Visual Guide
Business Process for Risk Management
Enterprise Risk Management (ERM) Processes
Programme and
Operations Policies
and Procedures
Scope, Context, Criteria
Risk
Identification
Risk
Analysis
Risk
Evaluation
Risk Treatment
Recording & Reporting
Page 1 of 8
Monitoring & Review
Communication & consultation
Risk Assessment
Visual Guide
Business Process for Risk Management
Programme and
Operations Policies
and Procedures
Integrated Risk Module for Results Management
Risk Entries
Risk Owner
Risk Location
Corporate
Risk Register
AA as Chief
Risk Officer or
delegated
Quantum+
Bx/Regional
Risk Register
Bx Director
(ASG) or
delegated
Quantum+
Programme/Unit
Risk Register
Programme
Manager (RR)
or delegated
Authority
Project/Portfolio
Risk Register
Project Assurance
Project/Portfolio
Manager
Quantum
(ERP)
Risk
Identification
Tools
Project Assurance
Project/Portfolio
Manager
Quantum+
Risk Assignment
Risk Escalation
Corporate Risks
Bx/Regional Risks
Programme/Unit Risks
Portfolio Risks
Project Risks
PCAT
AML
/CFT
PSDD /RAT
SESP
Project QA
{
{
HACT
Partnership Risk Assessment Tools
Portfolio/Project Risk Assessment Tools
Quantum+
Visual Guide
Business Process for Risk Management
Programme and
Operations Policies
and Procedures
Application of ERM Processes according to organizational levels
IDENTITY
ERM Processes that
apply across all
levels of UNDP
EVALUATE
Risk Assessment
Establishing the
context
Risk identification
(What and where are the
risks?)
Risk analysis
(What is known about
the risks?)
Risk treatment
(What should be done
about the risks identified?)
Risk evaluation
MONITOR
Risk reporting
Monitoring
& Review
Communication
& consultation
(What and how the risk
should be reported?)
(How important are the
risks identified?)
Programme/
Projects
Programme and/or
portfolio, Project
Document, Annual
Work Plan (AWP)
Identify major risks for
the programme/
portfolio, project
objectives in the
Programme/ Project
Document and AWP.
Analyze likelihood and
the consequences of
the risks to identify
those that might affect
the achievement of the
objectives of
programme/portfolio,
project.
Evaluate the risk levels
of all analyzed risks at
the portfolio, project to
determine which risks
need treatment and
their priority, in order to
meet the objectives of
the portfolio, project
AWP.
Reqular monitoring &
reporting on
programme/ portfolio,
project risks; Report
on progress and/or
failure and results to
the Project Board.
Identify one or more
treatment options
(terminate, mitigate,
transfer or tolerate) and
implement the most
effective one/s. Escalate
the risks that can’t be
adequately managed at
the portfolio, project
level to the CO
sr.management.
Monitor effectiveness
of RM processes at the
portfolio, project level;
Update Risk Log at
least once a year.
Keep the portfolio,
project Board and
other stakeholders/
partners informed on
RM processes at the
portfolio, project and
update them regularly.
Country Offices
and HQ Units
United Nations
Sustainable
Development
Cooperation
Framework (UNSDCF);
Country Programme
Document (CPD); IWP
of the CO and the HQ
Unit.
Identify major risks for
the overall objectives
in the CPD and the
respective IWP of the
CO and the Unit.
Analyze likelihood and
the consequences of
the risks identified at all
projects, the CO and
the Unit by applying
the criteria model.
Evaluate the risk levels
of all analyzed risks at
projects, the CO and the
HQ Units to determine
which risks need
treatment and their
priority, in order to
meet the objectives of
the respective lWP.
Report the-CO and HQ
Units major risks
info/data in their lWP
and annual reporting
(ROAR), e.g. risk level,
treatment status.
Implement treatment
options (terminate,
mitigate, transferor
tolerate) Respond to
the ascalated risks.
Escalate the risks that
can't be adequately
addressed at the CO
and HQ Units to higher
levels.
Oversight of RM
processes and monitor
their effectiveness in all
projects, the CO and
the HQ Units; Update
Risk register at least
twice a year.
Keep the Programme
Board, other
stakeholders/partners
of the CO and the HQ
Unit informed on RM
processes and updated
them regularly.
Central Bureaux,
Regional Bureaux
and Independent
Offices
(OAI, HDRO, etc.)
Regional Programme
Document; Bureau
IWP; Office IWP
Identify major risks for
the overall objetives
across COs in the
region, Central Bureaux
and the Office level,
and the respective
IWPs.
Review all of the
analyzed risks and
identify trends and
pattern in risks across
COs in the reglon,
Central Bureaux and
the Offices.
Evaluate all of the
analyzed risks across
the COs in the region,
Central Bureax and the
Offices to define the
risk level that the
Bureau & Office is
willing to accept in
order to meet the lWP
objectives.
Report the Bureaux
and the Offices' major
risks info/data in their
IWP and annual
reporting [ROAR].
Respond to the COs &
Units' escalated risks;
Escalate the risks that
cannot be adequately
addressed by
Central/Regional
Bureaux, and the
Offices of the ERM
Committee.
Oversight of RM
processes and monitor
their effectiveness in
the COs across the
region, Central &
Regional Bureaux and
the Offices; Update Risk
register at least twice a
year.
Communicate &
consult with relevant
parties of the Bureau
and the Office at all
stages of RM processes
and update them at
regular/ planned
intervals.
ERM Committee
(chaired by the
Associate
Administrator and
supported by ERM
Secretariat)
UNOP Strategic Plan
(SP);
Identify major risks
(both tnreats &
opportunities) at
corporate level
affecting UNDP.
Review and analyze the
overall UNOP risk
profile and identify
strategic risks and
issues across the
organization.
Strategic assessment of
all the prioritized risks
at corporate level and
define the risk level
that UNDP is willing to
accept
Analyze and report the
overall risk profile of
UNDP: Prepare a
quarterly and an
annual risk reports of
the EG, based on a
strategfc analysis of
UNDP's overall risk
landscape.
Escalate the risks from
HQ units & all Bureaux
for the risk committee
consideration to make
decisions on escalated
corporate risks
(prioritize them and
specific actions to be
taken)
Document the
decisions taken by the
Risk Committee in the
Corporate Risk Log and
monitor and update it
regularly.
The Risk Committee
reports to the
Executive Group (EG)
on regular basis.
in order to meet its
objectives in the SP.
Page 3 of 8
Prepares an annual
UNDP risk report for
consideration of the
EG.
Visual Guide
Business Process for Risk Management
Programme and
Operations Policies
and Procedures
Mapping of Tools and Mechanisms on Risk Management
RELEVANT POLICIES, TOOLS, MECHANISMS
ERM Processes
Establishing
the context
Risk to Development
Result
Financial
Crisis Risk
Dashboard
Harmonized
Approach to
Cash Transfer
F
D
Operational
Business
Continuity
Management
(BCM)
O
Safety
& Security
Compliance
UN Security
Management
System (UNSMS)
Audit Risk
Assessment
C
UNDP Policy
on Fraud and
other Corrupt
Practices
F
Risk
Harmonized
Approach to
Cash Transfer
F
What and where
are the risks?
UNDP Policy
on Fraud and
other Corrupt
Practices
F
S
Security
Management
Group
S
Programme/
Project
Quality
Assurance
D
Business
Continuity
Management
(BCM)
O
Audit Risk
Assessment
C
Social and
Environmental
Standards
Procedure
D
Crisis Risk
Dashboard
IDENTIFY
Reputational
UN Security
Management
System
(UNSMS)
S
Partnership Risk
Assessment
Security
Management
Group
AML / CFT
R
S
R
Private Sector
Due Diligence
D
R
Foundations
Due Diligence
R
Risk analysis:
What is known
about the risks?
Harmonized
Approach to
Cash Transfer
F
UNDP Policy
on Fraud and
other Corrupt
Practices
F
Programme/
Project
Quality
Assurance
D
Business
Continuity
Management
(BCM)
O
Audit Risk
Assessment
C
Social and
Environmental
Standards
Procedure
D
Crisis Risk
Dashboard
UN Security
Management
System
(UNSMS)
S
Partnership Risk
Assessment
Security
Management
Group
AML / CFT
R
S
R
Private Sector
Due Diligence
D
R
Development
Analysis Tool D
Foundations
Due Diligence
R
EVALUATE
Risk evaluation:
How important
are the risks
Harmonized
Approach to
Cash Transfer
F
UNDP Policy
on Fraud and
other Corrupt
Practices
F
Programme
/Project
Quality
Assurance
Social and
Environmental
Standards
Procedure
D
Business
Continuity
Management
(BCM)
O
Audit Risk
Assessment
C
UN Security
Management
System
(UNSMS)
Partnership
Risk Assessment
R
S
Security
Management
Group
D
AML / CFT
Private Sector
Due Dilligence
S
R
Foundations
Due Dilligence
Page 4 of 8
R
R
Visual Guide
Business Process for Risk Management
Programme and
Operations Policies
and Procedures
Mapping of Tools and Mechanisms on Risk Management
RELEVANT POLICIES, TOOLS, MECHANISMS
ERM Processes
Financial
Risk reporting:
Harmonized
Approach to
Cash Transfer
What and how
the risk should
be reported?
Risk to Development
Result
Programme/
Project Quality
Assurance
F
D
UNDP Policy
on Fraud and
other Corrupt
Practices
F
Social and
Environmental
Standards
Procedure
D
Operational
Compliance
Business
Continuity
Management
(BCM)
O
Audit Risk
Assessment
Safety
& Security
Reputational
UN Security
Management
System (UNSMS)
Communication
Toolkit
S
Partnership Risk
Assessment
C
Security
Management
Group
R
R
S
AML/CFT
Private Sector
Due Diligence
Crisis Board
D
EVALUATE
Foundations
Due Diligence
Risk treatment
What should be
done about the
Operational
Guide of the
Internal Control
Framework (ICF)
Programme/
Project Quality
Assurance
D
F
Harmonized
Approach to Cash
Transfer
F
UNDP Policy on
Fraud and other
Corrupt Practices
Business
Continuity
Management
(BCM)
O
Social and
Environmental
Standards
Procedure
D
Contract and
Procurement
Committee/s
(CAP & ACPs) C
UN Security
Management
System
(UNSMS)
S
Compliance
Review
Bodies (CRB)
Security
Management
Group
C
R
R
R
S
UNDP Security
Policy
Crisis Board
D
S
F
Vendor
Sanctions
F
Recovery for Loss
of Property and
Assets
F
Monitoring
& Review
Harmonized
Approach to
Cash Transfer
Programme/
Project Quality
Assurance
UNDP Policy on
Fraud and other
Corrupt Practices
MONITOR
D
F
F
Social and
Environmental
Standards
Procedure
Business
Continuity
Management
(BCM)
D
Crisis Board
Vendor
Sanctions
Partnership Risk
Assessment
S
R
C
AML/CFT
S
Private Sector
Due Diligence
Foundations
Due Diligence
D
F
O
UN Security
Management
System (UNSMS)
Security
Management
Group
Crisis Risk
Dashboard
Procurement
Dashboard
Performance
Dashboard
D
F
Page 5 of 8
R
R
R
Visual Guide
Business Process for Risk Management
Mapping of Tools and Mechanisms on Risk Management
Programme and
Operations Policies
and Procedures
RELEVANT POLICIES, TOOLS, MECHANISMS
ERM Processes
Communication
& consultation
Risk to Development
Result
Financial
Operational
Guide of the
Internal
Control
Framework
(ICF)
D
F
F
MONITOR
Business
Continuity
Management
(BCM)
Social and
Environmental
Standards
Procedure
Harmonized
Approach to
Cash Transfer
UNDP Policy on
Fraud and other
Corrupt Practices
F
Operational
Social and
Environmental
Compliance
Unit/Stakeholder
Response
Mechanism
D
O
Compliance
Safety
& Security
Reputational
UNDP Legal
framework for
addressing
noncompliance
with UN
Standards of
C
Conduct
UN Security
Management
System (UNSMS)
Communication
Toolkit
S
R
Security
Management
Group
Policy on
Procurement
Fraud and Corrupt
practices
S
R
S
Quality
Assurance
for knowledge
products
R
UNDP Security
Policy
Crisis Board
D
Partnership Risk
Assessment
Information
Security
S
F
Vendor
Sanctions
F
Recovery for Loss
of Property and
Assets
F
RISK MANAGEMENT
Page 6 of 8
Visual Guide
Business Process for Risk Management
Risk Management Escalation Process
Programme and
Operations Policies
and Procedures
Risks are escalated following regular reporting lines to the appropriate level of the organization.
Executive Group
Risk Committee
COs, HQ offices/units of
Central Bureaux,
Independent Offices (OAI,
HDRO, etc.), Regional
Centres/Hubs
Programme/Portfolio/
Project
All Bureaux: Central Bureaux
(BERA, BMS, BPPS) and
Regional Bureaux (RBA,
RBAP, RBAS, RBEC, RBLAC )
Bureau/Regional risks
Escalated risks/responses
Escalation when needed
BU risk identification
Risk assessment
Risk responses
Escalation when needed
Portfolio, Project risk
identification Risk
assessment
Risk responses Escalation
when needed
Page 7 of 8
Corporate risks
Corporate risk responses
Escalated risks/responses
Escalation when needed
Risk Reporting and Decision
making
Visual Guide
Business Process for Risk Management
Risk Management Escalation Process
Programme and
Operations Policies
and Procedures
Risk Escalation could be from Project/Portfolio to Country Office (CO), CO to Regional Bureau (RB), RB to Risk Committee, Risk Committee to Executive Group.
Changes with Risk
Parameter
Review & Reassess
Escalate
CO Escalates Risk
* Risk Owner (CO)
RBx De-escalates Risk
Risk Escalation
not accepted
De-Escalate to CO
Risk Escalation
accepted
Transfer Risk
Ownership and
manage Risk
Review and assess
escalated Risk
Changes in Risk
Parameters
* Regional Bureau
Risk Committee De-escalates Risk
Risk Escalation
not accepted
De-Escalate to RB
Risk Escalation
accepted
Transfer Risk
Ownership and
manage Risk
Review and assess
escalated Risk
* Risk Committee
Page 8 of 8
RB Escalates Risk
0
advertisement
Download
advertisement
Add this document to collection(s)
You can add this document to your study collection(s)
Sign in Available only to authorized usersAdd this document to saved
You can add this document to your saved list
Sign in Available only to authorized users