Transcription of USAID Risk Appetite Statement - June 2018
1 AGENCY FOR INTERNATIONAL DEVELOPMENT. RISK Appetite Statement JUNE 2018. TABLE OF CONTENTS. 1. INTRODUCTION 3. Purpose 3. Background 3. Agency Objectives 4. Risk Categories 4. Risk Appetite Methodology 5. How to Use This Statement 6. 2. OVERALL RISK Appetite Statement 6. 3. PROGRAMMATIC RISK 8. 4. FIDUCIARY RISK 10. 5. REPUTATIONAL RISK 12. 6. LEGAL RISK 14. 7. SECURITY RISK 16. 8. HUMAN-CAPITAL RISK 19. 9. INFORMATION-TECHNOLOGY RISK 21. USAID RISK Appetite Statement | 2. USAID RISK Appetite Statement . 1. INTRODUCTION. Purpose The purpose of this Risk Appetite Statement (hereinafter Statement ) is to provide Agency for International Development ( USAID ) staff with broad-based guidance on the amount and type of risk the Agency is willing to accept based on an evaluation of opportunities and threats at a corporate level, and in key risk categories to achieve the Agency's mission and objectives.
2 This Statement is a critical component in USAID 's overall effort to achieve effective Enterprise Risk Management (ERM), and the leadership of the Agency will review and update it annually as the ERM. program matures and our needs evolve. Background ERM AT USAID . Achieving effective ERM is particularly important In 2016, the Office of Management and Budget at USAID . The Agency's core mission and role in (OMB) updated Circular A-123 to introduce a support of foreign policy and national new requirement that Federal Departments and security objectives requires that we work in a Agencies integrate ERM with their internal- wide variety of high-threat environments, with control systems. ERM is a holistic, Agency-wide risks ranging from state failure and armed approach to risk-management that emphasizes conflict in the most fragile contexts to addressing the full spectrum of risks and managing corruption, natural disaster and macroeconomic their combined impact as an interrelated risk instability in more traditional contexts.
3 As a portfolio, rather than examining risks in silos, result, there is rarely a single path to achieving which can sometimes provide distorted or development results, and our staff is called upon misleading views with respect to their ultimate every day to make a range of cross-disciplinary, impact. Under an ERM approach, the goal is risk-informed decisions about how best to not to control or avoid all risk, but rather deliver foreign assistance. Despite these inherent to take advantage of opportunities, while risks , we rise to this challenge using a variety of reducing or mitigating threats to maximize risk-management techniques because the the Agency's overall likelihood of achieving Government has made a determination that the its mission and objectives.
4 Risk of inaction, or inadequate action, outweighs the risk of providing assistance. USAID RISK Appetite Statement | 3. Agency Objectives OMB Circular A-123 states that an Agency's objectives and the context in which it operates should inform its risk Appetite . On August 7, 2017, USAID Administrator Mark Green articulated the Agency's objectives as follows: We will strive to: (1) end the need for foreign assistance. We must measure our work by how far each investment moves us closer to the day when our relationship with the host country changes. In many cases, this day will be far off, but will be a driving force in how we design programs to fit specific needs and challenges on the ground. To that end, we will focus on (2) strengthening our core capacities and (3).
5 Interagency coordination, while (4) empowering our employees and partners to lead. Finally, we will (5). respect the taxpayers' investments by being transparent and accountable stewards of the resources and expectations given to us from the American people. USAID 's Mission Statement encompasses these objectives: On behalf of the American people, we promote and demonstrate democratic values abroad, and advance a free, peaceful, and prosperous world. In support of America's foreign policy, the Agency for International Development leads the Government's international development and disaster assistance through partnerships and investments that save lives, reduce poverty, strengthen democratic governance, and help people emerge from humanitarian crises and progress beyond assistance.
6 Risk Categories Per OMB Circular A-123, risk is defined as the effect of uncertainty on [an Agency's] objectives.. This definition is quite different than the everyday use of the word risk : it is not necessarily positive or negative. Rather, it includes factors that could threaten or enhance the likelihood of achieving this set of objectives. Using this neutral definition of risk that emphasizes the importance of a continual weighing of cost and benefit, USAID defines the key categories of risk as follows: Programmatic risks are events or circumstances that could potentially improve or undermine the effectiveness of USAID 's development or humanitarian assistance. Fiduciary risks are events or circumstances that could result in fraud, waste, loss, or the unauthorized use of Government funds, property, or other assets.
7 It also refers to conflicts of interest that could adversely affect the accountability of taxpayer dollars, or the realization of development or humanitarian outcomes. Reputational risks are events or circumstances that could potentially improve or compromise USAID 's standing or credibility with Congress, the interagency, the American public, host- country governments, multilateral institutions, implementing partners, beneficiaries, or other stakeholders. USAID RISK Appetite Statement | 4. Legal risks are events or circumstances that could potentially improve or compromise compliance with law, regulation, Executive Order, or other source of legal requirement. Security risks are events or circumstances that potentially improve or compromise the security of USAID staff, partners, property, information, funding or facilities.
8 Human-Capital risks are events or circumstances that could potentially improve or compromise the capacity, productivity, hiring, or retention of employees. Information-Technology risks are events or circumstances that could potentially improve or compromise the processing, security, stability, capacity, performance, or resilience of information technology. Encompassing all of these risks is the context in which our programs operate. Context is often NON-PERMISSIVE ENVIRONMENTS. outside our control, and has the potential to Context impacts risk in every environment in which materially impact the Agency's ability to achieve we work, but is particularly important in so-called objectives in a given country. This Statement does non-permissive environments characterized by not assign a risk Appetite rating for context.
9 Uncertainty, instability, inaccessibility, and/or However, since context can often increase the insecurity where the associated risks are higher than likelihood that other types of risk might occur other environments. Such environments are also often ( , programmatic, security, fiduciary), the places where development and humanitarian understanding context is often the starting point assistance are most needed. Therefore, to achieve for determining an operating unit's approach to our objectives, we often accept a higher degree of risk-management. For example, while we overall risk to capture opportunities while generally cannot mitigate the risk that a conflict implementing enhanced measures to mitigate the might occur, there are programmatic measures threat of not achieving our objectives.
10 We can implement to lessen the risk that such circumstances affect the effectiveness of our programs and operations. Risk- Appetite Methodology In Sections 2-9, this Statement places each category of risk on a risk- Appetite scale that ranges from low to medium to high : Low Risk Appetite Areas in which the Agency avoids risk, or acts to minimize or eliminate the likelihood that the risk will occur, because we have determined the potential downside costs are intolerable. These are areas in which we typically seek to maintain a very strong control environment. Medium Risk Appetite Areas in which the Agency must constantly strike a balance between the potential upside benefits and potential downside costs of a given decision.
