GOVERNANCE





            identified controls to mitigate these were evaluated   implementation  on  management  action  plans.
            for effectiveness, and where deemed necessary,     Further support is provided by internal audit in the
            action plans to further strengthen certain areas   form  of  assurance  on the  effectiveness  of  control
            were developed to further strengthen the control   procedures in place to reduce the possibility and
            environment.                                       outcome of the known risks.

            Risk dashboards are utilised to report quarterly to   Related risks are aggregated and grouped to
            the Executive Management Committee and Audit,      determine  the  significant  risk  category/context.
            Risk & IT Committee on the status of implementation   Selected significant business risks and opportunities
            of the organisation’s risk management plan. These   (grouped by strategic priorities), together with key
            quarterly  reports  form  the basis  of  the  ongoing   mitigating measures, aligned to the strategic focus
            communication  of  new  and  emerging  significant   areas that may impact the SAMRC’s ability to achieve
            risks and the  monitoring of the status of  the    its objectives, are listed in the table below.




              Strategic        Significant risk      Risk                         Key response
              priorities       category/context      description                  measures
              Administer health   POPIA Compliance   Onerous legislative requirements   •  Policies, guidelines, and
              research effectively                   and complexity of the POPI Act   manual legislative compliance
              and efficiently in                     requires further capacitating   framework
              South Africa                           the user’s appreciation and   •  Dedicated legal compliance
                                                     understanding of the relevant   staff and appointed Deputy
                                                     legislative requirements       Information Officers
                               Corporate process     Further improvement in support   •  Management oversight
                               improvements          functions to assist research units   •  Online helpdesk services and
                                                     in executing the SAMRC mandate  technology
                                                                                  •  Contracts for major
                                                                                    procurement spends
                                                                                  •  Policies, processes, SOPs

                               Infrastructure        Infrastructure & equipment   •  Asset management
                               management and        management and revitalisation   and verification
                               revitalisation of Delft site  of Delft site to mitigate the   •  Capital project refurbishment
                                                     deterioration and aging buildings   •  Preventative maintenance plans
                                                     and research assets          •  Revamping office space
                               Data management       Cyberthreats and loss of SAMRC   •  Firewall protection
                                                     research data/intellectual   •  Management monitoring
                                                     property                       and oversight
                                                                                  •  Policies, processes, SOPs





























                                                              SAMRC  ANNUAL REPOR T 2023-24             181