Faculty/Division Job Profile NR August 2007 DATE PROFILE WAS LAST REVIEWED NAME JOB TITLE Manager – Risk Control INCUMBENT Mr. L. Kruiskamp DEPARTMENT/SECTION VC’s Office SUPERVISOR/MANAGER (VC) = Vice-Chancellor or his nominee JOB TYPE (ACADEMIC/SUPPORT) SUPPORT DIVISION HEAD Vice-Chancellor Dr. Saleem Badat MAIN JOB OBJECTIVE/S The main purpose of the job is: -to report to the Vice Chancellor or his nominee and the Audit/Risk Management Committees on deviations from risk management plans and areas that place the University at material risk. -to establish and maintain an integrated and effective Risk Management framework where risks are identified, quantified and managed on a consistent basis. -to initiate ,drive, advise on and co-ordinate all risk management activities. -to establish compliance requirements and to monitor the adherence to these requirements. DESCRIPTION OF KEY RESPONSIBILITY AREA STANDARD EXPECTED STRATEGIC RESPONSIBILITIES including: 1. 2. 3. 4. Develop a risk management framework for the Institution ensuring, amongst others, legal compliance and that the framework encompasses Identifying, monitoring, measuring and managing risks (and advantages where applicable) of the University. Develop a risk Management policy and a set of processes that will support the risk management strategy of the Institution. Develop a formal risk management Plan and risk profile for the University. This includes designing and developing risk management/control processes to ensure that the risk profile for the University is managed and that plans are robust enough and able to identify key risk areas. Assist senior management, when required or deemed necessary, to identify inherent risks for the university and ensuring that the action plans that are put in place are monitored, that remedial action is taken and that the deadlines are adhered to. Job incumbent is expected to develop a risk management framework in conjunction with VC and his senior management and the relevant Risk/Audit Committees. It is expected that policies and procedures related to risk management and risk control be developed collaboratively with the relevant stakeholders. Job incumbent is responsible for supporting those stakeholders responsible for risk management in their respective areas. Where there are problems with stakeholders meeting the standards required and/or deadlines outlined in their actions plans the job incumbent is expected to work collaboratively with the relevant stakeholders to put remedial plans in place. Where problems persist the job incumbent is expected to bring these to the attention of the VC (or his nominee) and the relevant Risk/Audit Committees. LIAISON AND FACILITATION including: 1. 2. 3. 4. 5. Liaising with senior management as regards their responsibility, as outlined by the VC, in identifying the inherent risks within their respective divisions or faculties, and the recording and submission thereof in terms of their instructions from the VC. Besides the risk listings as above, submission must be made in terms of legal/legislative compliance requirements as mentioned under “COMPLIANCE” point 1. as below. Advise and assist senior management where appropriate, or as requested, on processes to identify the risks, document the risks, establish appropriate benchmarks (doing research for the Senior Manager if required), and sharing good practice from other areas of the University. If appropriate and requested, organise training for senior management, or their staff, on risk management principles and considerations. Discuss with senior management the outcome of compliance checks. See “COMPLIANCE” below Discuss with senior management the content of any reports Job incumbent recognises that risk management is the responsibility of each senior manager and that they are best placed to identify the risks and compliance responsibilities in their respective areas of responsibility. The job incumbent does not seek to impose a view of what should or should not be managed but is empowered to give constructive input and technical advice. A co-operative relationship is established in spite of the compliance nature of the job. Feedback on compliance checks is done in the spirit of continuous improvement and what is in the best interest of the University. (*)This report would contain, inter alia: 2 generated by the Manager-Risk Control (MRC) which is to be forwarded to the VC and Risk management/ Audit committees (*) 6. Reporting back to the senior managers any feedback from the VC, Risk Management and Audit Committee’s comments on the plans and reports submitted. (A) Areas of non compliance as to: 1) specific legislative requirements, 2) aspects relating to non adherence to instructions from the VC and committees, 3) deviations from risk management plans. (B) Areas of risk, as perceived by the MRC, which are not perceived to be or included in senior management submissions as areas of risk. (C) Any other matters that would be regarded necessary for reporting which relate to matters compromising Risk Management of the University. Feedback to senior managers is timely, accurate, constructive and specific in order to allow senior managers to, where necessary, to address the feedback. COMPLIANCE AND REPORTING including: Conducting checks to highlight areas of weakness/non compliance relating to: 1. Legal/legislative type requirements such as requirements ITO Income Tax laws, Health and Safety Act, Submission of monthly, annual returns to Government etc. 2. Instructions as required by the VC and the relevant committees. I.e. Timeous submission of documentations/reports/responses etc. 3. Targets/goals, as identified in the risk management plans, which are not being met. 4. Following through/testing procedures/controls, as claimed to be in place for the sake of management of risks within the various divisions and/or facilities, to verify the existence and effectiveness of such controls. REPORTING including: 1. Collation of risk management documentation/plans as well as compliance requirements, as mentioned above, which are compiled by senior management, to be forwarded to the VC and relevant committees 2. Collation of progress reports by senior management and presentation thereof to the VC and relevant committees 3. Reports on the findings of compliance checks conducted, to be submitted to the VC and relevant Committees 4. Based on the above, assist in the preparation of any documents/reports on risk management in the university for internal and external purposes. Diligence and care is shown in exercising these responsibilities. The job incumbent needs to have an administrative system that reports the status of risk management plans and progress reports on request. Compliance checks are done with sensitivity to the power dynamics inherent in the relationship, to identify strengths and what are working, attempts and progress that have been made and in the case of noncompliance, the need to establish reasons for this. Timeous presentation of reports made at intervals determined by the VC and relevant Committees, as agreed in the annual risk management plan. 3 MANAGEMENT OF THE INSITUTIONS RISK MANAGEMENT PROCESS including: 1. Develop, a flexible annual work plan, as well as periodic updates, using an appropriate risk-based methodology, including any risks or control concerns identified by management 2. Implement the annual work plan, as approved, including, as appropriate, any special tasks or projects requested by management and the relevant committees. 3. Assist the various departments to ensure that adequate controls are in place to minimise risk. 4. Monitor the execution of the risk management process including the self-assessment process and the reporting associated with this process. 5. Implement a reporting framework for the self-assessment process including a process that monitors the action plans associated with the self-assessment process. This includes ensuring that remedial action is taken with the timelines that have been agreed to. Job incumbent is expected to develop an annual plan in consultation with the relevant stakeholders. Job incumbent is expected to support the implementation of the annual work plan and assist those responsible for risk in their respective areas. Job incumbent will be expected to provide support and technical advise when appropriate. Job incumbent is responsible tor tracking the execution of risk management processes including the self assessment. Job incumbent is expected to document the progress and ensure that it is up to date at all times. Job incumbent is expected to consult stakeholders with regards to the documentation of progress and stakeholders should be in agreement with the comments in the progress report and should sign these off. Timelines must be reasonable and must have the support of the stakeholder responsible for risk in his/her area. ADVOCACY FOR AN EFFECTIVE RISK MANAGEMENT CULTURE AND PROCESS including: 1. 2. 3. 4. 5. 6. . Work with each department to ensure that their risk management profile supports the risk management strategy. Develop sound relationships with those involved in risk management in order to ensure that they are supported in the management of risk for their area(s). Identify training and development needs in respect of risk management that will ensure that line managers and staff who are involved in the assessment of risk understand how the process works and what is required of them. Continually monitoring and evaluating effectiveness of the risk management process ensuring that quality of the selfassessments and information provided is accurate and current. This includes doing independent reviews of each self-assessment. Identify reports and management information that is required in order to ensure that the risk management profile of the institution is adequately managed. Ensuring that the right infrastructure exists to provide the necessary support to those involved in risk management as well as ensuring that any legislative reporting is adhered to. Job incumbent is expected to work collaboratively with all stakeholders and assist them in putting together their risk management profile. Job incumbent needs to be supportive and constructive in his/her approach. Job incumbent is expected to develop good working relationships with all stakeholders. Job incumbent is responsible for assisting those responsible for risk management in identifying any training that may be required and/or support in areas that require attention. Barriers to risk management are actively identified and proactively tackled in a tactful but assertive manner. Consideration is given to the context and culture of the section/department/division and University and if necessary change is required, this is addressed using sound change management principles. Where there is resistance from management to risk management/control, there is an appreciation of the manager’s perspective .. The job incumbent is mindful of other pressures and will actively champion solutions and interventions that assist in ensuring that risk is managed effectively and within other constraints faced by the person responsible for risk. 4 DIRECT CONTACTS OF THE JOBHOLDER (INTERNAL AND EXTERNAL) ] INTERNAL CONTACT: TYPE OF CONTACT DAILY/MONTHLY ANNUAL PURPOSE OF CONTACT Daily/Monthly/Annually Risk Management ongoing tasks. Daily/Weekly/Monthly Quarterly Quarterly Weekly/Monthly When warranted, as required by the VC When warranted Reporting line Functional matters Functional matters Observer Status. TYPE OF CONTACT DAILY/MONTHLY ANNUAL PURPOSE OF CONTACT 1) Internal & External auditors Weekly/Monthly Discussions on work plans; Assessment of Risk areas; Knowledge update; Audit programmes; advice etc. 2) Institute of Risk management. Monthly Membership; Updates; advice etc. 3) Conferences, workshops and/or meetings. Monthly Knowledge updates. Acquire new skills. 4) Banks, lawyers, government agencies, business markets and the like. Weekly/Monthly Update knowledge and information base. 1) The job will impact on the University as a whole, inclusive of all heads of divisions and departments, as it is intended to provide assurances regarding compliance with controls in the entire organization. 2) Vice-Chancellor or his nominee 3) Risk Management Committee 4) Audit Committee 5) Management meetings (Inc.of Senate and Council) 5) Vice-Principal 6) Chairman of the Risk Management/Audit Committees. Confidential matters. Matters that would have a high impact on the University. EXTERNAL CONTACT: JOB REQUIREMENTS EDUCATION AN D EXPERIENCE Matric plus an Honours Degree (i.e. a 4 year degree) with Accounting and Auditing as majors (with risk management studies being a distinct advantage) PLUS 8 year’s relevant experience (preferably including articles with an accounting firm) OR be a Chartered Accountant PLUS 5 years relevant experience. Experience to be at a senior/supervisory level and to include: Previous 3 years in risk management Systems design and control training Project management Experience within Higher Education will be an advantage but not essential. COMPETENCIES ( I.E. KNOWLEDGE, SKILLS AND ATTRIBUTES) RISK MANAGEMENT COMPETENCIES Superior understanding of integrated risk management (IRM) principles and practice. E.g. Corporate Governance (King 11) COSO, IRMSA code of practice, and their incorporation into business processes Good understanding of control design, effectiveness and implementation. Detailed knowledge and understanding of risk management practices and operational risk framework. Working knowledge of risk management/policy and strategy development and implementation An understanding of accounting systems and practices. Logical thinker with the ability to brainstorm and analyse information. Ability to design and implement risk reporting systems Must have the ability to be able to structure information in a way that will empower others to act. Must be able to design processes and procedures that are logical and that support the ultimate goals and objectives of risk management Ability to integrate risk management with other governance structures and processes (ethics, audit, secretariat, legal, environment, sustainability, health and safety ) Strong business and commercial acumen Outstanding financial and analytical skills Excellent communication skills both written and verbal in English. Must be able to demonstrate an effective presentation style that is able to present ideas and concepts aimed at persuading and facilitating change The ability to communicate in another official language will be an advantage. Proven experience in project/program/change management disciplines to support design thinking and implementation. Must be curious and have an investigative mind Ability to understand, analyse and integrate a broad range of information Audit, business and project management skills MANAGERIAL COMPETENCIES: 5 Ability to think strategically, creatively and laterally Problem-solving skills: logical and analytical People management skills with a collaborative approach Decision-making skills, able to be objective, flexible but decisive Must have strong budgeting skills and sound business acumen Must be able to work independently with little or no supervision Good negotiation and facilitation skills Experience of operating in a committee environment where excellent report and presentations are essential. Ability to confidently challenge management PEOPLE COMPETENCIES: Excellent interpersonal skills with an ability to relate to staff at different occupational levels as well as from different cultures and backgrounds High level of self-awareness, is committed to own development Able to gain the trust of others, able to keep confidences Networking skills, able to persuade and convince others Must have the ability to manage conflict effectively Integrity must be without question Customer-focused with the ability to communicate at top management level internally and externally ADMINISTRATION/TECHNICAL SKILLS/COMMUNICATION SKILLS Sound Computer literacy: able to work with a word processor (as per unit standard 117924), spreadsheets (as per unit standard 116940), the internet/web browsing skills (as per unit standard 116931), a presentation package (as per unit standard 116930) and electronic mail (as per unit standard 116935) Critical administrative skills include good organisational and planning skills as well as problem-solving and time-management skills are necessary. Attention to detail is important. An excellent ability to communicate in English is essential as are sound presentation skills. The ability to communicate in another official language will be an advantage. WORK BEHAVIOURS Customer service ethic with a track record of good customer service and continuous improvement Able to work independently as well as a member of a team Actively seeks feedback, able to withstand criticism and use constructive criticism to improve Extremely professional with high personal standards, able to produce work of a superior quality Shows initiative Able to manage multiple demands and work under pressure. Must have perseverance. Should be results driven Integrity should be beyond question MANAGEMENT/SUPERVISORY DUTIES Yes NUMBER OF SUBORDINATES One TYPICAL DEVELOPMENT PATH This person is likely to have come from either the risk management field or from within Finance and Administration. From this position the job incumbent may move into other senior administrative and/or academic positions provided he/she has the qualifications necessary. Career progression is dependant upon the availability of posts and the job incumbent doing a good job in her/her current job. FUNCTIONAL RESPONSIBILITIES (only if applicable) PROJECT MANAGEMENT AND PROCESS MANAGEMENT RESPONSIBILITY To start with: the development of the risk control section. That is the drawing up of the code of ethics, the charter, the job profiles, the strategic review plan, the annual review plan as well as the field plans. The functional responsibilities will be determined according to work programmes, developed in conjunction with the VC, the internal & external auditors, the risk management committee and the audit committee. COST/FINANCIAL CONTROL The job incumbent would not have any direct responsibility for cost control. However, by recommending improved risk management processes, the related costs of the university should be minimized. 6 Presently a budget for Risk Control has not been established, however this function should be considered within the budgetary process. LEVEL OF RESPONSIBILITY Who must authorize, review or clear decisions taken with regard to the jobholder’s functions? The VC or his nominee What percentage of tasks can be carried out without supervisory input and/ or control? 85-90% What critical decisions are the jobholder normally authorized and empowered to make? Within the boundaries of the agreed Riks Management strategy and direction from the VC or his nomineed, the relevant Audit/Risk Committees and the stakeholders involved in managing risk for their respective areas. PLANNING (i) What is the longest (macro) period that the jobholder has to plan ahead? 1 to 3 years (ii) Typically how long are the micro phases/time periods that the macro planning is divided into? 3 to 6 months PROFILE PREPARED BY: Robertson Len Kruiskamp in consultation with the Vice-Chancellor and Susan INITIALS AND SURNAME: L. KRUISKAMP SIGNATURE: ________________________________ Date: August 2007 PROFILE APPROVED BY: (Direct manager / First level of Reporting) INITIALS AND SURNAME: ________________________________ SIGNATURE: ________________________________ Date: ________________________________