> **来源:[研报客](https://pc.yanbaoke.cn)** # WHO Principal Risks Summary WHO identifies **Principal Risks** as those that may affect the achievement of its objectives, including the implementation of the Global Strategy for Health Workforce (GPW14), and require alignment and coordination across the three levels of the Organization. These risks are identified through a **bottom-up** process using the WHO corporate Risk Management Tool, and are further reviewed and validated by the **Global Risk Management Committee** from a **top-down** perspective. The list of Principal Risks is **dynamic and iterative**, updated regularly to reflect the current risk landscape and organizational priorities. ## Core Content The Principal Risks are categorized based on their **criticality level** and are regularly discussed and refined within WHO networks to ensure operational effectiveness and risk monitoring. The following are the key risks identified: ## Main Risks and Descriptions | Risk No. | Risk Short Name | Risk Description | |----------|------------------|------------------| | 1 | Tightly earmarked, unpredictable and non-diversified financing | Insufficient flexible and predictable financing and reliance on a limited number of donors increases exposure to funding cuts, impacting key functions and continuity of operations. | | 2 | Global health and WHO's legitimacy undermined | Geopolitical instability, lack of recognition of WHO's leadership role, and skepticism towards multilateralism may weaken WHO's ability to mobilize resources and maintain its credibility. | | 3 | BMS transition | BMS development not meeting operational and efficiency expectations due to system challenges, affecting WHO's capacity to respond to global health needs. | | 4 | Mistrust in science and WHO (incl. misinformation & disinformation) | Mistrust in science and WHO's health activities, fueled by misinformation, may reduce the effectiveness of health policies and harm public and Member States trust. | | 5 | Inability to attract, recruit and maintain a fit for purpose workforce | Difficulty in building a high-performing workforce may hinder WHO's ability to fulfill its core mandate. | | 6 | Cybersecurity breach | Cybersecurity attacks may compromise information systems, digital assets, and data, leading to operational disruption, financial loss, legal claims, and reputational damage. | | 7 | Strained workforce mental health and well-being | Poor mental health and well-being of staff may reduce performance, increase burnout, and affect the organizational capacity to implement its mandate. | | 8 | Business services disruptions (including security incidents) | Natural disasters, security threats, or armed conflicts may disrupt essential services, leading to operational interruptions, staff safety risks, and data loss. | | 9 | Vulnerable supply chain disruptions | Inadequate supply chain resilience may prevent timely and cost-effective delivery of health products in WHO programmes. | | 10 | Inability to demonstrate results and impact | Inability to show measurable results and impact may weaken WHO's position in the global health architecture and its ability to secure donor support. | | 11 | Sexual misconduct and harassment not prevented or addressed | Failure to prevent or manage sexual misconduct and harassment may harm individuals and damage WHO's reputation. | | 12 | Abuse of power and harassment | Abuse of power and harassment in the workplace may affect staff well-being and the organization's reputation as a UN agency. | | 13 | Breach in data protection and privacy | Data leaks or misuse may compromise personal and organizational information, affecting trust and operational integrity. | | 14 | Ineffective partner engagement | Poor engagement with partners may weaken WHO's delivery and reputation, especially in a competitive environment with limited resources. | | 15 | Inability to define a fit for purpose organizational structure | Inability to design an efficient organizational structure may hinder WHO's ability to address global health needs due to strategic prioritization challenges, lack of innovation, and slow decision-making. | | 16 | WHO's inability to support Member States in health emergencies | Failure to respond effectively to infectious disease outbreaks or health emergencies may damage WHO's reputation and its role as a directing authority. | | 17a | Weak operational capacity of Implementing Partners | Dependence on partners with limited operational capacity may lead to incomplete execution of WHO programmes. | | 17b | Weak technical capacity of Implementing Partners | Dependence on partners with limited technical capacity may also lead to incomplete execution of WHO programmes. | | 18 | Quality and excellence of WHO's normative work compromised | Compromised normative and technical work may negatively affect WHO's ability to deliver GPW results and its global reputation. | | 19 | Fraud and corruption | Fraud and corruption may lead to misuse of funds, reduced programme effectiveness, and loss of donor and Member States confidence. | | 20 | Ineffective and fragmented communications | Lack of a consistent communication strategy may reduce stakeholder engagement, funding, and the uptake of health guidance. | | 21 | Climate, Environmental and Social Safeguards Risk | Inadequate response to climate change may undermine WHO's role as a directing authority and cause unintended environmental or social harm. | ## Key Information - **Risk Identification Process**: A combination of bottom-up and top-down approaches ensures comprehensive and relevant risk identification. - **Risk Management**: Mitigation measures and future strategies are developed to reduce residual risk to levels consistent with WHO's risk appetite. - **Dynamic Nature**: The list of Principal Risks is continuously updated and refined through internal discussions and network engagement. - **Risk Ownership**: Global risk owners are responsible for monitoring and managing the residual risk exposure associated with each risk. - **Impact Areas**: Risks span across financial, operational, reputational, legal, and human resource domains, with potential consequences including loss of trust, reduced effectiveness, and reputational damage. ## Conclusion WHO's Principal Risks represent a comprehensive and evolving set of challenges that threaten its ability to achieve its global health objectives. Addressing these risks requires a coordinated and adaptive approach across all organizational levels, with a focus on resilience, transparency, and stakeholder engagement.