DURBAN UNIVERSITY OF TECHNOLOGY ANNUAL REPORT 2020
REPORT ON RISK EXPOSURE ASSESSMENT AND MANAGEMENT THEREOF
The strategic positioning of risk culture as one of the goals that our institution was to pursue, during this financial year, contributed immensely towards stimulating the energy levels we have seen in relation to enterprise risk management (ERM) within our institution. For instance:
  Strategic environmental scanning, which we undertook for the second year in succession, continues to be visible in both our strategic risk report and the Executive Portfolio Risk Reports. Serving as a feed into the strategic risk workshop, this initiative became valuable in terms of informing our financial year 2021 strategic risk outlook.
  Bringing project risk profiling into our practices in a more formal manner for the first time during this year contributed not only to highlighting the opportunities and risks pertinent to key projects, but served also as a platform for positioning ERM as a co-journeying concept. Necessarily, the first line of assurance (namely Management) recognised the reality that effective response to risk and opportunities is more than just an intuitive affair; similarly, our ERM practitioners realised that deepening their insights into the intricacies of an HEI’s core business requires a concerted effort on their part.
  Benchmarking some of our ERM governance documents in an effort to further align them with market practices, and in some instances attempting to position them a step ahead of those belonging to some of our sister institutions, is a milestone worth noting. Specifically, the infusion of published thought leadership perspectives into our ERM infrastructure – and doing so to the extent we did – is demonstrative of how far the DUT community has embraced this innovative posture.
Demonstrative of their keen strategic leadership, Council maintained the strategic risk profile of our institution – and performance against strategy – on their radar, doing so through tapping on the expertise of the Council Risk Committee as well as intricate insights of the DUT’s broader leadership team. Hence, in approving the financial year 2021 strategic risk outlook, Council appreciated the effort that led to new risks being identified, whereas some of the existing risks changed
Mr Z Gumede
in terms of complexion. Convinced that all risks tend to have a financial implication, we have not categorised them into financial and non-financial. Sensitive to market trends and annual risk surveys, we have continued to prioritise the risk pertaining to fraud and corruption. The development of risk appetite statements, as now contained within our ERM Framework, is a milestone that is hard to ignore, as it further paves the way towards making ERM a practical subject. For instance, the range within which we desire our risks to fall is broader on the Heatmap – thus pointing towards a steadily maturing institutional risk culture.
Further, the University is adequately covered by insurance policies against fire and allied perils, business disruption, theft, money, fidelity, public liability, accidental damage and employer’s liability. In addition, information pertaining to the University’s financial risk exposure is reflected in the notes to the Consolidated Financial Statements.
While we continue to believe that risk management is the responsibility of everyone, and our leadership deliberates on these risks continually, we have assigned a specific senior executive member accountability for these key risks. The idea behind this is to ensure that appropriate focus and a prudent sense of priority is accorded to risk management. Our Enterprise Risk Management (ERM) framework serves as the heartbeat of our institutional ERM conversations and actions. On reviewing it once again during the latter part of 2020, we incorporated the risk appetite statements.
Finally, the University is satisfied that there are appropriate control measures and other interventions in place to mitigate both the financial and non-financial risks to tolerable levels. In addition, the Risk Register has been used as one of the components informing both the University’s annual and rolling three-year internal audit plans, as developed by our external service providers, who have been aboard since the beginning of this current financial year. Optimistically, we are looking forward to the outcome of risk maturity assessment to be conducted by the Institute of Risk Management of South Africa, as the only professional body within our country on matters pertaining to ERM, which is deemed to be an authority in this space.
Mr S Nyangintsimbi
Chairperson: Risk Committee
Chief Risk Officer
83