The Risk Management Framework, which was approved internally on October 9, 2017, consolidates GGGI’s risk management and establishes a registry of risks with mitigation measures. GGGI will review the Risk Management Matrix semiannually and report semiannually on risk management to the Management and Program Sub-Committee (MPSC) of the Council and annually to the Council in the Annual Report.
The Risk Management Framework provides description of risks that the Institute faces with indications of the rating and ranking system.
Should you have any questions, please do not hesitate to contact Ms. Sirpa Helena Jarvenpaa, Director of Strategy, Partnerships and Communications, Office of the Director-General (email@example.com; +82 70 7117 1179).
Risk Management Framework
Summary: The Global Green Growth Institute (GGGI) has managed risks under 6 risk headings since 2015. Risks faced by GGGI include risks related to the organization and its reputation, operational program and portfolio, finance, legal, information technology and data, human resources, and work environment. Adoption of a Risk Management Framework consolidates GGGI’s risk awareness and risk management culture, establishes a registry of risk mitigation measures and a risk management architecture. In accordance with the Agreement of Establishment, under guidance of the Assembly of GGGI’s members, the Council of GGGI as the executive organ of GGGI, is responsible for directing the activities of GGGI, including risk management. The Assembly appoints a Director General, who is responsible for implementation of the Council’s directions, given in GGGI’s Strategy and Work Plan and Budget. The Director General oversees implementation of the risk management framework and reports biannually on risk management to the Management and Program Sub-Committee of the Council, and publicly to the Council in the Annual Report.
1. The Global Green Growth Institute’s (GGGI’s) risk management framework harnesses GGGI’s institutional culture of risk awareness, assessment of risks, and active risk management. This risk management framework (RMF) consolidates the existing guidance on risk mitigation and provides a monitoring framework for risk management. Its Establishment Agreement empowers GGGI with a mandate to instigate bold steps by the developing and emerging countries to integrate green growth models into their development plans and investment proposals. This operational mandate is compatible with a value proposition that inherently requires appetite for calculated risks. It has been, therefore, critical for GGGI to foster a robust culture of risk awareness and risk management in its corporate management.
2. The purpose of the RMF is to register risks faced by GGGI. It provides a statement of its risk appetite, i.e. the extent to which risks are acceptable to GGGI. It consolidates risk mitigation measures, which, in turn, are implemented through daily operations of GGGI, and it assigns accountabilities for carrying out the specific risk mitigation measures.
II. Purpose of Risk Management Framework
GGGI’s Revised Financial Regulations1 require GGGI to establish a risk management process as an internal oversight and control measure in its Article 9.1, as follows:
“The Director-General shall maintain a risk-management system to manage and control financial and other types of risks, including the identification, evaluation, and measurement of possible impact on the GGGI, and the selection and maintenance of various solutions to mitigate risk.”
4. The RMF provides a vehicle for a risk management system, a guide for managing corporate and operational risk identification, evaluation, and impact measurement. The RMF defines the risks and risk categories in detail, which have been identified in GGGI’s regulations and policies2 under each category of risks, e.g. operational risks have been identified in the project and program logical frameworks in GGGI’s Enterprise Resource Management System, financial risks are set out in the Revised Financial Regulations, human resources risks in the Staff Rules and Regulations. Risk owners and accountabilities have been determined by assessing the staff
positions and units with most control of the factors that impact on the potential of the risk materializing. In a situation, where the risks escalate to a high likelihood of occurrence with a high impact on GGGI, the Management Team would support the Director General to identify options for reducing the probability of risk from occurring and the impact on the organization, and act upon these risk mitigation measures, in consultation with MPSC and the Council.
III. Risk Appetite: Likelihood and Impact
5. The Council of Members is responsible for setting GGGI’s risk appetite. The Council recognizes that GGGI’s mandate calls for it to take calculated risks in its operational program as it strives to identify and champion novel green growth concepts and pioneer technology applications, which are inherently risky. GGGI’s programs reflect the rapidly advancing research and development in the green growth arena, and GGGI implicitly needs to be nimble and take forerunning positions. Compared with its traditional peers, GGGI’s risk appetite is, subsequently, greater than suggested by the volume of its budget and its organizational size, and therefore greater than that of its peer agencies. Where risks are acceptable for private sector financing, these do not call for GGGI’s support. Central to GGGI’s mandate is to identify high risk-high return initiatives, projects that inherently involve greater risks. The need for their de-risking to enable private sector and traditional financiers’ participation is essential to GGGI’s mandate. In light of such a progressive business model, the Council and GGGI are aware that its project failure rate exceeds that of conventional development agencies and other peer organizations. GGGI aims to gain significant ground with innovative models that move the green growth agenda forward and through replication and expansion of models that work and initiatives that are successful, GGGI strives advancement toward its strategic outcomes.
6. However, in corporate management, GGGI applies strong risk management practices, with prudent business processes, and efficient and effective resource management. GGGI has adopted various policies to ensure robust administrative and corporate management, including through this RMF. GGGI practices zero tolerance with respect to fraud, corruption, coercion, and collusion; 3 and assures staff rights to work environment free of discrimination and harassment.4
7. The Management rates specific risks by the degree to which these are likely to become a reality. These translate to traffic light terminology (see Table 1) of high, medium, and low, depicted with colors red, amber, and green:
Table 1. Risk Likelihood – Likelihood of occurrence Risk Likelihood
High – H (red)
The risk is highly likely to materialize beyond the risk tolerance level identified for the risk in the next 12 months, and additional risk mitigation action is required immediately.
Medium – M (amber)
The risk is managed only partly and may breach of tolerance level identified for the risk in the next 24 months, and thus requires additional measures to reduce the risk rating to green.
Low – L (green)
The risk is managed well and is unlikely to materialize in the next 36 months. Ongoing risk management and monitoring will be continued.
8. Risks are also assessed by the potential impact of the risks disrupting the operations of GGGI in case they materialize (see Table 2). Risk impact assesses risks by priority and the relative importance to GGGI’s operations.
Table 2. Risk Impact – Capacity of the Risk to Disrupt GGGI Operations Risk Impact
High – H (high)
Risk has high potential to disrupt operations of GGGI.
Medium – M (medium)
Risk has the medium potential to disrupt or hinder achievement the objectives of the Institute in a timely and efficient manner.
Low -L (green)
Risk is low in terms of its impact on operations, but may cause delay and inefficiencies.
- IV. Risk Management Process and Architecture
9. Council is responsible for setting GGGI’s risk appetite. Risk management process at GGGI involves the Management and Program Sub-Committee (MPSC),5 as the Council sub-committee charged with an advisory role for reviewing and guiding GGGI’s internal oversight, including risk management through its 6-monthly meetings. This involves a review and provision of advice on the appropriateness of the risk assessment, effectiveness, and adequacy of risk mitigation and management. The Director-General is responsible for executing the Council’s directions as given in the Strategic Plan and the Work Plan and Budget, as advised by the MPSC.
5 C/2016/DC/10. Decision on the Terms of Reference of the Management and Program Sub-Committee: The MPSC has been established by the Council to “advise the Council in carrying out its responsibilities in overseeing the Global Green Growth Institute” in the areas of financial reporting and audit, programmatic activity, and partnerships, and internal oversight.
10. Management of risks is an institutional responsibility. The Deputy Director General serves as a champion of risk management awareness and culture a risk champion with a responsibility to foster risk awareness culture in GGGI. Each risk category involves a specific risk manager responsible for mitigation of the risk. Directors and Deputy Division Heads execute risk mitigation measures and risk assessments. Staff of GGGI implement risk mitigation measures in their daily work. Risk management framework is monitored by the Management Team. The Director General is responsible for overall risk management and reports on risk management semiannually to MPSC and publicly to the Council through the Annual Report. GGGI’s Audit Unit reviews the adequacy of internal controls for risk management and the risk management framework.
V. Risk Registry, Mitigation and Accountability
11. This section describes GGGI’s risk registry and risk management. Risks faced by GGGI include risks related to its organization and reputation, operational program and portfolio management, finance, information technology (IT) and data, legal, human resources, and work environment. These risks outlined in this section of the RMF are registered in detail in Annex 1, which also provides risk accountabilities.
1. Organizational Risk
12. GGGI is an Agreement-based organization established in 2012 as an international organization under an Assembly of Members, comprising of signatory member countries and regional organizations, and an executive supervision of a Council, responsible for directing the activities of GGGI. The Assembly has appointed a Director-General, who executes GGGI’s strategy, annual work program and budget; administers admission of members; and manages the
Institute’s use of resources to generate the results mandated by the Council for GGGI through its activities in the areas agreed in the Establishment Agreement. The organizational risks are identified as follows:
Organizational Governance: GGGI’s Director-General is supported by 3 executives, namely Deputy Director General, 2 Assistant Director Generals, and 5 departmental directors. Risk of loss of executives is mitigated by a published delegation of authority,6 involving the management team and the extended management team, with 9 and 25 of members, respectively; and risks to GGGI from overlapping absence of executives is mitigated through the published Guidelines on the Continuation of Management Functions during Absences of Incumbents and for Vacant Positions.7
6 2016. GGGI. Delegation of Authority. Version 02 –15April 2016. http://gggi.habitatseven.work/site/assets/uploads/2017/11/GGGI-DELEGATION-OF-AUTHORITY-_-APPROVED-VERSION-Effective-1-September-2017-_-Updated-4-September-2017.pdf
7 2017. GGGI. Guidelines for Continuation of Management Functions. http://gggi.habitatseven.work/site/assets/uploads/2017/11/Guidelines-Continuation-of-Management-Functions-OIC_102416.pdf
8 See The Refreshed Strategic Plan 2015-2020
Membership Expansion: Accepting new participating members is ingrained in the Establishment Agreement of GGGI, as a new organization with a demand-based mandate. Concurrently, however, this poses an expansion risk with respect to the GGGI’s capacity to respond to the demand for green growth services through its financial and human resources capacity. In addressing this risk, GGGI takes a prudent position by carefully programming operations in new partner countries based on its value chain approach that commences a new partner relationship through a thorough assessment of needs and identification of commitment of the new partner to green growth objectives. In addition, GGGI alleviates this risk with an objective to increase the number of contributing members in tandem with expansion in participating (non-contributing) members.
Strategic alignment: Institutional overstretch risk is manifested in the potential for program diffusion and spreading of resources too thinly to generate the desired corporate results, identified in GGGI’s corporate results framework (CRF). This risk is mitigated by a clear definition of its operational scope in its Refreshed Strategic Plan 2015-2020, which aligns its operations with 6 strategic outcomes that connect GGGI’s operations to its partner countries’ commitments for the Nationally Determined Contributions and Sustainable Development Goals.8
Policy compliance: GGGI is governed under a policy framework that consists of Assembly and Council approved regulations. These are supported by rules, procedures, and guidelines approved by the Director-General. Staff training is provided on a recurrent basis for staff to remain current and capable of undertaking their functions in compliance with the prevailing policy framework. Policy compliance is an accountability of the all staff under supervision of the unit heads and the Management Team as defined in the policy documents publicly posted in the GGGI website.9 Audit oversees policy compliance through its annual program of work.
Review of Audit. GGGI undertakes a review of its audit function periodically to ensure that the scope and rigor of audits conforms with international standard and audit functions of its peer agencies. This process ascertains that GGGI benefits from neutral and incisive
audits capable of reviewing and investigating all areas of GGGI’s operations and resource utilization.
2. Operational Program and Portfolio Risk
13. GGGI implements country specific and global projects in developing and emerging countries. These are funded from its core (unrestricted) and earmarked (restricted) resources awarded to GGGI by cofinancing partners and member governments, respectively. GGGI signs Country Planning Frameworks (CPFs) with its government counterpart agencies, which outline conclusions of substantive assessments in accordance with its green growth value chain approach and agreements of government counterpart agencies, and thus, setting out the rationale and content for GGGI’s program in the country context. GGGI projects are managed through output-based budgets and CRF that links project outputs and intermediate outcomes with GGGI’s strategic outcomes. The following risks are identified in its country operations.
Political commitment. CPFs, project logical frameworks, and risk assessments identify political commitment of GGGI participating member countries. This underpins the Government counterpart participation in GGGI’s programs and projects, including counterpart funding commitments. The Country Representatives constantly monitor the materialization of country commitments and propose actions to strengthen these.
Funding commitment. Funding for GGGI programs and projects is sourced from core, earmarked, and counterpart funds. The availability of funds under each source is subject to risks. These risks are identified at country and project level for earmarked and counterpart funding, and for core funding, at by GGGI resource mobilization and financial units. These risks are mitigated in the annual planning for funding scenarios, captured through in the Work Plan and Budget process for discussion with MPSC and the Council.
Program design and implementation. An operational risk that GGGI programs fail to yield results due to weak design or implementation in addition to other intervening developments may compromise GGGI’s reputation and funding. GGGI’s Project Cycle Management (PCM) manual serves as a quality control system for program design and implementation, which relies on substantive and robust project level logical frameworks that register individual project specific risks and mitigation measures. This mitigation is strengthened with a robust management of the PCM, regular staff training, filling skills gaps, regular oversight of program implementation, annual portfolio reviews, compliance auditing and implementation of the Auditor’s recommendations as well as those of the independent evaluations commissioned by the Impact Evaluation Unit.
Results reporting. Shortcomings in efforts to communicate GGGI’s results and strategic outcomes effectively to key stakeholders, particularly to members and donors, may compromise GGGI’s reputation and funding. Comprehensive public annual reporting includes a report of results at the corporate level against the CRF and at project level against project log frames, through GGGI’s website, and the International Aid Transparency Initiative. The independent evaluation of impacts of GGGI’s programs, managed by the Impact Evaluation Unit, to is a key mitigation measure to enhance credibility of result reporting.
3. Financial Risks
14. GGGI was established in 2012 with unrestricted core funding from contributing members. Use of GGGI’s core resources is approved by the Council in biannual work plans and budgets. GGGI’s financial accounts are annual and are audited annually by external auditors, selected for a 5-year term by the Council. Since its establishment, GGGI has augmented its core resources with projects financed by donors’ earmarked funding restricted to finance project activities agreed under the specific grant agreements.
Funding model: Green growth model and technology application is in high and rapidly growing demand. GGGI’s capacity, however, is constrained by its funding, organizational development, and small staff. GGGI is taking steps to strengthen its operations with additional staff, which has seen rapid growth and received intensive training. With the voluntary core contributions and competitive access to earmarked funding, volatility is introduced to its funding model. GGGI reviews its financial capacity with MPSC in 6-monthly meetings and is preparing a partnership and resource mobilization action plan to take steps toward a more sustainable funding mechanism and management of operational and administrative resources. To safeguard its finances, it has built financial reserves for working capital to mitigate irregularities and volatility in contributions. In addition, through active human and financial resource management, GGGI is able to expand and reduce its operations to its funding possibilities as opportunities arise.
Fraud, Corruption, and Unethical Behavior: GGGI has approved policies to safeguard its operations from fraud, misuse of funds, and corruption. However, GGGI management acknowledges need for active lookout for these risks in all areas of operations. Staff receive frequent training and are competent to control and foresee such risks. In addition, GGGI has established a whistle-blower mechanism to facilitate staff reporting of malfeasance. Periodic audits and incorporation of auditor’s comments into operations aim to provide for continuous strengthening of its fiscal and resource management. Establishment of an ethics process and officer in the Office of the Deputy-Director General facilitates a due process to address inadvertent interaction among staff.
4. Information Technology, Data Risks and Asset Management
15. GGGI aims to ensure cost effective connectivity and collaboration among staff and creation of virtual knowledge networks. The foremost IT and data risks are the following:
Data Security and Protection. Compliance of core information systems with security and data protection standards is critical for business continuity. All GGGI’s information systems are in Cloud Technology Platforms and Enterprise Mobility and Security has been installed in all GGGI’s computers. Third party reviews are carried out to ensure compliance.
Data Recovery and System Availability. Availability of the core systems and network services are also a significant element in GGGI’s business continuity strategy. A service level agreement has been established with a service provider to ensure best practice cloud services and appropriate network redundancy, which enables a disaster recovery procedure of GGGI’s data anywhere in the world. Disaster recovery mitigating measures are tested annually.
5. Legal Risks
16. The Agreement on the Establishment of the GGGI is the basis of the Institute’s legal framework. It is complemented by the Headquarters Agreement with the Government of Korea and the Host Country Agreements in GGGI’s countries of operation, which confirm GGGI’s legal personality and set out the privileges and immunities for GGGI and its staff. In addition, there are legal arrangements relating, among others, to financial contributions, GGGI’s programs and projects, staff, and procurement.
Legal arrangements in GGGI’s countries of operation A rapid expansion of membership and operations has led to GGGI operating in countries without appropriate legal arrangements in the form of HCAs or similar in place, which would, inter alia, confirm GGGI’s legal personality and provide privileges and immunities for the organization and its staff. Lack of basic legal arrangements create a number of risks, such as inability to operate efficiently in a country, risk of legal sanctions and reputational damage. GGGI’s priority is to conclude HCAs in each country, where GGGI operates; and where this is not feasible in the immediate future, to conclude memorandums of understanding to establish GGGI’s position in the country with respect to the country authorities.
The lack of fully implemented HCAs leaves risks in relation to eg employment, visas and contractual arrangements. These risks can be mitigated by identifying and assessing the legal environment and connected regulatory risks in each country GGGI operates or will operate in, followed by appropriate measures; e.g. through UN Office of Project Services.
Contractual obligations. Non-compliance with contractual obligations either by GGGI or a counterparty, can lead to financial loss and litigation risk. The lack of appropriate legal documentation may lead to GGGI’s rights not being sufficiently protected. This risk is mitigated by internal procedures and policies that ensure adequate legal documentation and monitoring.
Legal compliance. Any failure by the organization or individual staff members to comply with applicable rules, regulations and procedures may have legal, financial and/or reputational implications. Staff are provided training to understand the applicable rules and regulations and GGGI’s fiduciary duties to ensure compliance, complemented by appropriate mechanisms and procedures to monitor and support compliance. In addition, close cooperation between Legal Unit and other units in the organization will further support compliance in all aspects of operations and administration.
6. Human Resources Risks
17. Its headquarters and in 25 offices, GGGI currently employs some 300 staff. All staff sign a Code of Conduct that obligates staff to perform their responsibilities as described in their respective terms of reference and work plans with utmost regard to professional conduct in a manner appropriate for international civil servants, implying discretion, diplomacy, and high degree of integrity and respect for diversity. At the Headquarters and in several country locations, GGGI has signed a HCAs, in which cases GGGI staff are awarded diplomatic immunities. All staff are included in a comprehensive life insurance coverage, mitigating health risk liabilities of GGGI. Security risks to staff are mitigated through security and evacuation plans of GGGI. However, the human resources management faces the following risks:
Vacancies and Staff Retention: As a recently established organization, GGGI still experiences relatively high turnover of staff, which implies need for effective recruitment campaigns by GGGI. GGGI is also implementing comprehensive talent management and continuous training of staff to safeguard its capacity to deliver its program and maintain highly motivated workforce. GGGI is conducting a remuneration benchmarking exercise to ensure alignment of its compensation package with comparable peer agencies.
Competency risk: Competency gaps pose a risk to GGGI’s capacity to deliver its services. Ensuring pertinent staff competencies requires high levels of training and exposure to international best practices, technology, and concept application as GGGI’s mandate is rapidly advancing in terms of the substance knowledge and as research is uncovering new avenues for green growth models. In addition to training, staffing gaps are mitigated through allocation of budget resources to individual consultancy, where staff resources are not yet in place for short term and specific needs.
Values and Culture: GGGI aims to become a premier and sought-after employer in the global green growth segment by ensuring collegial and innovative work environment and culture, in which individual and team excellence is awarded in the effort to achieve well-defined and aspirational strategic outcomes and corporate results, championed by high caliber management team.
7. Work Environment Risk
18. GGGI’s headquarters are located in Seoul, Republic of Korea, with offices in 25 countries embedded in partner government offices. Dedicated to green growth objectives, GGGI administers its offices and operations with respect for efficiency and green resource management. GGGI champions diversity, gender balance, training and comprehensive talent management. Most recently, GGGI has adopted culture values of integrity, inclusiveness, transformational, boldness, and strive for excellence, which are anchored in its client-orientation and the spirit of its mandate to foster a resilient world with strong, inclusive and sustainable growth.
Environmentally Sustainable Office Operations: GGGI is in the business of ensuring environmental and social sustainability, while achieving economic growth in our partner countries. As such, failure to implement environmentally sustainable operations across all GGGI offices can pose a risk to the organizational reputation. This risk is mitigated by securing leadership commitment for promoting green office practices; and planning and conducting internal awareness campaigns and providing guidelines to all GGGI offices (e.g. Green Office Guide and Green Event Guide).
Potential Business Disruptions: GGGI is exposed to potential business disruptions if a large disaster were to occur in Seoul, where most of its core and support functions are located. Particularly, GGGI is vulnerable to disruptions caused by the increasing tensions on the Korean Peninsula and natural disasters, including large storms, flooding and heavy rainy season. This risk is mitigated by an emergency management plan and training provided to staff in addition to emergency notifications via International SOS (I-SOS) services and a business continuity plan.
- VI. Conclusion
19. This risk management framework is approved by the Director-General and shared with the Council. It will become effective from 9 October 2017. The risk management framework is monitored on semiannually by the MPSC, and reported on in GGGI’s Annual Report.