SAHPRA has approved the Risk Management Policy and Framework, to embed the risk management activities into the daily operations of the Authority. Periodically, risk assessments are conducted at strategic and operational levels of the Authority to identify and manage risks that may hamper the achievement of its strategic objectives.

The Risk Management Committee has been established to assist the Chief Executive Officer in reviewing the effectiveness of risk management and internal controls through the evaluation of mitigation plans implemented to address identified risks. The Committee meets quarterly and provides recommendations for improvement and facilitates reporting to RAG and the Board.

RAG reviews the risk management report with the objective to assess the risks identified, the effectiveness of mitigation plans and monitoring of the risk management activities against the risk management implementation plan. RAG is responsible for providing assurance on the effectiveness of risk management and internal control to the Board. The Board is responsible for risk management but has delegated the role to the RAG.

There has been a slight improvement in the management of risks in that the entity has developed and implemented appropriate governance documents and structures, there is stable reporting on strategic risks and risk management at operational level is strengthening with management also taking accountability of risks within their areas. Assessment of the risk maturity will also determine the progress achieved in managing risks within the Authority.