Validation of risk assessments

This sub-section provides guidance on the process and required documentation for validating completed risk assessments and the proposed risk response design.

Overview

The validation process is conducted by the following respective committees tasked with different business units:

The Headquarters Risk Committee for all the other Business Units (namely Headquarters Divisions/Offices; 2) Headquarters Programme Delivery; 3) Headquarters Support Services; 4) Regional Offices; and 5) Representation Offices.
The Regional Risk Committees (for Country Offices) across the respective Regions.
The Executive Committee is responsible for corporate-level risks defined in the ERM policy.

Validation approach

Validation of risk assessment results and risk response plans must be made holistically, actively engaging with the heads and personnel of the concerned units and considering all appropriate information and documentation, including the results of second and third-line controls.
The validation must leverage the collective knowledge and expertise of the managers, risk committees, or other bodies involved, decisions made in similar circumstances, and the advice of the relevant Subject Matter Experts based on the mapping table guidance when required.
Validation must occur immediately after the risk assessments and risk response design are completed.

Video tutorial

Step-by-step guidance

Commencing validation upon logging into the system

Once a submission is completed, the designated focal point will receive a notification email.

When a designated Regional or HQ MyRisk Application approver logs into the system, they will get the below screen upon selecting the Business Unit (s) for which they are the designated approver. The Approver can either A-Confirm Validation or B-Return for Revision.

You can also download the Assessment by clicking either C-Export to PDF or D-Export to Excel to share with the Committee members (who can also access the system directly by going directly to the Business Unit).

If the Approver clicks returns for revision, the application will return to the “draft” stage, and an email will be sent to the Business Unit or Department focal point. See the screenshot guidance below:

Validation by the Regional Risk Committee (for Country Offices’ Risks)

Step 1: RRC Secretariat shares the country offices' draft risk assessments and risk response designs with all the committee members for the virtual pre-review and feedback on the relevant risks by the designated subject matter experts for feedback.

Step 2: RRC secretariat communicates the consolidated feedback to relevant country offices to revise/adjust the risk assessments and risk response design.

Step 3: RRC secretariat convenes the meeting after the respective country offices have submitted the revised versions after incorporating the feedback from the committee members and subject matter experts.

Step 4: Following Committee approval, the respective Country Offices to begin the risk response steps.

Validation by the Headquarters Risk Committee (for all Business Units except Country Offices)

Step 1: ERM secretariat shares the headquarters business units,' and regional offices' draft risk assessments and risk response designs with all the committee members for the virtual pre-review and feedback on the relevant risks by the designated subject matter experts for feedback.

Step 2: ERM secretariat communicates the consolidated feedback to relevant business units to revise/adjust the risk assessments and risk response design.

Step 3: ERM secretariat convenes the meeting after the respective business units' offices have submitted the revised versions after incorporating the feedback from the committee members and subject matter experts.

Step 4: Following Committee approval, the respective Business Units to begin the risk response steps.

Upon selecting the “Confirm Validation” (icon A above), a pop-up window will appear as shown below:

Upon selecting the “ I hereby confirm validation”, the system will prompt for a reconfirmation window:

Finally, upon clicking the “confirm validation” system moves to the “Validated” stage which concludes the risk assessment phase.

Resources

ERM Policy

ERM Calendar 2022-2023

Risk Appetite Statement

Terms of Reference for the Risk Committees (HRC and RRCs)

Links

Risks and Controls Catalogue

ERM Portal

SIS/myRisk application

Previous - Submission by BU

Page updated

Report abuse