparation fee/ meeting attendance Chairperson R 5 549 Member R 4 317

FASSET remains committed to the optimal management and mitigation of all risks associated with the performance of its functions and delivery of its services in line with its vision, mission, objectives and strategic plans. To meet this commitment, the management of risks is integrated into strategy, planning, budgeting and operational internal control processes, and is fully recognised in funding and reporting processes by evaluation of risk and of FASSET’s risk appetite. The FASSET Board has overall responsibility for risk management. The Audit and Risk Committee provides oversight of this function and FASSET’s executive team’s Risk Management Committee (RMC) is responsible for risk management. The Board recognises that risk management is an integral part of the SETA strategy-setting process. The responsibility for designing, implementing and monitoring the risk management plan is delegated to management. FASSET defines material issues that can potentially impact on its ability to deliver on its mandate, the associated risk and potential impact, and how the risks of these material issues are managed. The key risks are tabled and reviewed quarterly by the Audit and Risk Committee. Risk metrics and indicators are clearly defined for all risks, with the risk management process embedded in FASSET’s operations. Internal controls relating to the adherence of all policies, processes, legislation and standards in areas such as SCM, IT and reporting of performance information are also reviewed to ensure that all strategic and operational risks are effectively managed. Inherent and emerging risks will continue to be managed through governance structures, with the FASSET Board as the Accounting Authority remaining ultimately responsible for the risk management function.

FASSET Annual Integrated Report 2020/21

67