Skip Ribbon Commands
Skip to main content

Programme and Operations Policies and Procedures

Please Wait ...Processing
POPP>Accountability>Risk Management>Enterprise Risk Management
Enterprise Risk Management
Visual Guide
The visual guide provides an overview of the business process flow steps of all procedures, as well as the tools and guidance on risk management starting from establishing the context, risk assessment, risk treatment, monitoring and review and finally communication and consultation. Links to the relevant resources in the POPP for each process flow step are also included.
1.0 Relevant Regulations and Rules
UNDP Financial Regulations and Rules (2012)

2.0 Policies
Main Policy
Enterprise Risk Management
The Risk Appetite Statement and the Risk Appetite Statement Guidance supplement this policy.
3.0 Procedures
Main Procedures

Managing Project-Level Risk (Country, Regional or Global Projects)

Loading .. Please Wait!!

Managing Unit/Programme-Level Risk (Country Office)

Loading .. Please Wait!!

Managing Unit/Programme-Level Risk (Regional/Central Bureaux)

Loading .. Please Wait!!

Managing Corporate Risk

Loading .. Please Wait!!

Language English | Español | Français
Page Properties
Key Words
Focal Point
Nesreen Al-Hebshi,Mamadou Ndaw,Teuku Rahmatsyah
Effective Date
Planned Review Date
Summary of Changes/Comments
January 25, 2023 - The offline Project Risk Register template has been updated to reflect UNDP's transition to its new cloud-based management platform Quantum in January 2023, replacing its previous ATLAS system.

November 30, 2022 - The Enterprise Risk Management (ERM) policy and procedures have been updated to align with the Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) Policy. Appendix 2: ERM Risk Categories and Sub-Categories in the ERM policy has been updated with a new AML/CFT risk sub-category ‘5.6. Exposure to entities involved in money laundering and terrorism financing’ under risk category '5. Reputational’. The Risk Appetite Statement Guidance has been updated with the new AML/CFT risk sub-category in Annex 1 (Risk Categories and Sub-Categories) and Annex 4 (Risk Appetite Summary) has been aligned with the risk categories sequencing in the ERM policy. The Project Risk Register template has been updated with the new AML/CFT risk sub-category in Annex 1 (ERM Risk Categories and Sub-categories) and in Annex 2 Offline Project Risk Register Template in the dropdown list. The updated Project Risk Register template is published in Managing Project-Level Risk (Country, Regional or Global Projects) procedures in the ERM policy (Appendix 4) and in the procedures section in the ERM policy page.

June 28, 2022 - The Enterprise Risk Management (ERM) policy has been harmonized with the Social and Environmental Standards (SES) policy. The risk sub-categories in the Quantum + corporate planning system (capturing programme level risks) and in the Atlas project risk registers are now fully aligned with the project-level social and environmental standards. To align the risk entry systems, a slight rewording of ten risk sub-categories has been made and the risk sub-category on “Cultural Heritage” has been re-introduced in the relevant annexes of the ERM policy, Risk Appetite Statement and Risk Appetite Statement Guidance. 

October 29, 2021 - The ERM policy was updated to 1) modify risks-sub categories and 2) launch UNDP’s Risk Appetite Statement (RAS) which aims to create a risk-enabled culture within UNDP, where risk-based decisions are taken, and opportunities are pursued according to the needs and circumstances of the project or programme, our development partners, and the resources and skills available.

July 08, 2020 - Clause 4.1 and Appendix 2 of the ERM policy were modified to 1) add additional risks-sub categories and 2) remove BOA, JIU as part of the three lines of defence.

May 01, 2019 - The Risk Committee TORs are now available in the Managing Corporate Risk procedure table.

March 13, 2019 - The updated Enterprise Risk Management policy and procedures, which are now available in English, French and Spanish, call for a change in how UNDP collectively approaches risk management in order to become a smarter and more agile organization. They provide a roadmap for moving from risk averse to responsible risk taking practices. To access the Spanish and French versions, click on the relevant language tabs.

October 27, 2017 - The ERM policy has been supplemented with clarification of the end-to-end risk management process to simplify application. The business process provides a summary of risk management at all levels of the Organizational and the risk escalation process. It also provides information on linkages between risk management and and how this could be mainstreamed in most key business processes within the Organization.