Organizational Foundation

The organizational foundation represents the basic organization structure that MFIs should have in place in order to effectively engage in formal risk management. Three components—governance and strategy, risk culture, and internal control and management information system (MIS)—make up the foundation. Each component plays a critical role in an MFI’s ability to adequately implement formal risk management in a particular risk area. Being structurally weak in one or more of those foundation components does not mean that an MFI cannot engage in general risk management. However, its risk management function will be hindered to the degree by which those weaknesses exist.

The components of the organizational foundation are defined as follows:

  • Governance and Strategy – Governance and strategy is defined by the group of owners and the objectives they want to achieve and sets the tone for the way the institution is run, from its social mission to its financial objectives.
  • Risk Culture – Risk culture is an MFI’s commitment to analyze information in a self-critical manner and “face the facts” to manage and prevent risks.
  • Internal Control and MIS – Internal control and MIS is the basis of formal risk management and is characterized by separation of functions, formalization and dissemination of policies, ex post controls, and a capable MIS.

Governance and Strategy

Tier 3 Guidelines
Tier 2 Guidelines
Tier 1 Guidelines
Institutional bylaws Up-to-date institutional bylaws Up-to-date institutional bylaws
Mission Mission Mission
Separation of functions: Existence of at least a full-time CEO and CFO, a person in charge of credit/business, and a part-time internal audit function. Separation of functions: Existence of at least a full-time CEO and CFO, credit/business department, and internal audit. Clear definition of functions and responsibilities. Separation of functions: Existence of at least a full-time CEO and CFO, credit/business department, internal audit department, and risk management department. Clear definition of functions and responsibilities.
Goals and objectives: Business Plan and Operational Plan. Individual goals and objectives for field personnel. Periodic monitoring of fulfillment of institutional and individual goals and objectives. Goals and objectives: Business Plan and Operational Plan. Individual goals and objectives for field personnel. Systematic monitoring of fulfillment of institutional and individual goals and objectives. Goals and objectives: Business Plan and Operational Plan—consolidated and by department. Individual goals and objectives for all personnel. Systematic monitoring of fulfillment of institutional and individual goals and objectives.
At least one person in charge (including part-time personnel) of risk management At least one full-time person in charge of risk management
Quarterly meetings of risk management committee with participation of members of the Board of Directors Monthly meetings of risk management committee with participation of members of the Board of Directors

Risk Culture

Tier 3 Guidelines
Tier 2 Guidelines
Tier 1 Guidelines
Internal transparency: Commitment to analyze information in a self-critical manner and “face the facts” Internal transparency: Commitment to analyze information in a self-critical manner and “face the facts” Internal transparency: Commitment to analyze information in a self-critical manner and “face the facts”
External transparency: Commitment not to hide information External transparency: Commitment not to hide information External transparency: Commitment not to hide information and to publish it freely

Internal Control and MIS

Tier 3 Guidelines
Tier 2 Guidelines
Tier 1 Guidelines
Formalization and dissemination of policies: Existence of up-to-date credit manuals and financial management manuals. Formalization and dissemination of policies: Existence of up-to-date credit manuals and financial management manuals as well as manuals covering other main processes. Manuals disseminated at all levels. Formalization and dissemination of policies: Existence of up-to-date credit manuals, financial management manuals, and internal control manuals as well as manuals covering all other processes. Manuals disseminated at all levels.
Ex-post controls: Internal audit controls based on annual work plan. Surprise visits to branches and clients. Ex-post controls: Internal audit controls based on annual work plan. Surprise visits to branches and clients. Ex-post controls: Internal audit controls based on annual work plan. Surprise visits to branches and clients.
Management information system: capable of generating the information and reports mentioned in the risk categories in an accurate and timely manner Management information system: capable of generating the information and reports mentioned in the risk categories in an accurate and timely manner. Management information system: capable of generating the information and reports mentioned in the risk categories in an accurate and timely manner

Evaluate

RIM’s Risk Management Graduation Model is continually being revised to reflect the consensus standards within the microfinance industry.

Your evaluation and feedback is of utmost importance within this process.

Please provide your valued evaluation and feedback on the Organizational Foundation in the form below:


Evaluator Information:



 

Organizational Foundation Components and Definitions

 

Please provide your valued evaluation and feedback on the Organizational Foundation Components & Definitions listed above:

 

Framework Guidelines

 

Please provide your valued evaluation and feedback on the Risk Management Graduation Model framework guidelines listed above: