|Board Statement on Risk Management
IWMI’s Board of Governors has responsibility for ensuring an appropriate risk management process is in place to identify and manage high and significant risks to the achievement of the Institute’s business objectives, and to ensure alignment with CGIAR principles and guidelines which have been adopted by all CGIAR Centers.
These risks include operational, financial and reputational risks that are inherent in the nature, modus operandi and location of the Institute’s activities, and are dynamic as the environment in which the Institute operates changes. They represent the potential for loss resulting from inadequate or failed internal processes or systems, human factors, or external events. They include low impact (and therefore irrelevance) of scientific activities; misallocation of scientific efforts away from agreed priorities; loss of reputation for scientific excellence and integrity; business disruption and information system failure; liquidity problems; transaction processing failures; loss of assets including information assets; failures to recruit, retain and effectively utilize qualified and experienced staff; failures in staff health and safety systems; and failures in the execution of legal, fiduciary and agency responsibilities.
The Board has adopted a risk management policy, communicated to all staff, that includes a framework by which the Institute’s management identifies, evaluates and prioritizes risks and opportunities across the organization; develops risk mitigation strategies which balance benefits with costs; monitors the implementation of these strategies; and periodically reports to the Board on results. This process will draw upon risk assessments and analysis prepared by the Institute’s staff, internal auditors, Institute-commissioned external reviewers, and the external auditors. The risk assessments will also incorporate the results of collaborative risk assessments with other CGIAR Centers, System Office components and other entities in relation to shared risks arising from jointly managed activities. The risk management framework seeks to draw upon best practice promoted in codes and standards promulgated in a number of CGIAR member countries, and it is subject to ongoing review as part of the Institute’s continuous improvement effort.
Risk mitigation strategies include the implementation of systems of internal control which, by their nature, are designed to manage rather than eliminate the risk. The Institute endeavors to manage risk by ensuring that the appropriate infrastructure, controls, systems and people are in place throughout the organization. Key practices employed in managing risks and opportunities include business environmental scans, clear policies and accountabilities, transaction approval frameworks, financial and management reporting and the monitoring of metrics which are designed to highlight positive or negative performance of individuals and business processes across a broad range of key performance areas. The design and effectiveness of the risk management system and internal controls is subject to ongoing review by IWMI’s internal audit service, which is independent of business units and reports on the results of its audits directly to the Director General and Board through the Board’s Audit Committee.