Gavi pursues an ambitious mission in some of the world’s poorest and most fragile countries. As we operate in a dynamic and often uncertain context, we are naturally exposed to risks. Robust risk management is therefore vital for us to confidently take the risks required to achieve our mission, safeguard our investments and secure sustainable impact. 

A proactive and risk-aware Alliance can effectively anticipate potential future events, manage expectations, reduce vulnerabilities and harness opportunities for impact.


Since 2016, we have published a Risk & Assurance Report every year. This discusses the most critical risks that could affect our ability to achieve our mission and strategic goals.

The report provides an update on risk management across the Alliance, an analysis of macro-trends affecting Gavi’s risk profile and an overview of key changes in top risks compared with the previous year. It also explains how current risk levels compare with Gavi’s risk appetite – ie our willingness to be exposed.

The annexes contain more detailed information, including an analysis of each top risk and the corresponding mitigation plans.

Risk and Assurance Reports


Previous reports

2022 | 2021 | 2020 | 2019 | 2018 | 2017 | 2016


Every organisation needs to take risk to achieve its objectives. Sometimes the greatest risk is inaction. Effective risk management optimises outcomes by balancing risk versus reward and the cost of mitigation versus the potential benefit. The Alliance’s risk appetite statement broadly defines the level of risk the Alliance is willing to take, accept or tolerate to achieve its goals.


In December 2014, the Gavi Board adopted a comprehensive approach to risk management covering strategic, operational, programmatic and corporate risks, and approved the risk policy. Since then, we have continued to embed risk management practices in daily operations, planning and decision-making across the Alliance.

In 2015, we reorganised our risk management and assurance functions around a best-practice "three lines of defence" model:

  • First line: understanding, monitoring and active management of risk in core business activities and country programmes.
  • Second line: specialist support and objective monitoring through control and oversight functions, providing an additional "check and balance" on first-line activities.
  • Third line: independent auditing of the first and second lines of defence to provide assurance that their risk management is effective.

A dedicated "risk function" coordinates, facilitates and monitors the implementation of effective risk management practices across the Alliance. The Secretariat’s Risk Committee, chaired by the CEO with senior leadership from across the organisation, systematically reviews the top risks allocated to risk owners in the organisation.

Risk is a standing item on the agenda of all Gavi Board meetings, and the Audit and Finance Committee of the Board oversees the effectiveness of risk management systems and processes.

Related links

Risk policy

Risk policy

The risk policy forms the overarching framework for Gavi’s risk management approach. It is embedded in various structures and processes for risk monitoring, reporting and mitigation.

Transparency and accountability policy

If Gavi is to deliver on its mission, it must take some risk, and do everything possible to mitigate that risk. Donors realise this, but also rightly expect risks to be minimised and action to be taken when misuse is uncovered.

Last updated: 20 Dec 2023

Subscribe to our newsletter