Risk management involves having policies, measures and approaches to manage, mitigate or prevent the detrimental effects of risks faced by the institution. Whether risks arise from internal or external factors, the goal is to defuse their detrimental effects on the administration of the social security programme, including its financial sustainability; fund investments; the management of coverage and contributions, and the delivery of member benefits and services; and human and ICT resources capacities.

These four guidelines focus on managing operational risks, a daily concern for social security institutions. They are underpinned by a process model. The institution, having identified the potential points of vulnerability of its main processes and services, should embed at each point a response system that ensures active, appropriate and timely measures to contain or prevent the effects of relevant risks.

Operational risk is but one of many risks faced by social security institutions. ISSA guidelines will assist with managing these, e.g. the governance guidelines on financial sustainability and actuarial soundness provide guidance on managing actuarial risks to the programme; the governance guidelines on enforcing the prudent person principle and the ISSA Guidelines on Investment of Social Security Funds provides guidance on managing investment risks; and the governance guidelines on investments in ICT infrastructure and the ISSA Guidelines on Information and Communication Technology provides guidance on managing certain types of ICT risks.