RTIA Annual Report E-Book

5. RISK MANAGEMENT The RTIA as a public entity, is required to comply with the requirements of the Public Finance Management Act, 1999 (Act No. 1 of 1999) (‘PFMA’) by establishing and maintaining an effective, efficient and transparent risk management systems. The RTIA adheres to the risk policies and processes aligned with the King IV Code of Corporate Governance. The Audit and Risk Committee is responsible for risk management oversight. The RTIA acknowledges that risk management and internal controls are the basis for sound corporate governance. The organisation has adopted an Enterprise-wide Risk Management (ERM) approach to manage risks impacting the strategic and operational objectives of the organisation. The RTIA Board actively manages risk in pursuit of organisational goals and objectives. The RTIA Board also recognises that the realisation of its mandate depends on the ability of the leadership team to mitigate the risk compromising the RTIAs’ legislative mandate and delivery of quality service to all stakeholders. The risk management portfolio includes: • Strategic Risk Management • Operational Risk Management • Project Risk Management • Anti-corruption, Fraud Prevention and Awareness • Combined Assurance • Business Continuity Management The Risk Management Unit engages in a systematic process of coordinating the identification, monitoring, analysis, reporting and responding to risks. Amongst others, the Unit is charged with the following responsibilities: • Oversee the effective functioning of the Agency’s operations to ensure that proper processes are implemented to manage and mitigate risks;

• Empowering department’s risk champions and manage ment to perform effectively in their risk management re- sponsibilities through proper communication and risk awareness initiatives; • Coordinate the alignment of functional risk management methodologies and processes with the Agency’s Business Units; • Ensuring that departments execute their responsibilities in line with the risk management strategy and maintaining a cooperative relationship with management and risk champions; • Ensure that management maintains a functional risk profile which is within the Agency’s risk tolerance and appetite. During the year under review, the Agency conducted a strategic risk assessment, the risks identified were incorporated in the Combines Assurance Plan. The strategic risk register is monitored and reported to the Board through the Audit and Risk Committee on quarterly basis. The below risks are significant to the RTIA and it operating environment:

Priority I

Priority II

Priority III

Priority IV

Failure of municipalities to handover collected AARTO fees Over reliance on AARTO implementing partners

Prevalence of administrative deviation

Exposure to cyberattacks and data breaches

Ineffective ICT enablement

Inability to sustain the RTIA operations Failure to influence change in road user behaviour

5.1 Combined Assurance The RTIA has adopted a “five lines of defence” model to manage risk. The model defines the roles and responsibilities for the management of risk and emphasises the fundamental

84

Road Traffic Infringement Agency • Annual Report 2023/24