We promote responsible risk management
ASSESSING RISKS PROPERLY IN ORDER TO MANAGE RISKS PROPERLY IS KEY TO GIZ’S WORK. THE CORRECT COURSE OF ACTION MAY BE TO AVOID, MINIMISE, TRANSFER OR ACCEPT RISK. GIZ THEREFORE DEFINES THE PROMOTION OF RISK MANAGEMENT AT ALL HIERARCHICAL LEVELS AS A MANAGERIAL TASK.
Our clients and commissioning parties place a great deal of trust in us; we receive funds from the federal budget and from international organisations. In order to optimise the impact of the measures financed in this way, GIZ has implemented a risk management system. This covers all levels of the value creation process. The resulting systemic handling of risks is described in GIZ’s risk management handbook, which is available to all employees on the intranet.
GIZ’s risk management system aims to record and manage all risks that could have a negative impact on GIZ’s current or future development. To achieve this, we need to determine the probability of the risk occurring and the potential damage that would entail.
TAKING APPROPRIATE ACTION ON A TIMELY BASIS
The risk management system aims to encourage and ensure responsible handling of risks and opportunities resulting from specific issues. This allows effective measures for avoiding, reducing or transferring risk to be initiated at an early stage, thus limiting any (potential) damage in the event of a risk occurring.
GIZ assigns risks to a total of nine risk categories that are described in its risk catalogue. Examples of these categories include commercial risks and reputational risks.
GIZ has a Risk Management Unit that is part of the Finance Department. To keep the risk management system up to date, the Risk Management Unit engages in regular dialogue with international consulting companies. It also works closely with the Compliance and Integrity Unit.
RISK MANAGEMENT PROCESS AT THE COMPANY LEVEL
The Risk Management Unit carries out a company-wide survey every quarter to identify new risks (or damage) and changes to known risks and to keep track of risk management measures already initiated. Independently of this survey, organisational units can make use of the ad hoc risk reporting instrument at any time.
In its quarterly meeting, the Risk Management Committee discusses risks that could potentially have a negative impact on GIZ’s development. The Risk Management Committee consists of:
- a member of the Management Board (chair);
- managers from the first managerial level as representatives of the departments and corporate units.
The Risk Management Committee can propose measures to the GIZ Management Board to counteract risks affecting the company.
RISK MANAGEMENT 2.0
In light of the planned introduction of GIZ’s enhanced risk management system – RM 2.0 – in 2018, we began modifying the way risks are recorded at the company level, i.e. in the Risk Management Committee, in the 2017 reporting year. This involved focusing to a greater extent on aggregated risk issues, the thematic relevance of which was based on several individual risk notifications. This enables risk issues relevant to corporate policy at the company level to be monitored and addressed more comprehensively.
In previous reporting years, the primary focus was on individual risk notifications identified as relevant to corporate policy. 2017 can therefore be considered a year of transformation for risk management at GIZ. The Integrated Company Report 2018 will contain more detailed information on RM 2.0.
GIZ has a tried-and-tested and professional security risk and crisis management system. This allows us to ensure safety in fragile contexts and high-risk countries and to protect our staff: Staff safety and security is paramount
New approaches to climate change adaptation: New approaches to climate change adaption