Presentation is loading. Please wait.

Presentation is loading. Please wait.

Document CWG-FHR-10/8 4 September 2019 English only

Published byJohn Benson Modified over 5 years ago

Similar presentations

Presentation on theme: "Document CWG-FHR-10/8 4 September 2019 English only"— Presentation transcript:

1 Council Working Group on Financial and Human Resources Tenth meeting – Geneva, 18 September 2019
Document CWG-FHR-10/8 4 September 2019 English only Strengthening ITU Risk Management Framework Council Working Group on Financial and Human Resources (CWG-FHR) 27 August 2019

2 Risk Management - status

3 Risk Management Policy & Risk Appetite Statement
Adopted in Council 2017 Risk Management Policy - C17/74 Outlines the ITU approach towards strategic and operational risks Defines principles, risk categorization & assessment, monitoring & reviewing and roles & responsibilities Risk Appetite Statement – C17/73 Illustrates amount of risk ITU is willing to take to attain its goals and objectives, e.g.: High appetite for risks related to innovation and technological advancement No appetite (i.e. zero tolerance) in the areas of fraud, corruption, illegal acts, and misconduct Complements the ITU risk management policy

4 Risk Management in the context of Strategic and Operational Planning
ITU is addressing risk management in the context of the strategic and operational planning processes PP-18 ITU strategic risks analysis Risk mitigation strategies ITU Strategic Plan ITU Council 2019 ITU-wide operational risks Key risk mitigation measures Sector-specific risk analysis ITU Operational Plans (for Sectors and the GS) Plan next steps based on: Council discussions IMAC Recommendation Systematic Risk Management

5 Roles and responsibilities (based on the policy)
Title Role Responsibilities Risk owner The risk owner is accountable for the management of the risk, having the highest interest in the risk being correctly treated, and has the right level of authority to treat the risk accordingly Accountable for the overall management of the risk, including when the risk is transferred Decides on the risk mitigation measures Allocates resources/budget for mitigation actions Manages risk (re)assessment process Manages risk reporting process Risk management focal point Coordinates risk management process within respective Bureau or the General Secretariat Facilitates risk management within Bureau or the General Secretariat Maintains and updates risk list Consolidates and submits information for management review and risk reporting Responsible person/unit for implementing mitigation measure Implements mitigation measure and reports on their implementation to the risk owner Implements mitigation measure Provides input for management review and risk list update Senior management team Reviews risk on a regular basis and takes decisions related to risk management Regularly reviews risks, as part of the organization’s business processes Takes decisions on the implementation and review of the risk management strategy

6 Synergies with ORMS project
Organizational Resilience Management System (ORMS) Business impact analysis based on the risk registers Assessment and prioritization of key business processes undertaken  Need for alignment and creating synergies

7 Council 2019 on Risk Management

8 Council 2019 – outcomes related to Risk Management
Request to further develop the ITU risk model in the context of operational plans, the fraud case and the building project IMAC Report: IMAC will look into what is known as the Three Lines of Defence model in effective risk management and control, and the assignment of appropriate risk ownership The Three Lines of Defence approach represents emerging good practice and is designed to ensure a simple and effective way to enhance communications on risk management and control by clarifying essential roles and duties Rec. 2/2019: IMAC recommends that the secretariat prepare a risk register identifying clear risk owners across Sectors, regions and the General Secretariat ITU management committed to support further developments of the ITU risk model and to improve governance and risk management

9 Developments at UN level

10 Developments at the UN level
HLCM had set up a Cross Functional Task Force on Risk Management Reference Maturity Model for Risk Management Enterprise Risk Management (ERM) Framework and Policy: are the collection of policies, procedures and other documents that together describe how the organisation undertakes its risk management Governance and organisational Structure: sets out the internal risk governance structure, the appropriate delegated authority, roles and responsibilities, and organisational entities to assure the effective management of risk Process and Integration: Process ensures that risks and opportunities that may affect the delivery of organisational results are effectively identified, assessed, responded to, communicated and monitored as per the ERM framework. Integration ensures that the interaction / interlinkages with related risk sub-processes or other organisational processes are clearly established. Systems and Tools: are the IT components used to record, analyse, integrate and communicate/report on risk information Risk Capabilities: are the skills, ability, knowledge and capacity that an organisation has to effectively manage risks to delivery of its results Risk Culture: is evidenced by the shared values, beliefs, and behaviours of the staff and senior management, together with the organisation’s demonstrated attitude to risk

11 Maturity Model for Risk Management in the UN system
Initial LEVEL 1 Developing LEVEL 2 Established LEVEL 3 Advanced LEVEL 4 Leading LEVEL 5 ERM Framework & Policy - Fragmented/ limited ERM framework - Framework developed but not approved by appropriate authority - ERM framework and risk appetite in place - Escalation processes, ERM integrated in strategic planning - All operational entities - Risk scales for different levels - ERM framework reflects RBM and addressing all operational elements Governance and Org. Structure - Fragmented and informal structure - Accountability for ERM is informal - Risk Governance structure (based on Three Lines of Defense) to oversee ERM - ERM governance structure in place - ERM Committee and entity to oversee is in place - Fully integrated risk governance structure - Chief Risk Officer - Structure applied across all operations - Accountability at each level Process and Integration - Inconsistencies in methodology - Limited process to assess, monitor and report - Systematic process for risk assessment, response, monitoring, escalation and reporting - Links between internal controls & risks / control effectiveness & risk assessment - RBM and ERM fully aligned - Optimized with pre-defined indicators - Fully integrated risk & opportunity analysis Systems and Tools - Risks recorded in various documents - Manual risk assessment / response (spreadsheet) - Consolidated risk register - ERM monitoring and reporting capabilities - Dynamic risk dashboards - Financial risk modelling - Semi-automated operations - Advanced modelling, forecasting and scenario planning tools Risk Capabilities - Risk competencies perceived to have little value - Knowledge for certain managers - Indicators presented to senior mgmt. annually - Recognized mgmt. competency - Accurate risk mgmt. information available - Core competency for staff - Dynamic risk information reports across organization - Perfecting risk skills - Dynamic dashboards across organization Risk Culture - Limited commitment - Partial consideration of risk factors - Clear expectations, info systematically collected - Risk mgmt. assessed in Staff Performance mgmt. - Risk mgmt. integrated into strategic activities - Systematically collect and communicate information - Org.-wide awareness - Dynamic risk information - Learning from success and failures Reference Maturity Model for Risk Management Enterprise Risk Management (ERM) Framework and Policy: are the collection of policies, procedures and other documents that together describe how the organisation undertakes its risk management Governance and organisational Structure: sets out the internal risk governance structure, the appropriate delegated authority, roles and responsibilities, and organisational entities to assure the effective management of risk Process and Integration: Process ensures that risks and opportunities that may affect the delivery of organisational results are effectively identified, assessed, responded to, communicated and monitored as per the ERM framework. Integration ensures that the interaction / interlinkages with related risk sub-processes or other organisational processes are clearly established. Systems and Tools: are the IT components used to record, analyse, integrate and communicate/report on risk information Risk Capabilities: are the skills, ability, knowledge and capacity that an organisation has to effectively manage risks to delivery of its results Risk Culture: is evidenced by the shared values, beliefs, and behaviours of the staff and senior management, together with the organisation’s demonstrated attitude to risk

12 Way forward

13 Maturity Model for Risk Management in the UN system
Current assessment  Desired status Initial LEVEL 1 Developing LEVEL 2 Established LEVEL 3 Advanced LEVEL 4 Leading LEVEL 5 ERM Framework & Policy - Fragmented/ limited ERM framework - Framework developed but not approved by appropriate authority - ERM framework and risk appetite in place - Escalation processes, ERM integrated in strategic planning - All operational entities - Risk scales for different levels - ERM framework reflects RBM and addressing all operational elements Governance and Org. Structure - Fragmented and informal structure - Accountability for ERM is informal - Risk Governance structure (based on Three Lines of Defense) to oversee ERM - ERM governance structure in place - ERM Committee and entity to oversee is in place - Fully integrated risk governance structure - Chief Risk Officer - Structure applied across all operations - Accountability at each level Process and Integration - Inconsistencies in methodology - Limited process to assess, monitor and report - Systematic process for risk assessment, response, monitoring, escalation and reporting - Links between internal controls & risks / control effectiveness & risk assessment - RBM and ERM fully aligned - Optimized with pre-defined indicators - Fully integrated risk & opportunity analysis Systems and Tools - Risks recorded in various documents - Manual risk assessment / response (spreadsheet) - Consolidated risk register - ERM monitoring and reporting capabilities - Dynamic risk dashboards - Financial risk modelling - Semi-automated operations - Advanced modelling, forecasting and scenario planning tools Risk Capabilities - Risk competencies perceived to have little value - Knowledge for certain managers - Indicators presented to senior mgmt. annually - Recognized mgmt. competency - Accurate risk mgmt. information available - Core competency for staff - Dynamic risk information reports across organization - Perfecting risk skills - Dynamic dashboards across organization Risk Culture - Limited commitment - Partial consideration of risk factors - Clear expectations, info systematically collected - Risk mgmt. assessed in Staff Performance mgmt. - Risk mgmt. integrated into strategic activities - Systematically collect and communicate information - Org.-wide awareness - Dynamic risk information - Learning from success and failures Reference Maturity Model for Risk Management Enterprise Risk Management (ERM) Framework and Policy: are the collection of policies, procedures and other documents that together describe how the organisation undertakes its risk management Governance and organisational Structure: sets out the internal risk governance structure, the appropriate delegated authority, roles and responsibilities, and organisational entities to assure the effective management of risk Process and Integration: Process ensures that risks and opportunities that may affect the delivery of organisational results are effectively identified, assessed, responded to, communicated and monitored as per the ERM framework. Integration ensures that the interaction / interlinkages with related risk sub-processes or other organisational processes are clearly established. Systems and Tools: are the IT components used to record, analyse, integrate and communicate/report on risk information Risk Capabilities: are the skills, ability, knowledge and capacity that an organisation has to effectively manage risks to delivery of its results Risk Culture: is evidenced by the shared values, beliefs, and behaviours of the staff and senior management, together with the organisation’s demonstrated attitude to risk

14 Recommended actions Current assessment  Desired status
Initial LEVEL 1 Developing LEVEL 2 Established LEVEL 3 Advanced LEVEL 4 Leading LEVEL 5 ERM Framework & Policy Governance and Org. Structure Process and Integration Systems and Tools Risk Capabilities Risk Culture All org. & operational entities involved (HQ, programmes, ROs) Risk registers and org-wide scale levels (assessment & rating) Setting up a risk governance structure Staff accountability for managing risks Establish systematic risk mgmt. process Review internal control effectiveness against risks Develop org. wide risk register and risk mgmt. dashboards Strengthen capacity of staff to manage risks Integrate risk management in Staff Performance Management system Systematically communicate and report on risk information Reference Maturity Model for Risk Management Enterprise Risk Management (ERM) Framework and Policy: are the collection of policies, procedures and other documents that together describe how the organisation undertakes its risk management Governance and organisational Structure: sets out the internal risk governance structure, the appropriate delegated authority, roles and responsibilities, and organisational entities to assure the effective management of risk Process and Integration: Process ensures that risks and opportunities that may affect the delivery of organisational results are effectively identified, assessed, responded to, communicated and monitored as per the ERM framework. Integration ensures that the interaction / interlinkages with related risk sub-processes or other organisational processes are clearly established. Systems and Tools: are the IT components used to record, analyse, integrate and communicate/report on risk information Risk Capabilities: are the skills, ability, knowledge and capacity that an organisation has to effectively manage risks to delivery of its results Risk Culture: is evidenced by the shared values, beliefs, and behaviours of the staff and senior management, together with the organisation’s demonstrated attitude to risk

15 Way forward Status reports to IMAC, CWG-FHR and Council
Sep 2019: CWG-FHR – feedback from membership By end of 2019: Review the ITU RM framework (incl. benchmarking with UN model) By Council 2020: Develop a risk model incorporated into the ITU planning framework By Council 2021: Develop the Plan and Implement the new framework Review the framework and Report to PP-22 Status reports to IMAC, CWG-FHR and Council

Download ppt "Document CWG-FHR-10/8 4 September 2019 English only"

Similar presentations

Organizational Governance

Organizational Governance
AASHTO Internal Audit Conference 2012 – Phoenix Daniel Fodera, CMQ/OE Program Management Improvement Team Federal Highway Administration.

AASHTO Internal Audit Conference 2012 – Phoenix Daniel Fodera, CMQ/OE Program Management Improvement Team Federal Highway Administration.
Auditing, Assurance and Governance in Local Government

Auditing, Assurance and Governance in Local Government
HR Manager – HR Business Partners Role Description

HR Manager – HR Business Partners Role Description
Introduction to Enterprise Risk Management (ERM)

Introduction to Enterprise Risk Management (ERM)
SEM Planning Model.

SEM Planning Model.
Orientation to Performance and Quality Improvement Plan

Orientation to Performance and Quality Improvement Plan
Purpose of the Standards

Purpose of the Standards
PAINTING THE FULL PICTURE

PAINTING THE FULL PICTURE
Project Human Resource Management

Project Human Resource Management
1 Enterprise Risk Management (ERM) Program PNM Resources, Inc. March 29, 2007 Presentation to American Public Power Association March 2007 Austin, Texas.

1 Enterprise Risk Management (ERM) Program PNM Resources, Inc. March 29, 2007 Presentation to American Public Power Association March 2007 Austin, Texas.
NIST Special Publication Revision 1

NIST Special Publication Revision 1
Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the Preface to the Standards on Internal.

Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.
SMS Planning.  Safety management addresses all of the operational activities of the entire organization.  The four (4) components of an SMS are: 1)

SMS Planning.  Safety management addresses all of the operational activities of the entire organization.  The four (4) components of an SMS are: 1)
Risk Management - “Local Government Pitfalls.” IMFO – Sustainability Workshop Risk Management 30 March 2012 www.pwc.com/za/en/consulting.

Risk Management - “Local Government Pitfalls.” IMFO – Sustainability Workshop Risk Management 30 March
TREASURY REGULATIONS’ CHANGES AND POTENTIAL IMPACT

TREASURY REGULATIONS’ CHANGES AND POTENTIAL IMPACT
Consultant Advance Research Team. Outline UNDERSTANDING M&E DATA NEEDS PEOPLE, PARTNERSHIP AND PLANNING 1.Organizational structures with HIV M&E functions.

Consultant Advance Research Team. Outline UNDERSTANDING M&E DATA NEEDS PEOPLE, PARTNERSHIP AND PLANNING 1.Organizational structures with HIV M&E functions.
Kathy Corbiere Service Delivery and Performance Commission

Kathy Corbiere Service Delivery and Performance Commission
Continual Service Improvement Methods & Techniques.

Continual Service Improvement Methods & Techniques.
The Importance of RM in strategic in sustainable service delivery How to avoid Service Delivery Protest ” Institute of Municipal Finance Officers & Related.

" The Importance of RM in strategic in sustainable service delivery How to avoid Service Delivery Protest ” Institute of Municipal Finance Officers & Related.

Similar presentations

Ads by Google