 |
|
|
|
|
| |
Integrated risk management element
|
|
Principle
|
|
|
|
|
|
|
| |
Strategic intent |
|
- Integrated risk management in Eskom influences the Eskom strategic
decision-making process and effectively mitigates the risks threatening
the non-achievement of Eskom’s business objectives at a strategic,
operational and business continuity level
|
|
|
|
|
|
|
| |
Board accountability |
|
- The board of directors is accountable for the total process of
risk management at Eskom and is implemented through the board risk
management committee
|
|
|
|
|
|
|
| |
Governance |
|
- Exco is accountable to the board for the design, implementation
and monitoring of the process of risk management, and integrating
risk management into the day-to-day activities of the organisation
- Corporate IRM facilitates inter-group risk coordination and integration
- Corporate IRM ensures effective integrated risk management through
an IRM policy, an integrated risk management standard, integrated
risk processes, reporting and training
- Divisions are responsible for the integrated risk management capability
by implementing risk policies, standards, procedures and frameworks
to identify manage and report risks at strategic, operational and
business continuity level
- Divisional risk committees oversee and monitor the effectiveness
of integrated risk management within divisions
|
|
|
|
|
|
|
| |
Framework |
|
- Risk management within Eskom complies with the Department of
Public Enterprise’s Risk Management Framework , the King
Report on Corporate Governance, the IRMSA Integrated Risk Management
Framework and other relevant international enterprise risk management
benchmarks
|
|
|
|
|
|
|
| |
Risk assessment and control |
|
- Risk assessment and control are the responsibilities of all levels
of management within Eskom
- Risks and risk controls are transparent and communicated
- Independent interrogation of risk profiles is conducted on an ad
hoc basis
|
|
|
|
|
|
|
| |
Monitoring |
|
- A robust risk monitoring process focuses internally and externally
on both strategic and operational risks
- An integrated risk management application is planned which will
facilitate near real-time risk information in order to enable effective
and relevant decision making
|
|
|
|
|
|
|
| |
Risk reporting |
|
- Corporate IRM reports the existing and new operational, strategic
and business continuity risks to the IRM Strategic Executive Committee
on a monthly basis
- Risk reports are provided to both the board risk management committee
and the Department of Public Enterprises quarterly
- Divisions report on their revised risk profiles and the effectiveness
of integrated risk management in the division to IRM every six months.
- Significant changes to the risk profile are reported as and when
they occur, i.e. exception-based reporting
|
|
|
|
|
|
|
| |
Assurance |
|
- Independent assurance is provided on IRM for process compliance
and performance
- All levels at Eskom may request ad hoc assurance of the effectiveness
of risk controls which may include an independent opinion
|
|
|
|
|
|
|
