HDA Annual Report

ANNUAL REPORT 2023/24 Risk Management

The HDA has implemented a structured and Enterprise-wide Risk Management (ERM) approach to managing risks and opportunities. The risk management process is governed by an approved risk management policy, framework and risk management implementation plan. Risk governance is based on standards and principles embodied in the ISO 31000 Risk Management Guidelines, the Committee of Sponsoring Organisations of the Treadway Commission (COSO), ERM Framework, the King VI Code on Corporate Governance, the Public Sector Risk Management Framework, Control Objectives for Information and Related Technology (COBIT), and the Project Management Body of Knowledge for project management. The HDA’s risk management components include:

• • • •

Strategic and Operational Risk Management

Business Continuity Management

Fraud Risk Management

Risk Financing

Risk assessments are conducted annually at both strategic and operational levels. The identified risks are reviewed continuously to monitor progress made to implement the risk mitigation measures and to ensure that risks are managed within acceptable levels. In addition, new and emerging risks facing the HDA are identified, and appropriate risk response strategies are applied. The HDA’s strategic risks for the 2023/24 financial year are summarised as follows:

Ranking Risk Name

Residual Rating

RRR Risk Owner

Likelihood Impact

1 Unfunded primary mandate

4 4

3 3

12 CEO

2

Insufficient funding to execute the secondary mandate

12 Regional Managers

3 Misalignment between HDA APP, MTSF, NDP priorities, and

3

3

9 Head of Strategy, PPC

the priorities of provinces, municipalities and sector departments

4 Fraud and corruption

3 3

3 3

9 CEO 9 CFO

5 Poor governance and weak internal control system 6 Business disruption/continuity

3 3 3

3 3 3

9 CEO

7 Cyber attacks

9

Chief Information Officer

8 Failure to retain key skills

9 Head of Corporate Support

RRR Legend

Extreme High Moderate Low

60