Current risk management processes are inefficient and ineffective in supporting the identification of risks during grant-making. This is a critical weakness because grant-making aims to identify and pre-empt potential implementation challenges so that implementers “hit the ground running” once grants are signed.
This was one of the key findings of an audit conducted by the Office of Inspector General on The Global Fund’s grant-making processes. A report on the audit, which was conducted in the Summer of 2015, was released on 24 February. For the audit, the OIG reviewed the grant-making process for 20 grants.
Under grant-making, risk management is a stand-alone process that has not been integrated into other risk-related tools and processes at the Secretariat, the OIG said. It does not build on risk-related assessments previously undertaken and overseen by the operational risk committee. In addition, there is no mechanism to ensure that risks identified during grant-making are tracked once implementation is underway.
Country teams are required to complete multiple risk management tools during grant-making, including the implementation map and the capacity assessment tool. The audit noted that because there is limited interface between the different risk assessment tools, the information has to be entered several times. There are no mechanisms in place to prevent discrepancies in the information entered, the OIG said.
According to the OIG, current risk management processes during grant-making do not effectively support the identification of risks. For example:
- The tools primarily focus on checking the adequacy of internal controls to safeguard funds. There is limited attention paid to key strategic risks that affect achievement of impact. For instance, the tools do not detect the risk of low absorption which has been consistently identified as a challenge to the timely disbursement of funds.
- Risk assessments typically focus only on the principal recipient and do not cover sub- recipients, despite the fact that the latter often receive majority of funds and implement program activities.
The audit found that risk assessments and the resulting mitigation measures are not subject to quality checking. For example, it said, the Secretariat does not validate the assessments undertaken by country coordinating mechanisms concerning the PR’s compliance with the minimum standards.
The OIG said that the Risk Department started to perform an independent quality check of the risk assessments and mitigation measures proposed by country teams in August 2015. “However, it remains unclear how the outcome of such reviews are factored in the grant approval process.”
The guidelines for grant-making require that the regional managers or department heads involve other functional managers in reviewing high risks and complex portfolios. However, the OIG said, with the exception of the Legal Department, this has not been consistently implemented.
In response, the Secretariat said that these findings would be addressed through a previously agreed management action in the October 2015 report on an audit conducted by the OIG in Ghana. In that action, the Secretariat undertook to continue to work on improving the existing risk management tools and processes.
The OIG audit also found that that the 3-month target for completing grant-making is often not met. In a survey of key stakeholders at Secretariat and country levels, only 19% said there was sufficient time available for grant-making. The OIG said that at the time of the audit, the Secretariat had not analyzed the underlying causes for country teams’ failure to meet its timelines. It cited country team members as saying that grant-making is often rushed to meet the 3-month target “and that this often comes at the cost of quality.”
See separate GFO article on the deficiencies in the grant-making processes identified by the OIG in its audit.