Thirty-Second Board Meeting Report on Risk Management

Similar documents
Thirty-Second Board Meeting Risk Management Policy

Global Fund Internal Controls Compliance with Key Internal Policies Including Operational, Financial and Procurement Controls

Audit Report Internal Financial Controls. GF-OIG March 2015 Geneva, Switzerland

MEMORANDUM. To: From: Metrolinx Board of Directors Robert Siddall Chief Financial Officer Date: September 14, 2017 ERM Policy and Framework

2018 Corporate Work Plan & Budget Narrative

Thirty-Second Board Meeting Corporate KPIs Narrative

Executive Board Annual Session Rome, May 2015 POLICY ISSUES ENTERPRISE RISK For approval MANAGEMENT POLICY WFP/EB.A/2015/5-B

38th Board Meeting Risk Appetite Discussion

Introduction. The Assessment consists of: Evaluation questions that assess best practices. A rating system to rank your board s current practices.

Dianne Stewart Secretariat

UNFPA EXECUTIVE BOARD DECISION-TRACKING MECHANISM

The Global Fund. Financial Management Handbook for Grant Implementers. December 2017 Geneva, Switzerland

OFFICE OF THE INSPECTOR GENERAL

GEF-7 REPLENISHMENT POLICY RECOMMENDATIONS (PREPARED BY THE SECRETARIAT)

BERGRIVIER MUNICIPALITY. Risk Management Risk Appetite Framework

PURPOSE: To set out the proposed Strategic Key Performance Indicator Framework submitted for Board Approval.

Arrangements for the revision of the terms of reference for the Peacebuilding Fund

UNITED NATIONS JOINT STAFF PENSION FUND. Enterprise-wide Risk Management Policy

ERM Benchmark Survey Report A report on PACICC's third ERM benchmarking survey

Audit Report. Global Fund Transition Management Processes. GF-OIG September 2018 Geneva, Switzerland

Office of the Secretary of the Executive Board EXECUTIVE BOARD DECISION MONITORING TABLE

Applying COSO s Enterprise Risk Management Integrated Framework

General management: update

Note on the Development of the Global Fund s Strategy

Workstream II: Govenance and Institutional Arrangements Workstream III: Operational Modalities Revised background note: Direct Access

REPORT 2016/038 INTERNAL AUDIT DIVISION. Audit of the Office for the Coordination of Humanitarian Affairs operations in South Sudan

38th Board Meeting, November 2017

Introduction. The Assessment consists of: A checklist of best, good and leading practices A rating system to rank your company s current practices.

Audit Report. Global Fund Grants to the Republic of Kenya. GF-OIG July 2015 Geneva, Switzerland

Acronyms List. AIDS CCM GFATM/GF HIV HR HSS IP M&E MDG MoH NGO PLHIV/PLH PR SR TA UN UNAIDS UNDP UNESCO UNFPA UNICEF WG WHO NSP NPA MEC

Draft Guideline. Corporate Governance. Category: Sound Business and Financial Practices. I. Purpose and Scope of the Guideline. Date: November 2017

Multi Donor Trust Fund Southern Sudan Final Minutes of the Oversight Committee Meeting March 13, 2007

Guidelines for Financial Assurance Planning

Measures to strengthen the implementation of the Convention through coordination and cooperation

The Grant Risk Assessment and Management (GRAM ) Tool

Proposed Revision to the UK Stewardship Code Annex A - Revised UK Stewardship Code

partnership charter I. Background II. Mission

Report on the activities of the Independent Integrity Unit

Mauritania s Poverty Reduction Strategy Paper (PRSP) was adopted in. Mauritania. History and Context

Audit Report 2018-A-0008 Purchasing Cards Survey

REPORT OF THE POLICY AND STRATEGY COMMITTEE

Audit of Global Fund Grants to the Central African Republic. GF-OIG February 2013

PARTNERSHIP FOR MARKET READINESS (PMR) Eighth Partnership Assembly Meeting Mexico City, March 3-5, Resolution No. PA8/2014-3

9644/10 YML/ln 1 DG E II

THE RISK MANAGEMENT FRAMEWORK FOR THE GLOBAL FUND TO FIGHT AIDS, TUBERCULOSIS AND MALARIA

Strategic priorities. Sustainable banking. Inspire and engage our people. A better bank contributing to a better world. Enhance client centricity

ENTERPRISE RISK MANAGEMENT (ERM) POLICY

36th Board Meeting Secretariat operating expenditures: F reforecasts and 2017 Budget For Board Information

AFGHANISTAN ALLOCATION GUIDELINES 22 JANUARY 2014

GUIDELINES FOR PREPARING A NATIONAL IMMUNIZATION PROGRAM FINANCIAL SUSTAINABILITY PLAN

The Sustainable Stock Exchanges Initiative An Overview for Issuers and Investors ADVANCED SUPPLY CHAIN COMPLIANCE SERIES

FM Harmonization Frequently Asked Questions August 2013

Internal Audit of the Republic of Albania Country Office January Office of Internal Audit and Investigations (OIAI) Report 2017/24

OFFICIAL -1 L(-L DOCUMENTS. Between. and

Applying COSO s Enterprise Risk Management Integrated Framework. September 29, 2004

We recommend the establishment of One UN at country level, with one leader, one programme, one budgetary framework and, where appropriate, one office.

ENTERPRISE RISK MANAGEMENT POLICY FRAMEWORK

Best practices for multiple sub-adviser mutual funds

199 EX/5 Part II page 81. F. Structured Financing Dialogue (Follow-up to 197 EX/Decision 5 (IV, B)) A. Background. (i) Initial decision (2012)

Fund for Gender Equality Monitoring and Evaluation Framework Executive Summary

Communicating Value 2017 Annual. Report Presented at Annual Council 2018

The UNOPS Budget Estimates, Executive Board September 2013

Allocation and Catalytic Investment Access to Funding

ENTERPRISE RISK MANAGEMENT Framework

IMPLEMENTING THE PARIS DECLARATION AT THE COUNTRY LEVEL

Liberia Reconstruction Trust Fund Implementation Manual

Year end report (2016 activities, related expected results and objectives)

MANAGERIAL ACCOUNTABILITY AND RISK MANAGEMENT

OFFICE OF THE INSPECTOR GENERAL

FINAL 26 February PARTNERSHIP FOR PROGRESS: UN Civil Society Fund

PMR Governance Framework*

QUEENSLAND GOVERNMENT RELEASES STATE INFRASTRUCTURE PLAN

PST Board Assurance Framework

OP Investment Project Financing. Bank Access to Information Policy Designation Public

Immunization Planning and the Budget Cycle

PCT WBG IMF OECD. The Platform for Collaboration on Tax (PCT) The Platform for Collaboration on Tax (PCT) Workplan: PCT 14 Actions

Department of Homeland Security Office of Inspector General

Council conclusions on the EU role in Global Health. 3011th FOREIGN AFFAIRS Council meeting Brussels, 10 May 2010

SOLID GROUP INC. ENTERPRISE RISK MANAGEMENT POLICY

Risk Management Policy and Framework

Texas Workforce Commission

AUDIT UNDP COUNTRY OFFICE SOMALIA. Report No Issue Date: 20 June 2014

Table of Recommendations

Investment criteria indicators

South Sudan Common Humanitarian Fund Allocation Process Guidelines

MONTENEGRO SECURITIES AND EXCHANGE COMMISSION INTERNAL DEVELOPMENT STRATEGY OF THE SECURITIES AND EXCHANGE COMMISSION

Implementation of Article 19 of the WHO FCTC: Liability

Version: th November 2010 RISK MANAGEMENT POLICY

The Global Fund Policy to Combat Fraud and Corruption

Inter-agency Task Force on Financing for Development Background Note on Progress towards the 2018 Task Force Report February 2018

ERM Benchmark Survey Report

Year 6 Report (2017 activities)

Report of the Seventeenth Meeting of the Independent Expert Oversight Advisory Committee (IEOAC) of the World Health Organization

WEST BANK AND GAZA STRIP

IASC Subsidiary Bodies. Report on Sub-Working Group on Humanitarian Financing Activities in 2011

Population Activities Unit Tel Palais des Nations Fax

Business Auditing - Enterprise Risk Management. October, 2018

NEW FUNDING MODEL: ELIGIBILITY, COUNTERPART FINANCING AND PRIORITIZATION POLICY REVISION.

WIPO General Assembly

INTRODUCTION INTRODUCTORY COMMENTS

Transcription:

Thirty-Second Board Meeting Report on Risk Management 00 Month 2014 Location, Country Page 1

Board Information REPORT ON RISK MANAGEMENT Purpose: 1. To provide information that enables the Board to fulfill its responsibilities with respect to risk management. 2. The report is provided by the Chief Risk Officer. Montreux, Switzerland, 20-21 November 2014 1/7

EXECUTIVE SUMMARY 1. This report on risk management is the first of regular reports that will be provided to the Board by the Chief Risk Officer. 2. There is a high degree of awareness, at the Board, Committee, Secretariat as well as Country and implementer levels, that strong risk management is a critical success factor. 3. A framework for risk differentiation is being presented separately to the Board for approval for the first time (see GF/B32/14). 4. A new risk management policy is also being presented to the Board for approval, replacing the current one that dates from 2009 (see GF/B32/13). 5. Overall, risk management at the Secretariat level is at an adequate level. Further improvements need to be implemented, particularly with respect to how assurance is obtained as part of grant management. 6. Management is of the opinion that the current level of risk in the grant portfolio, as measured by the Portfolio Risk Index (a corporate key performance indicator), is at the appropriate level. 7. The most important risks appearing in the organizational risk register as of 30 September 2014 are (in no particular order): (1) poor program quality; (2) treatment disruptions; (3) inadequate grant oversight by principal recipients; (4) Community, Rights and Gender related risk; (5) failure to deliver on our mission in a handful of the highest-impact countries; and (6) failure to deliver new Secretariat culture. 8. Management believes it is currently mitigating these main risks appropriately. INTRODUCTION and BACKGROUND 9. Until now, reporting on risk management to the Board has not been systematic, something that has been noted in the Office of the Inspector General s Governance Review advisory report from June 2014. 10. The Ad Hoc Working Group on Governance has included in its recommendations that the Chief Risk Officer provide an annual assurance report to the Board with the CRO s independent view on the robustness and effectiveness of the Secretariat s management of risk and mitigation steps taken and whether the risk profile is acceptable, is improving or deteriorating. 11. This report on risk management is the first of regular reports that will be provided to the Board twice a year. It is arranged according to the four responsibilities that the Board has with respect to oversight over risk management, as outlined in the next four sections. UNDERSTANDING THE ORGANIZATION S RISK PHILOSOPHY AND APPROVING THE FRAMEWORK FOR RISK DIFFERENTIATION 12. The organization s risk philosophy was strongly influenced by the circumstances that, in 2011, led to the creation of the High-Level Independent Review Panel. There continues to be a high degree of awareness, at the Board, Committee, Secretariat as well as Country and implementer levels, that strong risk management is a critical success factor. As per Montreux, Switzerland, 20-21 November 2014 2/7

the saying Never waste a good crisis, it can be said that the Global Fund made good use of the window of opportunity that has been available to it since late 2011. 13. A positive development since 2011 has been that, while grant-related financial and fiduciary risks have continued to receive strong attention from the Secretariat and implementers (in keeping with the organization s zero tolerance for misuse of funds ), other key risks now receive more attention than in the past such as sustainability, procurement and supply management, data and program quality, and human rights. 14. A framework for risk differentiation is being presented separately to the Board for approval for the first time (see GF/B32/14). It proposes to establish thresholds for differentiation in risk management, as well as upper and lower limits for the corporate key performance indicator that measures the overall level of risk in the grant portfolio. KNOWING THE EXTENT TO WHICH MANAGEMENT HAS ESTABLISHED EFFECTIVE RISK MANAGEMENT 15. The Board relies on representations from management that effective risk management is in place, with independent views on those representations provided by the Chief Risk Officer and the Office of the Inspector General. This report contains management s representations as well as the views of the Chief Risk Officer 1. 16. Risk management should be governed by an appropriate, Board-approved policy. Separately, a new policy is being presented to the Board for approval to replace the current one that dates from 2009 (see GF/B32/13). 17. Many important improvements to risk management have been made since 2011, including the implementation of a structured approach to operational (grant) risk management and many concrete risk mitigation actions on individual grants; the creation of the Risk Management Department; establishment and maintenance of a quarterly organizational risk register (attached as Annex 1); and the establishment of the Secretariat Risk and Assurance Committee. Improvements to oversight over risk by the Board have been proposed by the Ad Hoc Working Group on Governance (see GF/B32/08). 18. The Risk Management Department s headcount will be increased in 2015 from seven to ten in order to enable the function to lead the piloting and implementation of the outcomes of the Risk and Assurance work (see GF/B32/15) as well as expand its scope to in-country work. 19. The Secretariat 2014 Staff Engagement Survey identified Risk as the area that improved the most since 2012. In fact, it was felt to have improved by as much as the next four areas (Communication and Change, Performance Management, Operating Environment and Efficiency, and Leadership) taken together. That said, there is room for further improvement in several areas including in the culture ( safe to speak up ) and in better embedding risk management activities in the day-to-day processes. 20. At the Secretariat, processes are defined, implemented and modified by each department. In doing so, departments are expected to apply the requirements of the COSO internal control framework 2. The Risk Management Department in 2014 began facilitating a 1 The Office of the Inspector General reports separately to the Board (reference is made to the OIG Progress Report in GF/B32/06 and the OIG Status Update on Agreed Management Actions in GF/B32/07). 2 The Internal Control Integrated Framework, Committee of Sponsoring Organizations of the Treadway Commission ( COSO ), May 2013 Montreux, Switzerland, 20-21 November 2014 3/7

process of self-assessments in order to establish whether these requirements are in fact being met. The results of the first round of such assessments will be reported in quarter 1 of 2015. While no material weaknesses are currently expected to be identified, there very likely will be a number of deficiencies that will need to be remediated, as is typical when such an exercise is first undertaken. The Office of the Inspector General also regularly identifies internal control deficiencies. 21. Ongoing efforts to better differentiate particularly grant making and management processes, based on risk and materiality should result in better targeting of resources to the areas of greatest impact as well as further improve risk management. 22. Another important factor in risk management is change and how the organization adapts itself to change. The most important changes from a risk management perspective at the current time are the implementation of the New Funding Model and supporting processes and tools; the development and piloting of alternative grant (management) models; process differentiation; the trend towards more pooled procurement; and the piloting and implementation of the outcomes of the Risk and Assurance work (see GF/B32/15). 23. In order to satisfy itself that all important risks are appropriately identified, analyzed and mitigated in new grants created under the New Funding Model, the Risk Management Department is currently reviewing a sample of such grants. The results of that review will be reported during the first half of 2015. 24. Overall, risk management at the Secretariat level can be said to be at an adequate level. Further improvements have been identified and need to be implemented, particularly with respect to how assurance is obtained as part of grant management. The Risk Management Department will support the organization in piloting and implementing these improvements. REVIEWING THE PORTFOLIO OF RISK AND CONSIDERING IT AGAINST THE APPROVED RISK THRESHOLDS 25. The organizational risk register in Annex 1 provides the overview of the most significant risks that the organization faces. It is a combination of operational risks, i.e. risks in the programs that we help fund, and Secretariat process risks. 26. Overall, operational risk as expressed by the Portfolio Risk Index (the PRI ), one of the corporate key performance indicators, stands at 1.86 on a scale of 1 to 4, 1 being the lowest. This is down from a year earlier when it was 2.04. 27. This indicator is calculated based on individual risk assessments performed by the Secretariat s country teams with respect to the 19 different operational risks in 182 grants, representing almost 70% of the grant portfolio in value terms. 28. The Risk Management Department annually facilitates the preparation of a grant risk management report that analyzes the grant related risks, mitigation actions and trends, which is shared across the Secretariat and is also available on the Board Effect portal here 29. The report provides the following explanation for the decrease in the PRI: The reduction is a result of focused efforts by stable Country Teams in managing risk, in particular the use of the Pooled Procurement Mechanism in addressing procurement risk, efforts in strengthening Financial Management Systems and Principal Recipient capacity, and the introduction of fiscal agents in more grants. Montreux, Switzerland, 20-21 November 2014 4/7

However, the key risks in the High Impact Departments remain the same i.e. treatment disruptions, poor quality of health services, poor financial reporting, not achieving program outcome & impact targets, and inadequate PR governance & compliance. The key mitigation actions include, country specific actions to address risks related to in-country supply chain management, improved partnership for ensuring quality service delivery, and refocussing investments and partnerships to ensure program impact. Capacity building measures for addressing gaps in reporting is another key focus area. Country Dialogue and new grants are key opportunities to implement these risk mitigation actions. More details on the main operational risks are provided in the next report section. 30. The fact that management proposes to the Board to approve the establishment of an upper and lower ceiling for the PRI of the current value plus or minus ten percent, respectively, means that management is of the opinion that the current level of risk in the grant portfolio is at the appropriate level. 31. The organizational risk register contains a number of risks that are not directly related to grants. Some are still related to the transition from emergency to sustainability that the High-Level Independent Review Panel chose as the title of its report in 2011 and these should disappear over time. Others are less under the Secretariat s direct control, such as related to the ability to raise sufficient funding. Taken together, the non-grant related risks present a picture of an organization that is reasonably in control, particularly when the present is compared to the not-so-distant past when for example internal financial systems and processes were quite weak. BEING INFORMED ABOUT THE MOST SIGNIFICANT RISKS AND WHETHER MANAGEMENT IS RESPONDING APPROPRIATELY 32. As can be seen in the organizational risk register (Annex 1), the highest risks as of September 30, 2014, are: a. Poor program quality - including poor adherence to international standards for diagnosis, treatment and prevention, adherence to regimens, rational use of health products and targeting programs to those populations most in need and at risk. The New Funding Model process affords opportunities to identify weaknesses early and ensure strengthening activities are put in place. Partnerships, including in technical assistance and joint quality of care (minimum) standards, are being strengthened or implemented. Risk and Assurance work stream and Program Quality Hub are also expected to identify opportunities for further improvement. b. Treatment disruptions due to inadequate supply management mitigation measures include closer involvement of country teams, local fund agent and others; review of resourcing based on the severity of this risk in specific countries; implementation by Q1 2015 of the Rapid Supply Mechanism to enable quick response to imminent supply shortages; joint efforts with partners though a supply chain Inter Agency Group in very high-impact countries. c. Inadequate principal recipient oversight over grant programs - Implementation mapping gives Principal Recipients and Country Teams greater insight into program structure, controls and oversight than was the case in the past. A number of portfolios have undergone a rationalization process as a result to simplify implementation structure and improve controls. Under the New Montreux, Switzerland, 20-21 November 2014 5/7

Funding Model, Principal Recipients must be chosen prior to Technical Review Panel and Grant Approval Committee approval and meet minimum standards, and implementation structures will be better understood at the Secretariat level. Oversight capacity issues should be identified earlier and addressed prior to grant signing. d. Human rights related barriers to access and failure to apply Community, Rights and Gender ( CRG ) principles various guidance and grant making tools have been put in place. The Office of the Inspector General may investigate allegations of violations. Ongoing Secretariat capacity-building and training. CRG technical review of concept notes. CRG operational guidance is being developed for Secretariat staff. Outreach and engagement of civil society, UN partners, and communities in using the mechanisms and systems put in place. e. Failure to address the diseases in a handful of the highest-impact countries leading to failure to achieve the Global Fund mission at a global level increased prioritization by the Secretariat to ensure adequate resourcing of country teams and local fund agents; exploring ways to differentiate further and have more detailed, sub-national grant management approaches. f. Failure to deliver new Secretariat culture key areas include embedding the values, managerial quality and accountability, talent and performance management, and internal communications. 33. Most of these risks are very difficult to mitigate as they go to the root causes of why the Global Fund exists. But improvements in the Global Fund s own processes do contribute to this mitigation. In addition to the New Funding Model itself, these improvements include initiatives in procurement; CRG; financial risk management; policy development at the Secretariat; better differentiation of Secretariat processes; better risk management including the Risk and Assurance work; supply and data management, and many others. The Operational Risk Management process is designed to capture and report on the improvements actually realized over time at grant level from all of these initiatives. 34. In May 2012, the risks considered to be the highest were: a. Misuse of funds (now a medium risk) b. Treatment disruptions due to inadequate supply management (still a high risk in 2014) c. Talent constraints in the Secretariat (no longer an important risk in 2014) d. Poor data quality at the program level (now a medium risk) e. Ability to attract sufficient funding (now a medium risk) f. Dependence on Global Fund funding (now a medium risk) 35. As can be seen, the risk of misuse of funds is no longer considered a high risk as it was in 2012. Relevant in this context is the level of the detected misuse of funds as reported through audit and investigation reports of the Office of the Inspector General (see Losses and Recoveries report, GF/B32/16). Montreux, Switzerland, 20-21 November 2014 6/7

36. To date, the reported misuse amounts to 1.8% of the $6 billion that the OIG has audited or investigated. This 1.8% consists of the elements Fraud/theft (0.4%); undocumented (0.7%); ineligible expenses (0.6%) and other (0.1%). 37. Of the total 1.8%, to date 0.5% has been recovered in cash while written commitments have been obtained for the repayment of another 0.3%. Write-offs to date have been negligible, and the remaining 1% continues to be pursued by the Secretariat. Updates will continue to be provided to the Board twice a year. OTHER DEVELOPMENTS 38. In addition to the developments and initiatives described above, the Risk Management Department has recently initiated the creation of a platform for risk management practitioners in global health. The intent is to create and maintain a forum where best practices, approaches and tools can be shared and closer collaboration can be explored. 39. A wide group of organizations is participating in this forum, including UNDP, UNAIDS, WHO, UNITAID, PSI, GAVI, DFID, OGAC, GIZ, GMS, ICRC, Hivos, MANGO, PwC, KPMG as well as the Global Fund Developing Country NGO constituency, who earlier already took the initiative to organize regional workshops for civil society implementers, CCM members, local fund agents and Secretariat staff around risk management. Two such workshops were held in 2013, in Bangkok and Cape Town, and three more will take place in 2015, then also involving government implementer representatives. Montreux, Switzerland, 20-21 November 2014 7/7

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback