9. City’s risk and disaster management The City of Johannesburg is critically aware of the impact of disasters and other risks on service delivery. As such, it has developed extensive risk-mitigation measures for both strategic and operational risks that have been identified, as well as having a disaster-management plan in place to deal with potential disasters and other extreme shocks. This chapter provides a high-level overview of these proactive and reactive plans.
Risk management South Africa’s codes of corporate governance have consistently identified risk management as one of the key pillars of good-governance practice and this, as a continuous process, enables constant improvement in strategy design and strategy implementation as well as an organisation’s systems and operations. The King III report on corporate governance has identified risk governance as one of the cornerstones that if successfully implemented, can create and sustain stakeholder value. The City of Johannesburg Metropolitan Municipality has identified in the Joburg 2040 Strategy some key developmental challenges that confront the Johannesburg metropolitan area, its citizens and other stakeholders. The City has subsequently framed its strategic choices and interventions towards becoming a liveable, resilient and sustainable City with good governance identified as one of the four strategic outcomes envisaged. This outcome states that the City will invest its efforts and resources to become “a high performing metropolitan government that pro-actively contributes to and builds a sustainable, socially inclusive, locally integrated and globally competitive Gauteng city region”. The City of Johannesburg (CoJ) Metropolitan Municipality has adopted an integrated approach to risk management with the primary aim of embedding of a culture of making correct and timely decisions that take into consideration associated risk exposures and opportunity. In the City, therefore, risk management is not simple compliance with the requirements of the Municipal Finance Management Act (MFMA) which requires the city manager as accounting officer to implement a system of risk management. It was in recognition of the substantial value-add of risk management that the City adopted a formal enterprise risk management (ERM) framework and policy that have been approved by council. The City and its entities established risk-management functions during the previous mayoral term. At the beginning of the current mayoral term, the Joburg Risk and Assurance Services (JRAS) department was repositioned within the governance cluster into a group function that will provide city-wide leadership on risk governance and ensure the effective implementation of governance, risk, audit, forensics and compliance responsibilities. While the departments and entities have been grouped into four clusters, with each cluster assigned leadership, responsibility and accountability for each Joburg 2040 Strategy outcome, it has been accepted that some outputs and outcomes may have dependencies on departments in other clusters.
213
Risk governance in the city The City has independent governance oversight and advisory committees, namely: the Group Risk Management Committee (GRMC) and the Group Audit Committee (GAC), which operate in accordance with council approved terms of reference, corporate governance guidelines and practices (King III) and professional practice standards and codes. The GRMC is responsible for independent oversight and appropriate advice on the risk management process in the City, the mitigation of key risk exposure and advising on emerging risk issues that may have an impact on the City. Similar independent oversight structures have been set up as sub-committees of the boards of the municipal entities. Table 9.1: Summary of roles and accountability
Council structure
Role
Accountability
Council
Political oversight
MFMA & Municipal Systems Act (MSA)
Mayoral committee &
Executive oversight
sub-mayoral committees
214
MFMA, MSA and King III corporate governance
Group risk management
Independent risk management
Council approved terms
committee (GRMC)
advisories and oversight
of reference, King III
Group audit committee (GAC)
Independent risk, control &
MFMA, council approved
governance assurance & oversight
terms of reference, King III corporate governance
City manager (CM)
City-wide administrative oversight,
MFMA, MSA and King III
responsibility and accountability for
corporate governance;
risk governance & management
council delegated authority
Executive risk management
City-wide monitoring &
Delegated authority/Terms
committee
management of significant risks
of reference, King III
MOE boards and
Executive leadership and oversight
MFMA, MSA, Companies Act,
sub-committees
accountability to GRMC, GAC, City
King III corporate governance
manager & mayoral committee Executive management/
Executive responsibility and
MFMA, MSA, delegated
MOEs managing directors
accountability, risk ownership,
authority, King III
strategic & operational risk
corporate governance
management implementation Group risk services and chief
Risk-governance leadership,
Council approved risk
risk officers’ (CRO) forum
advisories, risk-management
governance framework,
process, risk assessment &
delegated authority,
methodologies, CoJ risk profile
risk standards
Assurance on management
MFMA, audit standards, King III
Group internal audit
of risk in the City Operations (management
Design and/or implementation
Delegated authority, City
and staff)
of risk-response plans, risk
approved risk governance
treatment/mitigation actions
framework & policy
During this mayoral term, strategies are being put in place to enhance the flow of information and communication between the independent oversight committees, namely the performance audit committee, the group risk management committee and the group audit committee. This will ensure the both the reliability and quality of advisories and integrated reporting, to the mayoral committee and therefore council. Some of the key strategies in the short-to-medium term to ensure successful implementation of risk governance and enterprise risk management in the City are itemised below: • Risk governance structure, framework, policy and activities; • Risk infrastructure and oversight; • Adoption and alignment of risk frameworks; • Risk ownership and accountability; • Risk management approach and principles; • Risk and performance convergence; • Risk management language; • Risk assessment methodology; • Continuous risk assessment, design and implementation of risk response and continuous monitoring; • Internal control framework; and • Risk profile and integrated risk reporting. Enterprise Risk Management (ERM) The management of risk has evolved from the management of financial risk and transfer of risk through insurance, to business risk management and recently, to enterprise risk management, which includes the management of risks at all levels of the organisation. The ERM process creates consciousness at both political and administrative levels of the City’s risk appetite and profile. The benefits which the City strives to achieve include: aligning risk appetite to the City’s strategies; enhancing management’s risk response decisions; seizing opportunities and reducing operational surprises and losses through continuous identification of potential events; identifying and managing multiple and cross enterprise risks; and improving the deployment of capital and allocation of resources through the use of reliable, relevant and timeous risk information. The overall strategic objective is to embed a culture of risk management in the City and its municipal entities at strategic and operational levels. Accordingly, the JRAS department has mapped the enterprise risk management programme to the Joburg 2040 Strategy Outcome 4 : Governance, as shown below. Joburg 2040 Strategy outcome 4: A high performing metropolitan government that pro-actively contributes to and builds a sustainable, socially inclusive, locally integrated and globally competitive Gauteng city region. A number of priorities have been identified in the City’s ERM programme for the current year of the Integrated Development Plan. These cover: • Combined assurance strategies through a collaborative and integrated approach to risk, control and compliance advisories;
215
• Identification, documentation and communication of the group-wide risk universe; • Group risk threshold levels/appetite; • Strategic & operational risk profiles; • Standardised City risk-assessment methodology; • IT, fraud, compliance risk assessments and profiles; • Risk monitoring and risk-response plan advisories; • Cluster, sector & departmental risk profiles & registers, risk monitoring and risk reporting; • City-wide risk threshold/tolerance levels; • Management consulting and advising on risk responses and risk mitigating internal controls that are in line with best practice; and • Business continuity management (BCM) plans & advisories. Enterprise risk management projects Projects in the ERM programme are advisory and management consulting service are long term in nature, will straddle the entire current five-year IDP and even go beyond this term though the focus in each year may vary: • Group risk governance (core administration and municipal-owned entities); • Integrated group risk-management strategy and implementation plans; • Risk assessment and advisories on management of risks: °°Strategic risk management °°Operational risk management
216
°°Financial risk management °°Financial reporting risk management °°Compliance risk management °°Project risk management advisories °°Contracting and contract risk management; • Business continuity management; • Risk finance (insurance) strategy, optimisation of covers and insurance-portfolio evaluation; • Risk management application software; • ERM competency building – core administration and municipal-owned entities; and • Integrated reporting capabilities (interactive dashboard). Integrated approach to risk management and GRC functions There is a high co-dependence between group risk services and the other assurance functions within the group risk, audit and compliance services (JRAS) department. Each of the assurance functions is at risk of duplication of efforts and overlaps without the proper overall strategic leadership and management hereof. The impact of duplication of efforts between the governance, risk & compliance (GRC) functions would be assurance fatigue, ineffective and inefficient management of the risk and internal control environment. The City has adopted an integrated approach to the management of risk, risk advisory and assurance processes and systems. This will enable collaboration and co-operation between all the internal assurance role players.
Risk leadership, ownership and accountability The embedding of a risk management culture is one of the priorities that have been agreed to by the leadership of the City. • One of the key strategies is to ensure that there is convergence in the management of risk and performance. • The city’s organisational scorecard and performance scorecards of executive and senior management now include risk management as one of the key performance areas. • Further, each of the top strategic risks is assigned a risk owner at executive or managing director level and action ownership. Risk owners must ensure that risk response plans and mitigation actions are designed and implemented by responsible officials. Continuous risk assessment The assessment of risk requires the identification of organisational objectives and strategies and an analysis of inherent events that may have an impact on the achievement of objectives and strategies. While group risk services facilitates the assessments of risks through workshops or reviews of existing risks, the primary responsibility for the management of identified and emerging risks lies with the respective executive management. The City continuously assesses its risk exposure and measures and prioritises these risks using its risk assessment methodology. Priority is given to potential uncertainties that have been measured to have extreme and high inherent risk exposure. Similar priority is given to those risks that have high residual risk exposure, alternatively, where the respective risk response plans are inadequate and/or ineffective.
217
Table 9.2: Risk assessments, outputs and outcomes
Activity
Timing
Output
Outcome
Strategic risk
Annually
City wide strategic-risk register
Management of City-wide
assessments
strategic risk profile Strategic risk profiles of
Management of significant
department and municipal-
strategic risks/risk profile of
owned entities (MOEs)
the departments and MOEs
Operational risk
Annually and
Departmental and municipal
Awareness, risk ownership,
assessment
ongoing
entities operational risk
accountability & responsibility
registers, cascaded
for management of risk
IT governance risks
Awareness, risk ownership
IT operational risk registers in
and management of IT risks.
IT risk assessments
Annually
the IT department(s)/office of
City-wide IT risk profile
chief information officer (OCIO) IT operational risk registers and exposures in departments in the core admin & municipal entities
218
Fraud risk
Ongoing
assessments
City-wide fraud risk register Risk registers of operations in the City highly susceptible to risk of fraud and corruption
All risk assessments
City-wide fraud appetite and fraud-risk profile. Awareness and management of the risk of fraud, corruption, poor ethical conduct
At least
Risk registers and profiles
Optimal management of risk
annually
inform risk-based internal
and control environment and
audit plans, forensics
therefore improved risk profile.
planning and compliance, as
Performance improvements
well as management focus on key risk exposures
remote unlikely possible likely alomost certain
LIKEHOOD OF OCCURRENCE
Figure 9.1: Heat map of top 15 city strategic risks identified in 2011/12
5
4
M
H
H
E
E
M
M
H
E
E
L
M
M
H
H
L
L
M
M
H
L
L
L
M
M
major
severe
3
2
1 insignificant minor
moderate
POTENTIAL IMPACT/CONSEQUENCES Strategic risk management Strategic risk assessments are conducted at least annually and facilitated by group risk services. The top 15 city-wide strategic risks identified and agreed to by executive management, during April 2012, are listed below: Table 9.3: CoJ top 15 inherent strategic risks
1
Service delivery failure/inability to meet community expectations and demands
2
Financial sustainability of the City
3
Leadership and governance risks
4
Poor asset management and ageing infrastructure
5
Inadequate IT governance and IT delivery (ITC risks)
6
Theft, fraud, bribery and corruption
7
Inadequate skill set due to inability to attract and manage talent
8
Increase in incidents of crime, health and security risk
9
Lack of competitiveness to ensure City’s economic growth
10
Non-compliance with legislation, policies and procedures
11
Inadequate contracting and contract management
12
Environment risks: acid mine damage, toxic waste, floods
13
Inadequate stakeholder engagement and relative management
14
Ineffective spatial planning
15
Risk management and internal control failure
219
Operational risk management Operational risk assessments are conducted at the level of each directorate in the departments and at the level of business units or directorates in the entities. The outputs hereof are departmental risk profiles and directorate risk profiles. Both internal audit and the auditor general usually focus on the risk, control and audit universe at operational levels to evaluate the design and effectiveness of the internal control environment, which is a bottom-up approach. Therefore, it is critical that management, assisted by group risk services, should consistently analyse operational risk exposure and implement adequate systems of internal controls. Operational risk profiles must be communicated to the management and staff of the department or directorate to ensure that all role players are aware of the risk environment and the responsibilities for the management of identified and emerging risks. Financial reporting risk management Financial management and financial reporting have associated key risks that require proactive management or require that risk response plans be in place should these uncertainties occur. As such, group risk services and the group finance department will assess and profile the associated risk exposures, advise management on significant gaps and risk-treatment plans and monitor progress in the implementation of the risk-mitigation actions. It is further expected that the Operation Clean Audit strategy and plan of the City will be informed by the significant financial management, financial reporting and compliance-risk exposure.
220
Compliance risk management Compliance risk assessments will be preceded by the development of the City’s compliance universe. The risks of non-compliance are normally identified during the ongoing strategic and operational risk assessments and categorised accordingly. However, particular assessments of the key compliance requirements, associated impact of non-compliance and potential penalties will be conducted and compliance matrices developed to ensure that management is empowered to monitor its respective regulatory environment. Contract and project risk management Major projects will be identified from the City’s IDP, departmental and municipal entities’ strategic and business plans, cluster plans, IDP sub programmes and projects and the City’s capital projects monitoring unit. Projects that qualify as major include both capital and operational-expenditure projects for which there is either a high financial outlay and/or the implementation thereof will have major impact on the rendering of public and municipal services by the City. The monitoring of the management of risks in major projects of the City will include: • Reviewing the results of the project risk assessments; • Monitoring adherence to project management methodology; • Ensuring that management, with the support of group risks services where appropriate, conducts risk assessments at all stages of a project life cycle; • Ensuring that there is adequate risk information on the project and a risk profile prior to submission for approval; and • Reviewing updated project risk registers, changes or movements in the risk profiles.
Advisories on risk-management strategies The risk matrix enables the prioritisation of risks. The risk mitigation strategies, i.e. whether to accept, avoid, transfer or control risk, will be evaluated to ensure they appropriately respond to the identified risks and the cost vs benefit analysis conducted. While risk services will monitor the design of risk-mitigation strategies/responses in respect of all identified risks, focus will be placed on those risks that have been identified as extreme or high according to the risk matrix.
Risk monitoring and risk reporting/communication Subsequent to the risk assessments and identification of risk management strategies by respective management, group risk services analyses the adequacy of the risk strategies in bringing the risks to acceptable tolerance levels. The internal audit directorate prepares risk-based audits, having assessed the risk environment and determined the risk and audit universe. The risk-based auditing approach ensures that internal audit effort is focused on extreme and high-risk areas and internal audit projects are therefore derived from the strategic and operational risk registers. Internal audit also provides independent assurance on the effectiveness and efficiency of risk-mitigation plans.
221
Risk name
Inadequate stakeholder engagement and relative management
Leadership and governance risk
Financial sustainability of the City
Service delivery failure/inability to meet community expectations and demands
Risk management and internal-control failure
Theft, fraud, bribery and corruption
Inadequate IT governance and IT delivery (ITC Risks)
Ineffective spatial planning
Inadequate skill set due to inability to attract and manage talent
Lack of competitiveness
Risk ranking
13
3
2
1
15
6
5
14
7
9
20
20
16
20
20
20
25
25
25
25
likelihood)
Rating: (impact &
Extreme (greater than or equal 20)
Inherent risk
x
x
x
x
x
x
x
x
x
x
Strategic
Table 9.4 City-wide top 15 strategic risks and risk ownership
x
x
x
x
x
x
x
Compliance
x
x
x
x
x
x
x
x
x
Operations
x
x
x
x
x
x
x
x
Reporting
222 Governance
Economic Growth
Mapping to clusters
Sustainable Services
Human & Social Development
Economic
Group Corporate & Shared Services
Infrastructure & Service Delivery
Group Corporate & Shared Services
Group Forensics & Internal Audit
Group Risk & Audit Services
Infrastructure & Service Delivery
Group Finance
Group Strategy Policy and Relations
Group Communications & Tourism
Risk ownership
Economic Development
Group Human Resources Management
Planning & Urban Management
Chief Information It Steering Committee Executive Management
Executive Management Group Compliance Services Group Risk Services
Executive Management
Group Strategy Dept Office of the Executive Mayor Executive Management
Executive Management Assets & Liabilities Comm Chief Financial Officers
Office of City Manager Office of Executive Mayor Chief of Staff Speaker’s Office
Group Communication Customer Relations Group Strategy, Policy and Relations
Action ownership
Ineffective spatial planning
Inadequate skill set due to inability to attract and manage talent
Lack of competitiveness to ensure City’s economic growth
Environment risks: acid-mine damage, toxic waste, floods
Non-compliance with legislation, policies and procedures
Increase in incidents of crime, health and security risks
Inadequate contracting and contract management
Poor asset management and ageing infrastructure
14
7
9
12
10
8
11
4
governance and IT delivery (ITC Risks)
16
16
16
16
16
20
20
16
High (greater than or equal to 16)
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
Comm Dev & Health Metro Police Supply Chain Management Executive Management In Sustainable Services Cluster
Group Legal & Group Compliance Comm Dev & Health Metro Police Group Finance/CFO Group Legal & Contracts Environment & ISD
x
x
Executive Management/ All
Environmental Management
Environment & ISD
x
Group Human Resources Management
Group Corporate & Shared Services
Economic Development Department Regional Directors Metro Police Dept Joburg Tourism Environment & Isd
Planning & Urban Management
Infrastructure & Service Delivery
Economic Development Department
It Steering Committee Executive Management
& Shared Services
x
223
Table 9.5: City-wide top 15 strategic risk auditing
Risk
Progress to date
Risk 1: Service delivery failures • Poor strategic & operational planning • Community expectations increasing • Inefficiencies • Ageing infrastructure • Rapid urbanisation and migration (rural-to-urban migration) • Proliferation of informal settlements • Unavailability of land and inadequate funds and capacity
• CoJ growth-development strategy 2040 programme • Enhanced pro-active communication in case of disruptions • Community engagements, timing and structured feedback sessions • Expanded social package programme (community development department) • Socio-economic: procurement and contracting with (use of) local communities is receiving strategic focus • Led strategy implementation and procurement from local communities • Dpum informal settlements programme
224
Risk
Progress to date
Risk 2: Financial sustainability • Inadequate strategies for financial sustainability • Inadequate financial management & over-expenditure • Incorrect or non-billing of customers for services and rates • Consumption of services - water, electricity meter readings not done timeously • declining revenue collections & rising customer-debt levels • Exposure to penalties • Potential operational inefficiencies & losses, theft, misappropriation
• City’s financial strategy reviewed and presentations made to executivemanagement team (EMT) • Revenue-management strategy developed by the department and reported improvements in revenue, billing and collections • Cost-control procedures implemented on non-key expenditures, beginning of financial year • The following financial ratios are analysed quarterly: • Cash flow and liquidity risk, debt coverage, debt to revenue, current
• Unaccounted loss of water and electricity
and quick ratios, as well investment
• Contingent liabilities e.g. cost of
risk and interest-rate risk exposure
litigation, contractual obligations
• The city’s department of economic
• Compliance with MSA performance regulations (financial plan) • Current macro-economic environment • Inadequate sources of revenue • Slow-recovery from economic recession • Increase in the cost of capital
development tracks the key economic indicators and reports on the national and local economic environment • Joburg property company revenue generating strategies (sweating the asset) • The city’s finance department has a
• Rising inflation and high gearing (debt)
treasury risk-management function
• Increase in consumer prices
responsible for managing financial-risk exposure and monitors borrowing and cost of borrowing and investments • The city has been able to maintain a good credit rating
Risk 3: Leadership & governance risk • Negative perceptions about the political and administrative leadership • Loss of credibility • Perceptions of failure to articulate the short, medium and long-term strategic direction or strategy formulation • Lack of buy-in into formulated strategic objectives • Poor planning • Information leakages • Inadequate and ineffective customerrelations management
• Strong leadership and governance practices to mitigate political pressure • Strong leadership growth development strategy (GDS 2040) mayoral programme • Institutional redesign and introduction of customer relations and group-strategy functions • Institutional strategies to improve whistle-blowing mechanisms • King III code on corporate governance – analysis of CoJ alignment
225
Risk
Progress to date
Risk 4: Ageing & aged infrastructure • Failure to perform preventative
• Finalisation of asset-
maintenance of infrastructure • Water network/infrastructure
management plans by ISD • CoJ currently rolling out ICT
• Roads infrastructure requirements
infrastructure – broadband
• City’s IT infrastructure is ageing • Inadequate funding • Maintenance vs. investment in new infrastructure • Flood damage • Malicious damage • Damage due to accidents
Risk 5: Inadequate it governance & it delivery risks • Unstable/unavailable network & lack of an IT strategy • Mismanagement of IT projects by IT service providers • Ageing IT infrastructure and an
226
under-utilised disaster recovery plan & non-credible information • Connectivity (e.g. USB, smart phones, social networking) and mobility (e.g. 3G cards, GPS devices) are increasing • Failure to maintain proper accounting and management records • Inability to access timely, correct and reliable information • Lack of appropriate information
• Draft ICT strategy & gov framework • Opportunities for leveraging on connectivity and mobile devices for efficient and effective communication and information sharing • The IT disaster site set up, reviewed and tested • Outsourced IT services to a number of IT service providers to mitigate reliance on a single service provider • IT contracts management & monitoring • Centralised development and/or acquisition of application software solutions to ensure compatibilities • Revenue application system & LIS interventions
for decision-making purposes • Inadequate IT disaster recovery plan
Risk 6: Fraud, theft and corruption • Inadequate detection techniques • Conflict of interest & SCM-related fraud, corruption and bribes • Cash, cheque, credit and debit-card fraud • Inadequate or no supervision, weak internal-control environment • Lack of or inadequate risk ownership, poor organisational culture • Low honesty scale and poorly motivated staff • Failure to establish and maintain strong internal-control system
• Establishment of group-wide forensic investigation function • Anti-fraud & anti-corruption strategy & whistle-blowing channels • Annual declaration of interest by councillors & all City officials • Declaration in formal/official meetings where business decisions are taken and recusals • Regular compliance reviews of conflict-of-interest transactions and declaration of interest • Outsourcing of forensic investigations complexity, independence and objectivity
Risk
Progress to date
Risk 7: Inadequate skills set due to inability to attract & manage talent • Poor succession and retention planning
• A City-wide climate survey that includes
• Inadequate remuneration policy
MEs has been finalised and is currently being
• Uncompetitive remuneration
rolled out for completion by June 2012
packages & salary disparities • Lengthy recruitment processes and terms-of-employment contracts • Pending retirement age of baby boomers • Fixed-term contracts • Labour unrest/industrial action • Inflexible remuneration structure and policy, lack of parity core vs MEs
• Continuous engagement with organised labour & SALGBC on all as appropriate • Training interventions on labour relations and leadership by Wits Business School (130 enrolled) • Establishment of remuneration & skills retention committee in progress • Fixed-term contracts under review
Risk 8: Health, safety & security risks • Service delivery failure
• There is continuous surveillance of
• Increasing incidents of crime
communicable diseases by health
• Impact of HIV/Aids and other serious
department
and communicable diseases • Influx of immigrants which in turn
• Targeted outreach and health-promotion campaigns at migrants are conducted
227
could lead to xenophobic attacks
Risk 9: Lack of competitiveness towards economic growth • Globalisation and emergence of other cities • Poor road maintenance, waste removal and other basic services • Failure of major capital investment in infrastructure or long-term investments • Inability to meet the demand for an integrated and efficient transport network
• A number of projects and cooperation agreements with private sector at exploratory phase • One-stop-shop option being considered • Reduction of red tape • Simplifying investment processes • Incentives being considered
• Failure of the broadband-network project • Introduction of toll-road fees on national and provincial roads in Gauteng & bad buildings
Risk 10: Non-compliance with legislation • Ignorance of the law, regulations,
• Compliance department oversees this
policies and industry standards
risk across the City and periodically
• Compliance not integrated in operations • Partial compliance • Poor supervision and monitoring
requires entities and departments to confirm compliance with same • Risk services has taken the initiative to
• Absence of compliance checklist
include compliance risks profile workshops
• Ignorance of the law, regulations,
as part of operational risks assessment
policies and industry standards • Compliance not integrated in operations • Partial compliance • Poor supervision and monitoring • Absence of compliance checklist
Risk
Progress to date
Risk 11: Contracting & contract risks • City-wide contract management framework
• Each contractor / service provider
• Poor contracting procedures
payment is only processed on the
• Poor quality of services/ workmanship
submission of a service level agreement
• Contract failure or misalignment causes financial loss • Inadequate supervision of contractors • Inadequate provisions in SLAs & tender documents
as supporting documentation • Some departments and municipal entities use certificates of completion • Establishment of Group Legal & Contracts Department
• Delegations of Authority • Inadequate performance monitoring
Risk 12: Environmental risks • Water and air pollution, carbon emissions
• CoJ GDS 2040 Green economy
• Inclement weather, and changes
• Water & Air Pollution monitoring
in weather patterns • Lack of water and sanitation facilities especially in informal settlements
228
• Chemical dosing & litter control • Waste management & minimization • Bruma Lake rehabilitation programme
threaten the quality and supply of
(funding required approximately
clean water to communities
R36-million vs available)
• Increasing water levels of the acid mine drainage • Discharge of toxic waste into source of water, Bruma Lake • Projections of decrease in water levels
Risk 13: Stakeholder relations management • Strategic stakeholders may not be proactively engaged and segmented for targeted and effective communication • Communication & marketing strategy and plan • City may not be leveraging on information communication technologies (ICTs) • CoJ IT Security policy has not allowed for access to social media. However, this platform has since been opened for at least the marketing & communications people with effect from September 2011 • Less focus on marketing the brand “Joburg”
• GDS 2040 public engagement for inputting into this strategy • Development & annual reviews of IDP of the City ensures intensive engagement with communities • Continuous engagement with Provincial Government at the levels of both political and administrative leadership • The CoJ communication and marketing strategy is currently under development • Establishment of Group Comms Dept & appointment of Exec Director • Growth Development Strategy - Gauteng
• Use of different branding or identities that
City Region strategies, model and process to
do not necessarily embrace the brand of
be developed in collaboration with Province
its parent municipality or its shareholder • Gauteng City Region – collaboration with Provincial Government and neighbouring metros / municiplaities
Risk
Progress to date
Risk 14: Ineffective spatial planning • Ineffective spatial planning and
• Regularisation of informal settlements
interventions to address inequalities in
• City Department of Planning and
society (disproportionate amount spent
Urban Management strategies
on transport and food by the poor) • Continuous regularisation of informal traders
• Economic Development framework and industrial notes
Risk 15: Risk management & internal-control failures • Inadequate risk culture & duplication of effort • Fragmented approach to risk management • Lack of co-ordination in implementing risk strategies and risk monitoring • Accountability and responsibility for
• Establishment of Group Risk Services function & RM business model • Council approved Risk governance framework and policy • City-wide dashboard of risk & controls
managing risk & control environment is not
– tool acquisition in progress
defined and assigned to senior management
• Risk management to be KPA &
• Poor co-ordination, overlapping mandates,
KPI & performance measured
a silo mentality, absence of service level
• Executive Risk Management Comm
agreements (SLAs) and poor communication
• Group Risk Services participate in Municipal
• Internal control systems key to the management of risk
Entities’ Audit/Risk Committees • Actions addressing gaps identified in independent review of Citywide risk management process • City-wide Internal Control framework to be formalised
229
Risk finance Risk Finance is a risk management strategy taken by the City to transfer the risks from loss, theft, damages of assets as well as other perils to a third party. In its simplest form, risk finance is taking out insurance on City owned assets. The CoJ has over the past five years experienced a gradual increase in the number of insurance claims, and therefore the cost of insurance.
Disaster Management Plan The City of Johannesburg Metropolitan Municipality is committed to maintaining a vigilant state of disaster preparedness, response, rehabilitation and reconstruction within a safe and sustainable framework for the residents, staff, stakeholders and neighbours. The Joburg 2040 Strategy provided additional research into some areas of potential disasters faced by the City. It states that increasing urbanisation also raises vulnerability to disasters. This is particularly relevant as the City faces the issues of climate change which is critical for ensuring sustainable development and resilience of cities to climate change shocks. The Joburg 2040 Strategy further states that Johannesburg has largely remained exempt from natural disasters with an assessment undertaken in 2008 by MasterCard Worldwide Insight 1 rating Johannesburg as the fourth best placed city out of 21 major cities in terms of exposure to climate change-related risks
22
. However, the
long term strategy cautions that Johannesburg will face increasing changes to weather patterns in the future.
230
In line with this, and the requirements as stated in the Disaster Management Act, 2002, the City has developed an effective and user-friendly Level 1 Disaster Management Plan. This focuses primarily on establishing institutional arrangements for disaster risk management, putting in place contingency plans for responding to known priority threats and developing the capability to generate a Level 2 Disaster Risk Management Plan. This section provides an overview of the City’s Level 1 Disaster Management Plan. The Disaster Management Act, 2002, identifies a number of responsibilities in the event of a local disaster. In terms of this Act, the council of a metropolitan municipality is primarily responsible for the co-ordination and management of local disasters that occur in its area. If a local state of disaster has been declared, the City is authorised to make by-laws or issue directions concerning details such as the release of any available resources of the municipality including personnel, vehicles, equipment etc. In addition, it may evacuate citizens to temporary shelters, regulate the movement of people around the disaster-stricken area and control or occupy premises in that area. Overview of disaster-risk management There are three main phases to disaster-risk management Figure 9.2: Three phases to disaster-risk management
Pro-active planning (mitigation and prevention)
22 Joburg 2040 Strategy
Re-active (preparedness responsive and relief)
Recovery (rehabilitation and reconstruction)
Disaster risk reduction, through proper planning and management is the new key driving principle in disaster risk management. In terms of the City’s plan, the main strategy for all disaster management activities will be disaster risk reduction. Disaster management in the City is implemented through a five point programme used to facilitate emergency and disaster plans. The programme assists in the following: • Determining risk levels; • Assessing vulnerability of communities and households; • Increasing the capacity of communities and households to minimise the risk and impact of disasters; • Monitoring the likelihood of disasters and the state of alertness/preparedness; and • Managing high risk developments. Municipal disaster risk profile The City’s current disaster risk profile is based on an initial high-level risk identification process. While the Level 1 Disaster Management Plan identifies a number of disaster hazards, the City has noted the five most prevalent hazards, affecting most of the City’s area and with the highest potential probability for escalating to a state of disaster. These include: • Fires in informal settlements; • Floods and storms affecting informal settlements; • Rail accidents; • Spillage of hazardous materials; and • Sinkholes as result of dolomite.
231
In response to the identification of these hazards, the City has developed disaster contingency plans, affecting most of the City’s jurisdiction.
Assignment of responsibilities The City’s Level 1 Disaster Management Plan identifies specific responsibilities for each of its main stakeholders. Table 9.2: Roles and responsibilities
Stakeholder
Primary roles and responsibilities
The Municipal Council
The Municipal Council declares a state of disaster and receives and considers reports with regard to disaster risk management.
The City’s Municipal Manager
The Municipal Manager has overall responsibility for governance in the Municipality, including effective disaster risk management.
The City’s Disaster Management The Disaster Management Centre Functions are overall disaster Centre and its regional offices risk management and co-ordination, as per section 44 of the Disaster Management Act. Each Municipal Organ of State (which implies each City Department and each ME), will complete its own disaster management plans, to be incorporated into the City’s Municipal Disaster Management Plan.
232
The disaster management volunteers
The formal, trained volunteer unit assists the DMC and EMS in their functions.
Joburg Connect
Responsible for assisting with risk reduction and reporting communication, including to requesting telecommunication companies to restore communication lines.
The City’s Emergency Management Services (EMS) Department
This department is responsible for implementing and coordinating emergency response and recovery.
The Johannesburg Metropolitan This department is responsible for by-law enforcement, Police Department (JMPD) assistance to SAPS, search and rescue. The South African Police Service (SAPS)
The SAPS is responsible for crime prevention and law enforcement.
The residents and communities affected
The residents and communities assist with disaster risk reduction and co-operation.
The ward councillors
The Ward Councillors assist with community liaison.
The community leaders
The Community Leaders assist with community liaison.
Non-governmental organisations (NGOs) and community based organisations (CBOs)
The NGOs and CBOs assists with disaster risk reduction and co-operation.
The City’s Emergency Control Centre
The new state-of-the-art control centre, based in the Proton building handles all emergency and nonemergency service-related calls generated in the city.
The Gauteng Provincial Health Department and provincial ambulances and hospitals
Responsible for co-ordinating with the City’s Health Department and for providing ambulance and hospital services.
The media
Responsible for risk reduction, response and recovery-related communication.
In addition, departmental and entity specific responsibilities are outlined in the Level 1 Disaster Management Plan.
Disaster response and recovery The flow chart below summarises the generic response and recovery activities applicable to most disaster risks. Figure 9.3: Generic response and recovery flow chart
INCIDENT
Community or other services contacted (e.g SAPS) Call 10 177 and report incident
10 177 Inform Ems/confirm that ems has been enforced
1077 Inform Dmc/confirm that dmc has been informed
Ems dispatch vehicle(s)
Dmc dispatch official and Volunteers and inform ward concillor, community leaders and management
Incident commander take control of scene And additional assistance from other stakeholder (see note below)
Ems and stakeholder implement responses sops
Incident commander report on status and declare the scene safe after response
Ems and other stakeholder implement recovery sops
Dmc official assist with co-ordinator (see note below)
Dmc informed and assist with communication as required by ems incident commander
Dmc report on status to ems executive head, who reports to city management
Dmc assist with co-ordination of recovery
Note: A joint operations centre (JOC) can be established at the scene and/or at the DMC, depending on the scene and the EMS incident commander’s requirements
233
Education, training, public awareness and research Communication and stakeholder participation in disaster risk management in the City of Johannesburg is executed through a consultative process, education and public awareness programme. These processes will include the development of disaster risk management information leaflets, training programmes, media and local-level meetings with disaster risk management role players, including non-governmental institutions (to be preferably invited / co-opted on the Advisory Forum) and the local community leaders, schools, clinics and communities. Although the main responsibility to plan for, ensure budgeting and execute education, training and research (and the publication and communication of the results thereof) lies with the Disaster Management Centre, the City of Johannesburg and municipal departments and entities will also address these elements pro-actively. Cross-border disaster risk management co-operation and co-planning is also crucial and is facilitated through the Disaster Management Centre. Memoranda ofunderstanding will be signed with bordering municipalities, districts and Gauteng Province.
234