XXX
The Example below should be replaced with Draft, Final etc
Note: The information recorded in the maroon lettering above will automatically be recorded on each page of the risk register
In addition the name of the file and the date will also be recorded on each page
To be able to print the entire risk register the sheets need to be grouped together
This is done by clicking on the cover sheet and holding in the shift button and clicking on the How to use sheet simultaneously
The workbook will now reflect that it has been grouped. You can then print in the risk register
ever important to note that no value should be entered when in the grouped status. On completion of the printing ungroup the sheets and then close the risk register
1 Risk register
2 Workshop logistics
3 Categories
5 Heatmaps
This This column This column is to This column should be This column is to record This column is to further "What happens if the This column is to The drop down This The drop down This This is the This column is This column should be The drop down This column This is the This column is This column is to
column is should be record the identified referenced to the what is causing the risk at breakdown the causes of the risk risk materializes?" record the Qualitative menu should column menu should column inherent risk the inherent utilised to capture all high menu should records the residual risk the residual record the Qualitative
the risk completed to risk threatening the approved risk operational level: to identify the root causes: and / or Quantitative be utilised to records be utilised to records category of risk value of level controls be utilised to numeric category of risk value of and / or Quantitate
number ensure that achievement of the categories utilised by "What is causing the risk?" "What is causing the risk?" Cost should the risk record the the record the the each identified each implemented by the record the value of the each identified each identified Cost should the risk
the identified institution's strategic the institution materialize. impact the risk numeric likelihood of numeric risk and is identified risk institution to mitigate the perceived perceived risk and is risk and is materialize after
risk is linked plan would have on value of the risk value of automatically and is identified risk control control automatically automatically considering existing
to the the the occurring within the calculated automatically effectiveness effectiveness calculated calculated contols.
approved achievement of impact a given likelihood calculated It should reflect actual of each
strategic plan the institution's and is timeframe in and is controls in place at a identified risk
of the strategic automatic the absence of automatic given date as ranked by
institution objectives controls the workshop
participants
1 To ensure a Suistainability of Financial Risk Diminishing external 1. High distribution losses etc. due 1. The institution R14,000,000,000.00 Critical 5 Common 5 Maximum 25 1. Revenue Weak 0.80 Maximum 20 R14,000,000,000.00
sustainable institution revenue streams. to lack of asset cannot fund its capital and reputational enhancement project. and reputational
provision of compromised. maintenance(Volume) budget/ operations. damage 2. Ad hoc repairs of damage
services. 2. Lack of turnaround strategy 2. The institution is infrastructure.
(procedures) to address increasingly grant 3. Exploring alternative
decreasing revenue. dependent. revenue streams.
3. Recession.
2 To provide Weak governance Compliance Risk Non-accountability and 1. Inadequate discipline e.g 1. Reputation R5,000,000.00 Major 4 Likely 4 High 16 1. Revised disciplinary Good 0.40 Medium 6.4 R 1,000,000.00
democratic processes and complacency of officials Disciplinary proceedings not damage; and loss of investor policy and proceedings
and accountability. consistently implemented. 2. Low morale and confidence implemented.
accountable 2. Governance tone set by senior productivity. 2. Additional capacity
government management not supporting/ appointed in labour unit
for all enabling disciplined working to deal with disciplinary
communities. environment. hearings.
3. Small team in labour department
to deal with large number of
disciplinary hearings. (Inadequate
capacity).
3 To ensure a Inability to provide Service delivery Lack of skills and 1. Large number of vacancies due 1. Institution has R 8,000,000,000.00 Major 4 Likely 4 High 16 Budget linked to Good 0.40 Medium 6.4 R 3,000,000,000.00
sustainable services to the experticies within the to political interference, admin received disclaimer/ approved establishment
provision of community. institution's environment. challenges with interviews, union qualified audit
services. challenges, competing with private opinions for the last Annual Workplace Skills
sector for same skills, upcoming four years Plan linked to individual
retirement. 2. Fraud and training needs
2. High turnover of staff. corruption internally
3. Vacancies open for extended and externally. Implemented
periods. Loosing more people than 3. Official arrears. performance
what institution can train. 4. Deteriorating cash management system
4. Increasingly dependent on flow. linked to individual
consultants for core management 5. Low staff morale. development plans
functions e.g. addressing audit 6. Reputational
queries, etc. damage of institution Approved job
5. Inadequate staff retention and/ descriptions
or development strategy.
Enlarging intern
programme.
Placement of temporary
staff.
4 To encourage Inadequate public Political environment Inadequate communication 1. Communities are not kept up to 1. Stakeholder R5,000,000.00 Major 4 Unlikely 2 Low 8 Project steering Good 0.40 Low 3.2 R 1,000,000,000.00
involvement participation by with all stakeholders (e.g speed with regards to progress dissatisfaction. committees
of communities communities). made to address service delivery 2. Increased risk
communities backlogs. public protests and Imbizo's and awareness
in matters of 2. Corporate communication unrest. campaigns
government. strategy not in place.
3. Politicions distort the information Ward committees
provided by the administration
5. Internal and external Planned consultations
communication officers not with stakeholders
effective caused by resourcing of
the unit e.g staffing and budgets Official project launches
5 Stimulate Inability to participate Economic Institution unable to meet 1.Institution does not have 1. Sewerage R25,000,000,00.00 Major 4 Common 5 Maximum 20 Provision for free basic Weak 0.80 Maximum 16 R 18,000,000,000.00
shared in the shared environment significantly increased funding for bulk infrastructure to operating above services
economic economic growth and demand requirements of its cater for growth. capacity ( in rainy
growth, job create jobs and social stakeholders. 2. Institution re-active not pro- season spillage in Implemented Local
creation and development. active approach to growth. rivers and dams in Economic Development
social 4. High turnover of staff. rural areas a health Strategy
development 5. High vacancy rate. hazard).
2.Backlogs growing Public Works Programme
faster than what
Institution can Liaison with other
provide services. institutions
3. Aged
infrastructure
unable to support
area densification.
4. Institution not
making use/
benefiting from
positive growth
trends.
This column is to record This column is to The employee that This column should be utilised For every action a For every action a time
the Materiality level/ record the Rand will be responsible to develop any additional action owner needs to scale needs to be provided
Tolerance level for this value with which the for reporting on actions that need to be be identified
category of risk as a Residual Exposure the movement of implemented to improve the Care should be taken to
percentage of the exceeds the the identified risk control effectiveness ensure that time scales are
relevant financial Materiality Levels/ going forwards will realistic and factor into
statement line item Tolerance level be reflected in this Care should be taken to consideration any external
column ensure that the actions are influences
realistic and not a wish list
For example to develop,
approve and implement
could have a number of
time scales
R 5,000,000,000.00 R 9,000,000,000.00 Chief Financial a) To minimize expenditure in 1) Chief Financial a) End August 2010
Officer the budget to the available Officer
budgeted revenue. b) End December 2010
b) To prioritize revenue
collection. c) End January 2011
c) Explore establishing unit to
levearge on private growth.
R 3,000,000.00 Below tolerance Accounting Officer a) Explore decentralising a.) Head: Labour a) End September 2010
level disciplinary process. Relations
b) Strenghten performance b) Head: Human b) End December 2010
management system to act on Resources
incidences of poor c) Head: Human c) End February 2011
performance. Resources
c) Training for supervisors to
improve disciplinary
processes.
R 3,000,000,000.00 R 0.00 Human Resources None identified by workshop Not applicable Not applicable
Manager participants
R 2,000,000,000.00 Below tolerance Manager: None identified by workshop Not applicable Not applicable
level Communications participants
and Institutional
Social
Development
R 10,000,000,000.00 R 8,000,000,000.00 Local Economic None identified by workshop Not applicable Not applicable
Development participants
Department
3
Minor Negative outcomes or missed
opportunities that are likely to have a
relatively low impact on the ability to
meet objectives
2
Insignificant Negative outcomes or missed
opportunities that are likely to have a
relatively negligible impact on the
ability to meet objectives
Likelihood
Likelihood category Category definition Factor
Common The risk is already occurring, or is likely to 5
occur more than once within the next 12
months
Likely The risk could easily occur, and is likely to 4
occur at least once within the next 12
months
Moderate There is an above average chance that 3
the risk will occur at least once in the next
three years
Unlikely The risk occurs infrequently and is 2
unlikely to occur within the next three
years
Rare The risk is conceivable but is only likely to 1
occur in extreme circumstances
As the risk environment is so varied and complex it is useful to group potential events into risk categories. By
aggregating events horizontally across an institution and vertically within operational units, allows the development
of an understanding of the interrelationship between events to gain enhanced information as a basis for risk
assessment.
The main categories to group individual risk exposures are provided below. When using this template the
institution should replace the Risk categories in this worksheet with the Risk categories approved by the
institution:
Risk type Risk category
Internal Human Resources
Litigation
Service delivery
Information Technology
Disaster recovery /
business continuity
Compliance \ Regulatory
Cultural
Reputation
Risk category
External Economic Environment
Political environment
Social environment
Natural environment
Technological environment
Legislative environment
aried and complex it is useful to group potential events into risk categories. By
across an institution and vertically within operational units, allows the development
relationship between events to gain enhanced information as a basis for risk
ndividual risk exposures are provided below. When using this template the
e Risk categories in this worksheet with the Risk categories approved by the
Description
Risks that the institution might suffer losses due to litigation and
lawsuits against it. Losses from litigation can possibly emanate from:
• Claims by employees, the public, service providers and other third
party
• Failure by an institution to exercise certain rights that are to its
advantage
Risks that an institution might suffer losses due to either theft or loss of
an asset of the institution.
Risks relating to an institution's material resources. Possible aspects to
consider include:
• Availability of material;
• Costs and means of acquiring \ procuring resources; and
• The wastage of material resources
Every institution exists to provide value for its stakeholders. The risk
will arise if the appropriate quality of service is not delivered to the
citizens.
Risks from occupational health and safety issues e.g. injury on duty;
outbreak of disease within the institution.
80
70
60
Impact
50
Inherent risk
Residual risk
40
30
20
10
0
1 2 3 4 5
Likelihood
Explanation: Risks shown on the left hand side are higher inherent risks. The greater the gap between the inherent and residual risk
the more effective the controls mitigating the risks are. Management should concentrate on controlling high inherent risks,
especially those with a low control effectiveness.
Note
The risk graph is automatically generated. Care should however be taken to ensure that the information recorded in the risk register has
been reflected in the risk graph. Should any additional rows be inserted or deleted care should be taken to ensure that the source data of the
graph reflects the actual rows needed to generate the graph. This is done by right clicking on the graph and selecting source data.
Once the source data screen comes up select series. You need to ensure that the values and category (X) axis labels reflects the correct rows
for both inherent and residual risk. To change from inherent risk to residual risk click on residual risk and the residual risk information will be reflected