The Risk Management and Internal Audit Unit forms part of the Office of the Secretary and reports administratively to the Chief Executive Officer in order for the function to maintain its independence. It also functionally reports to the Audit Committee.

Purpose of Risk Management

The risk management component was established to perform the following functions:
• To assist in the accomplishment of strategic and operational objectives of the Legislature by facilitating early identification and management of potential risks which, should they materialise, would hinder the achievement of the stated strategic objective, and
• To perform the internal control function aimed at providing reasonable assurance regarding the economy, efficiency and effectiveness of operations, internal financial control, as well as compliance with applicable laws and regulations.
• The compliance function ensures that all applicable legislation and Standing Rules are being adhered to by the KZN Legislature.
• The three-lines-of-defence model is used which ensures that management, as the first line of defence, implements sufficient controls to address areas of risk that impact the achievement of strategic objectives. The second line of defence is risk management which facilitates the identification of risk so that remedial plans can be implemented to address the risks. The third line of defence happens when internal and external audits provide independent verification on the controls that are in place within the Legislature.

How does risk management function?

To identify potential risks that may be a threat to the achievement of the KZN Legislature’s objectives, the following activities are performed:
• Annual risk assessment workshops are facilitated during which unit managers and other representatives are required to identify risks that pertain to their respective units.
• During risk assessment workshops, besides identification of risks, risks are evaluated for significance, and thereafter action plans are developed to address those risks considered to be significant enough to jeopardise the achievement of the institution’s objectives.
• The risk management component ensures that the developed actions plans are actually implemented by having follow-up meetings with the relevant risks owners (officials responsible for addressing the particular risk).

Internal Control Function

The internal control function includes the following:

• Reviews of previous internal and external audit reports to identify any weaknesses in internal controls and facilitate discussions with management in order to address identified weaknesses;
• The internal audit component operates on a combined assurance plan that is risk based, i.e. it is based on the most recent strategic risk register of the Legislature and is designed to provide reasonable assurance on the accuracy and validity of various processes of the Legislature;
• Reviews of specific areas where an error has been identified to determine the extent of it in order to rectify such an error;
• Ad hoc audits are also performed to address areas of management concern;
• Audits which are carried out by the risk management component, the Auditor-General and the internal audit component also enable the detection of additional risks that might be missed during the risk assessment process.

Contact Information

Risk Management and Internal Audit Unit
Office GA-13
Ground Floor: Administration Building
244 Langalibalele Street
3200 Pietermaritzburg
Manager: Ms Rowanne Moodley
Office: 033 355 7650
Fax: 086 571 2111
Risk Officer: Mr Sikhumbuzo Buthelezi
Office: 033 355 7021

Risk Officer: Mr Musa Mkhize
Office: 033 355 7044