Risk Management, Oversight and Accountability
HLCM aims to develop a consolidated and trust‐based relationship with Member States on the level and quality of controls in place in the organizations to allow for rationalized oversight, more focus on key risks and better internal resource allocation. The underlying challenge is to derive greater value from the UN’s audit and oversight architecture, by assessing its costs and focusing, in partnership with oversight entities, on strengthening accountability – both corporate and individual ‐ and managing and mitigating risks.
Most UN system organizations have or are in the process of strengthening their internal control and risk management processes. In this regard, HLCM recognizes the strategic value of a collective engagement – to devise effective approaches for the identification of events that could affect the organizations, and in managing risks within the individual organization’s risk appetite, so as to provide reasonable assurance regarding achievement of the organizations’ objectives, while ensuring effectiveness and efficiency of operations, reliability of financial and performance reporting, and compliance with rules and regulations. An important component of this undertaking is represented by the further integration of risk management into the programme planning processes and within the performance dialogue with legislative bodies and Member States.
Reference Risk Management, Oversight & Accountability Model
The proposal for a reference Risk Management, Oversight & Accountability Model was developed by a working group led by UNFPA and UNOPS and approved by the Finance & Budget Network in June 2014. Results from an extensive survey across a sample of HLCM member organizations had guided the development of the Model. The consultative process that led to the finalization of this proposal included all HLCM Networks, as well as UN-RIAS. HLCM endorsed the Three Lines of Defense Model as the reference “Risk Management, Oversight and Accountability Model for common positioning in the UN System with Governing Bodies” at its 28th session in 2014.
The “Three Lines of Defense Model” provides a useful framework for organizations to map out their own processes and identify relationships and responsibilities of different actors with respect to the different lines of defense. This helps all levels of management to fulfill their responsibilities with clarity. Although there are differences between organizations, most can fit into the framework, which can be applied to any organization as a reference model and used to educate stakeholders on the rationale of UN system’s approach in this area.
Common definitions of fraud and presumptive fraud
In the context of the consideration by the General Assembly of the fifth progress report of the Secretary-General on the accountability system in the United Nations Secretariat (A/70/668), the Advisory Committee on Administrative and Budgetary Questions, in its report on the same subject (A/70/770), as endorsed by the Assembly in its resolution 70/255, reiterated its view “that a single agreed definition, across the United Nations system, of what constitutes fraud, as well as cases of suspected or presumptive fraud, is essential in order to develop effective counter-fraud policies to ensure compatibility and comparability of related data across entities and to improve overall transparency”, and reiterated its opinion that CEB “would be best placed to develop such guidance so as to achieve consistent application across all organizations of the United Nations system”.
A Task Force to respond to the mandate of the General Assembly was established by HLCM in 2016. The resulting system-wide definitions of Fraud and Presumptive Fraud were adopted by HLCM at its 33rd Session in March 2017, as follows:
- Common definition of Fraud: “Any act or omission whereby an individual or entity knowingly misrepresents or conceals a fact (a) in order to obtain an undue benefit or advantage or avoid an obligation for himself, herself, itself or a third party, and/or (b) in such a way as to cause an individual or entity to act, or fail to act, to his, her or its detriment”;
- Common definition of Presumptive fraud: “Allegations that have been deemed to warrant an investigation and, if substantiated, would establish the existence of fraud resulting in loss of resources to the Organization”.
Risk Management Forum
At its 35th session in April 2018, HLCM agreed on the need for a joint, cross-functional engagement towards system-wide harmonization of risk management practices, including information sharing on fraudulent behaviors of implementing partners; assessments of risk appetite and risk tolerance; incorporating acceptance of residual risk in organizational policies; implementing smarter upstream controls; examining the costs of controls as compared to the value of the potential loss they are intended to mitigate; and, development of common definitions of risk categories to enable a common approach to reporting risks. As part of this work, the Committee requested the Finance and Budget Network to take the lead in developing a common approach to reporting fraud and presumptive fraud, as well as to review how risk analysis might be incorporated into the budgeting processes of UN system organizations.
HLCM Cross-functional Working Group for Data and Cyber
At the HLCM’s 44th session in October 2022, a Special Dialogue on Value-Based Data Management and Analytics was held. As an outcome of a segment on Data Protection and Data Privacy risk, was the need for a cross-functional working group to be established to provide guidance and definition on approaches to respond to the above risk.
The resulting Cross-functional Working Group for Data and Cyber was therefore formed in order to:
- Deliver a maturity model and roadmap for data risk readiness taking into consideration the draft output from the HLCM segment on Data Protection and Data Privacy risk and along the lines of the RMF’s Reference Maturity Model for Risk Management;
- Develop a common approach and position on ransomware response and potentially other cyber risk matters, in line with the HLCM expected outline to develop common guidelines and tools for cybersecurity;
- Other matters as agreed.
Documents
-
Risk Management, Oversight and Accountability Model
PDF | 671.5 KB