To manage or prevent risks in real time, there is ongoing monitoring of the institution’s internal and external environment. Risk scenarios are analysed to keep the institution constantly alert and ready.

A process model is developed for each administrative area to identify the potential points of failure, the internal or external events which can trigger risk, and the corrective measures to be implemented. There is ownership of responsibility for the potential points of failure.

Risk management involves having policies, measures and approaches to manage, mitigate or prevent the detrimental effects of risks faced by the institution. Whether risks arise from internal or external factors, the goal is to defuse their detrimental effects on the administration of the social security programme, including its financial sustainability; fund investments; the management of coverage and contributions, and the delivery of member benefits and services; and human and ICT resources capacities.

The effectiveness of the strategic plan to advance the institutional mandate is evaluated. There is an assessment of lessons learnt from achieved goals, delivered targets and proven strategies, as well as unsuccessful initiatives. The performance review serves as input to the next cycle of planning activities.

The strategic plan is cascaded to all units of the institution. Implementation is regularly monitored and assessed. The strategic plan is revisited, evaluated and fine-tuned, if necessary. Management aligns the performance trinity of strategy and vision, leadership and management, and institutional culture and values in implementing the strategic plan.

The strategic plan spells out the institution’s plan of action, goals, targets, milestones and deliverables to achieve its vision. It articulates the programmes and activities to be implemented, and the management environment that would ensure coherence and maximize synergies within the institution. The formulation process ensures the consistency of the strategic plan with the institution’s mandate.

The strategic plan embodies a clear statement of the institution’s vision for the planning period. The vision statement is inspiring and easy to communicate. It is guided by the institution’s mandate.

The management provides leadership, sets the priorities and defines the strategic agenda for the planning period. The management consults the board and key stakeholders of the institution to define and build consensus on the strategic priorities. External and internal factors are thoroughly analysed to better position the institution for the future.

The board and management articulate a strategic plan which spells out the key strategies and plans of action that will be implemented in order to perform the legislated mandate of the institution. A strategic plan usually spans a period of from three to five years, is periodically reviewed and fine-tuned, and is further detailed and rendered precise by annual plans.

Legislation, policy or decree establishes the breadth of a social security institution’s functions and responsibilities. There are social security programmes that are wholly budget financed and hence would have no mandate to collect contributions from the population to be covered. For others, coverage and contributions collection are administered by an office other than that which administers benefits and services. Some programmes are designed to have no accumulated reserve funds, while others may be authorized to have internal or external managers to manage fund investments.