The organizational foundation represents the basic organization structure that MFIs should have in place in order to effectively engage in formal risk management. Three components—governance and strategy, risk culture, and internal control and management information system (MIS)—make up the foundation. Each component plays a critical role in an MFI’s ability to adequately implement formal risk management in a particular risk area. Being structurally weak in one or more of those foundation components does not mean that an MFI cannot engage in general risk management. However, its risk management function will be hindered to the degree by which those weaknesses exist.
The components of the organizational foundation are defined as follows:
- Governance and Strategy – Governance and strategy is defined by the group of owners and the objectives they want to achieve and sets the tone for the way the institution is run, from its social mission to its financial objectives.
- Risk Culture – Risk culture is an MFI’s commitment to analyze information in a self-critical manner and “face the facts” to manage and prevent risks.
- Internal Control and MIS – Internal control and MIS is the basis of formal risk management and is characterized by separation of functions, formalization and dissemination of policies, ex post controls, and a capable MIS.