LESSONS LEARNED

Report
USAID FORWARD
Objective 1/Use of Country Systems
“LESSONS LEARNED”
ICGFM
June, 2012
PAST EXPERIENCE WITH G2G
FUNDING
2
Introduction to Risk and
Risk Management
•
There are various standards, references and
frameworks for risk and the risk management process.
•
These are some of the organizations that have
established and published standards:
o Australian and New Zealand Standard in Risk Management
(AS/NZ 4360)
o UK Institute for Risk Management
o International Organization for Standardization Principles and
Risk Management Standard (ISO 31000)
o National Institute of Standards and Technology
o Project Management Institute
o Software Engineering Institute
3
Definition of Fiduciary Risk
•
The risk that funds will:
o Not be controlled properly
o Not be used for intended purposes
o Produce inefficient or uneconomic programmatic results
4
What Does the PFMRAF Assess?
Program Management
Shared Risk
Budgeting
Civil Service Training
Accounting
Operational
Risks
Reporting
Audit
Human Resources
Reputational
Risks
Procurement
Donor image
Financial Risks
Civil Service Laws
(Accountability)
Cash
Management
Internal Controls
Contracting
Media Freedom
Oversight Quality
Institutional Capacity
CSO Vibrancy
Democratic
Risks
(Accountability)
Governance
PFM Reform
Risks
Capacity Development Agenda
Political Will
Public and CSO participation
5
NOTE: This is illustrative and not a comprehensive account of all risks included in the PFMRAF.
Risk Management Process
Plan Risk
Management
•
Develop risk
management
policy and plan
Identify
Risks
•
•
Analyze Plans and
Assumptions
Develop Risk
Register
Analyze
Risks
•
•
Qualitative and
Quantitative
Analysis
Update Register
Plan Risk
Responses
•
•
•
Strategies
Contingencies
Update Register
Monitor and
Control Risks
•
•
•
•
•
Track Risks
Implement Responses
Update Register
Request Changes
Evaluate Effectiveness
Continuous Communication and Collaboration
• This process is a basic risk management process and very
similar to the Project Management Institute’s process
• Regardless of the industry, organization, or standards used,
there are common themes for the risk management process
• USAID applies this process and themes in its risk
management process
6
Risk Appetite – Stage 2
Impact
Catastrophic
High
Critical
Critical
Critical
Serious
High
High
Critical
Critical
Marginal
Medium
Medium
High
High
Negligible
Low
Low
Medium
Medium
Remote
Occasional
Probable
Probability
Frequent
Risk Treatment
Score
USAID G2G Mitigation
Requirement
Detail
Critical
Terminate exposure or
subject to stringent
mitigating measures.
Critical requires stringent mitigating measures only if these have a high
probability of success. Otherwise, we will terminate our exposure by
delivering the assistance through other means. In rare cases where an
effective transfer of risk mechanism exists and is deemed effective, we
will consider transfer of the risk, albeit with a risk assessment of the
ability of the transferor to deliver on its obligation (a central bank
guarantee of a deposit in a local bank is an example of a transfer
mechanism). Mitigating measures are likely to include concurrent audit,
reimbursement-only mechanisms, tranching, affirmative transaction
approval, co-signature requirements on disbursements, and other active
and continuous control features. The risk mitigation plan will be
extensive.
High
Serious mitigating
measures
High requires serious mitigating measures to treat the risk, but we will
conduct G2G. Treatment may include a wide variety of risk mitigation
measures that likely to be constantly in place. Requires a written risk
mitigation plan.
Medium
Mitigating measures
Medium requires mitigating measures but these may be periodic, such as
semi-annual audits or no objection processes for procurement approval.
Third party oversight, such as an arrangement with national procurement
oversight body, could be considered. Requires a written risk mitigation
plan.
Low
Monitoring
Low requires monitoring and audit, but treatment of specific risks, such as
payroll controls, will not be an ex ante requirement for G2G, as they
might be under Medium risk conditions. Routine controls and oversight
are appropriate. A separate risk mitigation plan is not required. In some
cases, terms and conditions in the agreement may be sufficient provided
that performance of the terms and conditions is monitored.
OIG on IPR
• “The OIG is fine with taking calculated risks.”
• “No organization can eliminate risk.”
• “The concept of risk management is fundamental to the concept of
internal control.”
• “The concept of risk management” . . . Is fundamental to what
auditors do. . . “where auditors provide reasonable assurance,
but not absolute assurance. . . “
“Risk management is thoroughly integrated into everything that USAID
does and into the work that the IG does. We won’t object to managers
taking thoughtful, calculated risks. Risks should be taken within a
carefully thought out, cost-effective system of internal control.”
Lessons Learned
• It is possible to apply state-of-the-art management
techniques, such as risk management, in the public sector.
• It is not easy. Persistence and dedication are key.
• You have to respect the power of the bureaucracy, but not
be defeated by it.
• Identify your friends and give them the credit for all
accomplishments.
• Anticipate opposition. Identify, then isolate or defeat your
enemies.
• Communicate. Communicate. And then Communicate.
• This is not a game for sissies.
Lessons Learned
• Partner countries welcome our initiative
–
–
–
–
Communicate the objective to the partner
“Partnership” requires informed commitment on both sides
Non-donor dependent countries may have lower G2G appetite
Harmonization reduces burdens on partners
• Other donors welcome us to this space
– We are sharing the burden, and cost, of risk management
• Mismatch between risk bearing capacity of the United
States and that of the partner countries
– Imposes a moral and ethical burden on the risk assessment effort
to protect the partner with the lower risk bearing capacity
Lessons Learned
• An unforeseen, but major, red flag is a failure of the
partner country to accept our fiduciary responsibility
to our taxpayers
• Other USG agencies have resisted when their
diligence is less rigorous than ours
• Skepticism about ability to implement a rigorous
PFMRAF over the long term – MCC experience
• Partnership, not patronage.
• “Certification” is a flawed approach both from risk
management and development viewpoints.
Lessons Learned
• Thus far, few countries actually “fail” the PFM
aspects
– But the sample is questionable – self-selected missions
prioritized by the regional bureaus. We may see more PFM
“fails” when the process is opened to the entire agency
• “Fails” are due to democratic accountability
limitations
• Whole-of-Mission effort
– Democracy, governance, economic growth are linked with
transparent and accountable public financial management
– Risk management begins at the strategic (CDCS) level and
proceeds throughout the project design process
– Poor prior planning produces poor products
• Evidence-based and data-driven – not just words but
deeds
• The PFMRAF has feedback loops designed into that
are on the critical path to long term success.
• We believe in the goal of working ourselves out of a
job through sustainable development grounded in
country ownership.

similar documents