City of Johannesburg, Gauteng, South Africa
• Identify gaps that exist in operational controls in terms of statutory compliance • Confirm that the management system was designed to achieve the organization’s policy objectives in terms of compliance to statutory requirements; and • Provide feedback to the organization to facilitate improvement.
1st line of defence - Management Assurance Assists in setting and executing strategies. Provides direction, guidance and oversight. Promotes a strong risk culture & sustainable risk return thinking. Promotes a strong compliance culture and management of risk exposure. Ongoing monitoring and management of risks. 2nd line of defence - Risk Management, Legal & Compliance Formal, robust and effective risk management within which the organisation’s policies and minimum standards are set. Objective oversight and the ongoing challenge of risk mitigation, management and performance while reporting is achieved across the business units. Overarching risk oversight across all risk types. 3rd line of defence - Internal Audit & other Independent Assurance Providers Independent and objective assurance of overall adequacy and effectiveness of governance, risk management and internal controls within the organisation as established by the 1st and 2nd lines of defence. Ability to link business risks with established processes and provide assurance on the effectiveness of mitigation plans to effectively manage organisational risks. • Conduct periodic internal reviews or audits to ensure that compliance procedures are followed. • Conduct or direct the internal investigation of compliance issues. • Assess product, compliance, or operational risks and develop risk management framework strategies e.g. interaction between compliance risk and other risk elements. • Identify compliance issues that require follow-up or investigation. • Disseminate written policies and procedures related to compliance activities. • File appropriate compliance reports with regulatory agencies. • Serve as a confidential point of contact for employees to communicate with management, seek clarification on issues or dilemmas, or report irregularities.
COMPLIANCE RISK IDENTIFICATION AND ASSESSMENT - Conduct formal Compliance Risk Profile workshops to identify and assess the total universe of regulatory requirements applicable to the business unit/operating hub/function in support of the overall Sasol Compliance Risk Profile. - Conduct informal Compliance Risk Profile reviews to identify amended and/or new regulatory requirements and update the Compliance Risk Profile/s accordingly in support of the overall Sasol Compliance Risk Profile. - Stay abreast of amended and/or new regulatory requirements, and pro-actively identify and communicate the impact of the anticipated regulatory change on the business unit/operating hub/function to the business unit/operating hub/function. - Compile and continuously update, manage and execute a business unit/operating hub/function Compliance Coverage Plan, detailing the compliance risk identification, assessment, management, monitoring and reporting activities to be undertaken for a financial year. - Compliance Risk Identification and Assessment - Compliance Risk Profile Report and Graph. - Quarterly business unit/operating hub/function Compliance Report. - Business unit/operating hub/function Compliance Coverage Plan. 2. COMPLIANCE RISK MANAGEMENT - Compile Compliance Risk Management Plans for the applicable regulatory requirements. - Review, manage and update existing Compliance Risk Management Plans when so required, but at the least once every two years. - Provide compliance advice to the business unit/operating hub/function on the requirements stipulated within the compliance-owned policies, the regulatory control environment (existing and/or new) and the ways in which to minimise the impact of occurred non-compliance. - Participate in projects to identify applicable compliance risks and advise on the management and mitigation thereof. - Undertake compliance awareness activities such as: * contributing articles to in-house publications;