Instructions

Write all your answers in the Excel Spreadsheet.

Some hot tips: 12 extracts can be from any legislation but again this must be limited to a specific focus area or theme. It can even be 12 extracts from one piece of legislation. One compliance obligation 1 row of content. 12 extracts mean 12 rows of information, and the number of risk drivers can vary this does not mean finding 12 risks, specific and practical insight is needed here. By using the knowledge, you have already learned it means thinking practically about the risk phases elements that you picked up from the second Module assignment as well as the stakeholders involved and how this might impact them. This will be useful when tackling the interpretation and consequences column. Risk scales are subject to the risk drivers, the higher the risk the higher impact (i.e. The higher number of consequences, etc.) You are to only upload an excel spreadsheet. Please ensure this is formatted in an accessible and readable format for your assessor, if you need help with familiatising yourself with Excel it might be useful to visit some free online resources such as YouTube on how to use Excel, as presentation and accessibility are crucial for this assignment. Try to follow the example given very carefully - apply the same format, accessibility and try to follow a theme. Remember you are only to deal with columns AG, the rest will be dealt with in Modules 6 and 7. Please pay careful attention to this. Question Module 5 requires you to submit Part 1 of the three-part ongoing project for this course. In this submission, you will apply all of the skills you have learnt related to identifying risks to create a risk matrix for a compliance risk management plan. For this submission, download the Excel spreadsheet from the Online Campus. This spreadsheet provides you with a format for the compliance risk management plan, which you can either create for your own arganisation, or you may use the fictional case study provided on the Online Campus. Remember to only use the fictional case study provided if you have chosen not to use your own orgapisation (or another organisation you are familiar with). Part 1 of the ongoing project requires you to create a risk matrix for your risk management plan, for which you will need to complete columns A, B, C, D, E, F, and G of the "Compliance risk management plan" tab. Yoo will need to use the "Risk matrix" and "Risk rating scales" tabs in. order to do this. Follow these steps to complete the relevant sections: Consider the context of the organisation: Before completing the spreadsheet consider the context of the organisation; for example, where the organisation is based, the industry it is in, the size, products and services, frameworks, culture, and regulations that would impact the operations of the organisation. Identify relevant legislative acts: Conduct your own research and identify one or two acts or regulations that are relevant to the industry and nature of services of the organisation. For example, if you were creating a compliance risk management plan for a mining company, the National Environmental Management Act (NEMA) or the Mineral and Petroleum Resources Development Act (MPRDA) would apply to the organisation. Decide on relevant chapters or extracts from the chosen legislation: Legislation is separated into chapters, and each chapter is often divided according to the theme it attempts to address. Read the contents page of the legislation carefully to determine which chapter would be relevant to your organisation or the case study. For this ongoing project, you are required to identify at least 12 extracts from the chosen legislation, but you may include more. Each extract should be considered a compliance obligation and included in its own row in the spreadsheet. Add the extracts or chapters from these acts to the tab called "Compliance risk management plan" under the heading "Regulatory provision" (Column A). Highlight areas of concern or compliance obligations: Provide an interpretation of each extract in the "Interpretation of section" column (Column B). To do this, find phrases or statements that you think could be classified as compliance obligations. Remember that all stakeholders will have an understanding of law text. Therefore, you should provide a simple interpretation of the text you have highlighted, and this interpretation can also be seen as the compliance obligation that needs to be fulfilled. You should be aware of any phrases that are ambiguous or unclear, or phrases that are prescriptive. You may choose to add the legislative shorthand, such as "Article 33 of the GDPR"; however, inserting the actual extract will make it easier for you to analyse. Identify the risk drivers: Remember that risks and risk drivers are a pivotal part of your risk management plan, as they will inform the nature-of your risk rating scales. Therefore, it is advised that you populate this section of your compliance risk management plan with as much detail as possible. This section is split into two columns called "Risk drivers" (Column C ) and "Consequences" (Column D). Create impact and likelihood scales: Navigate to the second tab in the spreadsheet, the "Risk rating scales" tab. This sheet contains generic risk impact and risk likelihood scales. Alter the scales in the sheet to better suit the context of your chosen organisation. There is a generic risk matrix in the third sheet called "Risk matrix" that you should use when editing the scales. Assign risk ratings: Navigate back to the first tab, the "Compliance risk management plan", and assign an impact (Column E) and likelihood (Column F) rating for each extract. If you click on the cell a little arrnww will annear and voul can chonse a rick number and a likelihond letter. The Assign risk ratings: Navigate back to the first tab, the "Compliance risk management plan", and assign an impact (Column E) and likelihood (Column F) rating for each extract. If you click on the cell a little arrow will appear and you can choose a risk number and a likelihood letter. The combination you choose will automatically reflect in Column G. You will notice that this automation is linked to the risk matrix. Note: Check that you have populated the columns up until, and including, Column G for at least 12 rows. Do not fill in the blue section called "Compliance monitoring plan" yet (Columns. L to T). For this part of the ongoing project, you do not need to look at the "Control environment" and "Control design details" tabs (Columns H to K of the "Compliance risk management plan" tab). You also are not yet required to use the "Control design considerations" tab, as you will only need these sections for the Module 6 submission and the "Monitoring rationale" tab as you will only need this section for the Module 7 submission. Case study: Ubuntu Bank Ubuntu Bank is a fictitious diversified financial services provider incorporated and listed in South Africa, offering a wide variety of products and services covering personal and business banking, credit cards, corporate, and investment banking, wealth and investment management, and short- and long-term insurance. The bank was founded in 1994 by Karabo Rubombora, an influential figure in the South African apartheid struggle, who returned to South Africa in 1991 following an extended period in exile in the United Kingdom, Nigeria, and Tanzania. Upon his return, Karabo quickly realised that South Africa required a truly African bank to assist with its infrastructural and industrial development following its re-entry on to the world stage, and to capitalise on trade with its African neighbours. As a result, Ubuntu Bank was formed and the holding company, Rubombora Holdings, was listed on the Johannesburg Stock Exchange in 1995. The retail-banking arm of the arganisation is the most profitable sector. There are 56 branches spread across all 9 South African provinces; many ATMs (including mobile and "cash-limited" sites); and online banking, mobile banking, scan-and-pay, and WhatsApp banking services. The business is composed of five different divisions, each with a specific product offering: Your Bank: This is the core retail offering. It caters for the broadest range of clients and offers a wide array of products including credit facilities 2 savings facilities, home and car finance, and share-trading facilities. Your Bank 4All: This is a transaction-only offering linked to a local supermarket chain. This is reserved for clients with limited banking needs. Deposits into an account can be done at supermarket checkouts. There is a once-off fee of R2 for opening an account. Deposits are limited to a maximum of R15,000. Your Bank Private Wealth: This offering is similar to XeurBank, but with products specifically tailored for high-net-worth individuals (income of more than R1.5 million per year) and select professionals (doctors, lawyers, and chartered accountants). Your Bank Business: This is a retail bank that caters for the needs of SME-type businesses (annual turnover not exceeding R25 million). Your Bank Invest: This is an asset-management division focusing specifically on collective investments and long-term wealth maximisation. A5 10 Timboard 10 Timeline 10 Timeline 12 Control 2 13 Details from CRMP 14 Regulatory provision 15 Risk drivers i6 Risk level (impact and likelihood rating) 17 Rationale 18 Releyant existing controls Ready Accessibility: Investigate. File Home Insert Page Layout Formulas Data Review View Help 19 Suggested additional controls 20 Timeline 21 Responsible parties \begin{tabular}{l} 24 \\ 25 \\ 26 \\ 27 \\ 28 \\ \hline \end{tabular} 29 31 32 33 17 Monitoring stakeholders 18 Monitor method 19 Frequency 20 Control 3 21 Details from CRMP 22 Regulatory provision 23 Risk level (impact and likelihood rating) 24 Suggested additional controls 25 Rationale 41 Risk level (impact and likelihood rating) 42 Suggested additional controls 43 Rationale 44 Monitoring stakeholders 45 Monitor method 46 Frequency \begin{tabular}{|l|} \hline 47 \\ \hline 48 \\ 49 \\ 50 \\ \hline 51 \end{tabular} Liltelihood \begin{tabular}{|c|c|c|c|c|c|c|} \hline A & Medium & Medium & High & High & High \\ \hline B & Medium & Medium & Medium & High & High \\ \hline C & Low & Medium & Medium & Medium & High \\ \hline D & Low & Low & Medium & Medium & Medium \\ \hline E & Low & Low & Low & Medium & Medium \\ \hline & 1 & 2 & 3 & 4 & 5 \\ \hline \end{tabular} Note: Go through the example below [row 6] to understand how the compliance risk amnagement plan should be completed. Add your answers from row 8. 5 d by the consumer should be verified with their bank, SARS and DHA. Some hot tips: 12 extracts can be from any legislation but again this must be limited to a specific focus area or theme. It can even be 12 extracts from one piece of legislation. One compliance obligation 1 row of content. 12 extracts mean 12 rows of information, and the number of risk drivers can vary this does not mean finding 12 risks, specific and practical insight is needed here. By using the knowledge, you have already learned it means thinking practically about the risk phases elements that you picked up from the second Module assignment as well as the stakeholders involved and how this might impact them. This will be useful when tackling the interpretation and consequences column. Risk scales are subject to the risk drivers, the higher the risk the higher impact (i.e. The higher number of consequences, etc.) You are to only upload an excel spreadsheet. Please ensure this is formatted in an accessible and readable format for your assessor, if you need help with familiatising yourself with Excel it might be useful to visit some free online resources such as YouTube on how to use Excel, as presentation and accessibility are crucial for this assignment. Try to follow the example given very carefully - apply the same format, accessibility and try to follow a theme. Remember you are only to deal with columns AG, the rest will be dealt with in Modules 6 and 7. Please pay careful attention to this. Question Module 5 requires you to submit Part 1 of the three-part ongoing project for this course. In this submission, you will apply all of the skills you have learnt related to identifying risks to create a risk matrix for a compliance risk management plan. For this submission, download the Excel spreadsheet from the Online Campus. This spreadsheet provides you with a format for the compliance risk management plan, which you can either create for your own arganisation, or you may use the fictional case study provided on the Online Campus. Remember to only use the fictional case study provided if you have chosen not to use your own orgapisation (or another organisation you are familiar with). Part 1 of the ongoing project requires you to create a risk matrix for your risk management plan, for which you will need to complete columns A, B, C, D, E, F, and G of the "Compliance risk management plan" tab. Yoo will need to use the "Risk matrix" and "Risk rating scales" tabs in. order to do this. Follow these steps to complete the relevant sections: Consider the context of the organisation: Before completing the spreadsheet consider the context of the organisation; for example, where the organisation is based, the industry it is in, the size, products and services, frameworks, culture, and regulations that would impact the operations of the organisation. Identify relevant legislative acts: Conduct your own research and identify one or two acts or regulations that are relevant to the industry and nature of services of the organisation. For example, if you were creating a compliance risk management plan for a mining company, the National Environmental Management Act (NEMA) or the Mineral and Petroleum Resources Development Act (MPRDA) would apply to the organisation. Decide on relevant chapters or extracts from the chosen legislation: Legislation is separated into chapters, and each chapter is often divided according to the theme it attempts to address. Read the contents page of the legislation carefully to determine which chapter would be relevant to your organisation or the case study. For this ongoing project, you are required to identify at least 12 extracts from the chosen legislation, but you may include more. Each extract should be considered a compliance obligation and included in its own row in the spreadsheet. Add the extracts or chapters from these acts to the tab called "Compliance risk management plan" under the heading "Regulatory provision" (Column A). Highlight areas of concern or compliance obligations: Provide an interpretation of each extract in the "Interpretation of section" column (Column B). To do this, find phrases or statements that you think could be classified as compliance obligations. Remember that all stakeholders will have an understanding of law text. Therefore, you should provide a simple interpretation of the text you have highlighted, and this interpretation can also be seen as the compliance obligation that needs to be fulfilled. You should be aware of any phrases that are ambiguous or unclear, or phrases that are prescriptive. You may choose to add the legislative shorthand, such as "Article 33 of the GDPR"; however, inserting the actual extract will make it easier for you to analyse. Identify the risk drivers: Remember that risks and risk drivers are a pivotal part of your risk management plan, as they will inform the nature-of your risk rating scales. Therefore, it is advised that you populate this section of your compliance risk management plan with as much detail as possible. This section is split into two columns called "Risk drivers" (Column C ) and "Consequences" (Column D). Create impact and likelihood scales: Navigate to the second tab in the spreadsheet, the "Risk rating scales" tab. This sheet contains generic risk impact and risk likelihood scales. Alter the scales in the sheet to better suit the context of your chosen organisation. There is a generic risk matrix in the third sheet called "Risk matrix" that you should use when editing the scales. Assign risk ratings: Navigate back to the first tab, the "Compliance risk management plan", and assign an impact (Column E) and likelihood (Column F) rating for each extract. If you click on the cell a little arrnww will annear and voul can chonse a rick number and a likelihond letter. The Assign risk ratings: Navigate back to the first tab, the "Compliance risk management plan", and assign an impact (Column E) and likelihood (Column F) rating for each extract. If you click on the cell a little arrow will appear and you can choose a risk number and a likelihood letter. The combination you choose will automatically reflect in Column G. You will notice that this automation is linked to the risk matrix. Note: Check that you have populated the columns up until, and including, Column G for at least 12 rows. Do not fill in the blue section called "Compliance monitoring plan" yet (Columns. L to T). For this part of the ongoing project, you do not need to look at the "Control environment" and "Control design details" tabs (Columns H to K of the "Compliance risk management plan" tab). You also are not yet required to use the "Control design considerations" tab, as you will only need these sections for the Module 6 submission and the "Monitoring rationale" tab as you will only need this section for the Module 7 submission. Case study: Ubuntu Bank Ubuntu Bank is a fictitious diversified financial services provider incorporated and listed in South Africa, offering a wide variety of products and services covering personal and business banking, credit cards, corporate, and investment banking, wealth and investment management, and short- and long-term insurance. The bank was founded in 1994 by Karabo Rubombora, an influential figure in the South African apartheid struggle, who returned to South Africa in 1991 following an extended period in exile in the United Kingdom, Nigeria, and Tanzania. Upon his return, Karabo quickly realised that South Africa required a truly African bank to assist with its infrastructural and industrial development following its re-entry on to the world stage, and to capitalise on trade with its African neighbours. As a result, Ubuntu Bank was formed and the holding company, Rubombora Holdings, was listed on the Johannesburg Stock Exchange in 1995. The retail-banking arm of the arganisation is the most profitable sector. There are 56 branches spread across all 9 South African provinces; many ATMs (including mobile and "cash-limited" sites); and online banking, mobile banking, scan-and-pay, and WhatsApp banking services. The business is composed of five different divisions, each with a specific product offering: Your Bank: This is the core retail offering. It caters for the broadest range of clients and offers a wide array of products including credit facilities 2 savings facilities, home and car finance, and share-trading facilities. Your Bank 4All: This is a transaction-only offering linked to a local supermarket chain. This is reserved for clients with limited banking needs. Deposits into an account can be done at supermarket checkouts. There is a once-off fee of R2 for opening an account. Deposits are limited to a maximum of R15,000. Your Bank Private Wealth: This offering is similar to XeurBank, but with products specifically tailored for high-net-worth individuals (income of more than R1.5 million per year) and select professionals (doctors, lawyers, and chartered accountants). Your Bank Business: This is a retail bank that caters for the needs of SME-type businesses (annual turnover not exceeding R25 million). Your Bank Invest: This is an asset-management division focusing specifically on collective investments and long-term wealth maximisation. A5 10 Timboard 10 Timeline 10 Timeline 12 Control 2 13 Details from CRMP 14 Regulatory provision 15 Risk drivers i6 Risk level (impact and likelihood rating) 17 Rationale 18 Releyant existing controls Ready Accessibility: Investigate. File Home Insert Page Layout Formulas Data Review View Help 19 Suggested additional controls 20 Timeline 21 Responsible parties \begin{tabular}{l} 24 \\ 25 \\ 26 \\ 27 \\ 28 \\ \hline \end{tabular} 29 31 32 33 17 Monitoring stakeholders 18 Monitor method 19 Frequency 20 Control 3 21 Details from CRMP 22 Regulatory provision 23 Risk level (impact and likelihood rating) 24 Suggested additional controls 25 Rationale 41 Risk level (impact and likelihood rating) 42 Suggested additional controls 43 Rationale 44 Monitoring stakeholders 45 Monitor method 46 Frequency \begin{tabular}{|l|} \hline 47 \\ \hline 48 \\ 49 \\ 50 \\ \hline 51 \end{tabular} Liltelihood \begin{tabular}{|c|c|c|c|c|c|c|} \hline A & Medium & Medium & High & High & High \\ \hline B & Medium & Medium & Medium & High & High \\ \hline C & Low & Medium & Medium & Medium & High \\ \hline D & Low & Low & Medium & Medium & Medium \\ \hline E & Low & Low & Low & Medium & Medium \\ \hline & 1 & 2 & 3 & 4 & 5 \\ \hline \end{tabular} Note: Go through the example below [row 6] to understand how the compliance risk amnagement plan should be completed. Add your answers from row 8. 5 d by the consumer should be verified with their bank, SARS and DHA