Chief Risk Officer
011 407 7652
JOHANNESBURG risk and audit service (JRAS) is at the forefront of corporate governance and drives the strategy for the City and all its entities and agencies, ensuring not only compliance with legislation in terms of audit and risk, but setting the benchmark for other municipalities in South Africa according to internationally acceptable internal audit and risk structures.
JRAS has made significant changes in terms of its core business statement and strategic objectives. The primary objective has been to move JRAS into a more strategic role in the City, adding value by improving service delivery for all municipal departments and its entities.
To this end, risk services, a function previously with the finance directorate, has been incorporated into the department, to create the Johannesburg risk and audit services.
- The Johannesburg risk and audit service falls under the Office of the executive mayor, Parks Tau.
To render an independent, professional assurance and consulting service to the City and to ensure the City is always at the forefront of risk management .
To provide a professional, independent, objective assurance and consulting service designed to add value, effect strategy and improve the operations of the City.
Assisting the City accomplish its objectives by using a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.
Using people of integrity, empowered to deliver professional services that are a credit to the City.
To put in place controls to minimise or eliminate risks faced by departments and utilities within the City in order to comply with good corporate governance.
The JRAS is guided by the code of ethics and rules of conduct as set out by the Institute of Internal Auditors. Click here to access the Institute of Internal Auditors code of ethics.
JRAS has identified strategic objectives crucial to the development and maintenance of sound auditing and risk functions within the City:
- Develop and lead the City's audit, including Operation Clean Audit Report (OPCAR) and Enterprise Wide Risk Management (EWRM).
- Develop a uniform audit and risk strategy for the City and its entities and assisting our clients within the City in achieving all strategic priorities.
- Set audit and risk standards for the City geared at maximising efficiency and eliminating fraud.
- Serve as a hub of excellence in Internal Audit and Risk Services.
- Integrate risk management in all operations and projects carried out by the City.
- Ensure the compliance with Corporate Governance Code, King II Report, Municipal Finance Management Act, Short Term Insurance Act and other codes in audit and risk management.
Long-term strategic interventions
5-year strategic interventions
5-year IDP programmes and key programme achievements
Maintaining an uncompromised record of clean government by building failsafe mechanisms to prevent corruption and maladministration, and deal strongly and systematically with any instances that occur
Number of cases of fraud, maladministration and corruption reduced over the five-year term
Ethical Government Programme
Systematically identify areas of risk in terms of fraud, maladministration and corruption.
Clearly communicate to all staff across the City and Municipal Entities what would constitute fraud, maladministration or corruption and the consequences of engaging in such practices.
Strengthen mechanisms by which members of the public can report cases of unethical behaviour free of harassment.
Strengthen internal procedures and capacity to investigate reports of unethical behaviour in liaison with South African Police Services.
Promote a culture of good ethics.
Ensure proactive city wide risk management and internal auditing
A prioritised list of key risks properly specified and mitigated
Enterprise-wide Risk Management Programme
Identify and proactively manage areas where potential administrative breakdown may lead to service failures.
Identify and proactively manage potential administrative failures where the city may be held liable for negligence, maladministration etc.
Through an integrated enterprise-wide risk management framework across the city, identify other risks that may affect the city and work to mitigate their impact.
Achieve a clean audit
Internal Audit Development Programme
Extend oversight of Municipal Entities.
Strengthen the role of the Audit Committee.
Contribute to achieving a clean audit report.
Structure monitoring mechanisms to ensure regular and systematic interactions with the Audit Committees of the Municipal Entities.
The department has two key directorates: audit services and risk services
Audit services has four business units:
- Special audit
- Process audit services
- Information system audit services
- Forensic audit services
Special audit and process audit services
Special and process audit services offers expertise in risk assurance and performance management services to the City and its stakeholders.
It provides a professional, independent, objective assurance and consulting service that will assist management in identifying risks by examining, evaluating and reporting on the control environment, control activities and governance processes which might hinder them in achieving business objectives.
As an internal audit function it will ensure that adequate internal control systems are implemented within the organisation. Through its interventions it will establish a culture of responsibility and accountability for critical risks occurring throughout the organisation.
Information system audit services
As information technology (IT) is recognised as a fundamental tool to improve an organisation's operations and service delivery while reducing cost, streamlining processes and increasing efficiency, there is an increasing emphasis on the role of information systems audit within organisations.
Organisations are faced with having to make appropriate decisions to justify investments in IT assets, outsourcing decisions, use of consultants, migration to expensive architectures, information security concerns and so on.
IT internal audit performs both IT process and technology audits to ensure that the key controls satisfy management objectives.
Information systems audits have evolved from the audit of basic computer processes and technology to a much wider role that includes IT governance.
Forensic audit services
Forensic audit services is recognised both nationally and internationally as an important business unit within organisations to complement the broader criminal justice systems.
Within the City, forensic audit services forms part of the internal audit services team, performing an assurance function, specifically focusing on promoting integrity standards and investigating incidents of fraud and corruption within the city.
Forensic audit services render professional forensic audit services to the city, its stakeholders and other clients to minimise fraud related risks that hinder service delivery.
The audit procedure
- Approach to an audit/risk assessment:
- Identify and understand business objectives/risks
- Establish areas of audit focus
- Validate overall risk assessment with business unit
- Assess alignment of objectives and risks
- Align risk assessment and management prerogatives
- Provide summary of risk assessment and plan for audit coverage
Reporting process to client/audit committee
- Opening meeting with client at the commencement of audit to explain objectives and processes followed
- Discussions of findings with client and obtaining their comments
- Presentation of draft and final reports to clients
- Compiling of risk 1 (high risk) findings on audit committee slides for presentation to committee
- Attendance of the committee meetings to present findings
Risk services should form an integral part of management as it enhances the basis for sound decision-making.
Risk services ensures proper risk assessments by means of clearer articulation of business objectives, more focused management information and a better understanding of the trade-offs between risk and reward.
Risk services therefore focus on assessing and identifying key risk areas within departments and agencies of the client organisation, both in terms of established and new projects. Risk services also ensures the formulation of a uniform risk management approach for its clients.
Risk assessments form the basis for planning internal audits within the organisation.
Form alliances with municipalities around the world to ensure the City is at the forefront of risk management.
- Establish a Risk Management Committee and formulate a risk management framework and policy.
- Procure a Risk Management System and assist with the rollout process of this to all departments.
- Conduct risk management training and allocate Risk Officers to each department and municipal entity.
- Conduct strategic business risk assessments at departments and utilities.
- Review and enhance risk management strategies through continuous assessment and best practice frameworks.