In the last two years, the Global Fund has implemented a comprehensive set of measures to better manage risk, particularly the risk of fraud and misappropriation of grant funds. The Fund has established a Grant Management Assurance Framework (also referred to as the “risk framework”) that sets out the Global Fund’s general approach to managing risk. The Framework allows the Fund to identify, document, assess and act on all risks that could affect the success of a grant.
The Framework is explained in a report prepared by Chief Risk Officer Cees Klumper, recently posted on the Global Fund’s website. The Framework describes the Global Fund’s general approach to risk management and specific measures to combat fraud. This article provides a summary of the Fund’s general approach to risk management. In a separate article, GFO describes specific measures to combat fraud.
The Grant Management Assurance Framework covers four main elements:
- assessment of proposed implementers’ capacity;
- use of the Qualitative Risk Assessment, Action Planning and Tracking Tool (QUART);
- risk analysis of implementation arrangements; and
- greater flexibility to manage risk.
Each element is described below.
Assessment of proposed implementers’ capacity. For each new grant, before it is approved, an assessment is done of the proposed implementers’ capacity to implement the grant. This applies to all principal recipients (PRs), large sub-recipients (SRs) and other actors, such as public or private entities involved in health product procurement and storage. For this exercise, the Global Fund uses a set of minimum standards developed several months ago (see GFO article). For PRs, the assessment measures their capacity to manage their operations and oversee SRs from both a programmatic and a financial perspective. Any weaknesses in capacity that are identified are usually addressed before the grant is signed. Where this is not possible, action is taken to mitigate the risk – for example, by outsourcing procurement to another entity.
QUART. For what the Global Fund Secretariat considers “important” grants: As each grant is being implemented, the Secretariat uses a tool called “QUART” (Qualitative Risk Assessment, Action Planning and Tracking Tool) to routinely review 19 risk areas (see table). Two of the risk areas directly cover fraud and misuse – “Fraud, Corruption, or Theft of Global Fund Funds” and “Theft or Diversion of Non-financial Assets.” Assessments of some of the other risk areas – such as inadequate governance and oversight, and treatment disruptions – may also signal a possible risk of misuse of grant funds. When using QUART, grant managers are required to assess the factors that contribute to each risk and to evaluate their likelihood and severity.
“Important” grants include all grants from high-impact countries that had a certain minimum length of time remaining. They also include other grants that have a certain minimum length of time remaining and that are above a certain value.
Table: List of 19 operational risks in the Global Fund’s risk framework
Note: This table is reproduced from the Global Fund’s report on risk management.
Risk analysis of implementation arrangements. Building on the implementers’ capacity assessments (described above), once implementation of a grant starts, the performance of the “main” implementers – i.e. implementers that collectively account for a sizeable portion of the portfolio – is reviewed in areas where risks were identified during the assessments. The success of any special measures put into place to mitigate risks (such as outsourcing) is also reviewed. Where required, additional mitigating measures are taken.
Greater flexibility to manage risk. The Global Fund has adopted a system which allows it to allocate more resources to grants that pose the greatest risks. The new system replaces the one-size-fits-all approach to managing grants that was previously in place.
Who manages the risks?
The Grant Management Assurance Framework also indicates where risk is managed in the Global Fund. Within the Secretariat, there are three levels of quality assurance. First, the line managers of each country team review and sign off on the documented risk assessment and mitigation action plans that emerged from the review of risk areas using the QUART tool (described above).
Second, risk management experts from the Risk Department, which include former investigators from the Office of the Inspector General, local fund agents, grant managers and auditors, perform in-depth quality assurance assessments of the reviews that were done using the QUART tool. The assessments also provide an opportunity to train country team members on the application of sound risk management practices.
Thirdly, the risk assessments and mitigation action plans are reviewed by a senior level Operational Risk Committee (ORC), co-chaired by the Head of Grant Management and the Chief Risk Officer. The ORC reviews and approves the risk assessments and action plans for individual grants.
The measures described above are complemented by (a) visits to countries by grant managers; (b) the implementers’ own internal control mechanisms; (c) the actions of the implementers’ external auditors; and (d) the actions of the local fund agents. Finally, in-country partners, such as bi-lateral and multi-lateral donors and technical partners, feed into the risk management system.
This is the first of two articles on risk management at the Global Fund. The second article describes specific measures to reduce the risk of fraud.