Policies and processes

Risk, internal control, and audit

Improving the effectiveness of organizational risk management, control, and governance processes remained one of the top priorities for the IIASA Council and Executive in 2020. IIASA maintains a comprehensive risk register, which is continuously reviewed and updated. As per the Risk Register Terms of Reference approved by the IIASA Executive Committee in November, the identification of potential risks is undertaken on a semiannual basis, while the review of existing risks is done bi-annually. Appropriate actions aimed at mitigating or removing organizational risks will continue to be undertaken to prevent potential negative impacts for IIASA.

Committed to bringing a systematic approach to evaluating and mitigating risks, the Finance, Risk and Audit Committee of the IIASA Council and the IIASA Executive established an internal audit function. The purpose of this function is to introduce a professional auditing of the internal processes, governance, and internal controls at IIASA to ensure compliance with the regulatory framework and to enhance performance, organizational learning, and the efficiency and effectiveness of IIASA operations. Following a competitive tender process, an external company, KPMG, was selected to provide the institute with professional auditing services. The Internal Audit Charter and the Internal Audit Plan for 2020 were approved by the mandated committee of the IIASA Council in September and implemented by the IIASA Executive and KPMG. The first audit started in October and focused on the accounts receivable and the dunning process. The recommendations of this audit will be implemented by mid-2021. The second audit started in late November and was aimed at evaluating the process of allocating staff costs to externally funded projects at IIASA.

Financial policies

The Finance, Risk, and Audit Committee of the Council supervises the institute’s accounting and auditing activities, the annual payments of National Member Organization contributions, the realization of royalties and other revenues, and the annual financial reports. IIASA is also legally obliged under the Austrian Association Act and Austrian Commercial Law to have its accounts externally audited on an annual basis. The institute’s statutory financial statements are presently audited by BDO Austria. In addition, some external funders require that the projects they contribute to are individually audited, with around 35 project audits being carried out in 2020. The European Commission (EC), a major contributor to the institute’s external funding, also performs second-level audits on already externally audited EC projects. To date, four major second-level audits on twelve projects were carried out in 2009, 2011, 2015, and 2017 respectively. All of these were successfully concluded. A second level audit is ongoing at the time of writing on a European Research Council (ERC) project that concluded in 2019.

At IIASA, financial policies and procedures are in place for:

  • Sponsored research and budgeting for proposals.
  • Procurement, business travel, organizing conferences, and visits from external collaborators and stakeholders.
  • A budget planning and oversight process.
  • The procedures and approval processes are facilitated and documented through the IIASA Management Information System.

Information technology

The Information and Communication Technologies (ICT) Department manages the institute’s IT services supporting business operational and scientific research needs, including personal computers and mobile devices, servers, data networking systems, and related equipment. The team runs more than 70 physical servers supporting 100 virtual machine servers and a 20-node (80-core) computer cluster. In addition, the department manages a total of 520 TB of usable data storage and data backup systems, and support software for office automation and scientific models.

In 2020, the ICT Department’s focus quickly shifted from providing on-site services to supporting the entirety of IIASA working from remote environments located around the world, while also working remotely themselves. Activities in 2020 included:

  • Expanding the institute’s remote IT access capabilities.
  • Promoting remote meeting and webinar capabilities by establishing the institutional Zoom infrastructure and promoting the use of Microsoft Teams.
  • Providing scientific computing facilities dedicated to the first virtual Young Scientists Summer Program (YSSP).
  • Implementing a dedicated Oracle Database hardware appliance with 10 TB of fast solid-state disk storage improving the performance and support to the institute’s models and tools.
  • Focusing on improving IT security, established continuous external scanning of IIASA public IT systems, as well as conducting expert health-check reviews of critical security systems.
  • Adhering to procurement best practices, renegotiated multi-year contracts for the institute’s worldwide mobile telephone program and the photocopier/printer fleet, introducing environmentally friendly and cost saving “Follow Me” printing.

Intellectual property and copyright

IIASA follows the specifications in the IIASA Staff Rules and Regulations and the rules and procedures laid out in the institute’s patent and software policies. The Patent Policy ensures that any invention made in the course of research activities at IIASA is used to bring about the widest possible benefits. The Software Policy defines and protects the intellectual property rights for software developed by IIASA staff, and outlines the processes for commercialization, licensing, and distribution. In 2020, a task force on open access to models and tools was established to develop a policy on open access to IIASA models and tools including software readiness and maintenance, intellectual property rights, model documentation, and quality control. The new policy is expected to be finalized in 2021.

In addition, a new Scientific Publications and Copyright Policy was introduced in 2020 to take into account the latest developments in academic publishing, open access publishing, and the use of creative commons licenses to expand the sharing and uptake of IIASA research.

Data management and archive policies

The IIASA rules laid out in its policies on Good Scientific Practice and Conflict of Interest, constitute the institute’s current data archiving standard. To comply with the requirements of research funders and other collaborators, IIASA policy stipulates that all primary research data must be retained for a minimum of 10 years, thus ensuring the reproducibility of findings and results. In addition, model-based work, model specifications, and methods of analysis have to be sufficiently documented, ideally in a peer-reviewed publication or its official supplement.

Delegation of authority and conflict of interest

With the aim of improving the efficiency, transparency, and effectiveness of the decision-making processes in all issues related to human resources management at the institute, the IIASA Executive adopted the Human Resources Delegation of Authority Framework in November. It assigns appropriate levels of involvement in the decision-making process to the relevant internal stakeholders at IIASA ensuring efficient decision making while retaining an apt segregation of duties, and thus minimizing potential conflict of interest. Further delegation of authority frameworks will be developed for IIASA operations, finance, and procurements.

Data protection and privacy

In 2020, IIASA focused on the training and awareness of staff members in relation to data protection. All new staff members now receive a newcomer data protection briefing as part of their onboarding process. Additionally, the first round of data protection awareness training was sent to all staff members. The aim of the training is to highlight the most common issues in relation to handling personal data. IIASA also established a legal framework to share data with NMOs. This helps to highlight the return of investment for NMOs while staying compliant with GDPR requirements. In 2020, IIASA also dealt with several privacy challenges that arose from COVID-19. Among others, the institute had to address questions regarding the use of virtual conference and meeting tools, as well as the GDPR compliant tracking and prevention of COVID-19 cases among staff members.

Legal compliance

IIASA is legally registered as a “Verein” (association) in Austria with registration number ZVR-Nr 524808900 and is subject to the laws and jurisdiction of its host country, Austria. IIASA monitors relevant laws and regulations and updates the IIASA rules and regulations to stay compliant with an evolving legal environment.

With the installation of fire detectors in the General-Purpose Building in 2020, all requirements bringing the IIASA buildings up to date and in line with Austrian fire safety regulations have been completed. At the general fire inspection, which is mandatory every five years, no major deficiencies were reported.

With the completion of the electrical inspections at all IIASA buildings and the overhaul of the elevator at the Schloss, an important step was taken to further enhance the safety of the institute’s electrical infrastructure. The final report is expected in the first quarter of 2021.

Health and safety

The Facilities Management (FM) Department mastered a series of challenges in the year 2020. Besides the mandatory monitoring of legal obligations in respect to health and safety regulations at the workplace, FM implemented multiple protective measures necessitated by the COVID-19 pandemic. Executing the internal SARS-CoV-2 action plan, ten thousand facemasks, thirteen dispensers, and over two hundred liters of disinfectant were stockpiled and distributed across the premises. While introducing short-time work for the greater part of the year for almost the whole department, FM was still able to continue providing the minimum required services for IIASA staff members.

Apart from these extraordinary measures taken due to COVID-19, the following health and safety projects were implemented:

  • Several modern adjustable tables were acquired to meet the needs of staff members that exceeded the standard ergonomic requirements.
  • Following the retirement of the IIASA general practitioner Dr. Schuster, Dr. Jan-Peter Bökemann was found available to provide future medical services for IIASA staff members at his practice in Laxenburg.
  • The FSME (tick shot) vaccination for all IIASA staff members in September was a great success and FM is looking forward to offer the same services again in 2021. The yearly flu immunization campaign unfortunately had to be canceled due to COVID-19.
  • In cooperation with the institute’s external service provider, Health Consult-Sicherheitstechnik GmbH, the documentation provided by the health and safety officer again exceeded the legal requirements as regulated by Health Consult’s quality management policy ISO 9001. The departments is also proud to announce that no major incidents were reported in 2020.

Infrastructure developments

Despite the sudden and unforeseen outbreak of the COVID-19 pandemic in the first quarter of 2020, the Facilities Management Department was still able to complete the majority of the infrastructure projects scheduled for 2020. This included the renovation of all windows in the apartment area, the ongoing refurbishment of office floors, and the complete overhaul of the restrooms on the first floor of the Schloss Building. Additionally, with the renovation of the Environment meeting room, a new fully functional multimedia meeting room for IIASA staff members is available in the Park Wing.

As per the long-term investment plan, the heating system in the General Purpose Building was overhauled entirely. With the installation of two new boilers and a steering system, which can now be operated remotely, an expected CO2 reduction of up to 15% is projected.

A new access control system was installed in October 2020 and will be further extended in 2021. The newly introduced key cards feature a multitude of additional functions, such as allowing the holder to execute printing orders at all IIASA printers.

The department concluded 2020 with the acquisition of a new platform truck and the planned disposal of two older vehicles. FM will further contribute to meeting the IIASA obligation to reduce the environmental footprint of the institute.

Environmental performance

The increasing volume and complexity of waste associated with modern society demands an appropriate waste management infrastructure. To meet the IIASA obligation to reduce the environmental footprint of the institute, a comprehensive and practical waste recycling system was proposed in December 2020, taking into consideration the ideas brought forward by the IIASA Sustainability Champions. The system will be implemented in the first quarter of 2021.

Following the installation of the smart control system in the main heating system of the Schloss building in 2019, the heating system in the General Purpose Building was also significantly upgraded in late 2020. Both upgrades are expected to deliver considerable CO2 savings.

As part of the “green conferences” initiative, IIASA has been supporting the increased use of tap water instead of bottled mineral water at all meetings and conferences organized at the institute. IIASA tap water was also examined by an external company, resulting in a report confirming that the institute’s tap water is chemically, physically, and biologically of top quality. The institute’s water was additionally evaluated by IIASA water experts in early 2020, with similar results.