Managing risks, averting damage
At the end of November 2021, GIZ’s Management Board decided on a risk policy. It sets out GIZ’s basic stance on managing risks and indicates that taking risks is indispensable to achieve GIZ’s goals. It encourages staff and managers to take entrepreneurial action.
With its risk management system, GIZ meets both legal provisions and the requirements of different commissioning parties. It receives funds from the German federal budget, international organisations and other sources. To use these funds efficiently to implement projects and achieve the objectives of these projects, the company has developed a risk management system that all managers are bound by. The system ensures that risks are handled systematically across the company, and is part of GIZ’s internal rules and regulations.
GIZ’s risk management aims to identify risks in advance and to manage them at the appropriate operational level. This prevents us missing targets or being unable to deliver services as agreed. The officers responsible must establish how likely it is that certain risks will become reality, and what potential damage the risks could cause.
Taking appropriate action in good time
The risk management system promotes risk awareness and allows GIZ staff to identify and deal with risks on the basis of standardised procedures. This in turn enables those responsible to initiate effective corrective action in good time to avoid, mitigate or transfer risks, thereby limiting the scale of any potential damage in the event of a risk occurring.
GIZ classifies risks according to the company’s own risk catalogue, which covers many areas including security, operational and commercial risks. The risk catalogue lays out potential environmental, climate, social and sustainability risks, including human rights risks, as well as risks associated with anti-corruption and compliance.
Process at company level
A dedicated section within GIZ’s Corporate Development Unit is responsible for risk management. Every six months, it runs a company-wide survey to identify any new risks and any changes to known risks. The survey also asks what steps have been taken to manage risks. Irrespective of this survey, organisational units are free to report ad hoc risks at any time.
The Management Board tasks GIZ’s Risk Management Committee and Risk Management Board to deal with risks that are relevant to the company as a whole. The Risk Management Committee, comprising mainly middle management staff, prepares the risk-related issues for discussion and/or decision-making by the Risk Management Board. The Risk Management Board comprises one managing director and representatives of management level 1 (senior management below the Management Board). It discusses the company’s risk situation and determines whether there are any developments that might constitute a threat to its continued existence. If necessary, it recommends to the Management Board ways of dealing with these risks.
Process at project and departmental level
GIZ’s risk management strategy is based on a standardised process in which risks are systematically addressed even at project level. The process is aligned with the traditional steps in risk management:
By involving all levels of management, from project managers to the Management Board, GIZ ensures that a systematic approach is taken to decision-making for high-risk situations. This also guarantees that steps are taken swiftly to minimise any identified risks.
The Safeguards+Gender management system
When preparing and implementing international cooperation projects, it is important to make sure that the desired improvements in one area do not result in any unintentional deterioration in other areas. Effects of this sort are also termed unintended adverse impacts. In line with the precautionary principle, the projects of all commissioning parties that are planned within the framework of the Safeguards+Gender management system are checked at the preparatory stage for possible unintended adverse impacts with respect to the environment, climate (reduction of greenhouse gas emissions and adaptation to climate change), conflict and context sensitivity, human rights and gender equality. This allows us to detect risks at an early stage, identify appropriate management approaches, and integrate these into the project design. In the area of gender, the potential for promoting gender equality is also explored.
If the Safeguards+Gender management system identifies risks, they are handled by risk management at the project level. With the help of this system, a total of 313 project proposals were examined in 2021, and risk-mitigating modifications identified. A total of 27 projects were deemed to be in the top risk category, meaning that GIZ’s Management Board must approve the implementation of the project and that any development of the risks and modifications made in the course of project implementation are regularly monitored. GIZ’s Safeguards+Gender management system thus serves both to enhance risk management and to ensure projects achieve their objectives.
Ongoing development of the risk management system
GIZ refines its risk management system on an ongoing basis to ensure that it continues to operate effectively and to keep an eye on changing requirements inside and outside the company. The Risk Management Section engages with organisations and international consultancy companies. One outcome is the creation of a risk policy for GIZ.
The Risk Management Section also develops the formats, instruments and methods used to deal with risks and to report on risks at corporate level on an ongoing basis. With the aim of digitalising GIZ’s internal processes, integrated risk management (IRM) software is currently being procured, and will be configured and piloted in 2022 and introduced throughout the company in 2023. The IRM software will cover the following priority areas:
- Corporate risk management
- Information security risk management (in line with ISO 27001)
- Management of internal and external controls, audits and evaluations
Management of a wide variety of incidents (including compliance incidents).
Information on the following Sustainable Development Goals (SDGs) can be found on this page: