The Global Risk LandscapeGlobalization, be it good or bad, reinforces the importance of comprehensive enterprise risk management. Information can now be broadcasted around the world in mere seconds and can be shared with viewers in every single country. Polarized groups from around the world, whether they be politically, socially, or economically charged, can now leverage technology unlike ever before, enabling research, sharing, and/or organizing to be done in real time.
The birth of globalization, technologies, and real-time communication platforms, also brought about the opportunity to develop and disseminate misinformation masquerading as facts, often painting any opposing viewpoints in an overwhelmingly negative light. And since
such groups are no longer bogged down by wait time, their targets (or opponents) are no longer afforded an opportunity to react.
With this worldwide shift in information sharing, accordingly to the World Economic Forum’s (WEF)
2017 Risk Report, anti-establishment populism and increasingly divided societies both topped the list in the global risk landscape. However, organizations, specifically federal agencies, can proactively manage the risks impacting their strategy through effective Enterprise Risk Management (ERM) and realize key organizational benefits while side-stepping potential pitfalls.
Why should it matter to federal agencies?
Within the federal government space, agencies are not immune to those risks affecting organizations around the world. As referenced by the Government Accountability Office’s (
GAO), “federal managers often handle complex and risky missions, such as preparing for and responding to natural disasters, and building and managing safe transportation systems.*” And while risks may arise from a variety of external and internal environments, to include economic, operational, and organizational change factors, all could negatively impact an agency’s ability to meet goals and objectives if not managed effectively.
Additionally, recent Office of Management and Budget (OMB)
policy changes
are setting the stage for federal agencies to implement appropriate risk management processes and systems to identify challenges early, bring them to the attention of leadership, and develop solutions. Specifically, policy changes to OMB Circular No. A-123 modernize existing requirements to improve accountability by requiring agencies to implement an Enterprise Risk Management (ERM) capability (requirements became effective in FY17). Risk management is not just a compliance department (anymore)- it’s a driver of an agency’s enterprise and sustainable strategy.
ERM provides a better way to anticipate and manage risk across an agency. It is a principles-based approach to managing, not eliminating, risks and provides transparency at the enterprise level around the most significant risks to the organization. Through implementing ERM, risks are identified and assessed in strategy setting across the entire enterprise, geared towards the achievement of strategic objectives.
Requirements for SuccessFor an ERM program to be effective in directing and controlling risks, key elements must be integrated into the ERM program development process:
- Standardized methodology
- Integration into strategic planning and decision-making processes
- Shift to a culture of risk management
- Change management (how an organization transitions from current state to future state and how quickly)
- Organizational maturity in 7 behavioral attributes:
- Adoption of an ERM-based approach
- ERM process management
- Risk appetite management
- Root cause discipline
- Uncovering risks
- Performance management
- Business resiliency and sustainability
Key Benefits and Challenges of ERMBeyond implementing an ERM program to meet OMB requirements, federal agencies receive
key benefits
when adopting ERM. Through ERM, their organization can:
- Gain a cultural understanding of the importance of sustaining high credibility as an agency
- Afford the opportunity for leadership to make more educated decisions
- Increase knowledge and understanding of risk across the organization
- Improve risk culture
- Align risks with agency/program goals and objectives
- Provide a more efficient and effective means of managing risk
- Foster agreement on core values and on the necessity for a broadly integrated risk management approach
However, agencies should have awareness and understanding of
key challenges
that may become present during program implementation to include:
- Providing the appropriate foundation, assessment, and management platform
- Insufficient sponsorship of ERM at the executive level
- Positioning ERM as a strategic management practice and not as an additional task
- Managing competing priorities (key ERM staff participate in initiatives that are risk-related but do not directly support the implementation of an ERM program)
- Ensuring compliance with Federal government regulations and requirements
- Lack of understanding of risk management and/or qualified risk management professionals and expertise
- An internal culture prone to siloed operations
Recommendations for Getting StartedImplementing an effective ERM program may seem like a complex and costly endeavor, but there are actionable steps agencies and organizations can take to incrementally shift in the right direction of building a robust ERM capability. At a high level, there are underlying themes that provide a useful foundation for taking initial steps and navigating resistance to ERM adoption**: