Login with Netlify Identity

Global Fund Risk Management Framework

The overall risk management architecture of the Global Fund is informed by the Global Fund Risk Management Policy (2014), the Risk Appetite Framework (2018 and 2023 amendment), the Enterprise Risk Management Framework (2023 update - see annex 1 of the Risk Management Report to the 49th Board Meeting), and the Risk Management Operational Policy Note (2024).

Following international standards, the Global Fund employs a ‘three-lines of defence’ model to risk management. Each line is responsible for specific core risk management activities The Global Fund Secretariat holds first line (risk owner) and second line (oversight) of defence functions, while the Office of the Inspector General and external auditors hold third line of defence (independent assurance) functions.

Implementers (i.e. Principal Recipients (PRs), in-country partners, and Country Coordinating Mechanisms (CCMs) are ‘front line defence’ and are responsible for managing the risks to achieving grant objectives on a day-to-day basis. The risk management activities of the front line of defence are outside the scope of the Global Fund risk management policies. The PRs’ internal risk management processes are regulated by the organisations’ own risk management policies and procedures. The three lines of defence oversee front line implementation and management of risks.

From the Global Fund, implementation of the grants is overseen by the three lines of defence. More specifically:

  • The Global Fund Secretariat Country Teams, with support from the Local Fund Agents (LFA), are responsible for day-to-day implementation oversight, on behalf of the Global Fund;
  • The Global Fund Secretariat Risk Department and other oversight functions (Business Risk Owners) together with Global Fund Senior Management define the risk management framework and provide oversight, guidance, and support to Country Teams; and
  • The Office of the Inspector General and external auditors, provide independent assurance regarding the management of risks and controls by the Country Team and Business Risk Owners and efficient use of Global Fund resources.

The Global Fund categorises risk sources into 3 broad thematic areas: 1. country risks, 2. operational risks and 3. process risks. The Global Fund Secretariat is concerned with the management of operational and process risks. PRs and country portfolios are concerned with the management of country risks, which include:

  1. Programmatic (such as programme quality, resilient and sustainable systems for health (RSSH), human rights, and gender equality) and monitoring and evaluation,
  2. Financial and fiduciary,
  3. Sourcing operations (such as procurement, supply chain, and quality of health products),
  4. Governance and health financing.

The Global Fund Enterprise Risk Management (ERM) Framework foresees a number of processes, systems and tools to manage the three risk types. The tools are summarised in the figure 2 below, and at the grant level grant specific risks, with corresponding controls and assurances, are identified and tracked by the Country Teams through key mechanisms:

  1. Risk management is a bottom-up process, starting with inputs from the grant implementers, CCMs and Country Teams. The in-country risk and assurance workshops are used to identify risks to grants and to agree on mitigation actions and assurance activities.
  2. The PRs’ capacity assessment conducted during the Funding Request is used to determine the risks associated with the implementation capacity in critical areas - see Global Fund Capacity Assessment guidelines (2023).
  3. The IRM, Integrated Risk Management tool, is an online platform integrated in the Global Fund’s Grant Operating System (GOS). GOS is used by Country Teams to manage risks within their country portfolios. In addition to the risk assessments, the Integrated Risk Management (IRM) captures the Key Mitigating Risk (KMAs) that directly address the bottlenecks.
  4. Oversight and assurance function allows to assure to what extent risk mitigations are being implemented and having the intended impact. Assurance plans guide the implementation of assurance activities by the Country Teams, who engage key assurance providers, such as LFA, to support the assurance and oversight functions of the first and the second line of defence.

Global Fund risk management processes, systems, and tools by risk type

Figure 2Global Fund risk management processes, systems, and tools by risk type

The Risk Management Report and Chief Risk Officer’s Annual Opinion (2023) submitted annually to the Global Fund Board provides an overview of the Organisational Risk Register (ORR) and a more detailed overview of the risks facing the Global Fund portfolio. A summary of the ORR and the Risk Appetite is in figure 3 below.

Summary of the GF Organisational Risk Register and the Risk Appetite (2023) Summary of the GF Organisational Risk Register and the Risk Appetite (2023)

Figure 3Summary of the GF Organisational Risk Register and the Risk Appetite (2023)

Additional guidance to support this area of work are also available through a number of resources listed below:

Loading resources