Login with Netlify Identity

Risk monitoring and review

Risk monitoring is an integral part of the project Monitoring and Evaluation (M&E) process which is expected to assure that the project risk management process is effective and contributes to achieving project objectives.

Who does it? Within UNDP, risk monitoring is conducted at several levels, as per the three lines of defence and the framework listed in the Risk management architecture for UNDP-implemented Global Fund projects section of the Manual.

The risk owner is responsible for monitoring progress and effectiveness of the risk treatment action and ensuring that regular risk reviews take place.

How is it done? Risk monitoring is closely linked with project compliance and M&E activities. In addition to standard corporate tools, UNDP offices implementing Global Fund-implemented projects have developed a number of data collection and reporting tools, both using technologies and involving communities in independently monitoring project activities. Key mechanisms for risk monitoring include:

  1. Results monitoring and site visits are actively used to identify emerging risks and provide suggestions on required treatments. Risk monitoring is therefore integrated in M&E plans and templates, such as those used to assess effectiveness of interventions, back to the office reports from site monitoring visits, results reporting, etc.
  2. A complementary and effective approach to M&E and risk monitoring includes the involvement of the end users in monitoring the effectiveness of the interventions and collecting feedback or concerns on the activities. This can be done through third-party monitoring systems, community-based monitoring and surveys, integrated bio-behavioural surveys and/or bio-behavioural sentinel surveillance. For more details on existing practices in offices implementing GF projects, ask your BPPS Global Fund Partnership and Health Systems Team (GFPHST) focal point. Technologies can be used to enhance and monitor access and effectiveness of health services. These carry some inherent risks and risk assessments must be conducted as per checklist in the UNDP Guidance on the Ethical Use of Digital Technologies for Health Programmes to consider ethical, confidentiality, impartiality, access, knowledge risks in the roll out.
  3. Institutional risks are closely monitored through compliance activities, such as spot-checks, financial verifications, Sub Recipient (SR) and/or Global Fund audits, procurement committees, etc. which are used to gather more information on the risk exposure and plan for corrective actions.
  4. The UNDP Quality Standards for Programming policy outlines UNDP standards and mechanisms to assure programming quality. At the implementation and monitoring stage, projects are assessed at least every other year on the extent to which risks are identified with appropriate plans and actions taken to manage them. It also verifies whether Social and environmental sustainability are systematically integrated and whether potential harm to people and the environment are avoided, minimized, mitigated, and managed. Risks related to countries under crisis context are also monitored through the crisis risk dashboard.

When is it done? Risk monitoring is an ongoing process, as frequent as project M&E activities. In addition to the annual planning process, project risk reviews are conducted at least once a year, and the results reflected in the project risk register.

Practice Pointer

Ensure that mechanisms are in place to follow up on the findings emerging from risk monitoring and financial/programmatic oversight. This data can be used to adjust project assumptions, including partner risk ratings, and reflect the analysis and agreed treatment in the project risk register.

Additional guidance to support this area of work are also available through a number of resources listed below:

Loading resources