Minimising risk, averting damage
GIZ receives funds from the German federal budget, international organisations and other sources. In order to ensure efficient implementation of projects financed in this way and to achieve the project objectives, the company has developed a risk management system that all managers are bound by. It enables risks to be dealt with systematically throughout the company. The system is described in GIZ’s risk management handbook, which must be used by all managers and members of staff.
GIZ’s risk management system aims to identify and manage risks proactively. In this way, the company prevents targets being missed and services not being provided as agreed. To achieve this, the individuals responsible need to determine the probability of a risk occurring and the potential damage that this would entail.
Taking appropriate action in good time
The risk management system promotes a conscious approach to handling risks and allows them to be recorded and addressed efficiently and effectively. This enables the individuals responsible to take effective measures at an early stage to avoid, reduce or transfer risks, thereby limiting the scale of any damage in the event of a risk occurring. GIZ assigns risks to nine categories listed in its risk catalogue (commercial or reputational risks, for example).
Risk management process at company level
GIZ’s Corporate Development Unit has a dedicated section that deals with risk management. It carries out a company-wide survey every six months to identify new risks and changes to known risks and to keep track of risk management measures already initiated. Independently of this survey, organisational units can report risks on an ad hoc basis at any time.
The Management Board tasks a Risk Management Committee and the Risk Management Board to deal with risks that are relevant to the company as a whole. The Risk Management Committee is comprised primarily of employees in middle management and prepares risk descriptions for discussion and/or decision-making by the Risk Management Board. The Risk Management Board is made up of one managing director and representatives of management level 1 (top management below the Management Board). It discusses the company’s risk situation and determines whether there are any developments that might jeopardise its continued existence. Where necessary, it also submits proposals to the Management Board about how to deal with these risks.
The Corporate Development Unit’s Risk Management Section prepares and runs the meetings of the Risk Management Committee and Risk Management Board, records the results and communicates them to management level 1 and the Management Board.
Risk management process at project and departmental level
GIZ’s risk management strategy is based on a standardised process during the course of which risks are systematically addressed even at project level. The process is geared towards the traditional steps of risk management:
1. Identify and describe risks
The first step involves identifying, naming and recording uncertain events that have the potential to cause negative deviation from (project) goals. The aim of identifying risks is to determine and record the risk itself, its causes, and any potential adverse impact as early on and as comprehensively as possible. Risks can be deduced among other things from existing documents, such as the Safeguards+Gender analyses.
2. Evaluate and analyse risks
Risk assessment enables the relevance of the identified risk to be evaluated more accurately. This assessment is based on a combination of two factors: probability of occurrence and potential damage. This makes it possible to ascertain which risks should be addressed as a priority. Risk analysis involves checking for links between individual risks so that any cluster risks and/or structural risks can be identified at an early stage.
3. Develop suitable countermeasures
Managing identified and assessed risks begins with choosing a suitable management strategy. The risk manager decides on the approach to be taken. The options are to accept the risk, transfer it to third parties, reduce it, or avoid it. The risk manager develops effective and appropriate steering measures and/or medium-term or long-term risk management strategies and implements them.
4. Report risks to the next management level
Another key element of risk management is the mandatory risk dialogue. This allows individuals responsible at different management levels to engage in dialogue about risks and how to deal with them and to decide which level should assume the task of risk management. If the person reporting the risk can no longer manage it, the risk is dealt with by the management level above. In this way, GIZ deals with risks at the operational level closest to the issue in question.
Involving all management levels – from project manager to the Management Board – ensures that there is a systematic decision-making process for high-risk situations. This also ensures that steps are initiated in good time in order to minimise any identified risks.
The Safeguards+Gender Management System
When preparing and implementing international cooperation projects, it is important to make sure that the desired improvements in one area do not lead to an unintentional deterioration in another. Such effects are also referred to as unintended adverse impacts. Following the precautionary principle, we therefore apply the Safeguards+Gender Management System, under which all projects for all commissioning parties are assessed in the planning phase to identify possible unintended adverse impacts in the areas of the environment and climate (greenhouse gas reduction and climate change adaptation), conflict and context sensitivity, human rights, and gender equality. This makes it possible to detect risks at an early stage, identify suitable approaches to managing them and incorporate these approaches into the project design. In the area of gender, the potential for promoting gender equality is also explored.
Since 2020, projects have also received advice on how the impacts of the coronavirus pandemic on gender equality can be taken into consideration. For example, over 50 trainers in Egypt were given the skills they needed to offer pandemic-adapted online courses on empowerment and self-defence for women. A campaign against sexual harassment in public spaces was delivered online at short notice and reached over 50,000 people. In collaboration with more than 50 businesses in Tunisia and Egypt, online placements and mentoring were organised, giving some 250 school students information about opportunities to work in leadership positions in mathematics, IT, natural sciences and technology (also know as the MINT sector).
Any risks identified by the Safeguards+Gender Management System are managed at project level. This system was used in 2020 to examine 299 project proposals and to identify risk-mitigating adjustments. A total of 27 projects were classified as having the highest level of risk. This classification means that the GIZ Management Board must approve implementation of the project and regularly review the level of risk and any adjustments during the course of project implementation. In this way, GIZ’s Safeguards+Gender Management System serves both to improve risk management and safeguard project goals.
Ongoing development of the risk management system
The Risk Management Section engages in dialogue with a range of actors, including international consulting firms, in order to safeguard and continually enhance the effectiveness of GIZ’s risk management system. GIZ is always alert to changing internal and external requirements. The people responsible for risk management work on an ongoing basis to develop the formats, instruments and methods for managing risks and reporting on them at company level.
GIZ has also launched a project on digitalising the risk management process. The goal is to introduce integrated risk management (IRM) software. It is scheduled to be procured in 2021 and rolled out company-wide in 2022.
Information on the following Sustainable Development Goals (SDGs) can be found on this page: