HLCM aims to develop a consolidated and trust‐based relationship with Member States on the level and quality of controls in place in the organizations to allow for rationalized oversight, more focus on key risks and better internal resource allocation. The underlying challenge is to derive greater value from the UN’s audit and oversight architecture, by assessing its costs and focusing, in partnership with oversight entities, on strengthening accountability – both corporate and individual ‐ and managing and mitigating risks.
Most UN system organizations have or are in the process of strengthening their internal control and risk management processes. In this regard, HLCM recognizes the strategic value of a collective engagement – to devise effective approaches for the identification of events that could affect the organizations, and in managing risks within the individual organization’s risk appetite, so as to provide reasonable assurance regarding achievement of the organizations’ objectives, while ensuring effectiveness and efficiency of operations, reliability of financial and performance reporting, and compliance with rules and regulations. An important component of this undertaking is represented by the further integration of risk management into the programme planning processes and within the performance dialogue with legislative bodies and Member States.
Reference Risk Management, Oversight & Accountability Model
The proposal for a reference Risk Management, Oversight & Accountability Model was developed by a working group led by UNFPA and UNOPS and approved by the Finance & Budget Network in June 2014. Results from an extensive survey across a sample of HLCM member organizations had guided the development of the Model. The consultative process that led to the finalization of this proposal included all HLCM Networks, as well as UN-RIAS. HLCM endorsed the Three Lines of Defense Model as the reference “Risk Management, Oversight and Accountability Model for common positioning in the UN System with Governing Bodies” at its 28th session in 2014.
The “Three Lines of Defense Model” provides a useful framework for organizations to map out their own processes and identify relationships and responsibilities of different actors with respect to the different lines of defense. This helps all levels of management to fulfill their responsibilities with clarity. Although there are differences between organizations, most can fit into the framework, which can be applied to any organization as a reference model and used to educate stakeholders on the rationale of UN system’s approach in this area.
Common definitions of fraud and presumptive fraud
In the context of the consideration by the General Assembly of the fifth progress report of the Secretary-General on the accountability system in the United Nations Secretariat (A/70/668), the Advisory Committee on Administrative and Budgetary Questions, in its report on the same subject (A/70/770), as endorsed by the Assembly in its resolution 70/255, reiterated its view “that a single agreed definition, across the United Nations system, of what constitutes fraud, as well as cases of suspected or presumptive fraud, is essential in order to develop effective counter-fraud policies to ensure compatibility and comparability of related data across entities and to improve overall transparency”, and reiterated its opinion that CEB “would be best placed to develop such guidance so as to achieve consistent application across all organizations of the United Nations system”.
A Task Force to respond to the mandate of the General Assembly was established by HLCM in 2016. The resulting system-wide definitions of Fraud and Presumptive Fraud were adopted by HLCM at its 33rd Session in March 2017, as follows:
- Common definition of Fraud: “Any act or omission whereby an individual or entity knowingly misrepresents or conceals a fact (a) in order to obtain an undue benefit or advantage or avoid an obligation for himself, herself, itself or a third party, and/or (b) in such a way as to cause an individual or entity to act, or fail to act, to his, her or its detriment”;
- Common definition of Presumptive fraud: “Allegations that have been deemed to warrant an investigation and, if substantiated, would establish the existence of fraud resulting in loss of resources to the Organization”.
Risk Management Forum
At its 35th session in April 2018, HLCM agreed on the need for a joint, cross-functional engagement towards system-wide harmonization of risk management practices, including information sharing on fraudulent behaviors of implementing partners; assessments of risk appetite and risk tolerance; incorporating acceptance of residual risk in organizational policies; implementing smarter upstream controls; examining the costs of controls as compared to the value of the potential loss they are intended to mitigate; and, development of common definitions of risk categories to enable a common approach to reporting risks. As part of this work, the Committee requested the Finance and Budget Network to take the lead in developing a common approach to reporting fraud and presumptive fraud, as well as to review how risk analysis might be incorporated into the budgeting processes of UN system organizations.
HLCM Cross-functional Working Group for Data and Cyber
At the HLCM’s 44th session in October 2022, a Special Dialogue on Value-Based Data Management and Analytics was held. As an outcome of a segment on Data Protection and Data Privacy risk, was the need for a cross-functional working group to be established to provide guidance and definition on approaches to respond to the above risk.
The resulting Cross-functional Working Group for Data and Cyber was therefore formed in order to:
- Deliver a maturity model and roadmap for data risk readiness taking into consideration the draft output from the HLCM segment on Data Protection and Data Privacy risk and along the lines of the RMF’s Reference Maturity Model for Risk Management;
- Develop a common approach and position on ransomware response and potentially other cyber risk matters, in line with the HLCM expected outline to develop common guidelines and tools for cybersecurity;
- Other matters as agreed.
Mechanisms
Documents
-
Risk Management, Oversight and Accountability Model
PDF | 671.5 KB
Related resources
-
High-level Committee on Management (HLCM)
Report of 40th Session
September 2020
-
High-level Committee on Management (HLCM)
Report of 39th Session
March 2020
-
Finance & Budget Network (FBN)
Report of 34th Session
November 2019
-
Finance & Budget Network (FBN)
Report of 33rd Session
July 2019
-
High-level Committee on Management (HLCM)
Report of 37th Session
April 2019
-
Finance & Budget Network (FBN)
Report of the 32nd Session
December 2018
-
High-level Committee on Management (HLCM)
Report of 36th Session
October 2018
-
Procurement Network (PN)
Report of 24th Session
September 2018
-
Finance & Budget Network (FBN)
Report of the 31st Session
June 2018
-
Procurement Network (PN)
Report of 23rd Session
March 2018
-
Finance & Budget Network (FBN)
Report of the 30th Session
December 2017
-
Procurement Network (PN)
Report of 22nd Session
October 2017
-
High-level Committee on Management (HLCM)
Report of 34th Session
September 2017
-
High-level Committee on Management (HLCM)
Report of 33rd Session
March 2017
-
High-level Committee on Programmes (HLCP)
Report of 32nd Session
September 2016
-
High-level Committee on Programmes (HLCP)
Report of 28th Session
October 2014
-
Human Resources Network (HRN)
Report of the 29th Session
July 2014
-
Finance & Budget Network (FBN)
Report of 23rd Session
June 2014
-
Chief Executives Board (CEB)
First Regular Session Report
May 2014
-
High-level Committee on Management (HLCM)
Report of 27th Session
April 2014
-
High-level Committee on Programmes (HLCP)
Report of 27th Session
March 2014
-
Finance & Budget Network (FBN)
Report of 21st Session
June 2013
-
Chief Executives Board (CEB)
First Regular Session Report
April 2013
-
High-level Committee on Programmes (HLCP)
Report of 25th Session
March 2013
-
High-level Committee on Management (HLCM)
Report of 25th Session
March 2013
-
High-level Committee on Programmes (HLCP)
Report of 24th Session
October 2012
-
High-level Committee on Management (HLCM)
Report of 24th Session
September 2012
-
Chief Executives Board (CEB)
2011/12 Annual Overview Report
January 2012
-
High-level Committee on Programmes (HLCP)
Report of 22nd Session
September 2011
-
High-level Committee on Management (HLCM)
Report of 22nd Session
September 2011
-
Finance & Budget Network (FBN)
Report of 17th Session
September 2011
-
Finance & Budget Network (FBN)
Report of 16th Session
May 2011
-
Finance & Budget Network (FBN)
Report of 15th Session
February 2011
-
High-level Committee on Management (HLCM)
Report of 20th Session
September 2010
-
Finance & Budget Network (FBN)
Report of 13th Session
September 2010
-
High-level Committee on Management (HLCM)
Report of 19th Session
February 2010
-
Finance & Budget Network (FBN)
Report of 12th Session
February 2010
-
Chief Executives Board (CEB)
2008/09 Annual Overview Report
May 2009
-
Finance & Budget Network (FBN)
Report of 9th Session
July 2008
-
Finance & Budget Network (FBN)
Report of 8th Session
March 2008
-
Human Resources Network (HRN)
Report of 14th Session
July 2007
-
Human Resources Network (HRN)
Inter-sessional Report
May 2006
-
Digital & Technology Network (DTN)
Report of 6th Session
April 2006
-
Finance & Budget Network (FBN)
Report of 4th Session
July 2005
-
High-level Committee on Management (HLCM)
Report of 9th Session
April 2005
-
Finance & Budget Network (FBN)
Report of 2nd Session
September 2004
-
Chief Executives Board (CEB)
First Regular Session Report
April 2000
-
Finance & Budget Network (FBN)
Report of 90th Session of the CCAQ
August 1999
-
Chief Executives Board (CEB)
First Regular Session Report
April 1999
-
Human Resources Network (HRN)
Report of the CCAQ - HR Questions: 89th Session
September 1998
-
Finance & Budget Network (FBN)
Report of 88th Session of the CCAQ
August 1998
-
Human Resources Network (HRN)
Report of the CCAQ - HR Questions: 88th Session
April 1998
-
Human Resources Network (HRN)
Report of the CCAQ - HR Questions: 87th Session
July 1997
-
Human Resources Network (HRN)
Report of the CCAQ - HR Questions: 85th Session
July 1996
-
Human Resources Network (HRN)
Report of the CCAQ - HR Questions: 81st Session
June 1994
-
Finance & Budget Network (FBN)
Guidance Note - Managing Fraud Risk
October 2020
-
High-level Committee on Management (HLCM)
Guidance note - Managing Risks in the Field and Decentralized Organizations
October 2020
-
Finance & Budget Network (FBN)
Embedding Risk Management Paper
August 2020
-
Finance & Budget Network (FBN)
Guidelines on Risk Appetite Statements - Updated 2025
February 2020
-
Finance & Budget Network (FBN)
Reference Maturity Model for Risk Management - Cover Note
February 2020
-
Finance & Budget Network (FBN)
RMM Annex II – (i) Usage guidelines
February 2020
-
Finance & Budget Network (FBN)
RMM Annex II - (ii) Summary Matrix
February 2020
-
Finance & Budget Network (FBN)
RMM Annex II - (iii) Evidence Checklist
February 2020
-
Finance & Budget Network (FBN)
RMM Annex III – Terms of Reference for Cross-Functional Task Force on Risk Management
February 2020
-
High-level Committee on Programmes (HLCP)
Analytical Framework on Risk and Resilience
January 2018
-
High-level Committee on Management (HLCM)
Guidance Notes - Managing Fraud Risk and Managing Risks in the Field
March 2021
-
High-level Committee on Management (HLCM)
Organizational Resilience Management System (ORMS)
November 2020
-
High-level Committee on Management (HLCM)
United Nations Representatives of Internal Audit Services
August 2020
-
Finance & Budget Network (FBN)
Risk Management Forum
July 2019