According to the United Nations Office of Internal Oversight Services terminology, risk is an expression of the probability that an event or action may adversely affect the achievement of an organization’s objectives. Any entity which strives to reach its goals/objectives inevitably has to manage uncertainty during its operations. “Risk management” means applying systematic approach and practice of assessing and acting on risk in order to ensure that organizational goals are achieved.
The UN General Assembly requested the Secretary-General to enhance the capability of the Secretariat for risk assessment and mitigation and internal control (A/RES/63/276 and A/RES/64/259). To that end, an integrated Enterprise Risk Management (ERM) and Internal Control Framework was developed by the Secretariat in May 2011, to provide a consistent and comprehensive risk management methodology to be applied across the entire Secretariat.
ERM is an essential element of good organizational governance and accountability. The objective of ERM is to help ensure the sustainability of an organization and enable it to meet its organizational objectives. ERM requires the implementation of an organization-wide risk management process; makes risk management the responsibility of everyone; and provides a coherent methodology for its implementation.
Responsibility for the effective implementation of risk management and internal control practices resides with the respective Head of Department.