Document Symbol/Reference:
A/64/640
Document Type:
Link to UN Official Document (ODS)
Document Body:
United Nations A/62/701
General Assembly Distr.: General
19 February 2008
Original: English
08-24325 (E) 100308
*0824325*
Sixty-second session
Agenda items 126 and 128
Review of the efficiency of the administrative
and financial functioning of the United Nations
Programme budget for the biennium 2008-2009
Accountability framework, enterprise risk management
and internal control framework, and results-based
management framework
Report of the Secretary-General
Summary
The present report responds to General Assembly resolution 61/245, in which
Member States requested the Secretary-General to submit reports on the following
areas: the Secretariat’s accountability framework, the enterprise risk management
and internal control framework, and the results-based management framework. It
also responds to the Assembly’s request in resolution 59/272 for the Secretariat to
report annually on measures taken to strengthen accountability in the Secretariat.
The work of the Organization has grown at a fast pace in the past 10 years,
making it difficult for Member States and the Secretariat to see clearly whether the
Organization is doing the right things and doing things right. The challenges are
great. The Organization is not only expected to do more, but it is expected to work
with greater accountability, transparency, efficiency and effectiveness. There must be
an increased focus on results, but at the same time, attention must be given to how
the Organization achieves those results, where improvements can be made, what
risks are acceptable and what measures are in place to enable the Organization to
function effectively.
The concepts and proposals presented in the present report and the addendum
thereto are aimed at achieving a fully results-oriented Organization that plans for and
mitigates risks to success and that holds managers and staff at all levels accountable
for the achievement of results.
A/62/701
08-24325 2
The report proposes a comprehensive accountability architecture that
encompasses three key elements of institutional and personal accountability:
performance, compliance and integrity. These three elements reflect the
Organization’s commitment to achieving results while respecting its regulations,
rules and ethical standards.
The proposed accountability architecture would build on the existing
accountability framework, which is the chain of responsibility, authority and
accountability that flows institutionally from the intergovernmental organs to the
Secretary-General and personally to managers and staff members.
The architecture would include a new dimension for enterprise risk
management and internal control, which would enable the Secretariat to take a
systematic and holistic approach proactively to identify, assess, evaluate, prioritize,
manage and control risk across the Organization.
The accountability architecture would also reflect a fully developed results-
based management framework, including improved and more frequent monitoring
and evaluation, in order to increase the likelihood of achieving results.
Overall, these three frameworks — together with their linkages to existing
structures and mechanisms — should lead to a strengthened, better managed and
more accountable Organization.
Contents
Paragraphs Page
I. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1–8 3
II. Comprehensive accountability architecture. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9–17 4
III. Accountability framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18–30 6
IV. Enterprise risk management and internal control framework . . . . . . . . . . . . . . . . . 31–59 10
V. Results-based management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60–91 20
VI. Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92–103 33
VII. Recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 35
Annexes
I. Summary of accountability survey results. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
II. Applying risk to audit planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
III. Catalogue of risk categories, or “risk universe” . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
IV. Risk rating criteria. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
V. Risk and control effectiveness matrix (heat map) — tier 1 risks . . . . . . . . . . . . . . . . . . . . . . . . . 50
VI. Roles and responsibilities for results-based management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
A/62/701
3 08-24325
I. Introduction
1. In its resolution 61/245, the General Assembly requested the Secretary-
General to submit reports on the following areas: the Secretariat’s accountability
framework, the enterprise risk management and internal control framework, and the
results-based management framework. This request arose from the recommendations
made by the Secretary-General in his comprehensive review of governance and
oversight within the United Nations and its funds, programmes and specialized
agencies (A/60/883). Those recommendations were based on the premise that
improved management and oversight require the strengthening of the accountability
framework for senior management; the implementation of a framework for
managing risk through enterprise risk management and assigning responsibility for
internal controls; and the comprehensive implementation of results-based
management.
2. The General Assembly also requested the Secretary-General to submit
annually a report on measures implemented that were aimed at strengthening
accountability in the Secretariat (resolution 59/272).
3. The present report constitutes a response to the above-mentioned requests. It
has been influenced by the emphasis in the 2005 World Summit Outcome (General
Assembly resolution 60/1) on the importance of establishing effective and efficient
mechanisms for accountability. Synergies among the Secretariat’s accountability
framework, the enterprise risk management and internal control framework, and the
results-based management framework are illustrated, and an explanation of how
these management tools complement ongoing management reform efforts and how
they will collectively lead to an integrated and comprehensive accountability
architecture is provided. It is proposed that, under this architecture, the General
Assembly could more readily hold the Secretariat accountable for its activities and
results, including the management of financial and human resources, as well as the
management of programmatic activities. The Organization would focus on results
rather than inputs and outputs of efforts and processes while emphasizing ethical
conduct and compliance with regulations and rules. Such practice would reinforce a
system within the Organization of making funding decisions on the basis of
expected results, not just on the process of achieving them. At the same time, the
United Nations would devise and implement a system for managing its risks. This
would enable the Organization to accomplish optimal results through advanced risk
analysis and, where appropriate, realizing the benefits of new opportunities.
4. An analysis of the three management tools — the accountability framework,
the enterprise risk management and internal control framework, and the results-
based management framework — is provided, as well as their linkages to existing
structures and mechanisms, including those within the Secretariat, such as the
Department of Management, the Ethics Office and the Management Performance
Board, and those which are independent of or external to the Secretariat, such as the
Office of Internal Oversight Services (OIOS) and the new Independent Audit
Advisory Committee.
5. There is a need for the Secretariat to modernize its dated management
practices and to develop a comprehensive accountability architecture encompassing
and holding accountable all those who make key decisions for the Organization.
Such an architecture would include accountability within the Secretariat, flowing in
A/62/701
08-24325 4
both directions between the Secretary-General, the senior managers and the staff. It
would also emphasize the Secretariat’s accountability to Member States for
effectively and efficiently implementing legislative mandates.
6. While staff at all levels should be held accountable, special attention is now
being paid to the process for holding senior managers accountable for their
performance — starting with the signing and publicizing of annual compacts —
because their performance collectively represents that of the Organization. Looking
ahead, the annual compacts will better focus managerial performance towards
achieving the programmatic results required of the Organization with efficiency,
transparency and a clear human resources management strategy. Senior managers
will be held accountable for delivering the results they commit to in their individual
compacts.
7. Enhancing accountability is a key element for effective United Nations reform.
As part of a recent review of the Secretariat’s accountability framework, a survey
was conducted to gauge staff perceptions of accountability. (Detailed survey results
can be found in annex I.) Eighty-eight per cent of respondents agreed with the
following statement: “I am generally in support of change, even if it means that the
way I do my job or the way that I am appraised changes”. It would be timely and
advantageous for the Secretariat to act on the overwhelming support for change and
take the action necessary to make the Organization fully results-oriented and
accountable at every level of authority.
8. Included in the present report are proposals on how the Secretariat should
respond to this support for change through the comprehensive accountability
architecture. Detailed analyses of the accountability framework, the enterprise risk
management and internal control framework, and the results-based management
framework are provided. The conclusions section contains a description of how the
comprehensive accountability architecture would effectively encompass each of
these to vastly improve the measures currently in place in the Secretariat.
II. Comprehensive accountability architecture
9. In the light of three recent reviews of the Secretariat’s accountability
framework, enterprise risk management framework and results-based management
framework, as well as related recommendations from intergovernmental and
oversight bodies, the Secretary-General is proposing a comprehensive accountability
architecture comprising the three key elements of institutional and personal
accountability: performance, compliance and integrity. These three elements reflect
the Organization’s commitment to achieving results while respecting its regulations,
rules and ethical standards.
10. The new architecture would build on the existing accountability framework,
under which the Secretary-General delegates authority to his senior managers to
implement General Assembly mandates and achieve the expected results within a
given resource level. The Secretary-General reports these results to Member States,
which can then hold him accountable for the achievement of expected results.
11. The oversight bodies play a crucial role throughout the entire process, both
mid-course and ex post facto, as they conduct oversight activities to determine
A/62/701
5 08-24325
whether the Secretariat is achieving the intended results and acting ethically and in
compliance with the regulations and rules governing its work.
12. The new architecture would also capture the important relationship between
transparency and accountability, which are mutually reinforcing concepts. Without
transparency, defined here as unfettered access to timely and reliable information on
decisions and performance (see E/C.16/2006/4, para. 49), it would be difficult for
Member States to hold the Secretariat accountable. Without accountability, such as
mechanisms to report on the use of Member State funds and the consequences for
failing to meet stated performance objectives, transparency would be of little value.
The existence of both is a prerequisite for the effective, efficient and equitable
management of the Secretariat.
13. The various instruments, mechanisms and parties relevant to each of the three
pillars of the architecture are illustrated in figure I.
Figure I
Overall oversight: Member States
14. The performance “pillar” shown in figure I includes the various planning
instruments that state what the Secretariat intends to achieve and the resources
required for success. In essence, these are the documents that specify what results
the Organization expects to be held accountable for by Member States. This list
includes legislative mandates, strategic plans, budgets, senior managers’ annual
compacts, office, section and individual workplans and human resources action
plans.
INTEGRITY
- United Nations Charter
- Financial Disclosure
- Protection against retaliation
- Ethics Training
- Conflict Mediation
- New system of internal justice
- Standards of behavior in the
work place such as:
- Standards of Conduct for
International civil servants
- Prevention of workplace
harassment,
Sexual harassment and
Abuse of authority
Responsible Parties
(Secretariat):
- Ethics Office
- Ombudsman
- New system of internal justice
COMPLIANCE AND OVERSIGHT
- Financial Regulations and Rules
including Procurement Regulations
and Rules
- Staff Regulations and Rules
- Programme Planning, Budgeting,
Monitoring and Evaluation rules
-Accounting Standards
-Monitoring of Delegation of Authority
-Audits
-New Bid protest system
Responsible Parties (Secretariat):
- Department of Management
- Office of Internal Oversight Services
- Management Committee
- Vendor Review Committee
Responsible Parties (other):
- Board of Auditors
- Joint Inspection Unit
- IAAC
OVERALL OVERSIGHT: MEMBER STATES
ACCOUNTABILITY ARCHITECTURE OF
THE UNITED NATIONS SECRETARIAT
ACHIEVEMENT OF RESULTS
Statement of expected results:
-Legislative mandates
-Vision Statements
-Strategic Plans
-Budgets
-Senior Managers’ Compacts
-Office and Section work plans
-Individual work plans
-Human Resources action Plans
-Risk registry*
Assessment of Results:
-Management Performance
Board’s assessment of senior
management performance
- Performance Appraisal of staff
- Senior Managers’ Compacts
-Financial, human resources and
programme performance
reporting to Member States
- Evaluation Reports
PERFORMANCE
Responsible Parties
(Secretariat):
- Secretary-General
- Senior Managers
- Management Performance
Board
- Office of Human Resources
Management
- Office of Programme Planning,
Budget and Accounts
Responsible Parties (others):
- General Assembly
- Security Council
- ECOSOC
- ACABQ
- CPC
MANAGEMENT OF RISK*
TRANSPARENCY
* Proposed pilot project
Assessment of results:
- Management Performance
Board’s assessment of senior
management performance
- Performance appraisal of staff
- Senior managers’ compacts
- Financial and human resources
reporting to Member States
- Programme performance report
- Evaluation reports
A/62/701
08-24325 6
15. The performance pillar also includes the mechanisms for holding individual
staff and the Secretariat as a whole accountable for the achievement of the goals
stated in the documents listed above. These mechanisms include the Management
Performance Board’s assessment of senior managers’ performance against the stated
goals and objectives contained in the annual compacts; the performance appraisal of
staff at the Assistant Secretary-General level and below; the financial, human
resources and programme performance reporting to programme managers, senior
managers, Member States and oversight bodies; and evaluation reports.
16. The compliance and oversight pillar includes the Financial Regulations and
Rules of the United Nations, the Staff Regulations and Rules, the Regulations and
Rules Governing Programme Planning, the Programme Aspects of the Budget, the
Monitoring of Implementation and the Methods of Evaluation and the
Organization’s accounting standards. The mechanisms used for assessing individual
and organizational compliance with those regulations, rules and standards include
monitoring of the delegation of authority and the implementation of oversight body
recommendations, the procurement-related bid protest system and audits. The
parties responsible for assessing compliance include the Management Committee,
the Office of Internal Oversight Services, the Board of Auditors, the Joint Inspection
Unit, the Independent Audit Advisory Committee and the Department of
Management.
17. The integrity pillar includes mandatory ethics training for all staff, the
standards of conduct for the international civil service, standards of behaviour in the
workplace, such as policies against harassment and sexual exploitation and abuse,
financial disclosure requirements and protection against retaliation for reporting
misconduct. The related support and advisory mechanisms include the Ethics Office,
the Ombudsman and the new Office for the Administration of Justice, which should
be operational by the third quarter of 2008.
III. Accountability framework
18. The proposed comprehensive accountability architecture would build on the
existing accountability framework. As described in previous reports on
accountability (e.g., A/60/312, A/60/846/Add.6), the chain of responsibility,
authority and accountability flows institutionally from the intergovernmental organs
to the Secretary-General and personally to managers and staff members.
Accountability then flows back up through each of these layers through performance
appraisals and reporting.
19. Under Article 97 of the Charter, the Secretary-General is the chief
administrative officer of the Organization; the mandates promulgated by the
principal organs are entrusted to him for their implementation under Article 98. The
Secretary-General is therefore accountable to the Member States for the
implementation of those mandates. The Secretary-General’s discretion as chief
administrative officer is governed by Articles 100 and 101 of the Charter and by the
staff, financial and programme planning regulations and rules adopted by the
General Assembly. His managerial discretion is exercised under the mandates given
to him collectively by Member States and with the resources they make available to
carry them out.
A/62/701
7 08-24325
20. The Secretariat uses the following working definitions of accountability, which
represent its responsibility to Member States for implementing mandates and
delivering results, as well as individual staff members’ accountability for
accomplishing the goals established in their workplans while complying with all
rules and regulations and acting ethically:
(a) Institutional accountability: the responsibility of the Secretary-General to
explain and justify to the General Assembly and other relevant intergovernmental
bodies, in a systematic framework and by an orderly process using transparent
mechanisms, the performance of the Organization in using resources to achieve
results mandated by the Member States in the Assembly and/or other
intergovernmental bodies established under the Charter of the United Nations;
(b) Personal accountability: the duty of an individual staff member to
exercise defined responsibilities appropriately, with a clear understanding of the
consequences, and to explain and justify to the official who conferred the authority
the results achieved and the manner in which the authority has been exercised.
These definitions assume that Member States are responsible for providing strategic
direction and resources commensurate with the mandates given to the Secretariat.
21. Currently, the accountability framework within the Secretariat is a broad
collection of loosely integrated rules, regulations, policies, procedures, protocols,
incentives, sanctions, systems, processes and structures that affect the way in which
the mission of the Organization is accomplished, from the way in which
organizational entities deliver overall programmatic results to the way in which
individual employees discharge their personal roles and responsibilities.
22. The framework is supported by the work of the Ethics Office, including the
financial disclosure requirement for officials at the D-1 level and above and staff at
all levels who have procurement or fiduciary responsibilities, and protection against
retaliation for staff members who report misconduct or cooperate in duly authorized
audits and investigations.
23. Finally, the system of internal justice, which will be overhauled during 2008,
serves as a last-resort guarantor of accountability among individuals. The
accountability framework also includes, as external checks and balances, reports of
the Board of Auditors, the Joint Inspection Unit and the newly formed Independent
Audit Advisory Committee.
24. Although a recent independent review of the Secretariat’s accountability
framework did not uncover any gaps in the framework, it did identify specific areas
of weakness in the current system. Following are three overall themes that emerged
from the review:
(a) The Secretariat needs to move its management practices and culture from
being largely focused on rules and compliance to being focused on results and
outcomes;
(b) Transparency should continue to be increased in the senior management
selection process and in the performance review of senior managers, for example,
through the senior manager compact process;
A/62/701
08-24325 8
(c) Changes in the methods of preparing, motivating and reviewing
management and staff should be made in order to improve employee performance
and accountability.
25. As part of the framework review, a survey to gauge staff perceptions of
accountability was conducted, the results of which support the finding that the
current accountability framework is neither broken nor incomplete but does require
strengthening, particularly in the area of staff performance management. For
example, although respondents were generally positive about supervisors’
seriousness concerning the performance appraisal system, the majority of
respondents disagreed that the system and the electronic Performance Appraisal
System (e-PAS) used appropriately to evaluate and document their performance. A
majority also disagreed that management was able to effectively help
underperforming workers improve their performance. Equally important, most
respondents believed that high-performing staff were not appropriately rewarded
and that the best candidates were not selected in the promotion process.
26. Following the assessment of the current accountability framework, nine areas
were identified for improving accountability in the Secretariat. Those areas related
to human resources will be coordinated with the broader human resources reform
efforts currently being considered and implemented, as there are several initiatives
under way that will begin to address some of the improvement areas identified
through the review. The nine areas are as follows:
• Improvement area 1: develop a written process for the selection of senior
managers in order to increase transparency.
Impact on accountability: transparency of the senior management selection
process builds support and trust of management and management-level
decisions among staff and other stakeholders.
• Improvement area 2: continue to implement, expand and refine the senior
manager compact process with a focus on delivering results.
Impact on accountability: the compact process demonstrates leadership’s
commitment to a results-based culture, thus setting the tone for a shift from a
focus on compliance to results orientation.
• Improvement area 3: continue to develop meaningful, results-oriented
performance metrics and mechanisms to communicate progress.
Impact on accountability: as discussed in section V below, the development and
refinement of meaningful metrics enables departments to contribute to the
Secretariat’s mission and strategic goals.
• Improvement area 4: revitalize the performance appraisal system (e-PAS)
to make it a more accepted, flexible and valuable staff development tool.
Impact on accountability: refocus e-PAS to support the development of staff to
realize the full potential of the workforce and its impact on programmatic
success.
A/62/701
9 08-24325
• Improvement area 5: continue to upgrade e-PAS technology to make the
tool more user-friendly and to better support field operations.
Impact on accountability: improved technology increases manager and staff
compliance with performance evaluation requirements, which enables staff
members to measure personal success within their department on a regular
basis.
• Improvement area 6: continue to develop a training curriculum, including
mandatory components to give managers and staff the tools they need to be
more effective in their jobs and to improve the overall performance of the
Secretariat.
Impact on accountability: tailored training programmes equip staff with the
appropriate tools and knowledge they need to be effective in their jobs and
accountable for their daily activities.
• Improvement area 7: build on existing and develop new and creative
mechanisms to reward, recognize and motivate staff. Share these ideas
throughout the Secretariat.
Impact on accountability: the creation of a positive working environment, with
incentives and rewards, contributes directly to improved programme
performance.
• Improvement area 8: motivate employees by promoting a sense of
achievement and shared values and by highlighting and communicating
employee and team contributions to the success of the Organization.
Impact on accountability: by establishing a solid foundation with respect to the
mission, goals and objectives of the United Nations, the Secretariat can build a
stronger community and encourage group and personal performance and
accountability.
• Improvement area 9: continue monitoring and reporting annually on the
status of the accountability framework to provide visibility into its
execution and evaluation framework.
Impact on accountability: monitor the execution and evolution of the
accountability framework to effectively understand progress and adapt to
changing business needs.
27. The Secretariat will address each of these areas in the course of the reform
efforts.
28. The review of the existing accountability framework also reinforced previous
oversight body findings related to the Secretariat’s processes for monitoring the
delegation of authority. An important characteristic of a fully results-oriented
organization is the empowerment of managers to take ownership of their
programmes, including decisions regarding staff and financial resources. Those
responsibilities are delegated from the Secretary-General through his senior
managers to line managers and staff with specialized financial, human resources and
other administrative responsibilities. Although critical in a results-oriented
A/62/701
08-24325 10
management culture, the delegation of authority poses risks to the Organization if
not properly standardized and closely monitored.
29. The Secretariat does not systematically monitor the delegation of authority. To
address this weakness, the Organization should compile an inventory of existing
delegations of authority and regularly monitor, update and report on their use. Any
problems identified and proposed solutions should be brought to the attention of the
relevant manager or, if necessary, be raised to the Management Performance Board
for action.
30. The Secretariat also needs to strengthen its monitoring of the implementation
of oversight body recommendations. Managers should be held accountable for the
implementation of recommendations that would improve their programme’s
performance, lower risk and increase the likelihood of achieving results. The
proposed architecture would ensure that these measures are undertaken with the
benefit of proper risk analysis, as detailed in the following section.
IV. Enterprise risk management and internal
control framework
31. In order for managers to be held accountable, they must fully understand the
entire scope of their work, including the impact of potential risks. The following
discussion provides an overview of how the Organization’s current approach to risk
must be strengthened and better managed.
32. For any organization, its objectives, internal structure and the environment in
which it operates are continually evolving and, as a result, the risks it faces are
continually changing. The United Nations is no exception — especially in the light
of its ever-expanding field operations (which have provoked, in particular, greater
security risk). Oversight arrangements have grown significantly, with internal
oversight resources more than doubling in the past five years and the number of
external oversight recommendations doubling over the same period. Yet the
Organization’s current approach to risk and controls largely reflects that which was
determined at a time when it was a Headquarters-focused international civil service.
That approach is no longer fully reflective of its evolving global operations and the
consequent emerging risks. An approach to proactively and systematically managing
the Organization’s risk and controls is overdue and could be devised within an
overarching accountability architecture.
33. To manage risk effectively, there must first be a common understanding of
what is meant by “risk”. Risk is the effect of uncertainty on objectives, that is, an
event, circumstance or consequence that affects the achievement of objectives. Risk
management is therefore the process of helping the staff of the Organization to
understand, evaluate and manage risk and therefore increase the probability that the
Organization will achieve its mandates or objectives. Internal control is a process
established to carry out the functions of the Organization in an orderly and efficient
manner, to ensure adherence to management policies, to safeguard its assets and to
provide reasonable assurance regarding the achievement of the Organization’s
objectives. One way of managing risk is through the application of appropriate
internal controls.
A/62/701
11 08-24325
34. Within the public sector, the option to transfer responsibility for a given risk,
perhaps through contracting, outsourcing or purchasing insurance, or to avoid risk
altogether by not undertaking a particular activity is not always possible. Mandates
are assigned to public sector entities that cannot be performed by others. These
mandates must be met, and public sector organizations must accept risks that other
entities would not be willing to take on and seek ways to manage them better. The
United Nations has a very high level of inherent risk (defined as the level of risk
prior to any risk management activities) and operates within a highly regulated
internal environment — the proactive and consistent management of which is key to
ensuring success in achieving its objectives efficiently and effectively.
35. Risks are currently being managed to a certain extent across the Secretariat,
but not consistently or systematically. Internal controls currently incorporate the
financial rules and regulations, the staff rules, the results-based budgeting
framework, the procurement manual and the like, as well as controls embedded
within administrative information technology systems, but they are not necessarily
adapted to the global operations of the Organization, their relative risks and the
importance of their objectives. Some risk management practices are being pursued
in selected departments and areas of the Secretariat,1 but each has developed its own
disparate processes and methodologies that follow different risk management
standards, are not adequately resourced and are not aligned with one another.
Consequently, they do not share a consistent methodology for identifying,
evaluating and responding to reporting risks, and therefore limit the ability of the
Organization to benefit collectively from their risk management efforts.
36. The greatest threat to success is the failure to manage risk. A new approach is
needed that moves away from managing risk and controls in many individual
departmental or functional silos and towards aligning risk management and control
with the Organization’s mandates and objectives and their underlying functions and
activities throughout the Secretariat. This allows for systematically embedding risk
management into the decision-making processes and operations of the Organization.
By applying a new system for managing risk on an enterprise-wide basis, the
Secretariat would be able to determine not only locally but globally which risks
require treatment (i.e., the development and implementation of measures to modify
or manage risks) and to determine the best ways of mitigating them.
37. Today’s Secretariat may be considered risk-averse in that risk is perceived as
something to be avoided. Restrictive control measures may be applied to reduce the
exposure to risk, which may also reduce the Organization’s ability to succeed and
deliver results on a timely and efficient basis. It is proposed that risk management
be designed to be proactive and to allow for new ways to achieve improved results.
In other words, risk need not be negative; managed consistently and carefully, risk
can create new opportunities for success that would otherwise have been missed.
Other anticipated benefits include:
(a) More efficient use of resources. Effective risk management would
provide a means to identify the main risks to the achievement of programme results
and the utilization of resources. The Secretariat would assess regularly whether its
__________________
1 Including the Department of Peacekeeping Operations, the Department of Safety and Security,
the Office for the Coordination of Humanitarian Affairs, the Office of Internal Oversight
Services, the Office of Human Resources Management and the International Tribunal for the
Former Yugoslavia.
A/62/701
08-24325 12
internal management controls were reliable and sufficient to minimize the risk of
waste, to prevent fraud and to maximize results;
(b) Improved programme and project management. All programmes and
projects carry risk, and not all are of the same magnitude. Risk assessment at the
feasibility and inception stages, and throughout the programme or project life cycle,
can help managerial decision-making in the areas of improving forecasts, planning
and execution activities, clarifying responsibilities for managing identified risks and
helping to reduce costs through more efficient allocation of resources;
(c) The ability to foster innovation. The Secretariat must keep pace with
developments in the use of best practices and current information technology, the
pursuit of which requires a less risk-averse and more forward-thinking and results-
oriented culture;
(d) Strengthened oversight. This would be achieved by providing better
support for the decision-making processes of intergovernmental organs and
facilitating risk-based audit planning and the relative ranking and prioritization of
audit findings (see annex II).
Enterprise risk management and internal control framework
and principles
38. A single integrated framework for enterprise risk management and internal
control is proposed. This is in keeping with the current thinking on the convergence
of risk management and internal control frameworks that are particular to an
organization’s internal and external environment.2 Enterprise risk management
would entail a systematic and holistic approach, based on externally developed
international standards,3 to proactively identify, assess, evaluate, prioritize, manage
and control risk across the United Nations so as to better achieve the Organization’s
objectives. The proposed enterprise risk management and internal control
framework would be guided by the following principles:
• Relationship with principal organs, members and partners. An aligned and
consistent risk management approach would be adopted by the Secretariat and
the Organization’s principal organs in decision-making processes.
• Review. Senior management and the General Assembly, with the advice of the
Advisory Committee on Administrative and Budgetary Questions and the
Independent Audit Advisory Committee, would regularly review the
effectiveness of the risk management programme to assess its ongoing
contribution to the effective and efficient operations of the Organization in the
light of changing operational conditions.
• Embedding. Risk awareness within the Organization would reflect that of the
Organization’s principal organs and constructively influence everyday
management decisions.
__________________
2 “Internal Controls — A Review of Current Developments”, Professional Accountants in
Business Committee, International Federation of Accountants, August 2006.
3 The proposed framework embodies the appropriate characteristics and principles incumbent
in the International Organization for Standardization (ISO) guidelines on principles and
implementation of risk management.
A/62/701
13 08-24325
• Support and assurance. Risk management would provide support in
establishing appropriate processes and tools to manage current risks
appropriately through a coordinated system of risk evaluation, response and
reporting, including early warning indicators of future risks.
39. In order to implement successfully an effective enterprise risk management
and internal control framework within the Secretariat, the following guidelines
would be applied:
(a) Management at all levels of the Organization would take responsibility
for risk and control, and risk and control activities would become the practice of all
staff;
(b) Significant risks are identified and managed through an integrated,
coordinated and sustainable approach and methodology that are consistently
applied. There should be one policy, consistent for the entire Organization, applied
individually according to the level of risk;
(c) The approach to enterprise risk and control management should be
comprehensive, disciplined and consistent. It should expedite and inform the
decision-making process rather than impede it. Risk management should be
embedded into the major operational processes — strategic planning, operational
and financial management and performance measurement and management;
(d) Accountability and responsibilities for risk and control management
should be clear and understood at each step in the process and throughout all levels
of the Organization;
(e) The enterprise risk management and internal control framework and
related processes should evolve continuously;
(f) Results and outcomes and adherence to the criteria and requirements
built into the risk and control management process should be independently assessed
and evaluated;
(g) There should be transparent and periodic reporting and communication
around risk assessment and control activities and results — to appropriate senior
management, the Management Committee, the Secretary-General and the General
Assembly through the Advisory Committee on Administrative and Budgetary
Questions and the Independent Audit Advisory Committee.
Enterprise risk management and internal control activities
40. The enterprise risk management and internal control framework activities
would support and have an impact on the existing decision-making processes of the
Organization, from strategic planning to day-to-day operational decision-making
(see figure II).
A/62/701
08-24325 14
Figure II
Risk and control management process
41. Each department would develop a plan for undertaking its own risk assessment
and control activities that reflect the environment within which it operates as well as
the frequency of reporting required. The enterprise risk management and internal
control process would involve the following main elements:
• Establishment of the context for risk assessment. It is necessary to define why
the risk assessment is being performed and what areas it is to cover. This process
includes the development of a descriptive catalogue of risk categories and
subcategories (the “risk universe”; see annex III) specific to the United Nations.
This would help staff, management and Member States to identify risks and to
compare them across the Organization. Rating criteria would be developed to
measure risks on the basis of their impact and likelihood (see annex IV). The
“risk appetite”4 and “risk tolerance”5 levels would be determined through the
submission of proposals as part of the budgetary process and their endorsement
by the General Assembly. Criteria would be established, on the basis of risk, for
considering requests for budgetary and/or control flexibility in order to best
achieve the Organization’s objectives, as discussed in paragraph 45 below.
• Alignment of risks with objectives. Risks should be attributed to or aligned with
the mandates and objectives of operations of the Secretariat. The risks inherent in
each objective would be understood, measured and prioritized to facilitate the
process of determining the actions required to mitigate them.
• Identification and assessment of risks. This process involves identifying the
inherent risk — the impact and likelihood of the risk occurring — as well as the
level of management and control measures in place, by gathering information
from relevant stakeholders and staff within the organizational unit that is
conducting the risk assessment. All risks identified during the risk assessment
process should have an assigned risk owner, who would be accountable for
__________________
4 “Risk appetite” is defined broadly as the amount and type of risk the Organization is willing to
accept in pursuit of its objectives, and is set at the entity level, for the Organization as a whole.
5 “Risk tolerance” is the specific maximum level of risk acceptable to a department, office,
commission, mission or tribunal to meet objectives within the defined risk appetite.
Establish Establish
context
Consider Consider
objectives
Analyse Results, Analyse results,
Map to Processes, map to processes,
and determine risk
and control
treatments
M
o
n
i
t
o
r
Communicate and report
Execute Execute
risk and
control
treatments
Identify Identify
and and
Assess assess
risks
M
o
n
i
t
o
r
Communicate and report
A/62/701
15 08-24325
tracking the progress of the risk, updating the management on periodic changes
and notifying management when an aspect of a risk requires immediate attention.
• Analysis of results, mapping to processes and determination of risk and
control treatments. The identified risks are prioritized on the basis of their
impact, their likelihood and the effectiveness of existing controls. They are then
mapped in order for appropriate action to be taken. The risks are also mapped to
the key functions, processes and activities that contribute to the occurrence of the
risk or through which the risk is managed or controlled. After evaluation, risks
requiring treatment should be assigned to the appropriate risk owners, who would
be accountable for managing them.
• Risk communication and reporting. Information from the risk management and
control process is needed at different levels in the Organization (see figure III).
While detailed reports may be prepared, a consolidated profile of the most
significant risks (see annex V)6 would have to be considered by the Management
Committee and the Secretary-General, communicated to the Independent Audit
Advisory Committee and formally reported to the General Assembly through the
Advisory Committee on Administrative and Budgetary Questions. This report
would be an amalgam of the risks assessed to be the most critical as against the
risk thresholds determined for the Secretariat as a whole.
Figure III
Hierarchy of risk reporting requirements
• Monitoring of risks and controls. Regular monitoring of risks is necessary
because the Secretariat operates in a constantly changing environment. The
__________________
6 Also known as “tier 1 risks”. For an illustration of how the risks would be “mapped” for
consideration and a list of the tier 1 risks identified, see annex V.
GA
IAAC
Secretary-General
Management Committee
Chief Risk Officer
Summarised
Prioritised
Detailed
General
Assembly
Independent Audit
Advisory Committee
Summarized and
prioritized
A/62/701
08-24325 16
monitoring process should provide assurance that there are appropriate
controls in place for the Organization’s activities, that the procedures are
understood and followed and that lessons learned and areas for improvement
are identified and addressed. Regular audits of policy and standards
compliance should be carried out, and standards performance should be
reviewed to identify opportunities for improvement.
Establishing the risk appetite and risk tolerances of
the Organization
42. It would be important to establish levels of risk that would be acceptable in
order to conduct the business of the Organization effectively. This would provide
the basis for management to determine whether to invest in appropriate risk-
mitigating measures, such as strengthening controls, or to relax them — an
important factor when the Organization faces limited resources.
43. A simple example of the concepts of risk appetite and risk tolerance can be
found in the area of emergency humanitarian relief, in which it is necessary to
deliver emergency supplies or equipment to affected areas between 48 and 72 hours
of an emergency event to achieve the objective of saving lives. The defined risk
tolerance might be 48 hours (the acceptable level of risk), whereas the risk appetite
might be 72 hours, since beyond this point supplies or equipment might be too late,
and therefore the activity would have failed to meet its objective. The rating criteria
for measuring the risk when establishing risk appetite and tolerance will be specific
to the objective to save lives, which the activity supports in the present example.
44. The risk tolerances of the Organization are also important from the perspective
of oversight functions. The risk tolerances established by the General Assembly and
the risk assessments undertaken by management would be taken into consideration
in the planning of audit and inspection activities, the analysis of findings and the
identification and prioritization of recommendations to management. The expected
accomplishments and indicators of achievement for the Office of Internal Oversight
Services currently refer to the concept of “critical audit recommendations”, the
measure of which in future should be based on relative risk. Risk management and
control practices and the respective tolerances of the Organization would have an
impact on what resources would be devoted to audit activities. The risk tolerance
thresholds would also help managers to better assess audit recommendations by
allowing them to evaluate the recommendations against the established risk
tolerance and the cost-effectiveness of their acceptance.
45. The enterprise risk management and internal control framework would also
provide a means of determining where flexibility would be needed in budgetary or
operational controls in order to meet organizational objectives on the basis of risk.
In keeping with the unique international characteristics of the Organization and its
mandates, the enterprise risk management and internal control framework would
need to facilitate the cost-effective maintenance of appropriate control standards
while also allowing for flexibility, under appropriate circumstances, in those
standards to meet operational exigencies, such as a humanitarian disaster. The
measured modification of controls or the implementation of other risk mitigation
activities would be carried out in compliance with preset guidelines and thresholds
that would dictate the criteria and the level of authority and approval required for
A/62/701
17 08-24325
control flexibility to meet operational exigencies. These predetermined criteria
would enable management to better balance risk against performance when
considering how best to achieve the Organization’s objectives.
Addressing the risk of fraud through enhanced preventive activities
46. The risk of fraud and corruption is a specialist area of risk that requires careful
management within the resultant enterprise risk management and internal control
framework and consideration within the risk assessment, evaluation and risk
mitigation activities. The functions, processes and activities associated with many of
the risks identified within the Organization are by their nature susceptible to fraud.
Pursuant to requests of the General Assembly,7 a series of measures — built on the
enterprise risk management and internal control framework — have been identified
to more effectively prevent the fraudulent and corrupt acts of staff and third parties.
47. Prevention is better than cure. Fraudulent and corrupt activities waste valuable
resources, burden administrative and investigative functions and tarnish the
reputation of the Organization and its dedicated staff who serve with integrity.
Successful fraud and corruption prevention activities would assist the Organization
in its stewardship and safeguarding of scarce resources, support the integrity of the
Organization and protect its reputation and lead to a reduction in cases requiring
administration, investigation and sanctioning actions over time.
48. To address the risk of fraud and corruption, a short- and medium-term anti-
fraud and corruption prevention plan of action has been developed by the Secretariat
and reviewed by external experts for presentation to the General Assembly. The plan
comprises a holistic approach to the development of a strong system of fraud and
corruption prevention and sets out how the existing and proposed functions to
prevent fraud would work together effectively.
Organizational roles, responsibility and accountability
49. Risk and control management are activities to be owned by the management of
the Organization. The responsibility for the establishment of an integrated enterprise
risk management and internal control framework would rest with the Secretary-
General. To assist the Secretary-General in this regard, a Chief Risk Officer would
be required to provide specialized expert capability and capacity to support
management in its efforts to proactively manage risk and controls within the
Secretariat.
50. The senior managers’ compacts with the Secretary-General, discussed above in
the context of the accountability framework, are also an important element of
internal control. It would be necessary to examine further whether the existing
compact should be augmented through the incorporation of a certification report
from each Under-Secretary-General confirming his or her responsibility in
establishing and maintaining a strong internal control environment as a result of the
risk assessment process. On an annual basis, each Under-Secretary-General or
__________________
7 See General Assembly resolutions 58/4, annex; 59/264, para. 4, endorsing the recommendation
of the Board of Auditors in para. 349 of its report (A/59/5 (vol. I), chap. II); 60/34, para. 6;
60/254, para. 13; and 60/266, sect. V, para. 3.
A/62/701
08-24325 18
equivalent position could be required to prepare and submit to the Secretary-General
such a certification report as a further instrument to enhance accountability. The
certification report would address only those risks within the respective span of
control, namely, where the Under-Secretary-General is also the risk treatment
owner, and would require integration within the existing compact structure. If
pursued, the report would not generate additional audit requirements.
51. Member States would undertake an important role within the enterprise risk
management and internal control framework in exercising their governance and
oversight responsibilities. Inherent within the proposed integrated enterprise risk
management and internal control framework is the concept of the Organization’s
risk appetite, the risk tolerances for each subprogramme of the budget and the
framework within which budgetary and control flexibility may be granted. Through
their incorporation within the strategic framework and budgetary submissions, these
aspects would be subject to the review and endorsement of the General Assembly.
52. Furthermore, the Independent Audit Advisory Committee would assist the
General Assembly in fulfilling its oversight responsibilities pursuant to Assembly
resolution 61/275, including the role of advising the Assembly on both the quality
and overall effectiveness of risk management procedures and deficiencies in the
internal control framework of the United Nations. The proposed implementation of
the enterprise risk management and internal control framework would be necessary
to facilitate the execution of those tasks, and for the Secretariat to respond
accordingly.
53. Pursuant to the mandate of the Office of Internal Oversight Services (OIOS),
its Internal Audit Division would be responsible for the independent review of the
results of the risk assessments undertaken by management, evaluating the
effectiveness of the risk management process and the related risk exposures, as well
as reflecting the results in their audit plan.8 A risk report would be provided to
OIOS annually to support the alignment of its internal audit plan to the risk profile
of the Secretariat. The level of risk, in terms of its impact and likelihood of
occurrence, is typically used to rank the importance of a given area for inclusion
within an internal audit plan. In doing so, OIOS should not duplicate management’s
risk assessment efforts, but would review, critique and draw reliance upon them for
their audit planning purposes, and consult with management on the risk assessment
process in the final determination of the audit plan. The Internal Audit Division
would also periodically assess and evaluate aspects of the enterprise risk
management and internal control process to validate that risk identification,
assessment, mitigation, monitoring and communication processes are properly and
consistently followed across the Organization (see also A/61/605, para. 39 (a)).
__________________
8 See the International Standards for Professional Practice of Internal Auditing of the Institute of
Internal Auditors. Performance Standard 2110 on risk management states: “The internal audit
activity should assist the organization by identifying and evaluating significant exposures to risk
and contributing to the improvement of risk management and control systems.” Included in this
standard are Implementation Standards 2110.A1 and 2110.A2 which further state: “The internal
audit activity should monitor and evaluate the effectiveness of the organization’s risk
management system” and “The internal audit activity should evaluate risk exposures relating to
the organization’s governance, operations, and information systems regarding the:
• Reliability and integrity of financial and operational information.
• Effectiveness and efficiency of operations.
• Safeguarding of assets.”
A/62/701
19 08-24325
54. The Board of Auditors audits the accounts of the United Nations pursuant to
article VII of the Financial Regulations and Rules of the United Nations. It is
anticipated that the risk assessment outputs will be useful inputs to the work of the
Board, in particular with reference to its assessment of the functioning of the
internal control system of the Secretariat (see regulation 7.5).
Reporting requirements
55. As a basis for decision-making in support of the achievement of results, it
would be essential for the Organization to report on the state of risk management,
control assessment and monitoring activities. A structured and coordinated
information flow both upwards and downwards would be required, internally within
the Secretariat and externally to the General Assembly and its subsidiary organs
(including the Independent Audit Advisory Committee).
56. One of the most important aspects of the enterprise risk management and
internal control process is that it would provide transparency in the identification,
assessment and communication of risk and risk response strategies and activities.
Risks relevant at the department, office, commission, mission and tribunal levels
would be revealed, common concerns identified and the appropriate responses
developed at both the local level and across the Secretariat where such risks and risk
responses would be shared and coordinated. Timely, transparent and accurate risk
and control reporting would enable the Organization to look at risk more broadly
and to provide better and more consistent information than is currently available for
decision-making at all levels, including senior management, the Secretary-General,
possibly a risk assessment board and the General Assembly.
57. The ultimate responsibility for effective and accurate risk reporting would lie
with each Under-Secretary-General for his or her areas of responsibility, and with
the Secretary-General for risk information and reports to be submitted to the
General Assembly. The Chief Risk Officer would assist in the evaluation and
dissemination of information related to risk and control activities, and would
prepare consolidated reports and such other information as may be required for
dissemination to the Management Committee, the Secretary-General and the
General Assembly.
58. On an annual basis, or more often depending on what risks arise, the Chief
Risk Officer would present to the Management Committee and the Secretary-
General a consolidated risk profile of the Secretariat reflecting the most significant
risks, for onward submission to the General Assembly through the Advisory
Committee on Administrative and Budgetary Questions. This consolidated risk
profile would be assembled from the annual risk assessments performed by the
departments, offices, commissions, missions and tribunals, utilizing the tools and
technologies required to support the process. It would contain prioritized and
summarized risk and control information reflecting those risks deemed to be most
significant to the Organization on an entity-wide basis. Risk information on
significant risks would also be disseminated to the Institute of Internal Auditors,
Office of Internal Oversight Services and the Board of Auditors in accordance with
established protocols.
59. The new approach to managing risk should be considered an important
component of the proposed comprehensive accountability architecture along with a
A/62/701
08-24325 20
fully implemented results-based management framework. The following section
provides a plan for achieving the Organization’s goal of results orientation in all
aspects of work and at all staff levels.
V. Results-based management
60. Results-based management is the final key component in improving the
governance and oversight of the Organization and the effectiveness and
accountability of management. As explained in the present section, when properly
implemented within a comprehensive accountability architecture, results-based
management provides the basis for greater transparency, more effective budgetary
decision-making and, therefore, better working practices between governing bodies
and executive management.
61. The General Assembly, in its resolution 61/245, having considered the report
of the Secretary-General on the comprehensive review of governance and oversight
within the United Nations and its funds, programmes and specialized agencies
(A/60/883 and Add.1 and 2) and the related report of the Advisory Committee on
Administrative and Budgetary Questions (A/61/605), endorsed the conclusions and
recommendations of the Advisory Committee and requested the Secretary-General
to submit a report on results-based management. In paragraph 6 of its report, the
Advisory Committee recommended the use of expertise from within the United
Nations system, including the working group of the United Nations System Chief
Executives Board for Coordination (CEB) on results-based management, consistent
with the provisions of paragraph 2 of General Assembly resolution 60/257 on
programme planning, by which the Assembly endorsed the recommendations of the
Committee for Programme and Coordination in its report on its forty-fifth session
(A/60/16, para. 248 (a)) on the need to take into account the benchmarking
framework proposed by the Joint Inspection Unit (A/59/607, A/59/617 and Add.1,
A/59/631 and A/59/632).
62. The Advisory Committee identified “strengthening the results-based approach
and accountability” for early decision by the Assembly, stating that “effective
implementation of results-based management can be expedited through rigorous
commitment and leadership of senior management in making improvements in
structures, management practices and management tools” (A/61/605, paras. 10 and
14).
63. In its resolution 55/231, the General Assembly adopted results-based
budgeting in the United Nations, acting on proposals by the Secretary-General and
the recommendations of the Advisory Committee, made in the context of reform. In
that resolution, the Assembly requested that measures adopted should be
implemented in a gradual and incremental manner, in full compliance with
Regulations and Rules Governing Programme Planning, the Programme Aspects of
the Budget, the Monitoring of Implementation and the Methods of Evaluation
(ST/SGB/2000/8) and the Financial Regulations and Rules of the United Nations
(ST/SGB/2003/7).
64. The concerns of Member States and of the oversight bodies concerning the
inadequate implementation of results-based management have been carefully
considered and have given rise to the proposed results-based management
framework. Although regulations, rules, procedures and guidelines are in place for
A/62/701
21 08-24325
implementing a results-based approach for the preparation of planning and
budgeting instruments, the Secretary-General agrees that the actual practice of
results-based management of programmes and staff has been inadequate. The
planning, budgeting, monitoring and evaluation activities, including the reporting on
achievement of results, have been viewed more as a compliance matter rather than
as a management tool for understanding what has worked well and why.
65. On the basis of the findings of a comprehensive review of results-based
management in the United Nations Secretariat, the Secretary-General proposes to
implement a new framework. The framework would firmly establish the practice of
results-based management Secretariat-wide on the understanding that it is a broad
management approach that uses information about expected results for strategic
planning, human resources and budgetary decision-making, performance
measurement and learning. Results-based management involves generating and
collecting data and evidence regularly and would enable programme managers to
focus specifically on the achievement of results so that modifications to the design
and delivery of activities could be made to improve and account for performance.
The information would also be made available to the Member States through
improved reporting.
66. In response to recent requests by the General Assembly,9 the present section
also contains specific proposals by the Secretary-General on strengthening
monitoring and evaluation, and integrating the findings from the review of results-
based management in the Secretariat. The aim is to ensure that the cycle of
planning, programming, budgeting, monitoring and evaluation activity is working
effectively and to bring about a more extensive and uniform use of self-evaluation at
the programme and subprogramme levels.
67. Figure IV provides an overview of the steps needed under the framework to
ensure that all parties involved are accountable for influencing and contributing to
agreed results. Annex V to the present report clearly illustrates the roles and
responsibilities of the parties. The steps needed under the framework include the
following:
(a) Member States (through the General Assembly and the Security Council)
would provide directives, priorities and targets for the Organization;
(b) The Secretary-General would translate these into the proposed biennial
strategic framework, part one: plan outline; and part two: biennial programme plan;
(c) Programme managers would undertake planning intended to achieve
results, addressing risks within their scope that would threaten achievement of
outcomes and results (further analysis of the way in which risks would be treated is
included in the enterprise risk management section of the present report);
(d) Budgeting for results would be undertaken on the basis of what is known
to work, taking into account available resources;
(e) Performance would be continuously monitored and implementation
would be adjusted where needed;
__________________
9 Resolutions 60/254 (para. 4), 60/257 (paras. 10 and 15), 60/260 (sect. IV, para. 5), 61/235 (para. 17)
and 62/224 (para. 12).
A/62/701
08-24325 22
(f) Conduct of evaluations and, more importantly, use of evaluative
information for improvements and for learning would be key to achieving results
and providing feedback for planning and budgeting.
Figure IV
Overview of steps
68. The success of results-based management, and indeed the introduction of any
new policies, procedures and ways to strengthen the effective management of
programmes and staff, is dependent on a well-coordinated approach, policy
direction, continuous training, guidance and upgrading of skills on a routine basis.
The proposed framework would support this approach.
Review of results-based management
69. In response to General Assembly resolution 61/245, the Department of
Management conducted a comprehensive review of results-based management. The
team, led by the Department of Management, comprised staff members from the
Department of Economic and Social Affairs, the Department of Public Information,
General Assembly mandates
Directives, priorities and targets
Major United Nations Conferences,
Millennium Development Goals
Secretary-General
Plan outline
Priorities
Planning for results
Strategic frameworks
Compacts
e-PAS
Monitoring performance
Performance measurement
Indicators and targets
• Outcomes, outputs and activities
(programme)
• Compacts, management performance
(e.g., audit, finance, human resources)
• e-PAS (mid-term)
Evaluating and learning
In-depth and thematic evaluations (OIOS)
Self-evaluations and internal evaluations
Compact review
e-PAS (end of year appraisals)
Participatory processes: learning
Accountability
for results
Budgeting for results
Biennial budget
Special political missions,
tribunals, trust funds
Annual peacekeeping budgets
A/62/701
23 08-24325
the Department of Peacekeeping Operations, the Economic and Social Commission
for Asia and the Pacific and the United Nations Chief Executives Board for
Coordination (CEB) secretariat. About 50 staff members and senior managers were
interviewed for the study. Informal exchanges were held with representatives of the
regional groups of the Fifth Committee. An inter-agency workshop with results-
based management practitioners from United Nations system organizations was held
in Geneva in collaboration with the CEB secretariat. The consultants assisted with
technical aspects of the study relating to data gathering for the survey, facilitation of
the workshop and research on international best practice.
70. An analysis of the findings of the review highlighted the following problems
in the implementation of results-orientation in the Secretariat:
(a) Current system of managing results. Most programmes are not yet
implementing results-based management and its purpose is not clear. Few
programmes are using results data for performance monitoring, planning or self-
evaluation. There is an absence of an organizational strategic plan addressing United
Nations objectives globally and regionally. The biennial strategic framework, part
one: plan outline, while focused on longer-term objectives and priorities for the
Organization, is not available at the time of preparation of part two: biennial
programme plan, in which the objectives, expected accomplishments and indicators
of achievement are presented for each subprogramme. A coherent structure to
establish and encourage results-based management in the United Nations Secretariat
is absent. There are too many reporting systems which are not sufficiently integrated
and there is insufficient guidance and overall direction. Some of the logical
frameworks in the strategic framework are focused on outputs and not outcomes:
selection of appropriate indicators requires further improvement;
(b) Use of data for programme planning, budgeting and monitoring.
Information on results is not provided frequently enough to allow Member States to
determine whether or not changes to the direction of work or budgets are warranted.
The quality and relevance of data reported are not easily judged by end-users. Not
all staff have the expertise to produce the best relevant data for performance
monitoring. The current process is considered inflexible to different departmental
needs and changing conditions;
(c) Roles and responsibilities of management. Endorsement and
encouragement of results-based management by most levels of management is
lacking and most managers do not see the current system of managing results as
useful to them. Almost all staff interviewed acknowledged that most managers at the
top levels did not emphasize using results information for managing their work
programmes and staff. Information on results is perceived to be a reporting
requirement rather than a management tool;
(d) Roles and responsibilities of Member States. The desire of Member
States to implement results-based management practices is mainly rooted in a wish
to improve accountability. Their understanding of results-based management and of
their role and responsibility is often uneven. Like staff, delegates have a high
turnover rate and are entitled to information on the basic elements of results-based
management for their deliberations;
(e) Training, support and communications. The available training and
technical support needed for sustainable implementation of results-based
A/62/701
08-24325 24
management are inadequate. Training and ongoing support need to be provided on
an ongoing basis. There is a lack of trust and information-sharing among Member
States and the Secretariat on their respective roles in planning, budgeting,
management and oversight: better communication is needed.
71. The survey findings reconfirmed the concerns that have been expressed by the
Advisory Committee on Administrative and Budgetary Questions, OIOS, the Joint
Inspection Unit, the Board of Auditors and Member States concerning the results-
based management issue. The suggestions for improvements included:
(a) Develop an integrated and comprehensive system to establish and
strengthen results-based management;
(b) Include accountability for results in the accountability framework;
(c) Develop one integrated system for reporting on all components of the
programme planning and budgeting cycle;
(d) Provide clearer guidelines, ongoing training and support;
(e) Establish a dedicated capacity to institutionalize results-based
management in the Secretariat, including support for monitoring and evaluation of
programmes and activities;
(f) Strengthen the practice of self-evaluation in departments and offices;
(g) Improve the quality of results data for planning and budgeting and
enhance performance monitoring;
(h) Enhance information-sharing and communication between the Secretariat
and Member States.
Strengthening monitoring and evaluation
72. On the basis of the findings of the review and in response to the specific
requests by the General Assembly, the Secretary-General proposes to strengthen the
monitoring and evaluation capacities of the Secretariat through the results-based
management framework. Results-based monitoring and evaluation go beyond the
traditional focus on financial input and output activities and help decision makers to
analyse outcomes and impacts and to use the information for future planning. In
order to be effective, monitoring and evaluation must address whether the activity
had the intended outcome in addition to determining compliance. The availability of
effective monitoring and evaluation tools will allow programme managers to
reinforce a culture of learning and understanding of the usefulness, efficiency and
effectiveness of their work. Effective tools provide senior management and Member
States with verifiable and reliable information for planning, facilitate decision-
making on programming and budgeting and support managerial focus on
achievement of results and outcomes.
73. To facilitate the results orientation of the Secretariat, performance monitoring
and self-evaluation, as mandated by the programme planning rules, would be
strengthened as outlined below.
A/62/701
25 08-24325
Performance monitoring
74. According to the findings of the review, the monitoring of programme and
managerial performance in the Secretariat has been inadequate. Performance
monitoring should assume a stronger role in determining the progress of work
towards achieving outcomes. Performance monitoring is the responsibility of
management and covers the following activities: tracking progress made in the
implementation of activities and achievements of results; using evaluation
methodology to determine performance and achievement of results; and determining
the efficient, effective and accountable use of resources, including identification and
mitigation of risks (as also discussed in the enterprise risk management section).
75. The programme performance report is an important vehicle for performance
monitoring and reporting on achievement of outcomes and outputs to Member
States. Priority would be given to improving the usefulness of the programme
performance report for both programme managers and Member States by making
better use of performance data and by addressing the urgent issue of timeliness of
performance reporting. Programme managers would incorporate lessons learned and
“implications for future plans and budgets” from the assessment of achievements in
the preparation of new plans and budgets and provide information on past
performance in time for decision-making on future programmes and
subprogrammes.
76. Currently, OIOS is responsible for consolidating the reporting by individual
departments on the performance monitoring of their activities on a biennial basis. In
accordance with General Assembly resolution 61/245, the responsibility for the
report was transferred to the Department of Management. While the Advisory
Committee on Administrative and Budgetary Questions had agreed that the
preparation of the programme performance report be transferred to the Department
of Management, it was noted in the OIOS proposed programme budget for 2008-
2009 (A/62/6 (Sect. 29) and Corr.1) that the detailed arrangements for the
preparation of the programme performance report would be addressed in the context
of the present report. Details on the transfer from OIOS of those functions to the
Department of Management, and related resources, appear in addendum I to the
present report.
Evaluation
77. The study reconfirmed previous findings by the Advisory Committee on
Administrative and Budgetary Questions and the oversight bodies that the use of
evaluative information by the Secretariat to inform decision-making on programme
planning has been inadequate. There are two types of evaluation under the
programme planning rules, namely independent evaluation conducted by the
oversight bodies and self-evaluation conducted by management:
(a) The independent evaluations conducted by OIOS are ad hoc in-depth
programme-level evaluations and Organization-wide cross-cutting thematic
evaluations, conducted at the request of intergovernmental bodies or at the initiative
of OIOS. The findings are presented to the General Assembly through the
Committee for Programme and Coordination and, when approved, to management
for action. The central evaluation function in OIOS is located independently from
management. OIOS has full discretion in submitting directly its evaluation reports
for consideration at the appropriate level of decision-making. The Joint Inspection
A/62/701
08-24325 26
Unit conducts evaluations aimed at improving management and methods and at
achieving greater coordination between United Nations organizations;
(b) Programme managers conduct periodic self-evaluations, at their
discretion, directed at time-limited objectives and continuing functions to assess
relevance, usefulness, efficiency and effectiveness of activities and to make
adjustments at the planning and implementation stage.
78. In either case, evaluation is a dedicated formal exercise, subject to specific
norms, standards and procedures, conducted to determine relevance and
effectiveness, subprogramme outcomes, or impact of programmes. The following
actions are proposed for strengthening self-evaluation in the departments and
offices:
(a) Departments and offices that do not yet have established policies for the
conduct of self-evaluation would be required to issue a directive on the concept, role
and use of evaluation, including the institutional framework and definition of roles
and responsibilities, scope and periodicity of evaluations and an explanation of how
the evaluation function and evaluations are planned, managed and budgeted;
(b) The responsibility for reporting on evaluation follow-up at the
departmental level, including demonstrated use of lessons learned and response to
evaluation recommendations, would be included in the e-PAS for relevant staff;
(c) Heads of department and office would be accountable to the Secretary-
General, through the Management Performance Board, for the use of performance
information and overall lessons learned as demonstrated in their compact with the
Secretary-General and in the programme performance report;
(d) The proposed monitoring and evaluation support function would be
assigned the task supporting departments in their development of self-evaluation in
support of results-based management and in accordance with the programme
planning and budgeting cycle;
(e) Available standards, guidelines and procedures would be updated and
enhanced to facilitate the work of the dedicated evaluation capacities in departments
and offices in support of results-based management;
(f) Training modules on roles, responsibilities and use of monitoring and
evaluation within the programme cycle would be developed by the proposed results-
based management capacity. Technical training on the conduct of evaluation would
also be offered to allow staff to obtain certification.
79. Support for these activities would be provided by the proposed results-based
management capacity, which includes a monitoring and evaluation support unit. It
would be responsible for setting standards and policies for results-based monitoring
and evaluation activities; providing guidance; assisting departments and offices in
developing a schedule for evaluations; preparing the biennial programme
performance report; and undertaking training and knowledge-sharing on monitoring
and evaluation. The transfer of the monitoring and evaluation support function to
the Department of Management from OIOS would ensure strong managerial
ownership of these activities so that they become part of ongoing performance
management, planning and control measures. OIOS would continue to undertake in-
depth and thematic evaluations and provide quality assurance for the Secretariat’s
A/62/701
27 08-24325
preparation of the programme performance report and the conduct of self-
evaluation.
80. It is important for departments and offices to assign to dedicated staff the
responsibility of monitoring and evaluation, and to undertake planning based on
information derived from these activities, if results-orientation is to take hold
Secretariat-wide. The oversight bodies, including OIOS, have noted with concern
that the level of budgetary resources dedicated to monitoring and evaluation in the
Secretariat is low and in some cases clearly inadequate. According to a study carried
out by OIOS, less than 50 per cent of all subprogrammes were subject to evaluations
in 2004-2005. OIOS identified 25 programmes that dedicated less than 1 per cent
for monitoring and evaluation and seven programmes that dedicated 0.1 per cent or
below. OIOS recommended, for example, that the Department for General Assembly
and Conference Management, the Department of Political Affairs, the Department of
Economic and Social Affairs and the Department of Management establish
dedicated evaluation capacity. The importance of adequately resourcing monitoring
and evaluation activities, which would occur through the biennial budgeting
process, cannot be understated.
Peacekeeping
81. The work of the Secretariat relating to peacekeeping operations consumes a
large portion of the resources of the Organization. The systematic and consistent
implementation of results-based management and enterprise risk management would
address concerns by Member States regarding the results achieved and the risk
exposure especially of large departments such as the Department of Peacekeeping
Operations with highly complex operations. With regard to the implementation of
results-based management principles, the Department of Peacekeeping Operations
and the Department of Field Support face specific challenges due to the dynamic
and complex nature of their operations. While peace operations would also be
subject to the implementation of results-based management principles, specific
approaches would therefore need to be identified. Guidance and support would be
provided to peace operations accordingly by the Department of Peacekeeping
Operations and the Department of Field Support in consultation with the proposed
centralized results-based management capacity in order to ensure better
coordination of results-based management Secretariat-wide.
82. The General Assembly approves the annual budgets for peacekeeping missions
and considers the annual mission performance reports, which are based on a
portfolio of evidence provided by the missions. Some mature peacekeeping missions
operate in stable environments, where the application of a results-based approach
seems straightforward, while others are subject to constant change. The often
difficult circumstances on the ground, especially for new missions where planning
and monitoring can be extremely challenging, may make the various aspects of
results-based budgeting difficult to implement.
83. It is important to note that a number of Secretariat departments have two sets
of results-based budgeting logical frameworks to contend with, namely the regular
budget and the support account for peacekeeping operations (some departments,
including the Office for the Coordination of Humanitarian Affairs, have a third set
for voluntary, extrabudgetary funding). In addition, the frameworks cover different
A/62/701
08-24325 28
time periods. The regular budget covers a two-year period while the support account
covers a one-year period beginning on 1 July and ending on 30 June the following
year, as is also the case with peacekeeping budgets. These departments include the
Department of Peacekeeping Operations, the Department of Public Information,
OIOS, the Office of Legal Affairs, the Office of the Ombudsman, the Department of
Safety and Security and the Department of Management.
Accountability for results
84. Results-based management requires managers to learn from experience and
apply this knowledge to day-to-day management, but managers do not necessarily
have control over expected results and outcomes. It is management’s demonstration
of the use of results information and evidence of how programmes influence and
contribute to results that would be a part of the Organization’s accountability
system. Managers would be held accountable for having adjusted activities and
outcomes based on performance monitoring. In determining accountability for
achieving results in the context of a results-oriented organization, a number of
challenges exist, including external factors, such as the influence of other
programmes, social and economic factors at the national level and operational and
other risks, which may negatively influence the programme’s ability to achieve
results. The enterprise risk management process is aimed at addressing the influence
of risks.
85. In addition to the existing accountability mechanisms, which are described in
section III of the present report, managers and staff would also be accountable for
undertaking performance monitoring and self-evaluation and for applying findings;
measuring the planned outcomes; demonstrating the contribution made by a
programme to the expected accomplishments; and demonstrating what was learned
over a period of time and what changes were made to be more effective.
Results-based management framework for the
United Nations Secretariat
Principles and action plan
86. Considerable experience and lessons learned on results-based management has
been built up in national Governments and a variety of international contexts.
Taking into account public-sector best practice as well as the results of the survey,
the Secretary-General is proposing a results-based management framework for the
Secretariat, comprising five basic principles derived from the collective department
experience on results-based management and a number of actions to be taken,
requiring the active leadership and commitment of senior-level management. The
five principles distil the essence of the key elements identified in the review to be
necessary for managing a results-oriented organization. The recommendations made
by the oversight bodies and the Advisory Committee on Administrative and
Budgetary Questions have also been taken into account in the proposal. The
proposed results-based management framework is presented below.
A/62/701
29 08-24325
Principle 1: foster senior-level leadership in results-based management
Effective leadership is essential if it is to succeed and requires:
• Demonstrated senior management leadership and commitment
• Senior management capacity for results-based management
Actions:
• Use by senior managers of results information contained in the compacts and
strategic frameworks for day-to-day management and decision-making on
programme activities, resources and staff
• Results-based management is to be part of senior management orientation and
training on performance management
Principle 2: build results frameworks with ownership at all levels
The Organization needs to set out the overall and specific strategic results its
programmes are collectively and individually intended to achieve and how best to
structure itself to achieve them, namely:
• A strategic results framework, outlining organizational objectives and
strategies and major risks, aligned with the Organization’s programmes
• Results frameworks for programmes showing objectives, strategies and
resources used, risks faced and the logic behind the programme design
• Reasonably clear and concrete performance expectations for programmes
• A strategy for measuring key results, including a manageable set of
performance indicators for programmes and complementary evaluations
• Ownership by managers and staff of results frameworks that are relevant and
useful
Actions:
• Improve existing organizational systems, including results-based budgeting
procedures, compacts, e-PAS and reporting, with regard to timing, presentation
and usefulness, to align and integrate with agreed results frameworks
• Improve results frameworks at all levels, e.g., through cross-sectional peer
reviews, to enhance implementation and ownership
• Adapt terminology where appropriate with that used by United Nations system
organizations
• Provide midpoint information briefings to Member States on results-based
management issues
Principle 3: sensibly measure results and develop user-friendly results-based
information systems
The Organization needs to gather and analyse credible information on performance
through:
A/62/701
08-24325 30
• Measuring results and costs, using both ongoing monitoring and evaluation
and assessing actual results and costs in light of the performance expectations
• Assessing the contribution and influence made by the programmes to the
observed results
• Building cost-effective, user-friendly and relevant results-based management
information systems
Actions:
• Review comprehensively all performance measures in strategic frameworks
and compacts to improve linkages between objectives and expected
accomplishments, including indicator selection (e.g., establish indicator bank,
focus on performance and quality, improve data collection methods)
• Assess the contribution and influence of organizational units to outcomes
• Develop information technology tools and knowledge management systems in
support of results-based management, including creating a results-based
management platform under enterprise risk management
Principle 4: use results information for learning, managing, reporting and
accountability; promote and support a culture of results
Realizing the benefits from results-based management and fostering an appropriate
organizational culture of results are critical and require:
• Using performance information to inform and improve programme
performance and budgets
• Identifying and using best practices to improve performance
• Credible performance reporting internally and externally, telling a coherent
performance story
• Informed demand for results information
• Supportive organizational systems, incentives, procedures and practices
• A results-oriented accountability regime
• Capacity to learn and adapt
• Results measurement and results-based management capacity
• Clear roles and responsibilities for results-based management
Actions:
• Use results information formally and informally for planning and budgeting
• Enhance reporting on results-based budgeting/results-based management,
including with regard to presentation and timing
• Enhance the use of evaluative information overall, including in-depth
evaluations, self-evaluations and lessons learned
A/62/701
31 08-24325
• Build evaluative knowledge and learning systems to strengthen the
implementation of programme planning rules and the peacekeeping planning
cycle
• Strengthen results-oriented human resource management policies, including by
developing competency for results-orientation and an incentives scheme; and
providing ongoing comprehensive training on results-based management
• Hold managers accountable for demonstrating the use of result information
and lessons learned
• Define more clearly the roles and responsibilities of programme managers,
intergovernmental bodies and oversight bodies for results-based management,
including all aspects of programme planning, budgeting, monitoring and
evaluation
• Establish a central results-based management support capacity, including a
monitoring and evaluation support unit
• Establish dedicated resources and posts for monitoring and evaluation in
departments and offices
Principle 5: build an adaptive results-based management regime through regular
review and update
Implementing results-based management is an ongoing learning process: regularly
review and update all aspects of the results-based management regime —
frameworks, indicators, expectations, measurement strategies, systems and use — as
to continued relevance, usefulness and cost
Actions:
• Review biennially all aspects of the results-based management framework at
the beginning of budget cycles
• Report to the General Assembly periodically on the implementation of the
results-based management framework and on matters requiring approval of
Member States
Results-based management capacity
87. In order to achieve a fully results-oriented Organization, results-based
management needs to be practiced in a cohesive and coordinated manner. While
many policies, procedures and measures exist to move towards a results-oriented
Organization, guidance and training have so far been provided in a piecemeal
fashion and there is currently no effective, centralized and dedicated mechanism in
place to ensure the full implementation of results-based management. The success of
results-based management depends on an adequate knowledge and experience base
among senior management, programme managers and staff-at-large to ensure the
sustainability of the framework. The goal is to encourage participation of senior
managers in creating a results-oriented organization through the implementation of
the new framework.
88. As a priority, a training strategy would therefore be developed aimed at
integrating results-based management issues, approaches and concepts into all
A/62/701
08-24325 32
management training offered whenever possible in order to build and sustain a
culture of results. Basic results-based management training would be offered to all
staff in an effort to promote and support a culture of results.
89. In order to implement the proposed results-based management framework and
to provide overall guidance and support, it is therefore proposed that a results-based
management section be established in the Department of Management. Details of
the resource requirements appear in the addendum to the present report. The results-
based management section would also assume the functions of monitoring,
including responsibility for the biennial programme performance report, and self-
evaluation to be transferred, with related resources, from OIOS. In this connection,
it is recalled that the General Assembly was informed in the context of the proposed
programme budget for 2008-2009 that such transfer of functions and related
resources would be addressed as part of the review of results-based management
(see paras. 71-79 above). The other functions of the results-based management
section would include the following:
(a) Overall support to establishing and promoting a results-oriented culture
in the Secretariat, including in peacekeeping missions and special political missions,
by establishing, for example, a community of practice of results-based management
focal points Secretariat-wide and the provision of support for results-oriented
strategic planning, budgeting, monitoring and evaluation;
(b) Overall support to the preparation of the biennial strategic framework, in
collaboration with the Office of Programme Planning, Budget and Accounts, in
accordance with relevant legislative mandates, as approved by the General
Assembly, and assistance to monitoring of programme results achieved by senior
managers via their compacts;
(c) Establishment of and/or updating policies and procedures for results-
based management (standards, methodology, guidelines, coordination, revisions, as
appropriate, to the programme planning rules, and scope and timeliness of reports to
Member States);
(d) Provision on a routine basis of support and services to departments and
offices for applying results-based concepts, rationalizing related information
systems and reviewing logical frameworks and communication;
(e) Provision of training and advisory services. Training modules on results-
based management would be developed, coordinated with the needs for enhancing
skills for monitoring and evaluation. The training modules would draw on existing
training already developed by Office of Programme Planning, Budget and Accounts,
OIOS and the United Nations Evaluation Group and be incorporated as part of the
standard training programme offered to all staff and managers;
(f) Development and maintenance of a useful results-based management
platform under enterprise risk management, including knowledge management;
(g) Support, as needed, to the risk management capacity and the
accountability framework.
90. A variety of benefits that have yet to be realized under the current system are
intended to flow from the effective implementation of the proposed results-based
management framework. For Member States, the primary benefits would include
more timely information, for example at midpoint briefings and through more timely
A/62/701
33 08-24325
performance reporting, on the results achieved by the Organization and verifiable
evidence collected thereon. This would facilitate decision-making by Member States
on programmatic and budgetary issues on the basis of findings from monitoring and
evaluation exercises and the reporting of risks that threaten the achievement of
results. Member States would also be facilitated in their decision-making on the
continuing usefulness, efficiency and effectiveness of programmes and
subprogrammes. The effective use of results-based management would enhance the
accountability of programme managers for using evidence and data for day-to-day
management decisions and highlight their contribution to results achieved.
91. The benefits for management and staff under the results-based management
framework would include new tools and more useful systems or realignment of
existing systems as well as streamlined planning and reporting requirements that
allow managers to concentrate on achieving results and limit the time spent on
implementing complex processes and procedures. Far from being an additional layer
in the management process, the proposed results-based management support
capacity would consolidate support functions that were previously at best
inadequately resourced and spread across various sections, such as OIOS, the Office
of Programme Planning, Budget and Accounts and the Office of the Under-
Secretary-General for Management. The results-based management capacity is
intended to empower programme managers, equipping them with effective
information tools and support systems to track and analyse indicators and results.
Training and guidance on results-based management, including on programme
planning, budgeting, monitoring and evaluation, would also be provided to
programme managers and staff at large on an ongoing basis. Programme managers
would have a better foundation and understanding, based on reliable information
and evidence, of the best ways to achieve their expected results — what has worked,
what has not worked and what needs improvement — and would be able to present
to the Secretary-General and to Member States evidence on how their programme
contributed to agreed results, thus enabling Member States to assess the overall
performance of the Organization.
VI. Conclusions
92. As the Organization is increasingly called upon to undertake more important and
complex activities, and as its role is ever-expanding, concerns about weaknesses in
accountability, transparency and the achievement of results continue, as do calls for
change. It is therefore time for the Organization to manage those concerns and to
change through the modernization of its management practices, as it plans its
programmes and manages its risks and resources more strategically towards the
achievement of tangible results. However, doing so will require a dramatic shift in
management culture away from a compliance focus to a results orientation. Such a
shift must start at the top of the Organization and cascade from high-level strategic
planning to human resource and budget planning. It must also include systematic,
proactive monitoring and self-evaluation by all departments and offices, the results of
which must be reported regularly to senior management and the Member States.
A/62/701
08-24325 34
Accountability architecture
93. The proposed comprehensive and integrated accountability architecture responds
to calls for change and answers the concerns of the Secretariat staff and Member
States. In this regard, managerial tools have been and continue to be developed that
will help in the mechanics of assessing risk, monitoring staff and programmatic
performance, evaluating activities for lessons learned and educating for the
achievement of results.
94. This architecture, comprised of performance, integrity and compliance pillars,
would reflect the Secretariat’s commitment to achieving results while respecting its
regulations, rules and ethical standards.
95. In addition, the Secretary-General is planning to establish a working group of the
Management Performance Board with responsibility for regularly monitoring and
actively guiding senior managers to reach expected results.
96. This working group, to be called the Accountability for Results Working Group,
with three or four members drawn from Secretariat departments/offices, would be
responsible for monitoring on a regular basis progress towards results, identifying
systemic, political or other challenges to success, and, when necessary, raising issues
for high-level action, in the following key areas:
• The appropriate use of delegations of authority
• Programme and financial performance
• Implementation of oversight body recommendations
• Use of evaluative information for improvements and for learning
• Performance management
• Findings of the administration of justice recommendations
97. The Working Group would monitor each of these key areas for progress or
problems and report its findings to the Management Performance Board with
recommendations for concrete action to be taken when the Board meets each quarter
or on an as-needed basis.
Enterprise risk management
98. In connection with the discussion on enterprise risk management, a process of
further consultation is proposed to incorporate feedback and commentary from the
multiple parties that would be involved in the process to implement and maintain the
enterprise risk management and internal control framework, prior to completing the
design and proposing the establishment of an appropriate infrastructure to enable its
efficient implementation. This consultation process would involve many stakeholders,
including Member States, senior managers, the Independent Audit Advisory
Committee, the Advisory Committee on Administrative and Budgetary Questions,
OIOS and the Board of Auditors, all of which would play an integral and essential role
in ensuring the success of the resultant framework.
99. In order to support the consultation process and to begin raising awareness
throughout the Organization of the importance of formal risk management, the
Secretary-General proposes to launch a pilot project to establish and communicate
A/62/701
35 08-24325
standards and guidelines for risk management for staff at all levels and to integrate the
concepts into areas of highest risk.
Results-based management
100. In order to build upon the existing results-based budgeting processes and move
towards a fully mature results-based management culture, the Secretary-General
proposes to establish a dedicated capacity that would be responsible for advising,
supporting and monitoring departments to ensure the complete implementation of
results-based management from beginning to end, that is, starting with the strategic
planning phase and following through to reporting of results to Member States,
including through an improved programme performance report.
101. Consultations would be undertaken with the Strategic Planning Unit in the
Executive Office of the Secretary-General to establish clear milestones for achieving
the long-term, strategic objectives set by the Member States. Work would be carried
out with departments to ensure that priorities were reflected in the logical frameworks
and other budget planning documents. The Management Performance Board would
ensure that these priorities were reflected in the senior managers’ annual compacts. An
important aspect of this planning process would be the advisory role that the dedicated
capacity would have in helping departments to formulate ambitious yet realistic and
measurable performance goals and measures that were results-oriented rather than
input/output-oriented and that captured the Organization’s priorities at each level of
activity and given time period.
102. Results-based management requires managers to monitor and evaluate their
programmes and progress regularly and systematically in order to take necessary
corrective actions to increase the likelihood of achieving their goals. While this
dedicated capacity would not monitor or evaluate programmes itself, it would provide
support for monitoring and evaluation and would be responsible for setting standards
and policies, training and knowledge sharing, and for assisting departments and offices
in developing schedules for evaluation.
103. Such dramatic shifts in management culture cannot occur in a piecemeal or
disjointed fashion. The current approach to strategic planning, risk assessment,
budgeting, monitoring, evaluation and reporting, carried out on an ad hoc or part-time
basis by staff with other primary duties, does not provide the necessary impetus to
ensure the required cultural shift towards managing for results. Consequently, four
recommendations detailed in the section below have been developed for consideration.
VII. Recommendations
104. The General Assembly may wish to:
(a) Take note of the present report and endorse the proposed
comprehensive accountability architecture consisting of three key elements of
institutional and personal accountability: performance, compliance and integrity;
(b) Endorse the concept of an integrated framework for enterprise risk
management and internal control that takes a systematic and holistic approach to
proactively identify, assess, evaluate, prioritize, manage and control risk across
the Organization in order to increase the likelihood of achieving objectives, and
A/62/701
08-24325 36
approve a pilot project to begin developing standards and guidelines for
Secretariat-wide application of risk management;
(c) Endorse the results-based management framework, including its five
principles, to foster a more results-oriented Secretariat by integrating and
strengthening the cycle of strategic planning, budgeting, monitoring and
evaluation;
(d) Endorse the proposal for a dedicated capacity responsible for advising,
supporting and monitoring departments to ensure the complete implementation
of results-based management as well as for gathering and reporting on critical
performance information on which decisions regarding accountability can be
made, including implementation of approved reforms and oversight body
recommendations.
A/62/701
37 08-24325
Annex I
Summary of accountability survey results
Summary of Accountability Survey Results
3%
1%
1%
2%
0%
0%
1%
0%
1%
Do Not
Know /
Can’t
Answer
22%
21%
21%
22%
7%
7%
4%
3%
3%
Disagree
28%
21%
22%
24%
9%
10%
9%
5%
5%
Neutral /
No
Opinion
29%
38%
34%
28%
43%
49%
44%
43%
45%
Agree
8%
11%
10%
10%
38%
29%
40%
47%
45%
Strongly
Agree
11%
9%
12%
14%
3%
5%
2%
2%
1%
Strongly
Disagree
My current training opportunities are linked to my
desired career goals
I have obtained adequate training to support me in
my current position
I feel that I have access to adequate training
opportunities within the UN System
TrainingCapacity and Tools
I feel that my suggestions about changes or
improvements are taken seriously
I feel effective in my job
Self-efficacy
I understand the roles and responsibilities of my
supervisor(s) and co-workers
I understand the effect that my work has on UN
programmes or operations
Clarity of Roles
Sub-Topic
I understand my own role and responsibilities
I understand the mission and purpose of my current
organizational unit
Question
Mission
Alignment
Topic Rating
3%
1%
1%
2%
0%
0%
1%
0%
1%
Do Not
Know /
Can’t
Answer
22%
21%
21%
22%
7%
7%
4%
3%
3%
Disagree
28%
21%
22%
24%
9%
10%
9%
5%
5%
Neutral /
No
Opinion
29%
38%
34%
28%
43%
49%
44%
43%
45%
Agree
8%
11%
10%
10%
38%
29%
40%
47%
45%
Strongly
Agree
11%
9%
12%
14%
3%
5%
2%
2%
1%
Strongly
Disagree
My current training opportunities are linked to my
desired career goals
I have obtained adequate training to support me in
my current position
I feel that I have access to adequate training
opportunities within the UN System
TrainingCapacity and Tools
I feel that my suggestions about changes or
improvements are taken seriously
I feel effective in my job
Self-efficacy
I understand the roles and responsibilities of my
supervisor(s) and co-workers
I understand the effect that my work has on UN
programmes or operations
Clarity of Roles
Sub-Topic
I understand my own role and responsibilities
I understand the mission and purpose of my current
organizational unit
Question
Mission
Alignment
Topic Rating
Source: Accountability Framework Survey
* Please note that these statements are on a reverse scale
Strength
Weakness
Strongly Agree + Agree Approx 50%
Agree + Neutral + Disagree Approx 60%
Disagree + Strongly Disagree Approx 50%
Key:
Strength
Weakness
Strongly Agree + Agree Approx 50%
Agree + Neutral + Disagree Approx 60%
Disagree + Strongly Disagree Approx 50%
Key:
Source: Accountability Framework Survey
* Please note that these statements are on a reverse scale.
Source: Accountability Framework Survey.
A/62/701
08-24325 38
Summary of Accountability Survey Results
4%20%21%23%24%8%I feel the performance appraisal system is taken seriously by my supervisor(s)
1%12%15%19%40%12%I trust my supervisor(s) to fairly evaluate my performance
1%23%33%20%17%6%
I feel that management is able to effectively help any
underperforming workers to improve their
performance or contributions
LeadershipMotivation and Performance
2%14%25%23%30%7%I believe that I am appropriately recognized for suggesting new ideas or taking new direction
1%15%23%15%36%10%I feel that I am adequately recognized for my performance
Recognition
2%11%26%19%33%8%I have sufficient human resources to do my job
3%9%21%22%37%8%I have sufficient financial resources to do my job
Resources
2%
2%
2%
Do Not
Know /
Can’t
Answer
23%
21%
21%
Disagree
29%
23%
23%
Neutral /
No
Opinion
29%
32%
34%
Agree
12%
9%
14%
Strongly
Agree
6%
13%
5%
Strongly
Disagree
I feel that I may be held responsible for something for
which I am not adequately equipped*
I feel confident that my supervisor(s) have the
appropriate tools and information to make good
decisions
I feel that I may be held responsible for something
that is not in my control*
Accountability
Capacity and
Tools (cont.)
Sub-Topic QuestionTopic Rating
4%20%21%23%24%8%I feel the performance appraisal system is taken seriously by my supervisor(s)
1%12%15%19%40%12%I trust my supervisor(s) to fairly evaluate my performance
1%23%33%20%17%6%
I feel that management is able to effectively help any
underperforming workers to improve their
performance or contributions
LeadershipMotivation and Performance
2%14%25%23%30%7%I believe that I am appropriately recognized for suggesting new ideas or taking new direction
1%15%23%15%36%10%I feel that I am adequately recognized for my performance
Recognition
2%11%26%19%33%8%I have sufficient human resources to do my job
3%9%21%22%37%8%I have sufficient financial resources to do my job
Resources
2%
2%
2%
Do Not
Know /
Can’t
Answer
23%
21%
21%
Disagree
29%
23%
23%
Neutral /
No
Opinion
29%
32%
34%
Agree
12%
9%
14%
Strongly
Agree
6%
13%
5%
Strongly
Disagree
I feel that I may be held responsible for something for
which I am not adequately equipped*
I feel confident that my supervisor(s) have the
appropriate tools and information to make good
decisions
I feel that I may be held responsible for something
that is not in my control*
Accountability
Capacity and
Tools (cont.)
Sub-Topic QuestionTopic Rating
Source: Accountability Framework Survey
* Please note that these statements are on a reverse scale
Strength
Weakness
Strongly Agree + Agree Approx 50%
Agree + Neutral + Disagree Approx 60%
Disagree + Strongly Disagree Approx 50%
Key:
Strength
Weakness
Strongly Agree + Agree Approx 50%
Agree + Neutral + Disagree Approx 60%
Disagree + Strongly Disagree Approx 50%
Key:
Summary of accountability survey results
A/62/701
39 08-24325
Summary of Accountability Survey Results
18%21%17%35%7%1%I believe that the senior management (ASGs and above) selection process is fair
4%33%32%20%9%2%I believe that the best candidates are usually selected in the promotion processAdvancement
Opportunities
5%24%30%23%16%4%I feel the performance of staff is documented appropriately in ePAS
4%28%31%19%15%3%
Overall, I feel that the performance appraisal system
is used appropriately to evaluate and document
performance
4%23%26%19%24%5%I feel that ePAS provides an appropriate framework for documenting staff performance
4%3%14%27%35%18%
I feel that meeting administrative requirements is
considered more important than meeting the
programme or operational objectives*
ePAS
2%
0%
Do Not
Know /
Can’t
Answer
36%
16%
Disagree
17%
13%
Neutral /
No
Opinion
10%
42%
Agree
3%
21%
Strongly
Agree
32%
7%
Strongly
Disagree
I feel that high performing staff are appropriately
rewarded (e.g., recognitions, promotion
opportunities)
Overall, I feel motivated to work hard in my position
Motivation
Motivation and
Performance
(cont.)
Sub-Topic QuestionTopic Rating
18%21%17%35%7%1%I believe that the senior management (ASGs and above) selection process is fair
4%33%32%20%9%2%I believe that the best candidates are usually selected in the promotion processAdvancement
Opportunities
5%24%30%23%16%4%I feel the performance of staff is documented appropriately in ePAS
4%28%31%19%15%3%
Overall, I feel that the performance appraisal system
is used appropriately to evaluate and document
performance
4%23%26%19%24%5%I feel that ePAS provides an appropriate framework for documenting staff performance
4%3%14%27%35%18%
I feel that meeting administrative requirements is
considered more important than meeting the
programme or operational objectives*
ePAS
2%
0%
Do Not
Know /
Can’t
Answer
36%
16%
Disagree
17%
13%
Neutral /
No
Opinion
10%
42%
Agree
3%
21%
Strongly
Agree
32%
7%
Strongly
Disagree
I feel that high performing staff are appropriately
rewarded (e.g., recognitions, promotion
opportunities)
Overall, I feel motivated to work hard in my position
Motivation
Motivation and
Performance
(cont.)
Sub-Topic QuestionTopic Rating
Source: Accountability Framework Survey
* Please note that these statements are on a reverse scale
Strength
Weakness
Strongly Agree + Agree Approx 50%
Agree + Neutral + Disagree Approx 60%
Disagree + Strongly Disagree Approx 50%
Key:
Strength
Weakness
Strongly Agree + Agree Approx 50%
Agree + Neutral + Disagree Approx 60%
Disagree + Strongly Disagree Approx 50%
Key:
Summary of accountability survey results
A/62/701
08-24325 40
Summary of Accountability Survey Results
1%1%3%10%49%36%I generally view change as an opportunity
6%4%17%29%37%7%I believe that my co-workers generally support change
1%1%2%9%53%35%
I am generally in support of change, even if it means
that the way I do my job or the way that I am
appraised changesIndividual
Change
Readiness
4%11%23%32%26%5%I believe that the UN leadership and management are serious about change
2%13%29%28%25%3%I believe that the reasons for change are adequately communicated to me
2%12%20%27%32%7%I am confident that my supervisor(s) will make good decisions
3%14%26%30%23%5%I generally trust UN leadership and management to make the right decisions concerning change
2%1%4%11%38%44%I generally believe that the UN has been slow to change*
1%1%2%7%37%53%I believe that change in the UN is necessary for the UN to continue to fulfill its mission
Change
Leadership
Change
Readiness
Do Not
Know /
Can’t
Answer
Disagree
Neutral /
No
Opinion
AgreeStrongly Agree
Strongly
DisagreeSub-Topic QuestionTopic Rating
1%1%3%10%49%36%I generally view change as an opportunity
6%4%17%29%37%7%I believe that my co-workers generally support change
1%1%2%9%53%35%
I am generally in support of change, even if it means
that the way I do my job or the way that I am
appraised changesIndividual
Change
Readiness
4%11%23%32%26%5%I believe that the UN leadership and management are serious about change
2%13%29%28%25%3%I believe that the reasons for change are adequately communicated to me
2%12%20%27%32%7%I am confident that my supervisor(s) will make good decisions
3%14%26%30%23%5%I generally trust UN leadership and management to make the right decisions concerning change
2%1%4%11%38%44%I generally believe that the UN has been slow to change*
1%1%2%7%37%53%I believe that change in the UN is necessary for the UN to continue to fulfill its mission
Change
Leadership
Change
Readiness
Do Not
Know /
Can’t
Answer
Disagree
Neutral /
No
Opinion
AgreeStrongly Agree
Strongly
DisagreeSub-Topic QuestionTopic Rating
Strength
Weakness
Strongly Agree + Agree Approx 50%
Agree + Neutral + Disagree Approx 60%
Disagree + Strongly Disagree Approx 50%
Key:
Strength
Weakness
Strongly Agree + Agree Approx 50%
Agree + Neutral + Disagree Approx 60%
Disagree + Strongly Disagree Approx 50%
Key:Source: Accountability Framework Survey
* Please note that these statements are on a reverse scale
Summary of accountability survey results
A/62/701
41 08-24325
Annex II
Applying risk to audit planning
Tier 2 – secondary risks
These risks are difficult to predict, but can be
catastrophic if they occur.
Level of risk: high
Likelihood: low
Treatment: monitor level of risk and risk
controls
Type of control activity: detective
Internal audit focus: moderate to high, second
highest percentage of audit plan
Tier 1 – primary risks
These risks are perceived to be of greatest
importance and critical to meeting organizational
objectives.
Level of risk: high
Likelihood: high
Treatment: ongoing monitoring and
improvement
Type of control activity: preventive and
detective
Internal audit focus: high, highest percentage
of audit plan
Tier 3 – tertiary risks
These risks are infrequent and not severe. They
are often less predictable, but not significant or
likely to occur.
Level of risk: low
Likelihood: low
Treatment: accept risk
Type of control activity: minimal preventive
and detective
Internal audit focus: low, only as considered
necessary
Tier 2 – secondary risks
These risks are frequent and relatively routine.
Monitoring considerations are to provide
assurance that they continue to be properly
managed.
Level of risk: low to moderate
Likelihood: moderate to high
Treatment: monitor level of risk
Type of control activity: preventive
Internal audit focus: low, lowest percentage
of audit plan
The chart above illustrates how risk may be reflected within an audit plan, using
the inherent risk and impact identified within the risk assessment process.
Impact
Likelihood
Low
Low
High
High
A/62/701
08-24325 42
Note that the expected accomplishments for the Internal Audit Division of the
Office of Internal Oversight Services refer to risk. Furthermore, the indicator of
achievement measures management acceptance of “critical audit recommendations”.a
The definition of “critical”, was established by the General Assembly in its
resolution 56/246. It provides static (e.g., a $25,000 threshold for savings, recoveries,
etc.) as well as subjective criteria (e.g., measurable improvements to process) for the
determination of critical items. The Assembly also invited the Office to further refine
the criteria. The definition of “critical” within the enterprise risk management and
internal control framework should move towards relative measures that apply the risk
appetite and tolerance levels agreed by the Assembly and therefore better reflect the
appropriate relative prioritization of risks as identified from managements’ risk
assessment efforts.
a A/62/6 (Sect. 29), table 29.7, items (b) and (c).
A/62/701
43 08-24325
Annex III
Catalogue of risk categories, or “risk universe”
1. Strategic
1.1 Planning and resource allocation
1.1.1 Vision and mandate
1.1.2 Strategic planning
1.1.3 Budgeting
1.1.4 Budget allocation
1.1.5 Human resources strategy and planning
1.1.6 Planning execution and integration
1.1.7 Organizational synchronization
1.1.8 Overlapping mandates
1.1.9 Outsourcing
1.2 Principal organs, members and partners
1.2.1 General Assembly and Member States
1.2.2 Partners, affiliates, agencies and donors
1.2.3 Organizational relationships
1.3 Internal and external factors
1.3.1 Political climate — external
1.3.2 Political climate — internal
1.3.3 Economic factors — commodity prices
1.3.4 Unique events (i.e., pandemic, election, environmental crisis)
1.3.5 Organizational transformation
2. Governance
2.1 Governance
2.1.1 Tone at the top
2.1.2 Secretariat, councils and committees
2.1.3 Control environment
2.1.4 Decision-making — General Assembly, Security Council and
committees
A/62/701
08-24325 44
2.1.5 Organizational structure
2.1.6 Performance measurement
2.1.7 Performance management
2.1.8 Joint inter-agency operation and partnering
2.1.9 Transparency
2.1.10 Leadership and management
2.1.11 Accountability
2.1.12 Empowerment
2.2 Ethical behaviour
2.2.1 Ethics
2.2.2 Fraud and illegal acts
2.2.3 Conflicts of interest
2.2.4 Professional conduct and confidentiality
2.3 Communications and public relations
2.3.1 Media relations and public information
2.3.2 Crisis communications
2.3.3 Personnel communications
2.3.4 Broadcast — radio and television
2.3.5 Technology communication
2.4 Reputation
2.4.1 Public perception, support and reputation
2.4.2 Crisis and contingency planning and management
3. Operations
3.1 Programme management
3.1.1 Advocacy
3.1.2 Outreach activities
3.1.3 Economic and social development
3.1.4 Conference management
3.1.5 Research, analysis and advisory activities
A/62/701
45 08-24325
3.1.6 Policy development
3.1.7 Inter-agency cooperation and liaison activities
3.2 Mission activities
3.2.1 International peace and security
3.2.2 Electoral support
3.2.3 Rule of law
3.2.4 Disaster response and humanitarian assistance
3.2.5 Mission planning
3.2.6 Mission start-up
3.2.7 Mission liquidation
3.2.8 Logistics
3.2.9 Air, land and sea operations
3.2.10 Engineering
3.2.11 Communications
3.2.12 Mission staffing
3.2.13 Mission creep
3.3 International tribunals
3.3.1 Investigations and prosecution
3.3.2 Trials and appeals
3.3.3 Witness protection
3.3.4 Completion strategy
3.3.5 Residual capacity and activities
3.4 Support services
3.4.1 Funding
3.4.2 Translation and interpretation
3.4.3 Procurement
3.4.4 Supplier management
3.4.5 Asset and inventory management
3.4.6 Facilities and real estate management
A/62/701
08-24325 46
3.4.7 Capital master planning
3.4.8 Business continuity
3.4.9 Commercial activities
3.4.10 Legal aid
3.4.11 Court management and legal support
3.4.12 Detention unit management
3.5 Human resources
3.5.1 Resource allocation and availability
3.5.2 Recruiting, hiring and retention
3.5.3 Succession planning and promotion
3.5.4 Conduct and discipline
3.5.5 Development and performance
3.5.6 Compensation and benefits
3.5.7 Medical services
3.5.8 Safety and security
3.5.9 Training
3.5.10 Mobility
3.6 Intellectual property
3.6.1 Knowledge management
3.6.2 Information and document management
3.7 Information resources and information technology
3.7.1 Information technology strategy and system implementation
3.7.2 Information technology security and access
3.7.3 Information technology availability and continuity
3.7.4 Information technology integrity
3.7.5 Information technology infrastructure and systems
4. Compliance
4.1 Legal
4.1.1 Contract
A/62/701
47 08-24325
4.1.2 Intellectual property
4.1.3 Anti-corruption
4.1.4 International law
4.1.5 Privacy
4.2 Regulatory
4.2.1 Internal policies and resolutions
4.2.2 United Nations labour relations
4.2.3 Host country regulations
5. Financial
5.1 Funding and investments
5.1.1 Financial contributions
5.1.2 Extrabudgetary funding
5.1.3 Trust funds — receipt of cash
5.1.4 Trust fund management
5.1.5 Donor fund management and reporting
5.1.6 Cash management
5.1.7 Investments
5.1.8 Financial markets
5.1.9 Insurance
5.2 Accounting and reporting
5.2.1 Financial management and reporting
5.2.2 General accounting
5.2.3 Financial controls
5.2.4 Liability management and disbursements
5.2.5 Staff tax reimbursements
A/62/701
08-24325 48
Annex IV
Risk rating criteria
Impact
Description of impact Recovery
Score Rating Safety and security Duration
Organizational and
operational scope
Reputational
impact
Impact on
operations
Financial
impact
(measured in
terms of
budget)
Required action
to recover
5 Critical Loss of life (staff,
partners, general
population)
Potentially
irrecoverable
impact
Organization-wide;
inability to continue
normal business
operations across the
Organization
Reports in key
international
media for more
than one week
Inability to
perform
mission or
operations
for more than
one moth
5%/
$500
million
Requires
significant
attention and
intervention
from General
Assembly and
Member
States
4 Significant Loss of life due to
accidents/non-
hostile activities
Recoverable
in the long
term (i.e., 24-
36 months)
Two or more
departments/offices
or locations;
significant ongoing
interruptions to
business operations
within two or more
departments/
offices or locations
Comments in
international
media/forum
Disruption
in operations
for one week
or longer
3-5%/
$200 million-
$500 million
Requires
attention
from senior
management
3 High Injury to United
Nations staff,
partners and
general population
Recoverable
in the short
term (i.e., 12-
24 months)
One or more
departments/offices
or locations;
moderate impact
within one or more
departments/offices
or locations
Several
external
comments
within a
country
Disruption
in operations
for less than
one week
2-3%/
$200 million-
$300 million
Requires
intervention
from middle
management
2 Moderate Loss of
infrastructure,
equipment and
other assets
Temporary
(i.e., less than
12 months)
One
department/office
or location; limited
impact within
department/office
or location
Isolated
external
comments
within a
country
Moderate
disruption to
operations
1-2%/
$100 million-
$200 million
Issues
delegated to
junior
management
and staff to
resolve
1 Low Damage to
infrastructure,
equipment or other
assets
Not applicable or limited impact
1%/
$100 million
Not
applicable or
limited
impact
A/62/701
49 08-24325
Management effectiveness/control Likelihood
Score Rating Score Rating Certainty Frequency
5 Effective Controls are properly designed and operating as intended;
management activities are effective in managing and mitigating
risks
5 Expected 90% At least yearly
and/or multiple
occurrences
within the year
4 Limited
improvement
needed
Controls and/or management activities are properly
designed and operating somewhat effectively, with some
opportunities for improvement identified
4 Highly
likely
≤90% Approximately
every 1-3 years
3 Significant
improvement
needed
Key controls and/or management activities are in place,
with significant opportunities for improvement identified
3 Likely ≤60% Approximately
every 3-7 years
2 Ineffective Limited controls and/or management activities are in place,
high level or risk remains; controls and/or management
activities are designed and are somewhat ineffective in
efficiently mitigating risk or driving efficiency
2 Not
likely
≤30% Approximately
every 7-10 years
1 Highly
ineffective
Controls and/or management activities are non-existent or
have major deficiencies and do not operate as intended;
controls and/or management activities as designed are
highly ineffective in efficiently mitigating risk or driving
efficiency
1 Slight 10% Every 10 years
and beyond or
rarely
A/62/701
08-24325 50
Annex V
Risk and control effectiveness matrix (heat map) — tier 1 risks
The “heat map” above plots the most significant risks (i.e., tier 1 risks) of the
United Nations Secretariat as identified during the entity-level risk assessment
performed during the enterprise risk management and internal control framework
review. It displays the category of risks similar to those that would be provided within
the proposed annual report to the General Assembly on significant risks.
The “heat map” provides a graphical presentation of the risk mitigation activities
required for the identified risks. For the tier 1 risks listed above, those in the quadrant
labelled “monitor control” are significant risks that are perceived to be appropriately
managed, so they would require monitoring activities to provide assurance as to the
ongoing effectiveness of controls. Those that fall within the “improve” quadrant may
require further risk mitigation activities to seek to reduce the residual risk to the
Organization. This is undertaken by the risk owner, who would perform a root-cause
analysis to better understand the basis for the risk and identify means to reduce that
exposure. However, owing to the nature of the Organization’s mandates, there may be
inherent risks that cannot be mitigated through alternate risk treatment, and these may
always fall in the category that indicates a need for improvement in the activities
around risk mitigation.
A/62/701
51 08-24325
The risk categories listed above within the tier 1 heat map are listed below, and
are generated from the descriptive catalogue of risks identified for the Organization or
the “risk universe”.a
1. Tone at the top (2.1.1)
2. Accountability (2.1.11)
3. Decision-making — General Assembly, Security Council and committees
(2.1.4)
4. Broadcast — radio and television (2.3.4)
5. Human resources strategy and planning (1.1.5)
6. Joint inter-agency operation and partnering (2.1.8)
7. Performance management (2.1.7)
8. Mission start-up (3.2.6)
9. Trust funds — receipt of cash (5.1.3)
10. Transparency (2.1.9)
11. Leadership and management (2.1.10)
12. Crisis and contingency planning and management (2.4.2)
13. Recruiting, hiring and retention (3.5.2)
14. Information technology strategy and system implementation (3.7.1)
15. Information technology security and access (3.7.2)
16. Insurance (5.1.9)
17. Completion strategy (3.3.4)
18. Safety and security (3.5.8)
19. Overlapping mandates (1.1.8)
20. Funding (3.4.1)
21. Organizational synchronization (1.1.7)
22. Procurement (3.4.3)
23. International peace and security (3.2.1)
24. Mission planning (3.2.5)
25. International law (4.1.4)
26. Policy development (3.1.6)
a See annex III.
A/62/701
08-24325 52
27. Translation and interpretation (3.4.2)
28. Media relations and public information (2.3.1)
29. General Assembly and Member States (1.2.1)
30. Vision and mandate (1.1.1)
31. Detention unit management (3.4.12)
32. Host country regulations (4.2.3)
33. Ethics (2.2.1)
34. Air, land and sea operations (3.2.9)
35. Internal policies and resolutions (4.2.1)
36. Witness protection (3.3.3)
A/62/701
53 08-24325
Annex VI
Roles and responsibilities for results-based management
Functions Management General Assembly
Office of Internal
Oversight Services
Programme planning
Strategic framework
Part one: plan outline
Part two: biennial
programme plan (strategy,
objectives, expected
accomplishments and
indicators of achievement)
Use of results information for
strategic programme planning:
• Part one: propose priorities (plan
outline)
• Part two: propose strategy
(strategic frameworks)
• Compacts: internal annual
targets
Provide direction for the work of
the Organization: set goals and
objectives
Approval of proposed strategic
framework
Monitor use of evaluation
recommendations/lessons
learned for planning
Provide routine oversight
coverage
Budgeting
Biennial programme budget
Special political missions,
tribunals, peacekeeping
operations
Set targets for measuring
performance, use results and lessons
learned to inform budget proposal
Consideration and approval of
biennial budget (Fifth Committee)
Routine auditing
Monitoring
Biennial programme
performance report
Performance monitoring:
performance measurement
(achievement of results; efforts to
improve efficiency and
effectiveness; implementation of
audit observations and
recommendations)
Monitoring of the attainment of
the objectives and results of the
Organization
(Committee for Programme and
Coordination)
Monitoring of the
implementation of results-
based management system
in Secretariat: periodic
inspection/audit of results-
based management system
Quality assurance:
performance monitoring
Evaluation Self-evaluation (discretionary) Use of evaluation findings for
decision-making
Fifth Committee/Committee for
Programme and Coordination/
intergovernmental or expert
organs directly concerned with
each programme
Independent in-depth and
thematic evaluation
Quality assurance: self-
evaluation methodology
Reporting Performance reporting (programme
performance reports)
Consideration of reports
Use of results information for
decision-making
Evaluation reports
Quality assurance:
inspection/audit reports
Accountability
framework
Accountability for results
Demonstrated use of results
information for programme planning
and delivery (management response
and lessons learned); attestation for
results achieved (compacts, e-PAS)
Monitoring of results-based
management framework
Relevant audit
recommendations
Publication Date:
Tuesday, 19 February 2008
Document Topic/Theme:
Archived:
No
Superseded:
Symbol year:
2008