27 August 2023
By Katja Hemmerich
On 31 August 2023, UNHCR’s Executive Committee holds a briefing on risk management. Last week, 19 migrants perished in Greece due to wildfires that have plagued Europe and North America during this summer’s record heat. How are these two events related?
A 2021 research paper by Chatham House argues that climate change is not just a strategic issue for which international organizations need to help find solutions, but it is also creates internal risks for them that need to be managed through effective strategic planning and enterprise risk management (ERM). Accordingly, our spotlight this week explores how these core management tasks in the UN should function for continued operational effectiveness in the face of the worsening climate crisis. We also provide suggestions on how management and governing body members can facilitate effective and integrated approaches to ERM in international organizations.
"Most international organizations were not designed to deal with the consequences of climate change or transition risks. But climate change may have profound impacts on their ability to operate in the future. It will increase demand for their services, sap available funding, undermine the effectiveness of programmes, impact staff safety and security, and hinder their ability to fulfil their mandates." – Oli Brown & Taylor Dimsdale, Climate Risk Management for International Organizations, Chatham House Research Paper, June 2021
How does climate change impact ERM in the UN?
The UN has done well to consider the risks of climate change to humanity, but appears to have a weaker understanding of how climate change affects its own work. As the Chatham House study found in reviewing 22 international organizations, primarily from the UN, every organization referenced climate risks in their outward-facing reports and advocacy documents. Yet, only 16 of the organizations included climate risk indicators in their strategic planning documents and only six organizations included climate risks in their Enterprise Risk Management (ERM) risk registers. Given the growing impact of climate change, Chatham House asserts that these gaps in the core management functions of strategic planning and risk management can have significant negative consequences for international organizations.
Climate risks create internal risk for international organizations at two levels:
Strategically, when they affect mandate delivery, operational efficiency and/or organizational resilience to external shocks
Operationally, by affecting service delivery, including the ability to monitor and report on service delivery or convening stakeholders needed for operational activities.
These risks can be a result of direct impact of a climate event, or they can arise from transition processes to mitigate climate change generally, such as transitioning to climate friendly energy sources or electric vehicles. These transition risks, whose likelihood is increasing, can impact assets, construction, procurement, and costs among other things.
The Covid-19 pandemic illustrated how an external shock can directly impact the UN strategically and operationally. Many managers, and human resources staff in particular, went above and beyond to design and implement a variety of mitigation measures to keep staff safe and able to deliver on mandates through policies and actions to procure protective equipment, vaccinations and facilitate remote working etc. Yet, this required a steep organizational learning curve, during which initially all operations were paused. To find and implement solutions many staff (especially in HR) worked extended hours and weekends for months on end. This is not a sustainable approach to addressing future crises. With proper strategic planning and ERM, these learning curves can be flattened and the extra burden on staff reduced.
Similarly, Super Storm Sandy in New York in 2012 provided an example of a failure to address transition risks, when the UN compound flooded destroying the manually operated printing machines. While it was known that the machines were outdated and needed to be replaced by digital technologies, there had been little preparation of this process and it was assumed there was a flexible timeline for the transition process. When flooding destroyed the printing machines, it required an immediate transition to digital technologies because the old printing machines could no longer be fixed. This created a procurement ‘emergency’, necessitated a contingency plan for printing documentation for ongoing intergovernmental meetings, required staff with new skill sets, and resulted in almost immediate abolishment of then redundant posts for that unit. All of these created additional costs for the organization, and in relation to the staffing issues, numerous disputes with staff that eventually needed to be addressed in the formal justice system. Consideration of transition risks, which in this case emanated primarily from technology and were exacerbated by an environmental event, could have reduced their impact and the likelihood of these risks occurring simultaneously.
What does integrating climate risks into ERM entail?
The aim of strategic planning and enterprise risk management is to identify how threats and external shocks can affect an international organizations’ mandate delivery (strategically and operationally) and then manage those risks by reducing their impact or likelihood. Risk management therefore also requires informed decisions at senior management level about which risks the organization is willing and able to absorb, or which need to be avoided altogether. While senior management generally focuses on strategic issues, effective risk management requires an equal understanding of both strategic and operational or management aspects of risk, including environmental threats. Heads of administrative units should not just confine their understanding of risk to operational or management issues, nor should substantive leaders ignore managerial risks.
Effective risk management therefore requires a holistic understanding of risk across the organization and the integrated management of those risks. This may seem obvious on paper, but in practice, it is proving to be quite challenging for international organizations, including the UN. In its 2020 review of ERM across the UN system, the Joint Inspection Unit (JIU) found that the majority of international and external audits of UN entities indicated that ERM is ‘developing, siloed or not fully integrated’ (JIU/REP/2020/5).
"Despite the fact that many international organizations operate in increasingly complex environments, internalizing risk management into governance processes is still a work in progress for many organizations." – Climate Risk Management for International Organizations
If international organizations want to remain resilient in the face of climate change, according to Chatham House, they need to better integrate climate risks as internal strategic and operational risks. While some UN organizations have been doing better at considering environmental risks in recent updates to their ERM strategies and approaches, it is the integrated approach to risk that appears most challenging. The UN Secretariat’s risk register, for instance, includes climate risk as a potential strategic risk and environmental sustainability as a potential operational risk. It however does not integrate risks to staff safety and security in the risk register, despite the fact that staff are highly likely to be significantly impacted by climate events. Staff safety and security issues remain siloed as a separate risk management process contained in the UN Security Management System (UNSMS). UNHCR has both a separate strategy for risk management and an operational strategy for climate resilience and environmental sustainability. The extent to which these are aligned is unclear, and they create separate and potentially competing accountabilities for managers (which are separate again from managers’ accountability for staff safety and security). These examples highlight the point made by the JIU that there is room for improvement in the integration of risk management across UN organizations and their systems and processes.
Achieving such integration is never easy, and certainly not in organizations as complex and bureaucratic as UN entities. Taken together, however, the JIU and Chatham House study highlight the importance of continuous engagement between multiple levels of management and oversight as a means of facilitating integrated approaches to risk management.
"Senior management has the ultimate responsibility for managing risks and achieving strategic goals while legislative/governing bodies provide oversight to ensure that senior management is managing risks properly. In this regard, it is crucial to ensure that corporate risks are discussed and addressed regularly at the senior management level. It is critical that risks are viewed from an integrated and holistic perspective and not managed in silos." - JIU/REP/2020/5
Both JIU and Chatham House reinforce that senior management needs to set the tone at the top for holistic and integrated risk management, but it is not a responsibility that they can fulfill alone. JIU highlights that line managers are in fact the owners of risks and have the primary responsibility for identifying those risks. That information needs to filter up to senior managers in a way that can allow senior managers to make informed decisions and communicate strategic risks and solutions to oversight bodies. This is particularly important when considering ‘new’ risk areas, like climate change.
"What is important, however, is that strategic planners and risk officers are able to conceptualize and characterize climate risks in ways that give decision-makers the information they need to make informed judgments." – Climate Risk Management for International Organizations
Governing bodies, in turn, must regularly engage with executive management of UN organizations to ensure they are setting the appropriate “tone at the top”. They also have a unique position to reinforce collaboration across the UN system in addressing multi-dimensional risks, like climate change, that impact all UN entities. To achieve these two objectives, governing body members should be aware of, at a minimum, the key strategic risks an organization is facing and the mitigation strategies for each, as well as the policies and frameworks related to ERM. The JIU recommends that governing bodies have such conversations at least once a year with senior management, like UNHCR’s Executive Committee is doing this week.
Audit functions can provide an additional support to both governing bodies and senior management in these discussions. Auditors and audit committees can highlight multi-dimensional risks that require collaborative mitigation strategies across the UN system. They can also be a conduit of technical information from staff to senior management and governing bodies that may not be adequately filtering through different levels of management. Governing bodies and executive leadership in their discussions of audit reports can ask questions to elicit this information if it is not explicit in written reports.
Points for discussion
To help facilitate these engagements across varying levels of management, like this week’s ExCom discussion of risk management in UNHCR, we propose the following questions:
What are the key strategic risks facing the organization, and how are these reflected in the Strategic Plan and the Enterprise Risk Management (ERM) strategy?
What are the most important multi-dimensional risks facing the organization? Is the organization collaborating with other UN entities in mitigating those risks?
What are the roles and responsibilities of line managers, risk officers and the executive leadership in risk management in the organization? How well are those roles understood by the different actors?
To what extent are likelihood and impact of climate risks and other external shocks considered as internal risks to the organization?
Comments