Risk Management 2.0 –
Minimising risk,
averting damage
It is critical for GIZ and its staff to deal with risks in a sensible way and avert risk where possible. Risk management at GIZ is thus based on four pillars: avoid, minimise, transfer and accept. That’s why we introduced Risk Management 2.0 in 2018, thus establishing a standardised process.
GIZ enjoys a high level of trust. We receive funds from the German federal budget, international organisations and other sources. In order to optimise the impact of the measures financed in this way, GIZ has implemented a risk management system that covers all levels of the value creation process. The resulting systemic handling of risks is laid out in GIZ’s risk management handbook, which is available to all employees on the intranet.
GIZ’s risk management system aims to record and manage all risks that could have an adverse impact on GIZ’s current or future development. To achieve this, we need to determine the probability of the risk occurring and the potential damage that would entail.
TAKING APPROPRIATE ACTION ON A TIMELY BASIS
The risk management system aims to encourage and ensure more responsible handling of risks and opportunities. This allows effective measures to be taken at an early stage to avoid, reduce or transfer risks, thus limiting the scale of any damage in the event of a risk occurring. GIZ assigns risks to a total of nine risk categories listed in its risk catalogue. Commercial risks and reputational risks are two of these categories.
GIZ has a Risk Management Unit that was part of the Finance Department up until September 2018 when it became part of the Corporate Development Unit. Known as the Risk Management Section, within the Strategy, Risk Management and Policy Division, its role is to establish closer links to the Corporate Strategy. In addition to the risk management system, the new Risk Management Section also heads the company-wide coordination structure for external audits and explicitly handles audits conducted by Germany’s supreme audit institution.
To keep the risk management system up to date, the Risk Management Section engages in regular dialogue with international consulting companies and works closely with the Compliance and Integrity Unit.
RISK MANAGEMENT PROCESS AT COMPANY LEVEL
The Risk Management Section carries out a company-wide survey every six months to identify new risks and changes to known risks (e.g. damage reports and end-of-status reporting) and to keep track of risk management measures already initiated. Independently of this survey, organisational units can make use of the ad-hoc risk reporting instrument at any time.
At its six-monthly meetings, the Risk Management Board discusses risks that might have an adverse impact on GIZ’s development. The Risk Management Board consists of:
- A member of the Management Board (chair)
- Managers from the first managerial level as representatives of the departments and corporate units
The Risk Management Board can propose measures to the GIZ Management Board to deal with risks affecting the company.
RISK MANAGEMENT 2.0
In 2018, GIZ introduced Risk Management 2.0 throughout the company, establishing a standardised process in which risks are systematically addressed even at project level. The process is guided by the traditional steps of risk management:
- Identify and describe risks
- Evaluate and analyse risks
- Define how risks are addressed and develop suitable countermeasures
- Report risk to the next management level.
Risk dialogue is another important element. It offers a forum for different levels of management to exchange information about risks and how they are addressed, and take decisions about the level at which risk is managed. Risks that can no longer be handled by the person reporting the risk are passed on to the next higher management level. In doing so, GIZ manages risks at the appropriate level for their relevance. The Risk Management Committee deals with risks that are passed up to corporate level. The Committee prepares risks for discussion or decision-making in the Risk Management Board (see above).
A professional security risk and crisis management system is a top priority for us because that is how we protect our employees.
We fight corruption together because our global reputation as a trustworthy company is a key factor in our success.