9. City’s risk and disaster management The City of Johannesburg is critically aware of the impact of disasters and other risks on service delivery. As such, it has developed extensive risk-mitigation measures for both strategic and operational risks that have been identified, as well as having a disaster-management plan in place to deal with potential disasters and other extreme shocks. This chapter provides a high-level overview of these proactive and reactive plans.

Risk management South Africa’s codes of corporate governance have consistently identified risk management as one of the key pillars of good-governance practice and this, as a continuous process, enables constant improvement in strategy design and strategy implementation as well as an organisation’s systems and operations. The King III report on corporate governance has identified risk governance as one of the cornerstones that if successfully implemented, can create and sustain stakeholder value. The City of Johannesburg Metropolitan Municipality has identified in the Joburg 2040 Strategy some key developmental challenges that confront the Johannesburg metropolitan area, its citizens and other stakeholders. The City has subsequently framed its strategic choices and interventions towards becoming a liveable, resilient and sustainable City with good governance identified as one of the four strategic outcomes envisaged. This outcome states that the City will invest its efforts and resources to become “a high performing metropolitan government that pro-actively contributes to and builds a sustainable, socially inclusive, locally integrated and globally competitive Gauteng city region”. The City of Johannesburg (CoJ) Metropolitan Municipality has adopted an integrated approach to risk management with the primary aim of embedding of a culture of making correct and timely decisions that take into consideration associated risk exposures and opportunity. In the City, therefore, risk management is not simple compliance with the requirements of the Municipal Finance Management Act (MFMA) which requires the city manager as accounting officer to implement a system of risk management. It was in recognition of the substantial value-add of risk management that the City adopted a formal enterprise risk management (ERM) framework and policy that have been approved by council. The City and its entities established risk-management functions during the previous mayoral term. At the beginning of the current mayoral term, the Joburg Risk and Assurance Services (JRAS) department was repositioned within the governance cluster into a group function that will provide city-wide leadership on risk governance and ensure the effective implementation of governance, risk, audit, forensics and compliance responsibilities. While the departments and entities have been grouped into four clusters, with each cluster assigned leadership, responsibility and accountability for each Joburg 2040 Strategy outcome, it has been accepted that some outputs and outcomes may have dependencies on departments in other clusters.

213

Risk governance in the city The City has independent governance oversight and advisory committees, namely: the Group Risk Management Committee (GRMC) and the Group Audit Committee (GAC), which operate in accordance with council approved terms of reference, corporate governance guidelines and practices (King III) and professional practice standards and codes. The GRMC is responsible for independent oversight and appropriate advice on the risk management process in the City, the mitigation of key risk exposure and advising on emerging risk issues that may have an impact on the City. Similar independent oversight structures have been set up as sub-committees of the boards of the municipal entities. Table 9.1: Summary of roles and accountability

Council structure

Role

Accountability

Council

Political oversight

MFMA & Municipal Systems Act (MSA)

Mayoral committee &

Executive oversight

sub-mayoral committees

214

MFMA, MSA and King III corporate governance

Group risk management

Independent risk management

Council approved terms

committee (GRMC)

advisories and oversight

of reference, King III

Group audit committee (GAC)

Independent risk, control &

MFMA, council approved

governance assurance & oversight

terms of reference, King III corporate governance

City manager (CM)

City-wide administrative oversight,

MFMA, MSA and King III

responsibility and accountability for

corporate governance;

risk governance & management

council delegated authority

Executive risk management

City-wide monitoring &

Delegated authority/Terms

committee

management of significant risks

of reference, King III

MOE boards and

Executive leadership and oversight

MFMA, MSA, Companies Act,

sub-committees

accountability to GRMC, GAC, City

King III corporate governance

manager & mayoral committee Executive management/

Executive responsibility and

MFMA, MSA, delegated

MOEs managing directors

accountability, risk ownership,

authority, King III

strategic & operational risk

corporate governance

management implementation Group risk services and chief

Risk-governance leadership,

Council approved risk

risk officers’ (CRO) forum

advisories, risk-management

governance framework,

process, risk assessment &

delegated authority,

methodologies, CoJ risk profile

risk standards

Assurance on management

MFMA, audit standards, King III

Group internal audit

of risk in the City Operations (management

Design and/or implementation

Delegated authority, City

and staff)

of risk-response plans, risk

approved risk governance

treatment/mitigation actions

framework & policy

During this mayoral term, strategies are being put in place to enhance the flow of information and communication between the independent oversight committees, namely the performance audit committee, the group risk management committee and the group audit committee. This will ensure the both the reliability and quality of advisories and integrated reporting, to the mayoral committee and therefore council. Some of the key strategies in the short-to-medium term to ensure successful implementation of risk governance and enterprise risk management in the City are itemised below: • Risk governance structure, framework, policy and activities; • Risk infrastructure and oversight; • Adoption and alignment of risk frameworks; • Risk ownership and accountability; • Risk management approach and principles; • Risk and performance convergence; • Risk management language; • Risk assessment methodology; • Continuous risk assessment, design and implementation of risk response and continuous monitoring; • Internal control framework; and • Risk profile and integrated risk reporting. Enterprise Risk Management (ERM) The management of risk has evolved from the management of financial risk and transfer of risk through insurance, to business risk management and recently, to enterprise risk management, which includes the management of risks at all levels of the organisation. The ERM process creates consciousness at both political and administrative levels of the City’s risk appetite and profile. The benefits which the City strives to achieve include: aligning risk appetite to the City’s strategies; enhancing management’s risk response decisions; seizing opportunities and reducing operational surprises and losses through continuous identification of potential events; identifying and managing multiple and cross enterprise risks; and improving the deployment of capital and allocation of resources through the use of reliable, relevant and timeous risk information. The overall strategic objective is to embed a culture of risk management in the City and its municipal entities at strategic and operational levels. Accordingly, the JRAS department has mapped the enterprise risk management programme to the Joburg 2040 Strategy Outcome 4 : Governance, as shown below. Joburg 2040 Strategy outcome 4: A high performing metropolitan government that pro-actively contributes to and builds a sustainable, socially inclusive, locally integrated and globally competitive Gauteng city region. A number of priorities have been identified in the City’s ERM programme for the current year of the Integrated Development Plan. These cover: • Combined assurance strategies through a collaborative and integrated approach to risk, control and compliance advisories;

215

• Identification, documentation and communication of the group-wide risk universe; • Group risk threshold levels/appetite; • Strategic & operational risk profiles; • Standardised City risk-assessment methodology; • IT, fraud, compliance risk assessments and profiles; • Risk monitoring and risk-response plan advisories; • Cluster, sector & departmental risk profiles & registers, risk monitoring and risk reporting; • City-wide risk threshold/tolerance levels; • Management consulting and advising on risk responses and risk mitigating internal controls that are in line with best practice; and • Business continuity management (BCM) plans & advisories. Enterprise risk management projects Projects in the ERM programme are advisory and management consulting service are long term in nature, will straddle the entire current five-year IDP and even go beyond this term though the focus in each year may vary: • Group risk governance (core administration and municipal-owned entities); • Integrated group risk-management strategy and implementation plans; • Risk assessment and advisories on management of risks: °°Strategic risk management °°Operational risk management

216

°°Financial risk management °°Financial reporting risk management °°Compliance risk management °°Project risk management advisories °°Contracting and contract risk management; • Business continuity management; • Risk finance (insurance) strategy, optimisation of covers and insurance-portfolio evaluation; • Risk management application software; • ERM competency building – core administration and municipal-owned entities; and • Integrated reporting capabilities (interactive dashboard). Integrated approach to risk management and GRC functions There is a high co-dependence between group risk services and the other assurance functions within the group risk, audit and compliance services (JRAS) department. Each of the assurance functions is at risk of duplication of efforts and overlaps without the proper overall strategic leadership and management hereof. The impact of duplication of efforts between the governance, risk & compliance (GRC) functions would be assurance fatigue, ineffective and inefficient management of the risk and internal control environment. The City has adopted an integrated approach to the management of risk, risk advisory and assurance processes and systems. This will enable collaboration and co-operation between all the internal assurance role players.

Risk leadership, ownership and accountability The embedding of a risk management culture is one of the priorities that have been agreed to by the leadership of the City. • One of the key strategies is to ensure that there is convergence in the management of risk and performance. • The city’s organisational scorecard and performance scorecards of executive and senior management now include risk management as one of the key performance areas. • Further, each of the top strategic risks is assigned a risk owner at executive or managing director level and action ownership. Risk owners must ensure that risk response plans and mitigation actions are designed and implemented by responsible officials. Continuous risk assessment The assessment of risk requires the identification of organisational objectives and strategies and an analysis of inherent events that may have an impact on the achievement of objectives and strategies. While group risk services facilitates the assessments of risks through workshops or reviews of existing risks, the primary responsibility for the management of identified and emerging risks lies with the respective executive management. The City continuously assesses its risk exposure and measures and prioritises these risks using its risk assessment methodology. Priority is given to potential uncertainties that have been measured to have extreme and high inherent risk exposure. Similar priority is given to those risks that have high residual risk exposure, alternatively, where the respective risk response plans are inadequate and/or ineffective.

217

Table 9.2: Risk assessments, outputs and outcomes

Activity

Timing

Output

Outcome

Strategic risk

Annually

City wide strategic-risk register

Management of City-wide

assessments

strategic risk profile Strategic risk profiles of

Management of significant

department and municipal-

strategic risks/risk profile of

owned entities (MOEs)

the departments and MOEs

Operational risk

Annually and

Departmental and municipal

Awareness, risk ownership,

assessment

ongoing

entities operational risk

accountability & responsibility

registers, cascaded

for management of risk

IT governance risks

Awareness, risk ownership

IT operational risk registers in

and management of IT risks.

IT risk assessments

Annually

the IT department(s)/office of

City-wide IT risk profile

chief information officer (OCIO) IT operational risk registers and exposures in departments in the core admin & municipal entities

218

Fraud risk

Ongoing

assessments

City-wide fraud risk register Risk registers of operations in the City highly susceptible to risk of fraud and corruption

All risk assessments

City-wide fraud appetite and fraud-risk profile. Awareness and management of the risk of fraud, corruption, poor ethical conduct

At least

Risk registers and profiles

Optimal management of risk

annually

inform risk-based internal

and control environment and

audit plans, forensics

therefore improved risk profile.

planning and compliance, as

Performance improvements

well as management focus on key risk exposures

remote unlikely possible likely alomost certain

LIKEHOOD OF OCCURRENCE

Figure 9.1: Heat map of top 15 city strategic risks identified in 2011/12

5

4

M

H

H

E

E

M

M

H

E

E

L

M

M

H

H

L

L

M

M

H

L

L

L

M

M

major

severe

3

2

1 insignificant minor

moderate

POTENTIAL IMPACT/CONSEQUENCES Strategic risk management Strategic risk assessments are conducted at least annually and facilitated by group risk services. The top 15 city-wide strategic risks identified and agreed to by executive management, during April 2012, are listed below: Table 9.3: CoJ top 15 inherent strategic risks

1

Service delivery failure/inability to meet community expectations and demands

2

Financial sustainability of the City

3

Leadership and governance risks

4

Poor asset management and ageing infrastructure

5

Inadequate IT governance and IT delivery (ITC risks)

6

Theft, fraud, bribery and corruption

7

Inadequate skill set due to inability to attract and manage talent

8

Increase in incidents of crime, health and security risk

9

Lack of competitiveness to ensure City’s economic growth

10

Non-compliance with legislation, policies and procedures

11

Inadequate contracting and contract management

12

Environment risks: acid mine damage, toxic waste, floods

13

Inadequate stakeholder engagement and relative management

14

Ineffective spatial planning

15

Risk management and internal control failure

219

Operational risk management Operational risk assessments are conducted at the level of each directorate in the departments and at the level of business units or directorates in the entities. The outputs hereof are departmental risk profiles and directorate risk profiles. Both internal audit and the auditor general usually focus on the risk, control and audit universe at operational levels to evaluate the design and effectiveness of the internal control environment, which is a bottom-up approach. Therefore, it is critical that management, assisted by group risk services, should consistently analyse operational risk exposure and implement adequate systems of internal controls. Operational risk profiles must be communicated to the management and staff of the department or directorate to ensure that all role players are aware of the risk environment and the responsibilities for the management of identified and emerging risks. Financial reporting risk management Financial management and financial reporting have associated key risks that require proactive management or require that risk response plans be in place should these uncertainties occur. As such, group risk services and the group finance department will assess and profile the associated risk exposures, advise management on significant gaps and risk-treatment plans and monitor progress in the implementation of the risk-mitigation actions. It is further expected that the Operation Clean Audit strategy and plan of the City will be informed by the significant financial management, financial reporting and compliance-risk exposure.

220

Compliance risk management Compliance risk assessments will be preceded by the development of the City’s compliance universe. The risks of non-compliance are normally identified during the ongoing strategic and operational risk assessments and categorised accordingly. However, particular assessments of the key compliance requirements, associated impact of non-compliance and potential penalties will be conducted and compliance matrices developed to ensure that management is empowered to monitor its respective regulatory environment. Contract and project risk management Major projects will be identified from the City’s IDP, departmental and municipal entities’ strategic and business plans, cluster plans, IDP sub programmes and projects and the City’s capital projects monitoring unit. Projects that qualify as major include both capital and operational-expenditure projects for which there is either a high financial outlay and/or the implementation thereof will have major impact on the rendering of public and municipal services by the City. The monitoring of the management of risks in major projects of the City will include: • Reviewing the results of the project risk assessments; • Monitoring adherence to project management methodology; • Ensuring that management, with the support of group risks services where appropriate, conducts risk assessments at all stages of a project life cycle; • Ensuring that there is adequate risk information on the project and a risk profile prior to submission for approval; and • Reviewing updated project risk registers, changes or movements in the risk profiles.

Advisories on risk-management strategies The risk matrix enables the prioritisation of risks. The risk mitigation strategies, i.e. whether to accept, avoid, transfer or control risk, will be evaluated to ensure they appropriately respond to the identified risks and the cost vs benefit analysis conducted. While risk services will monitor the design of risk-mitigation strategies/responses in respect of all identified risks, focus will be placed on those risks that have been identified as extreme or high according to the risk matrix.

Risk monitoring and risk reporting/communication Subsequent to the risk assessments and identification of risk management strategies by respective management, group risk services analyses the adequacy of the risk strategies in bringing the risks to acceptable tolerance levels. The internal audit directorate prepares risk-based audits, having assessed the risk environment and determined the risk and audit universe. The risk-based auditing approach ensures that internal audit effort is focused on extreme and high-risk areas and internal audit projects are therefore derived from the strategic and operational risk registers. Internal audit also provides independent assurance on the effectiveness and efficiency of risk-mitigation plans.

221

Risk name

Inadequate stakeholder engagement and relative management

Leadership and governance risk

Financial sustainability of the City

Service delivery failure/inability to meet community expectations and demands

Risk management and internal-control failure

Theft, fraud, bribery and corruption

Inadequate IT governance and IT delivery (ITC Risks)

Ineffective spatial planning

Inadequate skill set due to inability to attract and manage talent

Lack of competitiveness

Risk ranking

13

3

2

1

15

6

5

14

7

9

20

20

16

20

20

20

25

25

25

25

likelihood)

Rating: (impact &

Extreme (greater than or equal 20)

Inherent risk

x

x

x

x

x

x

x

x

x

x

Strategic

Table 9.4 City-wide top 15 strategic risks and risk ownership

x

x

x

x

x

x

x

Compliance

x

x

x

x

x

x

x

x

x

Operations

x

x

x

x

x

x

x

x

Reporting

222 Governance

Economic Growth

Mapping to clusters

Sustainable Services

Human & Social Development

Economic

Group Corporate & Shared Services

Infrastructure & Service Delivery

Group Corporate & Shared Services

Group Forensics & Internal Audit

Group Risk & Audit Services

Infrastructure & Service Delivery

Group Finance

Group Strategy Policy and Relations

Group Communications & Tourism

Risk ownership

Economic Development

Group Human Resources Management

Planning & Urban Management

Chief Information It Steering Committee Executive Management

Executive Management Group Compliance Services Group Risk Services

Executive Management

Group Strategy Dept Office of the Executive Mayor Executive Management

Executive Management Assets & Liabilities Comm Chief Financial Officers

Office of City Manager Office of Executive Mayor Chief of Staff Speaker’s Office

Group Communication Customer Relations Group Strategy, Policy and Relations

Action ownership

Ineffective spatial planning

Inadequate skill set due to inability to attract and manage talent

Lack of competitiveness to ensure City’s economic growth

Environment risks: acid-mine damage, toxic waste, floods

Non-compliance with legislation, policies and procedures

Increase in incidents of crime, health and security risks

Inadequate contracting and contract management

Poor asset management and ageing infrastructure

14

7

9

12

10

8

11

4

governance and IT delivery (ITC Risks)

16

16

16

16

16

20

20

16

High (greater than or equal to 16)

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

Comm Dev & Health Metro Police Supply Chain Management Executive Management In Sustainable Services Cluster

Group Legal & Group Compliance Comm Dev & Health Metro Police Group Finance/CFO Group Legal & Contracts Environment & ISD

x

x

Executive Management/ All

Environmental Management

Environment & ISD

x

Group Human Resources Management

Group Corporate & Shared Services

Economic Development Department Regional Directors Metro Police Dept Joburg Tourism Environment & Isd

Planning & Urban Management

Infrastructure & Service Delivery

Economic Development Department

It Steering Committee Executive Management

& Shared Services

x

223

Table 9.5: City-wide top 15 strategic risk auditing

Risk

Progress to date

Risk 1: Service delivery failures • Poor strategic & operational planning • Community expectations increasing • Inefficiencies • Ageing infrastructure • Rapid urbanisation and migration (rural-to-urban migration) • Proliferation of informal settlements • Unavailability of land and inadequate funds and capacity

• CoJ growth-development strategy 2040 programme • Enhanced pro-active communication in case of disruptions • Community engagements, timing and structured feedback sessions • Expanded social package programme (community development department) • Socio-economic: procurement and contracting with (use of) local communities is receiving strategic focus • Led strategy implementation and procurement from local communities • Dpum informal settlements programme

224

Risk

Progress to date

Risk 2: Financial sustainability • Inadequate strategies for financial sustainability • Inadequate financial management & over-expenditure • Incorrect or non-billing of customers for services and rates • Consumption of services - water, electricity meter readings not done timeously • declining revenue collections & rising customer-debt levels • Exposure to penalties • Potential operational inefficiencies & losses, theft, misappropriation

• City’s financial strategy reviewed and presentations made to executivemanagement team (EMT) • Revenue-management strategy developed by the department and reported improvements in revenue, billing and collections • Cost-control procedures implemented on non-key expenditures, beginning of financial year • The following financial ratios are analysed quarterly: • Cash flow and liquidity risk, debt coverage, debt to revenue, current

• Unaccounted loss of water and electricity

and quick ratios, as well investment

• Contingent liabilities e.g. cost of

risk and interest-rate risk exposure

litigation, contractual obligations

• The city’s department of economic

• Compliance with MSA performance regulations (financial plan) • Current macro-economic environment • Inadequate sources of revenue • Slow-recovery from economic recession • Increase in the cost of capital

development tracks the key economic indicators and reports on the national and local economic environment • Joburg property company revenue generating strategies (sweating the asset) • The city’s finance department has a

• Rising inflation and high gearing (debt)

treasury risk-management function

• Increase in consumer prices

responsible for managing financial-risk exposure and monitors borrowing and cost of borrowing and investments • The city has been able to maintain a good credit rating

Risk 3: Leadership & governance risk • Negative perceptions about the political and administrative leadership • Loss of credibility • Perceptions of failure to articulate the short, medium and long-term strategic direction or strategy formulation • Lack of buy-in into formulated strategic objectives • Poor planning • Information leakages • Inadequate and ineffective customerrelations management

• Strong leadership and governance practices to mitigate political pressure • Strong leadership growth development strategy (GDS 2040) mayoral programme • Institutional redesign and introduction of customer relations and group-strategy functions • Institutional strategies to improve whistle-blowing mechanisms • King III code on corporate governance – analysis of CoJ alignment

225

Risk

Progress to date

Risk 4: Ageing & aged infrastructure • Failure to perform preventative

• Finalisation of asset-

maintenance of infrastructure • Water network/infrastructure

management plans by ISD • CoJ currently rolling out ICT

• Roads infrastructure requirements

infrastructure – broadband

• City’s IT infrastructure is ageing • Inadequate funding • Maintenance vs. investment in new infrastructure • Flood damage • Malicious damage • Damage due to accidents

Risk 5: Inadequate it governance & it delivery risks • Unstable/unavailable network & lack of an IT strategy • Mismanagement of IT projects by IT service providers • Ageing IT infrastructure and an

226

under-utilised disaster recovery plan & non-credible information • Connectivity (e.g. USB, smart phones, social networking) and mobility (e.g. 3G cards, GPS devices) are increasing • Failure to maintain proper accounting and management records • Inability to access timely, correct and reliable information • Lack of appropriate information

• Draft ICT strategy & gov framework • Opportunities for leveraging on connectivity and mobile devices for efficient and effective communication and information sharing • The IT disaster site set up, reviewed and tested • Outsourced IT services to a number of IT service providers to mitigate reliance on a single service provider • IT contracts management & monitoring • Centralised development and/or acquisition of application software solutions to ensure compatibilities • Revenue application system & LIS interventions

for decision-making purposes • Inadequate IT disaster recovery plan

Risk 6: Fraud, theft and corruption • Inadequate detection techniques • Conflict of interest & SCM-related fraud, corruption and bribes • Cash, cheque, credit and debit-card fraud • Inadequate or no supervision, weak internal-control environment • Lack of or inadequate risk ownership, poor organisational culture • Low honesty scale and poorly motivated staff • Failure to establish and maintain strong internal-control system

• Establishment of group-wide forensic investigation function • Anti-fraud & anti-corruption strategy & whistle-blowing channels • Annual declaration of interest by councillors & all City officials • Declaration in formal/official meetings where business decisions are taken and recusals • Regular compliance reviews of conflict-of-interest transactions and declaration of interest • Outsourcing of forensic investigations complexity, independence and objectivity

Risk

Progress to date

Risk 7: Inadequate skills set due to inability to attract & manage talent • Poor succession and retention planning

• A City-wide climate survey that includes

• Inadequate remuneration policy

MEs has been finalised and is currently being

• Uncompetitive remuneration

rolled out for completion by June 2012

packages & salary disparities • Lengthy recruitment processes and terms-of-employment contracts • Pending retirement age of baby boomers • Fixed-term contracts • Labour unrest/industrial action • Inflexible remuneration structure and policy, lack of parity core vs MEs

• Continuous engagement with organised labour & SALGBC on all as appropriate • Training interventions on labour relations and leadership by Wits Business School (130 enrolled) • Establishment of remuneration & skills retention committee in progress • Fixed-term contracts under review

Risk 8: Health, safety & security risks • Service delivery failure

• There is continuous surveillance of

• Increasing incidents of crime

communicable diseases by health

• Impact of HIV/Aids and other serious

department

and communicable diseases • Influx of immigrants which in turn

• Targeted outreach and health-promotion campaigns at migrants are conducted

227

could lead to xenophobic attacks

Risk 9: Lack of competitiveness towards economic growth • Globalisation and emergence of other cities • Poor road maintenance, waste removal and other basic services • Failure of major capital investment in infrastructure or long-term investments • Inability to meet the demand for an integrated and efficient transport network

• A number of projects and cooperation agreements with private sector at exploratory phase • One-stop-shop option being considered • Reduction of red tape • Simplifying investment processes • Incentives being considered

• Failure of the broadband-network project • Introduction of toll-road fees on national and provincial roads in Gauteng & bad buildings

Risk 10: Non-compliance with legislation • Ignorance of the law, regulations,

• Compliance department oversees this

policies and industry standards

risk across the City and periodically

• Compliance not integrated in operations • Partial compliance • Poor supervision and monitoring

requires entities and departments to confirm compliance with same • Risk services has taken the initiative to

• Absence of compliance checklist

include compliance risks profile workshops

• Ignorance of the law, regulations,

as part of operational risks assessment

policies and industry standards • Compliance not integrated in operations • Partial compliance • Poor supervision and monitoring • Absence of compliance checklist

Risk

Progress to date

Risk 11: Contracting & contract risks • City-wide contract management framework

• Each contractor / service provider

• Poor contracting procedures

payment is only processed on the

• Poor quality of services/ workmanship

submission of a service level agreement

• Contract failure or misalignment causes financial loss • Inadequate supervision of contractors • Inadequate provisions in SLAs & tender documents

as supporting documentation • Some departments and municipal entities use certificates of completion • Establishment of Group Legal & Contracts Department

• Delegations of Authority • Inadequate performance monitoring

Risk 12: Environmental risks • Water and air pollution, carbon emissions

• CoJ GDS 2040 Green economy

• Inclement weather, and changes

• Water & Air Pollution monitoring

in weather patterns • Lack of water and sanitation facilities especially in informal settlements

228

• Chemical dosing & litter control • Waste management & minimization • Bruma Lake rehabilitation programme

threaten the quality and supply of

(funding required approximately

clean water to communities

R36-million vs available)

• Increasing water levels of the acid mine drainage • Discharge of toxic waste into source of water, Bruma Lake • Projections of decrease in water levels

Risk 13: Stakeholder relations management • Strategic stakeholders may not be proactively engaged and segmented for targeted and effective communication • Communication & marketing strategy and plan • City may not be leveraging on information communication technologies (ICTs) • CoJ IT Security policy has not allowed for access to social media. However, this platform has since been opened for at least the marketing & communications people with effect from September 2011 • Less focus on marketing the brand “Joburg”

• GDS 2040 public engagement for inputting into this strategy • Development & annual reviews of IDP of the City ensures intensive engagement with communities • Continuous engagement with Provincial Government at the levels of both political and administrative leadership • The CoJ communication and marketing strategy is currently under development • Establishment of Group Comms Dept & appointment of Exec Director • Growth Development Strategy - Gauteng

• Use of different branding or identities that

City Region strategies, model and process to

do not necessarily embrace the brand of

be developed in collaboration with Province

its parent municipality or its shareholder • Gauteng City Region – collaboration with Provincial Government and neighbouring metros / municiplaities

Risk

Progress to date

Risk 14: Ineffective spatial planning • Ineffective spatial planning and

• Regularisation of informal settlements

interventions to address inequalities in

• City Department of Planning and

society (disproportionate amount spent

Urban Management strategies

on transport and food by the poor) • Continuous regularisation of informal traders

• Economic Development framework and industrial notes

Risk 15: Risk management & internal-control failures • Inadequate risk culture & duplication of effort • Fragmented approach to risk management • Lack of co-ordination in implementing risk strategies and risk monitoring • Accountability and responsibility for

• Establishment of Group Risk Services function & RM business model • Council approved Risk governance framework and policy • City-wide dashboard of risk & controls

managing risk & control environment is not

– tool acquisition in progress

defined and assigned to senior management

• Risk management to be KPA &

• Poor co-ordination, overlapping mandates,

KPI & performance measured

a silo mentality, absence of service level

• Executive Risk Management Comm

agreements (SLAs) and poor communication

• Group Risk Services participate in Municipal

• Internal control systems key to the management of risk

Entities’ Audit/Risk Committees • Actions addressing gaps identified in independent review of Citywide risk management process • City-wide Internal Control framework to be formalised

229

Risk finance Risk Finance is a risk management strategy taken by the City to transfer the risks from loss, theft, damages of assets as well as other perils to a third party. In its simplest form, risk finance is taking out insurance on City owned assets. The CoJ has over the past five years experienced a gradual increase in the number of insurance claims, and therefore the cost of insurance.

Disaster Management Plan The City of Johannesburg Metropolitan Municipality is committed to maintaining a vigilant state of disaster preparedness, response, rehabilitation and reconstruction within a safe and sustainable framework for the residents, staff, stakeholders and neighbours. The Joburg 2040 Strategy provided additional research into some areas of potential disasters faced by the City. It states that increasing urbanisation also raises vulnerability to disasters. This is particularly relevant as the City faces the issues of climate change which is critical for ensuring sustainable development and resilience of cities to climate change shocks. The Joburg 2040 Strategy further states that Johannesburg has largely remained exempt from natural disasters with an assessment undertaken in 2008 by MasterCard Worldwide Insight 1 rating Johannesburg as the fourth best placed city out of 21 major cities in terms of exposure to climate change-related risks

22

. However, the

long term strategy cautions that Johannesburg will face increasing changes to weather patterns in the future.

230

In line with this, and the requirements as stated in the Disaster Management Act, 2002, the City has developed an effective and user-friendly Level 1 Disaster Management Plan. This focuses primarily on establishing institutional arrangements for disaster risk management, putting in place contingency plans for responding to known priority threats and developing the capability to generate a Level 2 Disaster Risk Management Plan. This section provides an overview of the City’s Level 1 Disaster Management Plan. The Disaster Management Act, 2002, identifies a number of responsibilities in the event of a local disaster. In terms of this Act, the council of a metropolitan municipality is primarily responsible for the co-ordination and management of local disasters that occur in its area. If a local state of disaster has been declared, the City is authorised to make by-laws or issue directions concerning details such as the release of any available resources of the municipality including personnel, vehicles, equipment etc. In addition, it may evacuate citizens to temporary shelters, regulate the movement of people around the disaster-stricken area and control or occupy premises in that area. Overview of disaster-risk management There are three main phases to disaster-risk management Figure 9.2: Three phases to disaster-risk management

Pro-active planning (mitigation and prevention)

22 Joburg 2040 Strategy

Re-active (preparedness responsive and relief)

Recovery (rehabilitation and reconstruction)

Disaster risk reduction, through proper planning and management is the new key driving principle in disaster risk management. In terms of the City’s plan, the main strategy for all disaster management activities will be disaster risk reduction. Disaster management in the City is implemented through a five point programme used to facilitate emergency and disaster plans. The programme assists in the following: • Determining risk levels; • Assessing vulnerability of communities and households; • Increasing the capacity of communities and households to minimise the risk and impact of disasters; • Monitoring the likelihood of disasters and the state of alertness/preparedness; and • Managing high risk developments. Municipal disaster risk profile The City’s current disaster risk profile is based on an initial high-level risk identification process. While the Level 1 Disaster Management Plan identifies a number of disaster hazards, the City has noted the five most prevalent hazards, affecting most of the City’s area and with the highest potential probability for escalating to a state of disaster. These include: • Fires in informal settlements; • Floods and storms affecting informal settlements; • Rail accidents; • Spillage of hazardous materials; and • Sinkholes as result of dolomite.

231

In response to the identification of these hazards, the City has developed disaster contingency plans, affecting most of the City’s jurisdiction.

Assignment of responsibilities The City’s Level 1 Disaster Management Plan identifies specific responsibilities for each of its main stakeholders. Table 9.2: Roles and responsibilities

Stakeholder

Primary roles and responsibilities

The Municipal Council

The Municipal Council declares a state of disaster and receives and considers reports with regard to disaster risk management.

The City’s Municipal Manager

The Municipal Manager has overall responsibility for governance in the Municipality, including effective disaster risk management.

The City’s Disaster Management The Disaster Management Centre Functions are overall disaster Centre and its regional offices risk management and co-ordination, as per section 44 of the Disaster Management Act. Each Municipal Organ of State (which implies each City Department and each ME), will complete its own disaster management plans, to be incorporated into the City’s Municipal Disaster Management Plan.

232

The disaster management volunteers

The formal, trained volunteer unit assists the DMC and EMS in their functions.

Joburg Connect

Responsible for assisting with risk reduction and reporting communication, including to requesting telecommunication companies to restore communication lines.

The City’s Emergency Management Services (EMS) Department

This department is responsible for implementing and coordinating emergency response and recovery.

The Johannesburg Metropolitan This department is responsible for by-law enforcement, Police Department (JMPD) assistance to SAPS, search and rescue. The South African Police Service (SAPS)

The SAPS is responsible for crime prevention and law enforcement.

The residents and communities affected

The residents and communities assist with disaster risk reduction and co-operation.

The ward councillors

The Ward Councillors assist with community liaison.

The community leaders

The Community Leaders assist with community liaison.

Non-governmental organisations (NGOs) and community based organisations (CBOs)

The NGOs and CBOs assists with disaster risk reduction and co-operation.

The City’s Emergency Control Centre

The new state-of-the-art control centre, based in the Proton building handles all emergency and nonemergency service-related calls generated in the city.

The Gauteng Provincial Health Department and provincial ambulances and hospitals

Responsible for co-ordinating with the City’s Health Department and for providing ambulance and hospital services.

The media

Responsible for risk reduction, response and recovery-related communication.

In addition, departmental and entity specific responsibilities are outlined in the Level 1 Disaster Management Plan.

Disaster response and recovery The flow chart below summarises the generic response and recovery activities applicable to most disaster risks. Figure 9.3: Generic response and recovery flow chart

INCIDENT

Community or other services contacted (e.g SAPS) Call 10 177 and report incident

10 177 Inform Ems/confirm that ems has been enforced

1077 Inform Dmc/confirm that dmc has been informed

Ems dispatch vehicle(s)

Dmc dispatch official and Volunteers and inform ward concillor, community leaders and management

Incident commander take control of scene And additional assistance from other stakeholder (see note below)

Ems and stakeholder implement responses sops

Incident commander report on status and declare the scene safe after response

Ems and other stakeholder implement recovery sops

Dmc official assist with co-ordinator (see note below)

Dmc informed and assist with communication as required by ems incident commander

Dmc report on status to ems executive head, who reports to city management

Dmc assist with co-ordination of recovery

Note: A joint operations centre (JOC) can be established at the scene and/or at the DMC, depending on the scene and the EMS incident commander’s requirements

233

Education, training, public awareness and research Communication and stakeholder participation in disaster risk management in the City of Johannesburg is executed through a consultative process, education and public awareness programme. These processes will include the development of disaster risk management information leaflets, training programmes, media and local-level meetings with disaster risk management role players, including non-governmental institutions (to be preferably invited / co-opted on the Advisory Forum) and the local community leaders, schools, clinics and communities. Although the main responsibility to plan for, ensure budgeting and execute education, training and research (and the publication and communication of the results thereof) lies with the Disaster Management Centre, the City of Johannesburg and municipal departments and entities will also address these elements pro-actively. Cross-border disaster risk management co-operation and co-planning is also crucial and is facilitated through the Disaster Management Centre. Memoranda ofunderstanding will be signed with bordering municipalities, districts and Gauteng Province.

234