You are here: Home » Risk Management
Managing to Mitigate Risks
'Risk management' means applying a systematic approach to assessing and acting on risks in order to ensure that organizational objectives are achieved. Addressing risks that are left unattended to or insufficiently addressed by existing controls and checks is primarily the responsibility of an Organization's management. It is OIOS' aim to assist United Nations programme managers in this process.
When developing its annual work plan, OIOS has traditionally consulted with Heads of Departments and Offices inviting them to make suggestions for audits and other oversight services that would address areas of concern. In order to make this process more effective, OIOS is promoting a more open dialogue with programme managers of Departments and Offices on specific areas of concern to them — areas that are increasingly being referred to as 'risks'.
What constitute risks in the United Nations environment?
Risks in the United Nations context are normally referred to as programmatic and operational areas that have the greatest exposure to inefficiencies, ineffectiveness, fraud, waste, abuse and mismanagement. Areas with the most significant risks in the UN environment are defined as those that are insufficiently addressed by existing controls and checks .
How should programme managers address risk issues?
In order to identify areas vulnerable to risk, Departments and Offices might find it helpful to use the questions below as a guide to determine where they need assistance from OIOS:
OIOS Risk Framework
OIOS uses a risk-based work planning strategy to prioritize and rationalize the allocation of its resources to oversight for programmatic and operational areas that have the greatest exposure to fraud, waste, abuse, inefficiencies and mismanagement. This systematic assessment of the risks associated with various programmes and activities aims to increase the Office's accountability for deployment of resources to oversight assignments. The risks are premised on their likelihood and impact and do not necessarily reflect any weaknesses in the management or structure of the relevant programmes and agencies.
OIOS has conducted strategic risk analyses of the United Nations oversight universe annually since 2002. Using the combined knowledge and expertise of OIOS audit, inspection, monitoring, evaluation, investigation and management consulting managers, the exercise examines the past problems, current challenges and overarching trends that could threaten the Organization's activities, assets, and reputation. The Risk Framework thus developed is monitored at quarterly intervals to ensure that the analysis is up-to-date and that actions are carried out to mitigate risks.
Traditionally, internal audit and other oversight functions have taken a risk-based approach in conducting their work. Work plans are established based on a risk assessment to determine “what matters most”; that is, what are the priority areas that oversight resources should be allocated to. During the assignments, the existing risk management and control systems are evaluated for adequacy. At the reporting stage, information on risk and related recommendations are communicated to the appropriate areas of the organization.
Risk Management and the UN
United Nations is dealing with the kinds of risks that any public or private institution is just happy to do without. One only needs to think about the Baghdad bombings to understand the security risks that UN is confronted with. Operational, financial and reputational risks represent other types of risks that the Organization is facing. With its Risk Management Framework, OIOS contributes to the various other mechanisms in place in the UN system to mitigate and prevent such risks.
Embedding effective risk management into the organizational culture is a challenging but necessary endeavor. Therefore, OIOS is advocating that UN stakeholders, including Departments, Offices and the legislative bodies, participate in developing a common risk management system for the Organization. The Office offers assistance and support to clients and stakeholders, including briefings, consultation sessions, presentations and workshops. In an organization where risk management is not yet an established function, oversight can act as an initiator and educator of risk management activities.