Risk Manager at Auditor-General of South Africa

Roles & Responsibilities

Risk strategy

• Execution of strategy allocated projects/initiatives

SOQM

 Maintain up to date SOQM risk profiles, by

• Facilitate identification and assessment of emerging risks,
• relevant root causes, current controls and future mitigations for the risks
• Monitoring implementation of mitigations for the gaps/ exposures noted
• Evaluating whether the mitigations identified and subsequently implemented are yielding the desired results
• Collaboration with other process owners within in SOQM.
• Advise on the adequacy and effectiveness of organisational processes introduced to mitigate risks
• Continuously scan the internal and external environment AND analyze the risk landscape or environment, collect the required data from all relevant sources and provide solutions thereof (ensure that the data is verified and is relevant/ fit for purpose)
• Provide periodic progress reports to management on the implementation of mitigating action plans and update the risk register as appropriate
• Assist management in setting the business unit specific risk tolerance/ appetite and establish related risk strategies and processes to manage the appetite levels
• Develop and roll-out education/awareness initiatives
• Facilitate annual review of the SOQM risk register
• Prepare reports to related governance structures

Roll-out/ implementation of the activities/ initiatives identified on the risk implementation plan

• The risk implementation plan is developed and approved annually. The plan outlines the activities the risk management functions will undertake over the year in pursuit of risk management objectives as articulated in the risk management strategy and policy.
• Maintain up to date and relevant risk profiles for the portfolios assigned, by
• Facilitate identification and assessment of risks,
• relevant root causes, current controls and future mitigations for the risks
• Monitoring implementation of mitigations for the gaps/ exposures noted
• Evaluating whether the mitigations identified and subsequently implemented are yielding the desired results
• Advise on the adequacy and effectiveness of organisational processes introduced to mitigate risks
• Provide advice with respect to organisational risks
• Continuously scan the internal and external environment AND analyze the risk landscape or environment, collect the required data from all relevant sources and provide solutions thereof (ensure that the data is verified and is relevant/ fit for purpose)
• Provide periodic progress reports to management on the implementation of mitigating action plans and update the risk register as appropriate
• Assist management in setting the business unit specific risk tolerance/ appetite and establish related risk strategies and processes to manage the appetite levels
• Periodically monitor the risk and incident reporting tool
• Analyze the risks and incidents reported
• Escalated reported cases to respective process owners
• Support process owners in developing appropriate responses to the reported risks and incidents
• Continuously follow-up with action owners on the responses agreed to
• Regularly provide feedback on the status of resolution of the reported risk and incidents to the individuals that logged the incident as well as to any other relevant reporting structure.

Maintain Stakeholder Engagement

• Develop and maintain a portfolio stakeholder interaction and communication plan
• Develop a thorough understanding of the needs of the different risk management stakeholders
• Develop programs and initiatives to address the needs of the stakeholders
• Communicate risk management strategies with all stakeholders
• Provide advice on the application of best practice principles to stakeholders
• Develop and maintain good working relations with assigned Risk Champions
• Ensure that Risk Champions have an appropriate understanding of the activities that they are required to undertake in support of risk management function
• Regularly develop presentations and training materials for roll-out at workshops, induction sessions, etc.
• Liaise with other risk and ethics function personnel to ensure the achievement of the business unit's goals and objectives

Ad-hoc projects

• Perform any other ad-hoc project/ request as requested by line manager.

Formal Education

• Degree/ Advanced Diploma in Auditing/risk management

Technical/ professional Certification

• Registration with relevant Professional body

Knowledge

• Knowledge of ISO 31000, COSO framework, SOQM
• Sound knowledge and understanding of the risks affecting the operations of the organisation and the applicable actions to manage and mitigate risk
• Knowledge and understanding of strategy development principles
• Ability to execute research and implement gathered insights
• Sound knowledge of AGSA’s related regulations

Experience

• Minimum 3 to 5 years’ risk management experience
• Experience in SOQM or audit quality assurance will be an added advantage