Risk Management Policy

Ministry for Foreign Affairs will establish a comprehensive risk management policy in line with the recommendations of the OECD Development Assistance Committee Peer Review in 2017, also taking stock of the Committee recommendations on corruption risk management.

Completion Status:
Partially fulfilled

Commitment filtering:


The commitment can be considered specific because it targets a concrete thematic priority: corruption risk management. “Corruption risk management (CRM) is a specific set of procedures and requirements to detect, assess, and mitigate corruption risks within an organisation. It is an important part of implementing anti-corruption policy.”[1]

[1] U4 Anti-Corruption Resource Centre, What we mean by corruption risk management, https://www.u4.no/topics/corruption-risk-management/basics


The commitment identifies the measurable action of establishing a risk management policy in line with the 2017 OECD Development Assistance Committee Peer Review recommendations. This should include:

  1. “Guidance for how the overall country programme might be better adapted or how different instruments might work together to mitigate risks”
  2. “How planning and programming should prepare for, and respond to, political and security uncertainty”.[1]

[1] OECD, OECD Development Co-operation Peer Review, https://read.oecd-ilibrary.org/development/oecd-development-co-operation-peer-reviews-finland-2017_9789264287235-en#page4


Background Information:

Before the IACC commitment, the Ministry for Foreign Affairs did not have a comprehensive risk management policy, but instead had general risk management measures in place as part of the earlier Results-Based Management approach. The OECD’s Development Assistance Committee Peer Review of 2017 highlighted the need for a risk management policy.1

Preparing the risk management policy started before the Anti-Corruption Strategy was published, as reflected for the first time in the ministry’s development policy report of 2018. 2



The risk management policy has been publicly available since late 2021.3 It is accompanied by an annex specifying the guidelines for risk management, including from an analysis and detection perspective.4

The risk management policy actions match the OECD recommendation5 in the following areas:

3.1 Develop a comprehensive overview of Finnish activities in long-term partner countries. Improving the analysis of risks, to reflect the actual state of programmes

The Ministry for Foreign Affairs’ (MFA) risk-management policy includes the evaluation of risks of existing programmes and introduces ex-post impact assessment and programme evaluation, to improve the analysis of risks and identify how it addresses programmes on the ground.3

3.2  Ensure that risk management actions are built into programme design and implemented, and that risks are regularly monitored.

a) Inclusion of methods to adapt to the risk environment

The MFA includes a set of methods for adapting to the risk environment. This methodology is based on high-level risk management principles with a detailed action plan. It is built on the following pillars:3

  • Risk management guidelines and operating model of the Ministry of Economy
  • Working order and security principles of the Ministry for Foreign Affairs
  • Development cooperation principles, strategic solutions, division of labour and management model
  • Strategic risk management, contractual models, and preparation of actions
  • Operative risk management on the intervention level

 b) Guidance on risk mitigation at overall country-programme level

The MFA provides new risk mitigation and management guidelines at country-programme level within the new policy.3

c) Increase the capacity and ability to conduct interventions

Besides the regular anti-corruption training that the MFA provides to staff member in its basic training (333 staff members annually), the total number of staff receiving the training has increased in the past years. Almost 750 staff members received the training in 2019, while 841 were trained in 2020. The number for 2021 was as high as 988 staff members. This includes training via Risk Management and Quality Assurance workshops. The Ministry for Foreign Affairs provided an internal document confirming the detailed staff participation figures for the annual development cooperation and policy training. However, it did not allow the training statistics to be published as an Annex to the IACC Monitor Country Report.6 Therefore, the commitment can only be considered partially fulfilled according to the methodological criteria of transparency for this monitoring report.

Overall, this commitment is considered partially fulfilled.


Challenges to effective commitment implementation
The main challenge that the Ministry identified in its financial report of 2020 regarding risk management was the adequacy of resources, in terms of both personnel and skills. The report further mentions the functionality of IT systems, information security, health and safety, and real estate management as specific risk challenges. However, the ministry concluded that risk management was already of a good standard before adopting the new risk management policy.7 Other reports, such as the annual report on development cooperation, also considered risk management efficient before 2021.8


Opportunities to accelerate commitment implementation
As the OECD standards on development cooperation exposed prior vulnerabilities in Finnish risk management, the OECD could be a source of international best practices, and opportunities to evaluate Finnish risk management could be used to develop it further. For example, through the Development Assistance Committee (DAC).


  • Train all staff of the Ministry for Foreign Affairs in the new policy.
  • Evaluate the policy internally every two years and hold public consultations with civil society. This evaluation can be built on the OECD peer-review evaluation framework9 and similar frameworks developed in other ministries, such as the current risk management framework of the Ministry of Finance.10
  • Bring lessons learned to the private sector to provide best practices for detecting and addressing corruption issues, especially when private partners are involved in development programmes or similar activities.
  • Included the risk management policy in other programmes not managed directly by the Ministry for Foreign Affairs, such as programmes and projects run by NGOs receiving ministry funding.