The Governance of Risk and ICT
In line with governance best practices, the Board plays a key oversight role in the governance of risk and ICT, assisted by the Audit & Risk Committee and other operational structures such as the Risk Management Committee chaired by the CEO and the ICT Steering Committee chaired by the Senior Manager: ICT.
Risk Management and ICT Reports were standing agenda items at all Audit & Risk Committee, and Board meetings, via the Audit and Risk Committee. At an operational level, the Executive Committee, the Risk Management Committee, and the ICT Steering Committee played their respective management oversight roles, so as to ensure that all ICT and risk managementrelated matters were attended to and managed effectively.
The Governance of Risk
TKZN adopted an Enterprise-wide Risk Management (ERM) approach to enhance the alignment of strategy, process, people and information technology. The annual review of the Entity’s risk profile was conducted in October 2022 and culminated in the review of the Strategic Risk Register, which also formed the basis for the development of a risk-based Internal Audit Plan and Divisional Risk Plans. The Strategic Risks were also taken into consideration and factored in during the review of TKZN Strategic and Annual Performance Plans.
The Entity has the Risk Management Policy and the Risk Management Plan integrating the risk management programmes with the inclusion of business continuity management and total quality management elements, in order to enhance the effectiveness of risk management efforts.
The Governance of ICT
ICT plays an instrumental role in the TKZN value chain as mission critical business processes are supported and enabled by ICT. A failure in the governance and management of ICT could result in TKZN being significantly exposed to the extent that the company may not meet its strategic objectives and responsibilities to its stakeholders. Therefore, Good Corporate Governance of ICT (CGICT) practices remain a critical contributor to the successful functioning of ICT. In this regard, the Board actively monitors the implementation and monitoring of CGICT practices through the following governance structures:
• Audit and Risk Committee
• Executive Committee
• ICT Steering Committee
The ICT Governance framework that was developed in 2022 was reviewed during the period under review and aligned with the Public Sector Corporate Governance of ICT Policy Framework which led to the development of a TKZN specific CGICT Policy and Charter.
In addition, management monitors the implementation of recommendations made by the AGSA and reports progress on a quarterly basis.
Internal Control Unit
The office of the Chief Financial Officer, through the Finance and Supply Chain Management Departments, ensures that TKZN has adequate processes and systems to enhance internal controls. Findings emanating from audits conducted by all related bodies are reviewed by management and corrective measures put in place to address the findings and enhance existing control measures, which in turn improve efficiencies.
Internal and External Audit
During the period under review, the internal audit function was outsourced to an independent firm, Abacwaningi Business Solutions, and the external audit function was undertaken by the Auditor-General. Both the Internal and External Auditors had approved Audit Plans/ Strategy.
Progress on the implementation of the Internal Audit Plan was monitored by the Board through the Audit & Risk Committee and Reports submitted and/or considered at all Audit & Risk Committee meetings.
TOURISM KWAZULU-NATAL ANNUAL REPORT 2023/2024 73