the University creates sustainable value for stakeholders. The following factors require consideration when integrating ERM into the UNIZULU decision-making structures and ensuring the management of risk is inculcated in the culture of the University:
• Aligning risk management with objectives at all levels of the University
• Introducing risk management components into existing strategic planning and operational practices
• Including risk management as part of employees’ performance appraisals
• Continuously improving control, accountability systems and processes to take into account risk management and its results
Principle 11 of the King IV Report recommends that the Council should govern risk in such a way that it supports the Institution in setting and achieving its strategic objectives. The practice notes to principle 11 recommend that Council should treat risk as integral to the way it makes decisions and executes duties; approve a policy that gives effect to setting direction on risk; evaluate and agree to the extent of the risks that the Organisation is willing to take in pursuit of its strategic objectives; delegate to management the responsibility to implement and execute effective risk management; exercise ongoing oversight of risk management; and disclose the nature and extent of risks it is willing to take, arrangements for managing risk, key areas of focus and actions taken to monitor the effectiveness of risk management and how outcomes were addressed.
Council has established ARC, which is responsible to
UNIZULU’s Risk Matrix (Heatmap).
assess all areas of risk (financial and non-financial), monitor changes in the University’s risk profile and gain assurance that risk management is effective. The Committee establishes materiality levels and determines the University’s risk appetite. All risks are considered as well as their likelihood and risk mitigation procedures are established, where applicable. The Committee also ensures that the Strategic Risk Register is maintained. The ARC Chairperson, the Vice- Chancellor and other members of executive management report regularly to the Council on risk management activities and results. The composition and meeting schedule of ARCC is set out in Table 6 of the Report of the Chairperson of Council.
MANAGEMENT AND CONTROL OF
CONSEQUENCES OF RISK
To aid in the facilitation of the ERM processes within UNIZULU, the internal auditors facilitated a strategic risk assessment process with UNIZULU executive management on 12 November 2020. Management performed operation risk assessments of each division/faculty after which UNIZULU undertook a thorough re-assessment of its risks, using the methodology described in the Institution’s approved ERF framework. Risks identified during risk assessments were incorporated into internal audit plans, in addition to management and audit committee priorities. UNIZULU conducted a Risk Maturity Assessment (RMA) utilising the maturity capability model it has adopted in its Risk Strategy. UNIZULU’s Implementation Plan has been regularly reported on to ARCC.
    Extreme (5)
 5
 10
 15
  20
  25
 High (4)
  4
  8
  12
   16
   20
  Medium (3)
 3
 6
  9
 12
 15
 Low (2)
 2
 4
 6
  8
  10
 Negligible (1)
 1
 2
 3
  4
  5
   Minimum (1)
  Low (2)
  Medium (3)
   High (4)
   Almost Certain(5)
  Likelihood (Probability)
     153
UNIVERSITY OF ZULULAND ANNUAL REPORT 2020
   Impact (Severity)