The Risk Management and Internal Audit Unit forms part of the Office of the Secretary and reports administratively to the Chief Executive Officer in order for the function to maintain its independence. It also functionally reports to the Audit Committee.
Purpose of Risk Management
The risk management component was established to perform the following functions:
- To assist in the accomplishment of strategic and operational objectives of the Legislature by facilitating early identification and management of potential risks which, should they materialize, would hinder the achievement of the stated strategic objective, and
- To perform the internal control function aimed at providing reasonable assurance regarding the economy, efficiency and effectiveness of operations, internal financial control, as well as compliance with applicable laws and regulations.
The compliance function ensures that all applicable legislation and Standing Rules are being adhered to by the KZN Legislature.
- The three-lines-of-defence model is used which ensures that management:
(i) as the first line of defence, implements sufficient controls to address areas of risk that impact the achievement of strategic objectives.
(ii) The second line of defence is risk management which facilitates the identification of risk so that remedial plans can be implemented to address the risks.
(iii) The third line of defence happens when internal and external audits provide independent verification on the controls that are in place within the Legislature.
- To identify potential risks that may be a threat to the achievement of the KZN Legislature’s objectives
The Governance & Compliance participates in the following structures: