Strengthening ITU Risk Management Framework - CWG-FHR Meeting Report

Slide Note
Embed
Share

The document outlines the Risk Management Policy and Risk Appetite Statement adopted by the Council in 2017, defining ITU's approach towards strategic and operational risks. It addresses risk management in the context of strategic and operational planning, emphasizing key mitigation measures and roles and responsibilities of stakeholders involved in the process.

juni
juni Follow

Uploaded on Aug 06, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Council Working Group on Financial and Human Resources Tenth meeting Geneva, 18 September 2019 Document CWG-FHR-10/8 4 September 2019 English only Strengthening ITU Risk Management Framework COUNCIL WORKING GROUP ON FINANCIAL AND HUMAN RESOURCES (CWG-FHR) 27 August 2019

  2. Risk Management - status

  3. Risk Management Policy & Risk Appetite Statement 3 Adopted in Council 2017 Risk Management Policy - C17/74 Outlines the ITU approach towards strategic and operational risks Defines principles, risk categorization & assessment, monitoring & reviewing and roles & responsibilities Risk Appetite Statement C17/73 Illustrates amount of risk ITU is willing to take to attain its goals and objectives, e.g.: High appetite for risks related to innovation and technological advancement No appetite (i.e. zero tolerance) in the areas of fraud, corruption, illegal acts, and misconduct Complements the ITU risk management policy

  4. Risk Management in the context of Strategic and Operational Planning 4 ITU is addressing risk management in the context of the strategic and operational planning processes PP-18 ITU strategic risks analysis Risk mitigation strategies ITU Strategic Plan 2020-2023 ITU Council 2019 ITU-wide operational risks Key risk mitigation measures Sector-specific risk analysis ITU Operational Plans (for Sectors and the GS) Plan next steps based on: Council discussions IMAC Recommendation Systematic Risk Management

  5. Roles and responsibilities (based on the policy) 5 Title Role The risk owner is accountable for the management of the risk, having the highest interest in the risk being correctly treated, and has the right level of authority to treat the risk accordingly Responsibilities - Accountable for the overall management of the risk, including when the risk is transferred - Decides on the risk mitigation measures - Allocates resources/budget for mitigation actions - Manages risk (re)assessment process - Manages risk reporting process - Facilitates risk management within Bureau or the General Secretariat - Maintains and updates risk list - Consolidates and submits management review and risk reporting - Implements mitigation measure - Provides input for management review and risk list update Risk owner Coordinates risk management process within respective Bureau or the General Secretariat Risk management focal point information for Responsible person/unit for implementing mitigation measure Implements mitigation measure and reports on their implementation to the risk owner Reviews risk on a regular basis and takes decisions related to risk management - Regularly reviews risks, as part of the organization s business processes Takes decisions on the implementation and review of the risk management strategy Senior management team -

  6. Synergies with ORMS project 6 Organizational Resilience Management System (ORMS) Business impact analysis based on the risk registers Assessment and prioritization of key business processes undertaken Need for alignment and creating synergies

  7. Council 2019 on Risk Management

  8. Council 2019 outcomes related to Risk Management 8 Request to further develop the ITU risk model in the context of operational plans, the fraud case and the building project IMAC Report: IMAC will look into what is known as the Three Lines of Defence model in effective risk management and control, and the assignment of appropriate risk ownership The Three Lines of Defence approach represents emerging good practice and is designed to ensure a simple and effective way to enhance communications on risk management and control by clarifying essential roles and duties Rec. 2/2019: IMAC recommends that the secretariat prepare a risk register identifying clear risk owners across Sectors, regions and the General Secretariat ITU management committed to support further developments of the ITU risk model and to improve governance and risk management

  9. Developments at UN level

  10. Developments at the UN level 10 HLCM had set up a Cross Functional Task Force on Risk Management Reference Maturity Model for Risk Management I. Enterprise Risk Management (ERM) Framework and Policy: are the collection of policies, procedures and other documents that together describe how the organisation undertakes its risk management II. Governance and organisational Structure: sets out the internal risk governance structure, the appropriate delegated authority, roles and responsibilities, and organisational entities to assure the effective management of risk III. Process and Integration: Process ensures that risks and opportunities that may affect the delivery of organisational results are effectively identified, assessed, responded to, communicated and monitored as per the ERM framework. Integration ensures that the interaction / interlinkages with related risk sub-processes or other organisational processes are clearly established. IV. Systems and Tools: are the IT components used to record, analyse, integrate and communicate/report on risk information V. Risk Capabilities: are the skills, ability, knowledge and capacity that an organisation has to effectively manage risks to delivery of its results VI. Risk Culture: is evidenced by the shared values, beliefs, and behaviours of the staff and senior management, together with the organisation s demonstrated attitude to risk

  11. Maturity Model for Risk Management in the UN system 11 Advanced LEVEL 4 Leading LEVEL 5 Initial LEVEL 1 Developing LEVEL 2 Established LEVEL 3 - Fragmented/ limited ERM framework - Framework developed but not approved by appropriate authority - ERM framework and risk appetite in place - Escalation processes, ERM integrated in strategic planning - All operational entities - Risk scales for different levels - ERM framework reflects RBM and addressing all operational elements ERM Framework & Policy - Fragmented and informal structure - Accountability for ERM is informal - Risk Governance structure (based on Three Lines of Defense) to oversee ERM - ERM governance structure in place - ERM Committee and entity to oversee is in place - Fully integrated risk governance structure - Chief Risk Officer - Structure applied across all operations - Accountability at each level Governance and Org. Structure - Inconsistencies in methodology - Limited process to assess, monitor and report - Systematic process for risk assessment, response, monitoring, escalation and reporting - Links between internal controls & risks / control effectiveness & risk assessment - RBM and ERM fully aligned - Optimized with pre-defined indicators - Fully integrated risk & opportunity analysis Process and Integration - Risks recorded in various documents - Manual risk assessment / response (spreadsheet) - Consolidated risk register - ERM monitoring and reporting capabilities - Dynamic risk dashboards - Financial risk modelling - Semi-automated operations - Advanced modelling, forecasting and scenario planning tools Systems and Tools - Risk competencies perceived to have little value - Knowledge for certain managers - Indicators presented to senior mgmt. annually - Recognized mgmt. competency - Accurate risk mgmt. information available - Core competency for staff - Dynamic risk information reports across organization - Perfecting risk skills - Dynamic dashboards across organization Risk Capabilities - Limited commitment - Partial consideration of risk factors - Clear expectations, info systematically collected - Risk mgmt. assessed in Staff Performance mgmt. - Risk mgmt. integrated into strategic activities - Systematically collect and communicate information - Org.-wide awareness - Dynamic risk information - Learning from success and failures Risk Culture

  12. Way forward

  13. Maturity Model for Risk Management in the UN system Current assessment Desired status 13 Advanced LEVEL 4 Leading LEVEL 5 Initial LEVEL 1 Developing LEVEL 2 Established LEVEL 3 - Fragmented/ limited ERM framework - Framework developed but not approved by appropriate authority - ERM framework and risk appetite in place - Escalation processes, ERM integrated in strategic planning - All operational entities - Risk scales for different levels - ERM framework reflects RBM and addressing all operational elements ERM Framework & Policy - Fragmented and informal structure - Accountability for ERM is informal - Risk Governance structure (based on Three Lines of Defense) to oversee ERM - ERM governance structure in place - ERM Committee and entity to oversee is in place - Fully integrated risk governance structure - Chief Risk Officer - Structure applied across all operations - Accountability at each level Governance and Org. Structure - Inconsistencies in methodology - Limited process to assess, monitor and report - Systematic process for risk assessment, response, monitoring, escalation and reporting - Links between internal controls & risks / control effectiveness & risk assessment - RBM and ERM fully aligned - Optimized with pre-defined indicators - Fully integrated risk & opportunity analysis Process and Integration - Risks recorded in various documents - Manual risk assessment / response (spreadsheet) - Consolidated risk register - ERM monitoring and reporting capabilities - Dynamic risk dashboards - Financial risk modelling - Semi-automated operations - Advanced modelling, forecasting and scenario planning tools Systems and Tools - Risk competencies perceived to have little value - Knowledge for certain managers - Indicators presented to senior mgmt. annually - Recognized mgmt. competency - Accurate risk mgmt. information available - Core competency for staff - Dynamic risk information reports across organization - Perfecting risk skills - Dynamic dashboards across organization Risk Capabilities - Limited commitment - Partial consideration of risk factors - Clear expectations, info systematically collected - Risk mgmt. assessed in Staff Performance mgmt. - Risk mgmt. integrated into strategic activities - Systematically collect and communicate information - Org.-wide awareness - Dynamic risk information - Learning from success and failures Risk Culture

  14. Recommended actions Current assessment Desired status 14 Advanced LEVEL 4 Leading LEVEL 5 Initial LEVEL 1 Developing LEVEL 2 Established LEVEL 3 1. All org. & operational entities involved (HQ, programmes, ROs) 2. Risk registers and org-wide scale levels (assessment & rating) ERM Framework & Policy Governance and Org. Structure 3. Setting up a risk governance structure 4. Staff accountability for managing risks Process and Integration 5. Establish systematic risk mgmt. process 6. Review internal control effectiveness against risks 7. Develop org. wide risk register and risk mgmt. dashboards 8. Strengthen capacity of staff to manage risks 9. Integrate risk management in Staff Performance Management system 10.Systematically communicate and report on risk information Systems and Tools Risk Capabilities Risk Culture

  15. Way forward 15 By Council 2020: Develop a risk model incorporated into the ITU planning framework Sep 2019: CWG- FHR feedback from membership Review the framework and Report to PP-22 By end of 2019: Review the ITU RM framework (incl. benchmarking with UN model) By Council 2021: Develop the Plan and Implement the new framework Status reports to IMAC, CWG-FHR and Council

Related


Practical Information for ITU-R Physical Meetings with Remote Participation

Practical Information for ITU-R Physical Meetings with Remote Participation

sirius
Understanding Risk Management in Environmental Geography and Disaster Management

Understanding Risk Management in Environmental Geography and Disaster Management

duke
Overview of ITU-R Vision, Mission, and Objectives

Overview of ITU-R Vision, Mission, and Objectives

raven
Insights from ITU's Online Academia Consultation

Insights from ITU's Online Academia Consultation

rosaline
Project Risk Management Fundamentals: A Comprehensive Overview

Project Risk Management Fundamentals: A Comprehensive Overview

franky
Practical Information for ITU Meeting in Managua, Nicaragua

Practical Information for ITU Meeting in Managua, Nicaragua

tia
Comprehensive Overview of Market Risk Management Framework in Financial Institutions

Comprehensive Overview of Market Risk Management Framework in Financial Institutions

anahi
Overview of ITU-T Study Group 2 Activities 2017-2021

Overview of ITU-T Study Group 2 Activities 2017-2021

emilie
August 2013 FSAN Meeting in Bad Nauheim, Germany: Schedule and Details

August 2013 FSAN Meeting in Bad Nauheim, Germany: Schedule and Details

agold
Principles of Risk Management in Therapeutic Innovation

Principles of Risk Management in Therapeutic Innovation

luqman
Insights from Fifth ITU Workshop on Network 2030 in Geneva, Switzerland

Insights from Fifth ITU Workshop on Network 2030 in Geneva, Switzerland

kon_nin
Comprehensive Overview of Security Risk Analysis and Management

Comprehensive Overview of Security Risk Analysis and Management

toula
New Risk Management and Internal Audit Framework for Local Councils in NSW

New Risk Management and Internal Audit Framework for Local Councils in NSW

rico
ITU AI/ML in 5G Challenge Overview

ITU AI/ML in 5G Challenge Overview

briana
Child Online Safety Initiatives in Kenya: Presentation at the 2019 ITU Council Working Group

Child Online Safety Initiatives in Kenya: Presentation at the 2019 ITU Council Working Group

laceymae
Strengthening Utility Systems in Ethiopia for Improved Performance

Strengthening Utility Systems in Ethiopia for Improved Performance

shoshana
Progress Update on NR V2X Working Items in 3GPP Meeting

Progress Update on NR V2X Working Items in 3GPP Meeting

nalde
Region One ESC Bilingual Directors Meeting - Strengthening Community Engagement

Region One ESC Bilingual Directors Meeting - Strengthening Community Engagement

midori
LNF Scientific Committee Meeting Update

LNF Scientific Committee Meeting Update

adrield
The Actuarial Association of Europe and Its Risk Management Committee

The Actuarial Association of Europe and Its Risk Management Committee

kaya
Introduction to Flood Risk Assessment with HEC-FDA Overview

Introduction to Flood Risk Assessment with HEC-FDA Overview

theia
Understanding Country Risk Analysis in International Business

Understanding Country Risk Analysis in International Business

aramis
Operational Risk Assessment for Major Accident Control: Insights from IChemE Hazards 33 Conference

Operational Risk Assessment for Major Accident Control: Insights from IChemE Hazards 33 Conference

juelz
Understanding Agricultural Risk Management in the Face of Natural Disasters

Understanding Agricultural Risk Management in the Face of Natural Disasters

sven

More Related Content

Risk Management Strategies in Organizational Security
Risk Management Strategies in Organizational Security
Corporate Risk Register Dashboard Reporting
Corporate Risk Register Dashboard Reporting
Understanding the Patient Safety Incident Response Framework (PSIRF)
Understanding the Patient Safety Incident Response Framework (PSIRF)
Fundamentals of Portfolio Management and Risk Aversion in Investing
Fundamentals of Portfolio Management and Risk Aversion in Investing
Summary of 21st JPB/NCDP Meeting on Good Governance and Sustainable Development
Summary of 21st JPB/NCDP Meeting on Good Governance and Sustainable Development
Insights on Enterprise Risk Management in the Non-Life Insurance Sector
Insights on Enterprise Risk Management in the Non-Life Insurance Sector
Cybersecurity and Supply Chain Risk Management Best Practices
Cybersecurity and Supply Chain Risk Management Best Practices
Enhancing Zoonotic Disease Risk Communication in Public Health Emergencies
Enhancing Zoonotic Disease Risk Communication in Public Health Emergencies
Understanding Probabilistic Risk Analysis: Assessing Risk and Uncertainties
Understanding Probabilistic Risk Analysis: Assessing Risk and Uncertainties
Republic of South Africa (RSA): COSO Components 2 & 3 with 3 Lines of Defence Approach
Republic of South Africa (RSA): COSO Components 2 & 3 with 3 Lines of Defence Approach
Strengthening Road Management in Jamaica: Lessons Learned and Recommendations
Strengthening Road Management in Jamaica: Lessons Learned and Recommendations
Revised Municipal Accreditation Framework 2023 Overview
Revised Municipal Accreditation Framework 2023 Overview
Overview of Framework-based Regents Examination in Global History and Geography II
Overview of Framework-based Regents Examination in Global History and Geography II
Lancashire Assessment and Planning Framework: Enhancing Child Welfare Through Comprehensive Assessments
Lancashire Assessment and Planning Framework: Enhancing Child Welfare Through Comprehensive Assessments
Falls Risk Assessment and Management Plan (FRAMP) Process Overview
Falls Risk Assessment and Management Plan (FRAMP) Process Overview
Stakeholders Networking for Multi-Risk and Climate Resilient Disaster Management in Slovakia
Stakeholders Networking for Multi-Risk and Climate Resilient Disaster Management in Slovakia
National Industrial Security Program (NISP) Risk Management Framework (RMF): Cybersecurity Overview
National Industrial Security Program (NISP) Risk Management Framework (RMF): Cybersecurity Overview
Inter-Cluster Coordination and Information Management in Humanitarian Emergencies
Inter-Cluster Coordination and Information Management in Humanitarian Emergencies
Understanding Market Risk and Risk Management Techniques
Understanding Market Risk and Risk Management Techniques
South East England General Histopathology EQA Scheme Case Discussion Round Q
South East England General Histopathology EQA Scheme Case Discussion Round Q
IEEE 802.11-24-00727r1 Vice Chair Report - May 2024 Interim Meeting in Warsaw
IEEE 802.11-24-00727r1 Vice Chair Report - May 2024 Interim Meeting in Warsaw
Annual Report 2022/2023 - Members' Meeting on Thursday, October 19, 2023
Annual Report 2022/2023 - Members' Meeting on Thursday, October 19, 2023
Real-world Road Test Status Report and Meeting Summary
Real-world Road Test Status Report and Meeting Summary
Guideline for Statin Management in High-Risk Groups - 2018 ACC/AHA
Guideline for Statin Management in High-Risk Groups - 2018 ACC/AHA