4. 3
Mitigation Actions Partially Implemented
Loss of information and data management
Mitigation Action Progress on Mitigation Risk Management Comment
Approve Back up Management
Policy
Backup Management Policy to be
approved in quarter 3 of 2022/23
subsequent to the backup solution
acquisition.
The draft Back-up Management Policy has
been drafted. It is recommended that The
Back-up Management Policy be approved to
regulate the Back-up & Restore
Management System.
Migration of exchange servers to
SITA Cloud to improve email
system and have an Approved IT
Business Continuity Plan.
Migration of exchange servers to the
SITA cloud was completed in
December 2021. The IT Business
Continuity Plan will baseline on the
approved MITSP.
IT Business Continuity Plan (BCP) has not
been approved. The BCP will be included in
the MITSP which has been forwarded for
approval in the new financial year 2022/23.
The IT BCP will be closely monitored and
test plans that will ensure that the
Department is able to restore operations in
the event of a disaster.
7. 6
Mitigation Actions Partially Implemented
Stealing the department's information to sell for personal gain
Mitigation
Action
Risk Owner Comment Risk Management Comment
Conduct
continuous
security and ICT
awareness
sessions
All Branches/Divisions covered except
Youth Development Sub-programme.
ICT and Security briefing held with
Ministry on 14 February 2022.
Risk Management recommends that ICT and Security
awareness sessions be conducted in the 2022/23 financial
year for Youth Development Sub-programme.
Ghost employee
Develop Payroll
Standard
Operating
Procedures
(SOP).
Draft SOP for electronic distribution of
payslips developed.
A draft standard payroll operating procedure is in place
which includes processes for electronic distribution of pay
slips.
It is recommended that the draft Payroll Standard Operating
Procedures be approved in the new financial year. The SOP
should also include inputs from Financial Management, as
this is a shared process between Human Resource
Management and Financial Management.
8. 7
Mitigation Actions Partially Implemented
Corruption
Mitigation Action Risk Owner Comment Risk Management Comment
Vetting and screening of all
employees to be performed and
results should be placed in the
employee files.
Vetting is conducted on a
continuous basis by SSA and
screening by SAPS
It is recommended that Auxiliary and Security
monitors that vetting forms is issued to all new
employees. To ensure that vetting form is returned
completed and timeously placed on the employee
files.
9. 8
5. ETHICS MANAGEMENT PERFORMANCE
• The department has an Ethics Management Framework in place and has
developed 8 ethics risk with all Business Units
• Fraud Prevention and Ethics Awareness Posters are continuously circulated to
employees through DOW Communication and other social media platforms.
• There was no alleged ethics breaches reported on the Presidential Hotline in
quarter 4.
• In relation to Code of conduct related cases, there is one disciplinary case
pending in quarter 4. This case is currently being investigated.
• There has been 100% compliance of e-disclosure for 2020/21 period for level 1 –
12 and SMS Level employees. The process of e-disclosure for the 2021/22
financial year is in progress.
10. 9
ETHICS MANAGEMENT PERFORMANCE
• In relation to Remuneration work outside department (RWOPs), only 3
applications have been received in quarter 4 for the 2022/23 financial year,
however their applications are still awaiting approval.
• On the 17-18 March 2022, Ethics Officers attended the national life-style Audit
Indaba workshop. The purpose of the workshop was to educate and train Ethics
Officer to conduct life-style audit which is currently mandatory in the Public
service.
• The process of Lifestyle Audits has been implemented by the department and the
report submitted to the DPSA in quarter 4.
• The department envision a more pronounced progression towards a much more
mature Fraud and Ethics Risk Management culture in the 2022/23 financial year.
11. 10
6. Risk Registers 2022/23 Financial Year
• Section 3.2.1 of the Treasury Regulations states that the Accounting Officer must
ensure that risk assessment are conducted regularly to identify emerging risks of
the department.
• A risk assessment questionnaire was used as another useful tool to conduct risk
assessments to identify emerging risks. Furthermore it can be used to measure
the risk management culture in the department in order to improve the risk profile.
In consultation with management Strategic, Operational, Fraud and Ethics Risk
registers were developed.
• The assessment resulted in the identification of 6 Strategic Risks, 52 Operational
Risks and in total there were fifty eight (58) risks.
• The assessment resulted in the identification of 20 Fraud Risks and 10 Ethics Risk
and in total there were thirty (30) risks.
• The main purpose of reviewing the 2022/23 risk registers was to identify new
risks, assessing and prioritising the risks that needs to be managed in order to
achieve the strategic objectives/outcomes of the department.
12. 11
7. RECOMMENDATIONS
The following are controls recommended, based on the observation made whilst
compiling the Risk Management, Fraud Prevention and Ethics Management Report.
• Management to put contingent controls to mitigate the risk that that has
dependencies from external stakeholders to ensure achievement. Risk
Management Unit will further monitor implementation of the management controls
for the mitigation actions that has been transferred to the new financial year.
• Every manager in various programmes in line with the PFMA, s45, should
manage fraud and ethics.
• It is recommended for the various business units in the department to
continuously map their business processes and update their Standard Operation
Procedures, as this is a business tool which communicates the correct way of
carrying out an activity within an organisation. This could assist in the identification
of risks and areas of improvement.
• Officials must apply for Remunerative Work Outside the Public Service (RWOPs).
Senior Managers are encouraged to complete their e-disclosure before the end of
April 2022.
• Managers to continue manage risks in their day to day activities to reduce the
unexpected and at times costly emergencies. This will help to improve
communication and improve organizational performance.