Skip Ribbon Commands
Skip to main content

Programme and Operations Policies and Procedures

Please Wait ...Processing


56. Enterprise Risk Management (ERM) , January 25th, 2023.

The offline Project Risk Register template has been updated to reflect UNDP's transition to its new cloud-based management platform Quantum in January 2023, replacing its previous ATLAS system.

55. Protection against Retaliation Policy, January 9th, 2023.

The UNDP Policy For Protection Against Retaliation (PaR) has been updated to, inter alia, align the definition of a “prima facie case of retaliation” in the policy with that of the UN Secretariat’s Secretary-General’s bulletin on protection against retaliation for reporting misconduct and for cooperating with duly authorized audits or investigations. The revised policy also now stipulates that any request to the Chairperson of the Ethics Panel of the United Nations (EPUN) to review a PaR determination of the UNDP Ethics Office is to be submitted within 30 days of receiving notification of the determination.

54. Operational Guide for the UNDP AML/CFT Policy, December 20th, 2022.

The AML/CFT Operational Guide supplements the UNDP AML/CFT Policy and provides detailed procedures and guidance for the implementation of the policy across UNDP. The Operational Guide specifies roles and responsibilities in the vetting process, including escalation procedures and available corporate tools.

53. Enterprise Risk Management (ERM) , November 30th, 2022.

The Enterprise Risk Management (ERM) policy and procedures  have been updated to align with the Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) Policy. Appendix 2: ERM Risk Categories and Sub-Categories in the ERM policy has been updated with a new AML/CFT risk sub-category ‘5.6. Exposure to entities involved in money laundering and terrorism financing’ under risk category '5. Reputational’. The Risk Appetite Statement Guidance has been updated with the new AML/CFT risk sub-category in Annex 1 (Risk Categories and Sub-Categories) and Annex 4 (Risk Appetite Summary) has been aligned with the risk categories sequencing in the ERM policy. The Project Risk Register template has been updated with the new AML/CFT risk sub-category in Annex 1 (ERM Risk Categories and Sub-categories) and in Annex 2 Offline Project Risk Register Template in the dropdown list. The updated Project Risk Register template is published in Managing Project-Level Risk (Country, Regional or Global Projects) procedures in the ERM policy (Appendix 4), in the procedures section in the ERM policy page and in the following procedures sections in the Programme and Project Management policy area: (a) in steps 1 and 2 of the Social and Environmental Standards procedures; (b) in step 3.3. of the Formulate Development Projects procedures; (c) in step 2.4 of the Monitor procedures.

52. Visual guide on Enterprise Risk Management, November 17th, 2022.

A visual guide on enterprise risk management has been published in the Enterprise Risk Management policy page here and in Business Processes here. The guide provides an overview of the business process flow steps of all procedures, as well as the tools and guidance on risk management starting from establishing the context, risk assessment, risk treatment, monitoring and review and finally communication and consultation. Links to the relevant resources in the POPP for each process flow step are also included. These are the direct links to the guides in pdf: 

51. Internal Control Framework, September 30th, 2022.
The ICF policy and ICF Operational Guide have been updated to incorporate references to the new Anti-Money Laundering and Countering the Financing of Terrorism Policy (AML/CFT Policy). The AML/CFT Policy is referenced in the list of Supportive Tools in Annex 2, point 1 Integrity and Ethical Values on page 20 in the ICF policy and a new section 2.9 Mitigating risks associated with money laundering and terrorist financing has been added on page 12 of the ICF Operational Guide.

50. Anti-Money Laundering and Countering the Financing of Terrorism Policy, September 30th, 2022.

The Anti-Money Laundering and Countering the Financing of Terrorism Policy (“AML/CFT Policy”) provides a comprehensive approach to identifying, addressing and managing AML/CFT risks across UNDP. The policy affirms UNDP’s continued commitment to combating money laundering and terrorist financing, by complementing, reiterating, and cataloguing the safeguards and measures that UNDP has in place in this regard. This policy is a part of a broader set of policies aimed at ensuring that UNDP funds are used for the purposes intended. To access the French and Spanish versions of the policy, click on the respective language tab.

49. Protection against Retaliation Policy, September 22th, 2022.

The UNDP Policy For Protection Against Retaliation (PaR) has been updated to incorporate reference to the new Anti-Money Laundering and Countering the Financing of Terrorism Policy (AML/CFT Policy): the AML/CFT Policy is referenced and linked as footnote 3 to Section 2.1 of the PaR policy, and also appears in the “Links to Documents” section at the end of the PaR Policy. 

48. Enterprise Risk Management, June  28, 2022

The Enterprise Risk Management (ERM) policy has been harmonized with the Social and Environmental Standards (SES) policy. The risk sub-categories in the Quantum + corporate planning system (capturing programme level risks) and in the Atlas project risk registers are now fully aligned with the project-level social and environmental standards. To align the risk entry systems, a slight rewording of ten risk sub-categories has been made and the risk sub-category on “Cultural Heritage” has been re-introduced in the relevant annexes of the ERM policy, Risk Appetite Statement and Risk Appetite Statement Guidance. 

47. Financial Disclosure, February 1st, 2022

The Financial Disclosure policy is available in French and Spanish. To access the documents, click on the French and Spanish language tabs.

46. Internal Control Framework, December 28th, 2021

The updated ICF Policy and the ICF Operational Guide provide clarity on roles, responsibilities, and accountabilities in the implementation of internal controls for clustered and non-clustered processes. Additionally, the ICF Policy has been aligned with industry best practices, including the COSO (the Committee of Sponsoring Organizations of the Treadway Commission) framework and the Three Lines of Defense model. The COSO framework describes what we do in internal control and the three lines of defense framework describes who does it. Both frameworks have been endorsed by the High-Level Committee on Management. Additionally, the ICF policy specifies: (i) the roles and responsibilities of staff at all levels of the organization in the achievement of internal control objectives, and the ways in which UNDP monitors and assesses internal control effectiveness; and (ii) the roles and responsibilities of participants in UNDP’s shared services delivery model.
The Operational Guide of the Internal Control Framework (“ICF Operational Guide”) serves as a supplementary document to the ICF Policy. Given the complexity of UNDP’s activities and the resulting breadth and depth of POPP content, the purpose of the ICF Operational Guide is to bring together the key internal control requirements included throughout the POPP to help UNDP offices implement effective internal controls in both clustered and non-clustered environments. Specifically, the Operational Guide: (i) articulates the key day-to-day internal control roles and their associated authorities, accountabilities, and responsibilities; (ii) describes at a high level some key process control points; and (iii) identifies the supporting technology roles (i.e., ERP), rights, and available tools to affect and monitor internal control implementation. A series of “Quick Views” have been added to provide more visual content, as requested by stakeholders. This version of the Operational Guide provides guidance on who executes internal control roles (or elements thereof) with respect to both clustered and non-clustered processes. Country Offices should follow the clustered or non-clustered guidance that is relevant to their process clustering implementation status.

45. Financial Disclosure, December 21th, 2021

This Policy has been revised to, inter alia, reflect new conflict of interest avoidance “Relationship questions” added to the online FDP disclosure form, clarify policy definitions and requirements, and enhance confidentiality protections by requiring the deletion of submitted Financial Disclosure statements and verification documentation after stipulated time periods.

44. Protection Against Retaliation, December 10th, 2021

The UNDP Policy For Protection Against Retaliation (PaR) has been updated to include provisions for the prevention of retaliation in applicable cases, which shall involve coordination between the Office of Audit and Investigations (OAI) and the Ethics Office. The policy has further been revised to clarify that personnel on UNDP-issued contracts who are assigned to work for other United Nations agencies shall not be covered by UNDP’s PaR Policy, but will instead fall under their respective agency’s applicable rules and policies.

43. Enterprise Risk Management, October 29th, 2021

The ERM policy was updated to 1) modify risks-sub categories and 2) launch UNDP’s Risk Appetite Statement (RAS) which aims to create a risk-enabled culture within UNDP, where risk-based decisions are taken, and opportunities are pursued according to the needs and circumstances of the project or programme, our development partners, and the resources and skills available.

42. Bussiness Continuity Management, September 2nd, 2021

The Business Continuity Management policy is now available in French. To access the document, click on the French language tab.

41. Internal Control Framework, June 11th, 2021

The purpose of the Internal Control Framework (ICF) policy is to help UNDP achieve its goals and to provide accountability for its activities. An effective internal control system provides reasonable assurance to UNDP regarding the achievement of its objectives in the following categories:
  • Promotion of orderly, ethical, economical, efficient and effective operations;
  • Meeting accountability obligations by making available reliable and relevant internal and external financial and non-financial information, through the maintenance of proper records and information flows;
  • Safeguarding resources from inappropriate use, loss, or damage due to waste, abuse, mismanagement, errors, fraud and irregularities;
  • Compliance with applicable regulations, rules and internal policies.
The Operational Guide to the Internal Control Framework supplements the Internal Control Framework (ICF) policy to bring together the main existing prescriptive content within the Programme and Operations Policies and Procedures (POPP) with respect to internal controls, and help UNDP offices implement effective internal controls. It draws upon acknowledged international best practices, while taking into account the characteristics of UNDP.

40. Internal Control Framework, January 15th, 2021

Updates to the ICF Operational Guide provide additional clarity on the responsibilities for monitoring budget overrides, and overseeing override match exception functions. Additional sentences have been added on override match exceptions to page 39 and on monitoring of budget overrides to pages 16, 22 and 23.

39. Bussiness Continuity Management, December 31st, 2020

The Business Continuity Management policy is now available in Spanish. To access the document, click on the Spanish language tab.

38. Internal Control Framework, November 13th, 2020

The Operational Guide to the ICF is now available in French. To access the document, click on the French language tab.

The Operational Guide to the ICF is now available in Spanish. To access the document, click on the Spanish language tab.

36. Internal Control Framework, July 29th, 2020

The Operational Guide to the ICF has been updated to incorporate some streamlining improvements, as well as address recent issues identified by audits:

1. The removal of the provision which enabled low-value Requisitions and related Purchase Orders to be approved by the same individual, as communicated by the CFO to all Offices on 16th September 2019.

2. Aligning the consistency of language on vendor creation and approval, and updating it to reflect additional control processes needed when changing vendor bank account information.

3. Further streamlining the ICF, e.g. by removing a redundant control (that bank signatories cannot approve vendors, in COs where there are 2 bank signatories), and authorizing GS7 staff in COs and GS6 staff in the GSSU to perform approval functions for POs, prepayments and no-PO vouchers up to $10,000.

4. Incorporating the recently issued reforms effected through the various rounds of BMS business process streamlining. These changes include:

a. authorising three vendor approvers for large offices with delivery above $50m per year;

b. clarifying functions that must be performed by staff, and functions where other contractual modalities may now be utilized per the streamlining exercises.

5. Consolidating the list of control functions to be performed by staff within a single section of the ICF.

6. Updates to include new business process services provided by the GSSU.

35. July 8th, 2020

34. Gifts PolicyApril 23rd, 2020

The Gifts Policy assists UNDP personnel in regulating their conduct when offered gifts or other items, irrespective of value and source in the course of their functions. The policy delineates and formalizes personnel reporting obligations, and distinguishes between obligations related to the receipt of gifts from governmental and non-governmental entities, including whether the gifts are valued below or above USD 30. The policy also provides the Organization with procedures to follow with regards to the recording and disposition of gifts.

33. Information DisclosureApril 12th, 2020

The policy has been updated to reflect the following: Updates to Annex 2 examples of information in the exception list, updates to URLs of linked documents and the shift from the United National Development Assistance Framework (UNDAF) to the United Nations Sustainable Development Cooperation Framework (UNSDCF).

32. Information Disclosure Policy (IDP), November 6th, 2019

The ICF Operational Guide has been revised to reflect the division of roles and responsibilities between country offices and GSSU with detailed guidance provided for the following 14 business processes services:

  1. bank-to-book (B2B) reconciliation;
  2. cash management;
  3. assets management;
  4. inventory management;
  5. vendor management;
  6. accounts payment processing;
  7. pay cycle;
  8. general accounting;
  9. travel processing;
  10. project financial closure and donor financial reporting;
  11. VAT processing;
  12. procurement: LTA Goods, Services and Works;
  13. procurement: purchases over US$ 150,000 except IC;
  14. human resources services: (a) recruit, source, and select employees; (b) employee on-boarding; (c) manage employee performance, reward and retention; (d) manage employee well-being; (e) employee development and training; (f) administration of contracts, benefits and allowances; (g) administer payroll. 

30. Protection Against Retaliation, October 14th, 2019

The Protection Against Retaliation policy is now available in Portuguese and Arabic.

29. Delegation of Authorities, August 6th, 2019


26. Delegation of Authorities, March 26th, 2019

​The Delegation of Authorities policy is now available in Spanish. To access the document, click on the Spanish language tab.

25. Managing Prescriptive Content, March 26th, 2019

​The Managing Prescriptive Content main policy and procedures are now available in Spanish. To access the documents, click on the Spanish language tab.

24. Risk Management, March 13th, 2019

The updated Enterprise Risk Management policy and procedures, which are now available in English, French and Spanish, call for a change in how UNDP collectively approaches risk management in order to become a smarter and more agile organization. They provide a roadmap for moving from risk averse to responsible risk taking practices. To access the Spanish and French documents, click on the relevant language tabs.

23. Anti-Fraud, December 13th, 2018

The Anti-Fraud Policy has been updated to reflect UNDP’s review of the policy and assessment of fraud risks faced by the organization. The updates include:

1. The UN’s single definition of what constitutes fraud, as well as cases of suspected or presumptive fraud, as recommended by the Joint Inspection Unit of the UN and as formulated, and approved by the High-Level Committee on Management (HLCM) pursuant to General Assembly resolution A/RES/70/238.

2. References on criminal accountability of United Nations officials and experts on mission pursuant to General Assembly resolution A/RES/62/63, which states that credible allegations of a crime committed by United Nations officials or experts on mission may be brought by the Secretary-General to the attention of the States against whose nationals such allegations are made.

22. Managing Prescriptive Conent (POPP), November 14th, 2018

The Managing Prescriptive Conent Policy is available in French. Kindly note that any differences in the English and French texts will be interpreted in accordance with the English version.

21. Anti-Fraud, September 28th, 2018

The Anti-Fraud Policy is available in French. Kindly note that any differences in the English and French texts will be interpreted in accordance with the English version.

20. Internal Control Framework (ICF), September 19th, 2018

 The ICF Operational Guide reflects the following changes:

1) Increase the threshold above which Purchase Orders and E- requisitions are required from $2,500 to $5,000. 

2) Increase the number of vendor approvers to three staff members in offices whose previous year delivery is above $50 million per year. 

19. Protection Against Retaliation, May 11th, 2018

The updated Protection against Retaliation policy is in line with the latest Secretariat guidelines ST/SGB/2017/2/Rev1 and includes: protection of individuals who choose to report wrongdoing to an external entity in limited circumstances; reducing the turnaround time for Ethics to complete the preliminary review stage (from 45 to 30 days); changing the definition of retaliation so that it aligns with the most recent SGB; the option of recommending transfer of the alleged retaliator; and explicitly prohibiting retaliation against outside parties. Additionally, UNDP introduced the possibility of interim protective measures during the preliminary review stage.

The Protect against Retaliation policy is available in French and Spanish. To access the documents, click on the French and Spanish language tabs.

18. Business Continuity Management (BCM), January 17th, 2018

The BCM policy has been revised is now available in POPP. The revision is mainly editorial and does not include any substantive changes. The revised policy has also included a reference to UN Organizational Resilience Management System (ORMS) which was approved by UN CEB in 2014.

17. Enterprise Risk Management Policy, October 27th, 2017

The ERM policy has been supplemented with clarification of the end-to-end risk management process to simplify application. The business process provides a summary of risk management at all levels of the Organizational and the risk escalation process.  It also provides information on linkages between risk management and how this could be mainstreamed in most key business processes within the Organization. 

16. The Information Disclosure Policy, August 11th, 2017

The policy was updated to reflect best practice in the review and appeal process relating to information disclosure. The new provisions are intended to ensure independence of the Information Disclosure Panel in its decision making on contested disclosures. 

15. Managing The Information Disclosure Policy, August 2nd, 2017

The new policy on the management of prescriptive content (Programme and Operations Policies and Procedures -- POPP) provides a full-cycle approach to maintaining the POPP. The cycle starts with conceptualization and preparation of prescriptive content, country office inputs and feedback, inter-Bureau consultations, approval and publication. The Policy sets out key principles on what constitutes prescriptive content, and formalizes new standards for writing polices to ensure that they are short, easy to understand and apply. The Policy requires that policy contain procedures in simple form, preferably in tabular form, to facilitate quick reference. Coherence and timely publication and communication of updates and new content is also required.

14. Delegation of Authority Policy, April 7th, 2017

This is an update from 2012 and describes how authority is delegated in UNDP from the Administrator to Heads of UNDP offices. It also provides guidance on how and when such delegated authorities could be further delegated.  These accountabilities are in line with the Corporate Accountability Framework (see link) approved by the Executive Group in 2016. This policy also serves as a single point of reference of the authorities of the Administrator, Associate Administrator and heads of UNDP offices in headquarters and in country offices including those funds and programmes administered by UNDP. A Summary Table of Delegated Authority of UNDP Administrator is available at Annex A.

13. Revised Making Information Available to the Public Policy, April 4th, 2016

Independent nature of Information Disclosure Panel is more emphasized.  The independent Panel now consists of four members, including one from a United Nations agency other than UNDP; and one from a non-governmental organization.

12. New Enterprise Risk Management Policy, January 26th, 2016

This new Policy enhances the way we identify opportunities and threats at an early stage and manage those proactively. It guides users to assess risks, approach to risk treatment, monitor and review risks, while clarifying risk management roles and responsibilities. An updated risk log that is integrated into the Integrated Work Plan has already been set up in the Corporate Planning System. The Policy is based on ISO's Internal Risk Management Industry Standard (ISO 31000).

11. Revised Making Information Available to the Public Policy, April 12th, 2016

Independent nature of Information Disclosure Panel is more emphasized.  The independent Panel now consists of four members, including one from a United Nations agency other than UNDP; and one from a non-governmental organization.

10. Protection Against Retaliation, July 14th, 2015

This revised policy includes the increased timeframe for a person could seek protection, from 60 days to six months. Additional clarification is made by adding "more likely than not" a causal connection exists between the protected activities and the detrimental action that has been taken or threatened against the individual, in order to establish a prima facie case.

9. Financial Disclosure, March 7th, 2014

This Policy has been revised so non-staff personnel, such as contractors, may be required to file a financial disclosure statement, in accordance with the standards of conduct incorporated into the contract.

8. Protection Against RetaliationMarch 7th, 2014

The Policy for Protection against Retaliation has been expanded to include protection for non-staff personnel such as contractors, interns and UNVs serving in UNDP or another UNDP administered fund, programme or agency.

7. Revised Information Disclosure Policy, February 18th, 2014

The Information Disclosure Policy now includes requirements for "robust reasoning" to exclude information from the public domain. Amendments have been benchmarked against international best practice.

6. UNDP Policy on Fraud and other Corrupt Practices, March 14th, 2011

The Results Management and Accountability chapter has been updated with the revised anti-fraud policy which now replaces the UNDP fraud policy statement of August 2005 and brings, in one place, currently dispersed policies and practices.

5. Version 4 of Internal Control Framework, July 15th, 2010

Version 4 of Internal Control Framework policy now can be accessed through the Results Management and Accountability chapter. The updated version incorporates 1) new introduction to encapsulate the attributes and components of internal control as is best practice, taking full consideration of all existing control processes in UNDP. The new introduction follows more closely the COSO internal control model, and is therefore very broad in its coverage of administrative and programmatic areas. 2) The Operational Guide of the ICF, to better reflect its level of detail.

4. Branding UNDP's Policy Work: Corporate templates for UNDP knowledge products, August 24th, 2009

On 22 July, the Operations Group endorsed a list of standard templates for knowledge products in order to professionalize the look of UNDP knowledge products and ensure that key audiences know what to look for and what to expect.  Knowledge products are grouped under three categories - development policy, development practice, and advocacy. By providing practical guidance on "how to" produce UNDP knowledge products, the aim is to establish a recognizable series of UNDP products with improved quality, consistency, and relevance.

The full menu of on-line templates will be completed and available for application in the fourth quarter of 2009.

BDP is now in the process of hiring a design house to develop a common design for each template so we can reduce the need to repeatedly hire designers as well as improve recognition of UNDP's brand. All the designed templates will then be available to all staff through the intranet (including in the Communications Toolkit) in the same way as the Fast Facts template is now available.

3. Guidelines for managing the risks of engagement with military/defense forces, July 21st, 2009

On 3 June 2009, the Operation Group approved the revised version of guidelines for managing the risks of engagement with military/defense forces. The guidelines: Include a definition of military/defense forces; Are mandatory for engagement with military/defense forces, optional for engagement with police, customs, etc. Apply to all country settings: post-conflict or not. Apply to situations where UNDP is involved programmatically and/or the local administrative agent; Include a check on United Nations sanctions; Refer to OECD guidelines. The guidelines will be incorporated into the POPP during the third quarter of 2009.

2. Accountability issues in the POPP, June 30th, 2009

While accountability principles run through all programme implementation arrangements, operational activities and performance management regimes, finding the right balance between procedural compliance and flexibility of response can be difficult to achieve.

The recently-approved accountability framework has given further impetus to revision of POPP content to incorporate results managements, accountabilities and risk management perspectives for different development contexts. Share your ideas on how to make the POPP communicate accountabilities better.

1. Business Continuity Management, June 20th, 2009

The aim of the BCM Policy is to protect the interest of UNDP and its internal and external stakeholders by establishing a business-owned and business driven strategic and operational framework, which proactively ensures UNDP's ability to respond appropriately to anticipated risks identified within the context of a corporate risk assessment and unit level risk logs and unexpected disruptive challenges of the future, while maintaining staff safety and security.

Language English | Español | Français
Page Properties
Focal Point