This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Developing a global risk management framework for UNDP


UNDP vision: To help countries to achieve sustainable development by eradicating poverty in all its forms and dimensions, and accelerate structural transformations for sustainable development and building resilience to crises and shocks.
As an organisation that works with people, countries and territories around the world – many in conflict and/or oppression – UNDP deals with risks daily. To deliver on its vision and continue its work towards eradicating poverty, all UNDP offices (primarily country offices) and HQ need to be resilient and able to respond to unforeseen challenges. However, following an internal audit, it was found that the organisation needed to increase its risk capabilities with a resilience framework.
A tender process to build this risk and resilience framework invited bids from suppliers worldwide, and was awarded to 4C Strategies.
How we did it
We carried out a comprehensive desk review of UNDP processes and documents, followed by interviews with key decision makers including senior management at a national and international level. Based on this analysis, we worked with UNDP to develop a fit-for-purpose enterprise risk management model and policy. During the process, we also identified a need for, and developed, a complete resilience framework with elements of risk, business continuity and crisis management.

Leading by example
As the leading agency for supporting and developing nations in need, UNDP must set an example to its peers, i.e., UN funds and programmes, through the use of best-in-class processes and procedures at local and global operations. Although skilled at taking and managing risk on an individual level, as a collective entity, decisions were often fragmented. Without a holistic overview of the processes and structure in place, risk management was not delivering the expected value, and the organisation was not as resilient as it could, or should, be.
An internal audit by the UNDP Office of Audit and Investigation found that the organisation required a new framework, citing; “This is mainly due to inadequate implementation of the ERM cycle at various levels of the organisation and the breadth of improvements in policy, tools and practices that are needed when compared with internationally recognised standards, good practices of other organisations, and benchmarking studies relating to ERM.”
UNDP needed to put this right, so they started a global tender process to find a company that could deliver a world-class enterprise risk management model. 4C Strategies works with many public organisations at the local, national and international level, including the European External Action Service (EEAS) and the Intergovernmental Panel on Climate Change (IPCC), making us the ideal partner for UNDP.

“UNDP works with risk every minute of every day,” says Jonatan Jürisoo, Partner and Senior Consultant at 4C Strategies. ´Governments and donors around the world trust them to take actions and allocate budgets on their behalf – often in high-risk, highly-disputed territories. Having resilience capabilities and a structured model that can be applied everywhere to identify, aggregate and mitigate risks is imperative for their important work in eradicating poverty in all its forms.´
The 4C team, which was made up of resilience experts with international public and private sector experience, identified three key improvement areas:
- Accountability
- Integration
- Simplicity
Once work began, with a desk review of all documentation, it was quickly agreed that the assignment needed to be scaled up to include a complete risk and resilience framework. The framework would establish coherence between the different disciplines of Business Continuity Management, Incident & Crisis Management as well as Enterprise Risk Management and ensure alignment with international standards, such as ISO 31000.
“This was a high-priority project within UNDP. The Head of Risk and Continuity Management at UNDP took an active role throughout the project as we interviewed senior management at UNDP headquarters and many of the country offices,” continues Jürisoo.
Risk and resilience framework
One of the major challenges facing the team was how to develop a risk and resilience framework that would function across the board, i.e., for projects in developing countries, economies in transition, and developed economies.
“It was essential for us to develop a framework that tied UNDP’s strategic goals to a structured, systematic and integrated risk management process that could be instilled organisation-wide,” explains Jürisoo. “With a common approach for analysing and reducing risk, validating projects and allocating budgets, fact-based decision-making comes much more into play. Essentially, risk management is a key enabler for project results and transparent dialogue with donors.”

The 4C team developed a model for the Risk and Resilience Framework that comprised three components: Governance, Risk & Resilience Management, and Compliance & Added Value.
A vision within governance sets the organisational objective. The risk and resilience management ensures framework use throughout the organisation. Finally, compliant work and results are used to avoid threats and capitalise on opportunities.
Enterprise Risk Management
To meet the requirements of the internal audit, namely implementing a fit-for-purpose ERM model, the 4C team revised the ERM policies and objectives and brought them in line with ISO 31 000 standards. Risks were categorised and aligned with other relevant parts of the UN system, such as the UN Secretariat. New guidelines were also provided on acceptable risk. Finally, roles and responsibilities were clarified for improved accountability.
Implementing ERM in the organisation
“It’s vital that you think beyond the models and guidelines,” continues Jürisoo. “You also have to develop a systematic method for implementing them. Having worked as a Swedish and EU representative at the UN, I understand the culture and ways of working. I wanted to make sure that ERM and resilience became a bigger part of the UNDP culture in order for them to gain the most benefit from it.”
To ensure ERM became a continuous part of the working process and culture at UNDP, 4C developed a list of recommendations that included:
- Lifting ERM onto the agenda of senior management’s decision-making forums
- Creating clear and easy-to-follow ERM manuals that are easily accessible by staff
- Ensuring out of date documentation is removed
- Applying ERM to relevant initiatives
- Developing and conducting ERM training
Risk at every level of the organisation
With the ERM and framework implemented, UNDP is able to gain an aggregated understanding of the organisational risk landscape at any given level be it a unique project, nation or the enterprise as a whole. With an aggregated view, it’s possible to analyse trends and identify key risks from different perspectives. Additionally, the financial consequences can be used to estimate and track risk reserves.

“We are very proud to have supported UNDP; enabling them to get a better understanding of their risks, which they can use to improve risk mitigation and ultimately help more people and societies. Our mission at 4C Strategies is to combine the power of digital innovation with industry expertise to build a safer society. I can think of few better ways to do that than by contributing to UNDP’s mission of helping countries to eradicate poverty, accelerating sustainable development and building resilience to crises and shocks,” concludes Jürisoo.

Want to learn more?
Discover how you can build your Risk Management capability with our services and Exonaut® software solutions.