Background: 4C Strategies was chosen to develop a new world-class risk management framework that would enable the United Nations Development Programme (UNDP) to meet its strategic plan of “Changing with the World” and deliver on its mission to eradicate poverty.
Challenge: Increase resilience capabilities and implement unified and structured organisation-wide risk management process. Promote systematic, fact-based decision-making to support the allocation of actions and funding in disparate countries with diverse levels of risk and support requirements.
Solution: An Enterprise Risk Management (ERM) policy and a Risk & Resilience framework were developed for organisation-wide use. They allow risks to be evaluated at multiple levels according to the same criteria and ensure UNDP has sufficient adaptive capacity to operate in complex and changing environments.
Benefits: UNDP can now systematically coordinate strategies and practices to manage risks – including disruptive events – without setbacks in the attainment of results. Budgeting, planning, design, monitoring and evaluation are improved, and costs are reduced by using a unified enterprise risk management process, rather than fragmented decision making.
Customer: Headquartered in New York, UNDP works in 170 countries and territories to eradicate poverty while protecting the planet. It helps countries develop stronger policies, skills, partnerships and institutions so they can sustain their progress.UNDP vision: To help countries to achieve sustainable development by eradicating poverty in all its forms and dimensions, and accelerate structural transformations for sustainable development and building resilience to crises and shocks.
As an organisation that works with people, countries and territories around the world – many in conflict and/or oppression – UNDP deals with risks daily. To deliver on its vision and continue its work towards eradicating poverty, all UNDP offices (primarily country offices) and HQ need to be resilient and able to respond to unforeseen challenges. However, following an internal audit, it was found that the organisation needed to increase its risk capabilities with a resilience framework.A tender process to build this risk and resilience framework invited bids from suppliers worldwide, and was awarded to 4C Strategies.
How we did it
We carried out a comprehensive desk review of UNDP processes and documents, followed by interviews with key decision makers including senior management at a national and international level. Based on this analysis, we worked with UNDP to develop a fit-for-purpose enterprise risk management model and policy. During the process, we also identified a need for, and developed, a complete resilience framework with elements of risk, business continuity and crisis management.
“Building a culture of prevention is not easy. While the costs of prevention have to be paid in the present, its benefits lie in a distant future. Moreover, the benefits are not tangible; they are the disasters that did NOT happen.”
Leading by example
As the leading agency for supporting and developing nations in need, UNDP must set an example to its peers, i.e., UN funds and programmes, through the use of best-in-class processes and procedures at local and global operations. Although skilled at taking and managing risk on an individual level, as a collective entity, decisions were often fragmented. Without a holistic overview of the processes and structure in place, risk management was not delivering the expected value, and the organisation was not as resilient as it could, or should, be.
An internal audit by the UNDP Office of Audit and Investigation found that the organisation required a new framework, citing; “This is mainly due to inadequate implementation of the ERM cycle at various levels of the organisation and the breadth of improvements in policy, tools and practices that are needed when compared with internationally recognised standards, good practices of other organisations, and benchmarking studies relating to ERM.”
UNDP needed to put this right, so they started a global tender process to find a company that could deliver a world-class enterprise risk management model. 4C Strategies works with many public organisations at the local, national and international level, including the European External Action Service (EEAS)and the Intergovernmental Panel on Climate Change (IPCC), making us the ideal partner for UNDP.“UNDP works with risk every minute of every day,” says Jonatan Jürisoo, Partner and Senior Consultant at 4C Strategies. ´Governments and donors around the world trust them to take actions and allocate budgets on their behalf – often in high-risk, highly-disputed territories. Having resilience capabilities and a structured model that can be applied everywhere to identify, aggregate and mitigate risks is imperative for their important work in eradicating poverty in all its forms.´The 4C team, which was made up of resilience experts with international public and private sector experience, identified three key improvement areas:
- Accountability
- Integration
- Simplicity
Once work began, with a desk review of all documentation, it was quickly agreed that the assignment needed to be scaled up to include a complete risk and resilience framework. The framework would establish coherence between the different disciplines of Business Continuity Management, Incident & Crisis Management as well as Enterprise Risk Management and ensure alignment with international standards, such as ISO 31000.“This was a high-priority project within UNDP. The Head of Risk and Continuity Management at UNDP took an active role throughout the project as we interviewed senior management at UNDP headquarters and many of the country offices,” continues Jürisoo.
Risk and resilience framework
One of the major challenges facing the team was how to develop a risk and resilience framework that would function across the board, i.e., for projects in developing countries, economies in transition, and developed economies.
“It was essential for us to develop a framework that tied UNDP’s strategic goals to a structured, systematic and integrated risk management process that could be instilled organisation-wide,” explains Jürisoo. “With a common approach for analysing and reducing risk, validating projects and allocating budgets, fact-based decision-making comes much more into play. Essentially, risk management is a key enabler for project results and transparent dialogue with donors.”The 4C team developed a model for the Risk and Resilience Framework that comprised three components: Governance, Risk & Resilience Management, and Compliance & Added Value.
A vision within governance sets the organisational objective. The risk and resilience management ensures framework use throughout the organisation. Finally, compliant work and results are used to avoid threats and capitalise on opportunities.
Enterprise Risk Management
To meet the requirements of the internal audit, namely implementing a fit-for-purpose ERM model, the 4C team revised the ERM policies and objectives and brought them in line with ISO 31 000 standards. Risks were categorised and aligned with other relevant parts of the UN system, such as the UN Secretariat. New guidelines were also provided on acceptable risk. Finally, roles and responsibilities were clarified for improved accountability.
Implementing ERM in the organisation
“It’s vital that you think beyond the models and guidelines,” continues Jürisoo. “You also have to develop a systematic method for implementing them. Having worked as a Swedish and EU representative at the UN, I understand the culture and ways of working. I wanted to make sure that ERM and resilience became a bigger part of the UNDP culture in order for them to gain the most benefit from it.”
To ensure ERM became a continuous part of the working process and culture at UNDP, 4C developed a list of recommendations that included:
- Lifting ERM onto the agenda of senior management’s decision-making forums
- Creating clear and easy-to-follow ERM manuals that are easily accessible by staff
- Ensuring out of date documentation is removed
- Applying ERM to relevant initiatives
- Developing and conducting ERM training
- Risk at every level of the organisation
With the ERM and framework implemented, UNDP is able to gain an aggregated understanding of the organisational risk landscape at any given level be it a unique project, nation or the enterprise as a whole. With an aggregated view, it’s possible to analyse trends and identify key risks from different perspectives. Additionally, the financial consequences can be used to estimate and track risk reserves.“We are very proud to have supported UNDP; enabling them to get a better understanding of their risks, which they can use to improve risk mitigation and ultimately help more people and societies. Our mission at 4C Strategies is to combine the power of digital innovation with industry expertise to build a safer society. I can think of few better ways to do that than by contributing to UNDP’s mission of helping countries to eradicate poverty, accelerating sustainable development and building resilience to crises and shocks,” concludes Jürisoo.
Discover how you can build your Risk Management capability with our services and Exonaut® software solutions.