Building Effective Risk Governance in the Humanitarian Sector Using ISO 31000 and COSO ERM

Effective risk governance is essential for humanitarian organizations operating in complex, high-stakes environments. Using ISO 31000 and COSO ERM frameworks, organizations can establish structured, resilient risk management practices to safeguard resources and enhance accountability.

Key Steps for Setting Up Risk Governance

1. Define Context and Scope Map the internal and external operating environments, aligning risk strategies with humanitarian objectives and regional challenges.
2. Board Involvement The board should play an active role by approving the ERM strategy, allocating resources, and providing oversight to ensure alignment with organizational objectives.
3. Secure Leadership Commitment Obtain leadership endorsement and assign specific roles for risk management across all levels, fostering a culture of risk awareness and accountability.
4. Develop a Risk Management Framework Establish a clear ERM framework and policy based on ISO 31000 guidelines and COSO principles, outlining the organization's risk tolerance, reporting structure, and risk response protocols.
5. Identify and Prioritize Risks Use COSO ERM’s methodologies, such as workshops and scenario analysis, to identify and assess key risks, focusing on operational, political, and logistical threats.
6. Implement Risk Response Strategies Apply ISO 31000’s risk response categories (avoid, mitigate, transfer, accept) to develop actionable, context-specific strategies for each identified risk.
7. Establish Monitoring and Reporting Set up real-time risk indicators and a reporting framework to communicate with stakeholders, ensuring transparency and enabling swift responses.
8. Continuous Improvement Regularly review risk controls and integrate lessons learned, adapting the governance structure as risks evolve.

Building a Risk-Aware Culture

Train staff to identify and report risks, reinforcing a shared commitment to safeguarding resources and improving operational resilience.

Conclusion

By implementing structured ERM practices, with board-backed oversight, resource commitment, and strategic alignment, humanitarian organizations can protect resources, uphold accountability, and maintain continuity in high-risk regions. Effective risk governance, based on ISO 31000 and COSO ERM, fortifies humanitarian missions across Africa, ensuring aid reaches those who need it most.