Control Risk Self Assessment Tool

7/31/2019 Control Risk Self Assessment Tool

1/36

MIG PROGRAMME CONTROL AND RISKSELF-ASSESSMENT WORKBOOK FOR

MUNICIPALITIES


2/36

WORKBOOK INDEX

A. Control and risk self assessment presentation

B. Introduction to control and risk self assessment

C. Control and risk self assessment template

D. Audit procedures


3/36

MIG PROGRAMME CONTROL AND RISKSELF-ASSESSMENT PRESENTATION TO

MUNICIPALITIES

PRESENTED BY THE MIG MACRO

CONSORTIUM


4/36

Presentation Outline

Principles of the Municipal Infrastructure Grant (MIG)

Objectives of MIG

MIG governance challenges?What is self-assessment?

Why perform a self-assessment?

Who performs a self-assessment?

How is self- assessment accomplished?

What is done with the self-assessment results?

Key questions?


5/36

Principles Of MIG Programme

Is a conditional grant in terms of DoRA:

n

Focus on infrastructure required for a basic level of servicen Targeting the poorn Maximising economic benefitsn

Equity in the allocation and use of fundsn Decentralisation of spending authority within national standardsn Efficient use of fundsn

Reinforcing local, provincial and national objectivesn Predictability and transparencyn Geared to achievement of objectives in one or more separate but

overlapping categories


6/36

Objectives Of MIG Programme

Is a conditional grant in terms of DoRA:

n

Fully subsidise the capital costs of providing basic services to thepoor householdsn Distribute funding for municipal infrastructure in an equitable,

transparent and efficient mannern Assist in enhancing the development capacity of municipalities,

through supporting multi-year planning and budgetingn Provide a mechanism for the co-ordinated pursuit of national

policy objectives with regard to basic municipal infrastructureprogrammes

n The devolution of responsibility to the lowest level


7/36

CRSA is a process through which internal control effectiveness is examined and assessed. The objective is toprovide reasonable assurance that all business objectives wbe met

CRSA is a process that generates information on internal control that is useful to management and internal auditors

judging the quality of business processes and controls

What Is Self-Assessment?


8/36

Why Perform A Self-Assessment?

The CRSA process allows management of the PMU and themunicipality directly responsible for the MIG Programme to:

n Participate in the identification and assessment of risks

n Evaluate risks

n Develop action plans to address identified weaknesses

n Asses the likelihood of achieving MIG objectives

n Measure, monitor and report on financial input and outcomes


9/36

Who Performs A Self-Assessment?

The CRSA process can be performed by two groups of people:

n Line management

n Internal audit

The real benefit is derived when management and staff take

ownership of the system of internal controls and uses CRSA as aproactive risk management tool that makes a difference and addsvalue to the business environment and control environment

lf l h d


10/36

How Is Self-Assessment Accomplished?

CRSA Approaches:n Facilitated team meetingsn The questionnaire approachn Management-produced analysis

CRSA Process:n Control-basedn Process-basedn Risk-basedn Objectives-based

We have made use of a combination model of the first three based

models


11/36

Process- Based Approach

MegaMega

MajorMajor MajorMajor

Sub

Activity

SuSub

ObjectivesObjectives

Controls

Controls

Controls

Risks

Risks

Risks


12/36

Risk - Based Approach

CRSA T l Ri k d C l


13/36

CRSA Template Risk and Control

CONTROL AND RISK SELF-ASSESSMENT TEMPLATE MIG PROGRAM

Inherent Risk Residual RiskMega / Major Process andRisks As Lik Imp

Leading Practice Control Actual Controls In PlaceAD NI IA

Action / Comments

STRATEGICStakeholder Management / Communication

ST1 - No or inadequatecommunication and orworking relationship betweenthe municipality and criticalexternal stakeholders (i.e.Sector Departments, Eskom,Provinces, dplg , etc.)

20 4 5 1.

A formal communicationstrategy and plan is in placewhere the critical stakeholdershave been identified

2. A review of the effectivenessof the communication processis undertaken on a regularbasis

3. Regular interfacing with theMIG Unit, SectorDepartments, provinces anddplg

4. MIG Orientation workshops5. Sector participation on PMITT

X

X

X

Action:

Responsible Person:

Due Date:

ST2 The relationship andcommunication between thePMU function and the otherdivisions/units within themunicipality is ineffective

5 5 1 1. A formal communicationstrategy and plan is in placeand has been rolled out

2. Regular meetings between thePMU function and othercritical divisions/units

3. Formal minutes of meetingsmaintained and circulated toall attendees in a timeousmanner

Action:

Responsible Person:

Due Date:


14/36

Internal Audit Software

I h t d R id l Ri k


15/36

Inherent and Residual Risk

Inherent risk before assessment of controls

Residual risk after assessment of controls

Objectives Process Controls

Inherent and Residual Risk

Risk

Residual RiskInherent Risk

What Is Done With The Self Assessment Results


16/36

What Is Done With The Self-Assessment Results

n Used by municipal management to improve controls, risk

management and expected outcomes

n Used by internal audit to report on control adequacy and improvescope of audit work

n Used by Audit Committee to determine control status

n Gives MIG Unit reasonable assurance and comfort

What Are The Benefits Of Self Assessment


17/36

What Are The Benefits Of Self-Assessment

n Attention is focused on key processes, risks and controlsn It encourages the idea that improvements to processes and control

should be continuous, empowering staff to remove inefficient orineffective practices

n It assists all employees at all levels to assume responsibility andaccountability for managing risks and effective control

n Corrective action may be more effective as staff own control andrisk improvements

n Improves managements ability to comment on the overalleffectiveness and state of internal control and risk managementn Identifies important issues fastern Provides a proactive tool to asses the control environment


18/36

No problem can be solved

from the same consciousnesswhich created it

Albert Einstein

Questions and Answers


19/36

Questions and Answers

Its a state of heart and mind and not a pure discipline


20/36

MUNICIPAL INFRASTRUCTURE GRANT (MIG) PROGRAMME INTERNALCONTROL AND RISK SELF-ASSESSMENT AT MUNICIPAL LEVEL

1. Introduction

The vision of MIG

To provide all South Africans with at least a basic level of service by the year 2013through the provision of grant finance aimed at covering the capital cost of basicinfrastructure for the poor. Through the application of MIG funds, Free BasicServices would be realised for the poorest of the poor, aligning national governmentsaim of poverty eradication with sector targets. The MIG has thus an overall target of removing the backlog with regard to access to basic municipal services over a 10-yearperiod.

The principles of MIG

The MIG funds that are being made available to municipalities for infrastructure, arebased on the following principles:

Providing services to the poor Providing infrastructure for basic levels of service Maximising economic benefits to communities Using funds efficiently Allocating funds equitably and in a transparent manner Decentralising the spending authorities Empowering municipalities to identify, select and approve projects

The entire approach of Municipal Infrastructure Grant (MIG) Programme is focusedon improving the capacity, efficiency, effectiveness, sustainability and accountabilityof local government. Whilst national and provincial government are responsible forcreating an enabling environment with regards to policy, financial and institutionalsupport for MIG, municipalities are responsible for planning municipal infrastructureand for utilising MIG funds to deliver infrastructure.

The MIG is a conditional grant to municipalities and thus the management of thegrant at municipal level must occur within the planning, budgeting, financialmanagement and operational arrangements at local level in terms of DoRA


21/36

2. Fundamentals of Control and Risk Self-Assessment

THE ROLES AND RESPONSIBILITIES OF MUNICIPALITIES

The framework of the roles and responsibilities of each sphere of governmentinvolved in the successful implementation of the MIG Programme is set out in theMIG Policy Framework [August 2003, version 8 (c)]. The Policy took cognisance of Chapter 3 and 7 of the Constitution of the Republic of South Africa, 1996, whichstates, among other, that the objectives of local government are to:

- ensure the provision of services to communities in a sustainable manner- promote social and economic development

Municipal responsibility is based on the Cooperative Governance principles reflectedin section 88 of the Municipal Structures Act (Act No. 117 of 1998) which stipulates:(1) A district municipality and the local municipalities within the area of that district municipality must cooperate with one another by assisting and supporting each other.(2) (a) A district municipality on request by a local municipality within its area may

provide financial, technical and administrative support services to that localmunicipality to the extent that that district municipality has the capacity to providethose support services.(b) A local municipality on request of a district municipality in whose area that localmunicipality falls may provide financial, technical and administrative support services to that district municipality to the extent that that local municipality has thecapacity to provide those support services.(c) A local municipality may provide financial, technical or administrative support services to another local municipality within the area of the same district municipality to the extent that it has the capacity to provide those support services, if the district municipality or that local municipality so requests.

All municipalities need to develop capacity to administer MIG funds and manageinfrastructure projects because all municipalities have to address infrastructurebacklogs of one type or another. The aim, therefore, is to establish projectmanagement capacity in all municipalities. However, some local municipalities donot at the moment have the necessary capacity to implement the MIG programme andit might take time to develop this capacity. In these cases, the approach isfor the district municipalities to administer MIG funds and to provide projectmanagement capacity until the local municipalities are able to perform programmemanagement.


22/36

Definition of internal control

Is a process, effected by a municipalities Councilors, executive management team,line management and other personnel, designed to provide reasonable assuranceregarding the achievement of strategic, operational and financial MIG Programmeobjectives in the following categories:

Effectiveness and efficiency of MIG Programme operations at municipal level Effective and efficient utilisation of MIG infrastructure assets and resources Reliability and integrity of MIG Programme financial and project management

and or operating systems, measuring, monitoring and reporting Compliance with applicable laws, policies and procedures surrounding the

development and future sustainability of MIG Infrastructure Assets

Internal controls are either preventive (errors, irregularities are identified andcorrected before they put the MIG funds and programme at risk) or detective (errors, irregularities are identified that have already put the MIG funds andprogramme at risk) by nature and have a direct correlation to the inherent risk exposure.

The ring-fenced municipal systems and processes together with the MIG ProjectManagement Function are responsible for establishing the required internal controlprocesses to ensure that the municipality stays on course toward fulfilling its financialand MIG Programme goals of developing the required basic infrastructure asdetermined by the provisions of the annual Division of Revenue Act (DoRA),ensuring that MIG funds have been spent for the purposes intended and that the futuresustainability .

Control And Risk Self-Assessment

Control and Risk Self-Assessment (CRSA) is a methodology used to review keybusiness objectives, risks and effectiveness of processes involved in achieving the

objectives, and internal controls designed to manage those risks. CRSA is basically aformal process that generates information on internal control that is useful to bothmanagement and internal auditors in validating the status or judging the adequacy of the control systems in place to address the identified strategic, financial andoperational risks. It can also provide a positive influence on the control environment,as operating staff (Executive Management, CFO, MIG Project Unit and the Internal


23/36

Increasing awareness of the MIG Programme objectives and the role of internal

control in achieving such goals and objectives. Motivating personnel to carefully design and implement control processes andcontinually improve the MIG Programme financial and operating controlprocesses.

CRSA Approaches

There are three primary CRSA approaches which are:

Facilitated team meetings Facilitated team meetings gather internal controlinformation from work teams which represent multiple levels within themunicipality (line management, office of the CFO and MIG Project Function).

Questionnaire approach This uses a survey instrument that offers opportunitiesfor simple (Inadequate, Needs Improvement and or Adequate) responses. Bothinternal audit and the business/risk process owners use the survey results to assessthe adequacy and or effectiveness of their control structure in meeting the MIGProgramme objectives and goals.

Management-Produced Analysis Is any approach that does not use a facilitatedmeeting or survey and basically makes use of an internal audit or managementapproach that producers a study of the business processes, risks and requiredtreatments (more in line with Enterprise-wide Risk Management techniques).

It is suggested that municipalities combine the first two approaches reflected above toaccommodate the specific MIG Programme and DoRA requirements and needs of dplg head office (MIG Unit) and the municipalities own control and risk assuranceneeds.

3. Control and Risk Self-Assessment Instructions

The responsibility for undertaking the CRSA process is normally shared among all

employees of the municipality. Where there is an in-house, outsourced or co-sourcedinternal audit function in place, it is suggested that the internal audit function takeresponsibility for undertaking the CRSA review. However, where there is no internalaudit function in place then the CRSA review should be undertaken by the head of themunicipal MIG Project Function, under guidance of the MIG Unit ( dplg head office).


24/36

Control based format This format focuses on how well the management

controls in place are actually working and which in turn are benchmarked againstthe leading practice controls that should be in place. This technique produces ananalysis of the gap between how controls are working and how managementintended these controls to work. In addition, this format can be effective inexamining soft controls such as management ethics, training and skills, etc.

Risk based format - This format focuses on identifying and managing the criticaland significant MIG Programme risks at a municipal level within therequirements of the MIG Policy and DoRA. The outcome of this technique is that

it examines the control activities to ensure that they are sufficient to address theidentified the key MIG Programme risks.

Procedure Internal Control Risk Self-Assessment

Who Must Complete the Document:

Where the municipality has a staffed-up internal audit function the head of internalaudit or where there is no internal audit function the head of the municipal MIGProject Management Unit function (PMU) must complete the CRSA making use of the electronically provided template Obtained from the dplg MIG Unit onwww. Furthermore, a combination of the Control based and Riskbased format, must be used as reflected above.

Roles and Responsibilities

Internal audit and the head of the MIG Project Management Unit Function areencouraged to use the questionnaire as the foundation to determine if a more in-depthreview of structures, processes, systems and controls are required surrounding theMIG Programme. This determination should be based on the Councils, municipalmanagers, line management and or Audit Committees experience and judgement.

The CRSA questionnaire does not take the place of the municipalitys performancemanagement system but runs alongside this system. The process is conducted withina structured environment in which the process is thoroughly documented and theprocess is repetitive as an incentive for continuous improvement. Furthermore, asCRSA is a technique that adds value to the internal auditing profession it caneffectively augment internal auditing as it judges the quality of internal controls.


25/36

The following table depicts the various areas of role and responsibility:

Role ResponsibilityInternal audit / MIGProject ManagementFunction

Completes CRSA questionnaire Retains original document for future reference Provides a copy and results of the control environment

status to the municipal manager and Audit Committee Sends copy to dplg MIG Unit

Project ManagementFunction

Monitors implementation of management treatmentsand or actions that explain how risks are mitigated

Retains submitted copies of completed forms andmanagement actions for future reference and for accessby internal audit

Suggests alternative procedures to the municipality Provides status of remedial action to the municipal

manager and Audit Committee

Sends copy to dplg MIG Unit

Internal audit Where internal audit does not complete the form butmanagement, internal audit verifies that the responseson the CRSA are the actual processes and that thecontrols and treatments have been implemented asstated by management

MIG Unit Assesses the impact of the CRSA reviews and theadequacy of the system of internal controls andconsolidate the areas of risk

Monitors the implementation of corrective action permunicipality

Provide holistic MIG Programme guidance and advicein a proactive manner

When To Complete The Self-Assessment:

The CRSA must be completed at least: On a bi annual basis Whenever there are significant personnel changes (MIG Project Management

Function)


26/36

Completing The Questionnaire:

Review the CRSA document located on www in the . Area ???????section. Where appropriate, comments have been embedded throughout thequestionnaire to provide the assessor with further explanation about the questionsshould it be required.

Making use of the Control based and Risk based approach a response to each andevery question on the CRSA questionnaire must be formally captured. Refer to the

municipalities MIG Programme, financial and supply chain management policies,procedures, or websites referenced on the questionnaire for additional information. If further clarification is needed, questions should be directed to a representative of theMIG Unit based in Pretoria and whom can be contacted on e-mail (.) oralternatively by land line during office hours ().

Any Inadequate or Needs Improvement response require an explanation in thecomment field where specific emphasis to the gap in the control is identified together

with the envisaged management plan of action to address the identified weakness/es.The responsible persons name and implementation date must also be captured.

For N/A responses, briefly explain why the question is not applicable.

Any internal control risks identified by the municipality during completion of thequestionnaire must be addressed. If at any time the municipality wishes to discuss thebest control process in which to address the risk/s, the municipality should contact itshead of internal audit and or the MIG Unit representative on ..(insert e-mailaddress).


27/36

CONTROL AND RISK SELF-ASSESSMENT TEMPLATE MIG PROGRAM

Inherent Risk Residual RiskMega / Major Process andRisks As Lik Imp

Leading Practice Control Actual Controls In PlaceAD NI IA

Action / Comments

STRATEGICStakeholder Management / CommunicationST1 - No or inadequatecommunication and orworking relationship betweenthe municipality and critical

external stakeholders (i.e.Sector Departments, Eskom,Provinces, dplg , etc.)

20 4 5 1. A formal communicationstrategy and plan is in placewhere the critical stakeholdershave been identified

2.

A review of the effectivenessof the communication processis undertaken on a regularbasis

3. Regular interfacing with theMIG Unit, SectorDepartments, provinces anddplg

4. MIG Orientation workshops5. Sector participation on PMITT

X

X

X

Action:

Responsible Person:

Due Date:

ST2 The relationship andcommunication between thePMU function and the otherdivisions/units within themunicipality is ineffective

5 5 1 1. A formal communicationstrategy and plan is in placeand has been rolled out

2. Regular meetings between thePMU function and othercritical divisions/units

3. Formal minutes of meetingsmaintained and circulated toall attendees in a timeousmanner

Action:

Responsible Person:

Due Date:

Policy Management

ST 3 - The municipality doesnot have the available MIGpolicy, framework, DoRA andPMU procedure, etc., in theirpossession

3 3 1 1. Municipality has identified therequired documentation theyshould have in theirpossession.

2. PMU function maintains therequired library of the MIGdocumentation and orliterature

Action:

Responsible Person:

Due Date:

1


28/36

Risk ManagementST4. - MIG risks have notbeen identified, assessed andincorporated into themunicipal risk assessment andor risk register

1. A formal risk managementsystem is in place and isoperational

2. MIG risks have beenidentified, assessed andranked.

3. MIG risks have been includedin the risk register

4. Internal audit reviews theserisks and controls as part of the annual audit program

5. The risk committee reviewsthe adequacy of the risk management systems andinternal audit reports on aregular basis (MIG Programincluded)

Action:

Responsible Person:

Due Date:ST5 - Line management hasnot assessed the adequacy of the system of internal controlsagainst the business risks on aregular basis

1. Quarterly review of the risksby line management (CSA)

2. Identification of control gapsand the implementation of control actions/treatments

3. Implementation of anoperational risk committee,chaired by the municipalmanager

4. Quarterly reporting to theAudit Committee and risk Committee on the status of thecontrol environment

5. External and internal auditreviews

6. Use of leading practice risk based control models (i.e.COSO, etc.)

Action:

Responsible Person:

Due Date:

2


29/36

BacklogsST6 - Inaccurate backlogtargets and figures

1. Formal process and reportdeveloped (backlog studies) todetermine backlog targets withimplementation plan

2. Uniform and acceptablecriteria utilised

3. Mechanism in place tomeasure and monitor theachievement of targets useof KPI dashboards andprogress on removal of

backlogs

Action:

Responsible Person:

Due Date:

Measuring & MonitoringST7 - No or ineffective MIGmeasuring and monitoringsystem in place at municipallevel

1. MIG performance part of themunicipal managers M&Mquarterly performancemeetings

2. Part of Council agenda andreporting

3. Dedicated Councilor for MIGProgramme

Action:

Responsible Person:

Due Date:FINANCIALMANAGEMENTFM 1 - Interest received onMIG funds utilised for otherpurposes other than for MIGprojects

1. Validation of MIG fundstransferred to funds received

2. Interest on MIG fundsreflected separately in thebooks of account

3. Adherence to DoRA, MIG,municipal financial policiesand procedures

4. Interest on MIG fundsreflected on monthly andquarterly DoRA returns

5. Statement on how and whereinterest was utilised

6. CSA, external and internalaudit reviews

Action:

Responsible Person:

Due Date:

3


30/36

FM2 - MIG funds utilised forpurposes other than for MIGprojects as per DoRA andMIG requirements

1. Effective financial accountingsystem and controls in place

2. Reconciliation between PMUfunction records and books of account on a monthly basis

3. If possible to have a separatebank account for MIG funds

4. Cash flow forecast per projectand compared with drawdownrecords

5. Adherence to DoRA, MIG,municipal financial policies

and procedures6. MIG funds received and spentreflected on monthly DoRAand project list returns

7. Regular management reviewsand sign-off by head of PMUfunction

8. Quarterly municipalmanagement performancemeetings and reports


Action:

Responsible Person:

Due Date:

FM3 - MIG Funds over orunderstated in books of account

1. Segregation of duties2. Adherence to code of ethics

and values3. Effective financial systems

records and controls in place4. Effective expenditure and

income codes5. Comparison between WIP

records maintained by PMU

function and managementaccounts on a monthly basis

6. Regular management reviewsand sign-off by head of PMUfunction

7. Adherence to DoRA, MIG andmunicipalities financialpolicies and procedures

Action:

Responsible Person:

4


31/36

8. Effective delegations of authority

9. Effective working relationshipbetween CFO and head of PMU function



Due Date:

FM4 - Financial figures andinformation on monthly

DoRA, cash flow and ProjectListing reports are inaccurateand or incomplete

1. Skilled PMU function andCFO staff

2. Reconciliation between booksof account and figuresreflected on monthly returnsby a third-party (i.e. CFO)

3. Reconciliation betweenprevious months returns andnew month figures



Action:

Responsible Person:

Due Date:

FM5 - Compulsory MIGreporting information notsubmitted timely as per DoRAand MIG dplg requirements

1. Adherence to DoRA and MIGreporting requirements

2. Input and monitoring fromProvincial PPMU, Treasuryand MIG National


Action:

Responsible Person:

Due Date:

FM6 - Insufficient municipalfunding for M&E

1. Input from SectorDepartments on capital andmaintenance ratios.

2. Effective maintenancemanagement system and planin place.

3. Effective budgeting andmonitoring systems in place

Action:

Responsible Person:

Due Date:

5


32/36

OPERATIONSOP1 - MIG projects registerednot feasible or sustainable

1. Input and advice from sectordepartments.

2. Financial and projectfeasibility and sustainabilitystudies undertaken supportedby formal reports and signedoff.

3. EIA undertaken to ensurecompliance withenvironmental standards andlegislation.

4. Adherence to MIG fundingcriteria5. Effective system of M&E in

place

Action:

Responsible Person:

Due Date:

OP2 No or ineffective PMUfunction in place

1. Establishment of a PMUfunction not required to befull time or dedicated

2. Effective capacity buildingprogram in place

3. Utilisation of MIG funds torun PMU function in terms of MIG criteria and permitted %amount

4. Effective and adequateperformance managementsystem in place.

5. Effective and adequatemeasuring and monitoringsystems in place

6. Risk management systementrenched in day-to-dayactivities

7. Effective WIP accountingsystem in place

8. Use made of othermunicipalities PMU functionwhere more cost effective andor appropriate

Action:

Responsible Person:

Due Date:

6


33/36

OP3 - The PMU function notbeing responsible for the

administration and financialmanagement of MIG fundswithin the municipality

1. Head of the PMU functionhaving the necessary authority

to have ownership over thefunds and MIG system atmunicipal level.

2. Clear roles and responsibilities3. Effective and adequate

performance managementsystem in place.

Action:

Responsible Person:

Due Date:

OP4 - Inability to spend MIGfunding in a timeous manner

1. Effective procurement andsupply chain management

plan in place2. Effective supply chainmanagement system andprocesess in place

3. Effective contract and projectmanagement systems in place

4. Effective financial measuringand monitoring system inplace (WIP) includingbudgeting system

5. Reporting and action plans tomitigate the risks

6. Effective follow-up oncorrective action anddetermining if results havebeen achieved

Action:

Responsible Person:

Due Date:

OP5 Project overruns (Timeand financial)

1. Effective contract and projectmanagement systems in place

2. Effective financial andoperational measuring andmonitoring system in place

(WIP) including budgetingsystem and managementaccounts

3. Effective monthly financialand payment authorisationsystems and controls in place

Action:

Responsible Person:

Due Date:

7


34/36

OP6 - PMU function nothaving an effective project

management system in place

1. Formal project managementpolicy and procedures in place

2. Formal project charters inplace for each and everyproject

3. Coordinating and roll out of SMIF business plans

4. Formal project managementsystem in place (i.e. Summit,Prince2, etc.)

5. Effective file managementsystem in place

6.

Effective quality managementpolicy and systems (QMS) inplace

7. Regular site visits andmeetings to determineperformance to targets andmilestones

8. Formal site meeting minutesand governance practices

9. Follow-up on corrective action10. Effective risk management

system in day-to-day activitiesincluding SHE

11. Data capture, updating of alldata and KPIs on MIS

12. Monitoring and consolidatingof cash flow reports andexpenditure of each project

13. Accepting only originalinvoices, VAT numbers,supporting documentation, etc

14. Effective reporting system inplace monthly progressreports

15. Legal compliance reviews16. Site handover meeting17. Provincial intervention for non

performance

Action:

Responsible Person:

Due Date:

8


35/36

OP7- PMU function notapplying appropriate contract

management practices forMIG projects

1. Adherence to municipalitiesprocurement policies and

procedures as well asdetermining those labourintensive projects

2. Formal and legal contractsentered into for all contractsawarded externally togetherwith project charters

3. Legal expertise input andapproval

4. Contracts to be explicit with

penalty clauses, project defectliabilities, etc cognisancetaken of contractors businessstatus (Pty, CC, sole trader,unregistered, social initiative,etc.)

5. Ensuring that suppliers havethe ability and capacity todeliver on the project mandate

6. SLAs entered into whereservices and construction is tobe undertaken internallywithin the municipality

7. Use of an effective costingsystem to determine internalcosts

8. Community basedpartnerships

Action:

Responsible Person:

Due Date:

OP8 - An effective M&Esystem not in place for

measurement, reporting &feedback on the progress withMIG objectives andinfrastructure projects?

1. Formal M&E policy andprocedures in place

2. Formal M&E system andplans in place.3. Updated asset registers4. Effective costing and

budgeting system in place5. Capital replacement and

or rehabilitation coststaken into account

Action:

Responsible Person:

Due Date:

9


36/36

KEY DescriptionInherent Risk Risk without taking the controls into account

AS Risk AssessmentLIK LikelihoodIMP Impact

Residual Risk Risk after taking controls into accountAD AdequateNI Needs ImprovementIA Inadequate

Risk Ranking Risk ranking scoring mechanismHigh Impact X Likelihood = Risk Assessment

Medium Impact X Likelihood = Risk AssessmentLow Impact X Likelihood = Risk Assessment

10

Control Risk Self Assessment Tool

Documents

Transcript of Control Risk Self Assessment Tool