Strategic & IT Risk Assessment Consultant (4 Months Contract)

Scope of Work

The scope of work includes but is not limited to the following key activities:

1 Project Planning and Preparation

• Develop a comprehensive Project Plan detailing timelines milestones roles and deliverables.
  

• Conduct data collection and an in-depth review of relevant strategic operational and governance documentation.
  

• Gain a thorough understanding of the organisations mandate strategic outcomes APP targets and operating environment.
  

• Engage with key stakeholders including Executive Management and governance committees to clarify strategic priorities and risk areas.
  

• Facilitate pre-engagement meetings (physical or virtual) as required.
  

2 Strategic Risk Assessment

• Facilitate and lead structured risk assessment workshops to identify strategic risks and opportunities.
  

• Ensure all identified risks are aligned to strategic objectives outcomes and APP targets.
  

• Collaborate with senior management to develop Risk Action Plans including clear mitigation measures responsibilities and timelines.
  

• Compile a Strategic Risk Register and detailed Strategic Risk Profile Report for governance review.
  

3 IT Risk Assessment

• Identify and assess risks related to critical IT infrastructure systems applications and processes.
  

• Evaluate existing IT controls and recommend improvements where required.
  

• Compile an IT Risk Register and IT Risk Profile Report aligned with governance and compliance requirements.
  

4 Risk Appetite Tolerance and Key Risk Indicators

• Facilitate the development of a Risk Appetite Statement.
  

• Define Risk Tolerance Levels aligned to performance objectives.
  

• Identify and define Key Risk Indicators (KRIs) to monitor risk exposure.
  

• Develop a consolidated Risk Appetite and Tolerance Framework incorporating risk appetite tolerance levels and KRIs.
  

5 Risk Management Framework and Reporting

• Review and update the Risk Management Strategy Policy and Implementation Plan.
  

• Ensure alignment with the organisations mandate strategic priorities and regulatory requirements.
  

• Develop standardised dashboards and reporting templates integrating KRIs KPIs risk appetite and tolerance levels.
  

• Prepare reports and presentations for submission to Executive Management Risk Management Committees and Audit Committees.
  

Expected Deliverables

The successful service provider will be required to deliver the following:

• Annual Strategic and IT Risk Assessment Report.
  

• Strategic and IT Risk Registers and Risk Profile Reports.
  

• Risk dashboards presentations and reporting templates.
  

• Risk Appetite and Tolerance Framework including KRIs.
  

• Updated Risk Management Strategy Policy Framework and Implementation Plan.
  

Roles and Responsibilities

1 Client Responsibilities

• Facilitate access to relevant documentation and information.
  

• Arrange stakeholder meetings and risk assessment workshop logistics.
  

2 Service Provider Responsibilities

• Facilitate risk assessment workshops and ensure effective stakeholder engagement.
  

• Transfer relevant risk management skills and knowledge to identified officials.
  

• Conduct all work ethically professionally and in accordance with applicable standards.
  

Note:

This is a fixed-term project-based appointment linked to the completion of the Annual Strategic and IT Risk Assessment and associated deliverables.

Requirements

Minimum Requirements

Service providers must demonstrate the following:

• Minimum of five (5) years experience in conducting Strategic and IT Risk Assessments (collectively).
  

• A designated Project Leader / Facilitator with a minimum NQF Level 8 qualification in Risk Management.
  

• IT Risk Management Specialist
  

• Proven experience within the public sector or similarly regulated environments.