Enterprise Risk Management. Hardy Karen

Чтение книги онлайн.

Читать онлайн книгу Enterprise Risk Management - Hardy Karen страница 4

Enterprise Risk Management - Hardy Karen

Скачать книгу

disasters. Over time, the biggest benefit anticipated from the restructuring was a reduced risk of terrorism for the nation.

      The transition to a more effective homeland security approach was also part of a larger transformation that the government needed to undertake to meet the expectations of the American people for timely, high-quality, and cost-effective public services. Within nine months of the events of September 11, 2001, the Bush administration and Congress responded with important and aggressive actions to protect the nation. The establishment of DHS was seen as a remedy to long-standing issues and concerns in the government’s domestic security functions by instituting greater consolidation and agency coordination. Given the global challenges the government will face in the coming years, the consolidation was considered a unique opportunity to create an extremely effective and performance-based organization to strengthen the nation’s ability to protect its borders and citizens against terrorism.19

      INTRODUCTION

      Since the first introduction of this material in 2009, the practice of risk management and, more so, that of enterprise risk management (ERM), has expanded in the federal space. For example, the Association for Enterprise Risk Management (AFERM) has been established solely for those who oversee risk management in federal agencies. The AFERM mission is to advance the practice of ERM in the federal government through thought leadership, education, and collaboration.20 AFERM provides specific programs and opportunities to educate members and stakeholders on the benefits, tools, and leading practices of federal ERM. AFERM also fosters collaboration with organizations and stakeholders to promote laws, regulations, and policies to establish federal ERM in the various agencies and departments. In addition, an International Risk Management Standard (ISO 31000) was adopted by the American National Standards Institute (ANSI), and the FederalERM.org website saw its membership exceed seven hundred government online subscribers. Government Executive magazine recognized the FederalERM.org website as “an informal network to help employees learn new skills.”21

There has also been a modest increase in the frequency with which job postings for chief risk officers (CROs) and risk management officers (RMOs) have been advertised on USAJOBS.gov (see Table I.1). Job titles such as risk management specialist have been identified as a new emerging occupation with a bright outlook. According to the Department of Labor, “bright outlook” occupations are those that are expected to grow rapidly in the next several years, will have large numbers of job openings, or are new and emerging occupations.22 According to the U.S. Department of Labor’s O∗NET OnLine, the risk management specialist occupation is projected to

      • Grow much faster than average (employment increase of 29 percent or more) over the period 2010–2020

      • Offer one hundred thousand or more job openings over the period 2010–2020

Table I.1 Agency Hiring Activities

      Source: The listing of CROs hired in government agencies is taken from a random selection of USAJOBS.gov job announcement postings and organizational charts. “The Chief Risk Officer” is from http://erm.ncsu.edu/library/article/cro-emerging-trends/#.UwV-iMKYbVI.

      The speed with which these developments have transpired in the federal environment makes this book especially timely for several reasons:

      1. There is a growing demand for knowledge and understanding of ERM and its application to public sector organizations.

      2. There is a lack of available information focused on the practice of ERM and how it benefits public sector organizations.

      3. A solid blueprint for utilizing ERM in public sector organizations, namely federal agencies, is sorely needed to guide those who champion risk management practice.

      4. There is no single resource guide available that summarizes information about ERM and risk management in general for the government workforce.

      Finally, the Obama administration’s focus on accountability and transparency has also prompted a renewed focus on risk and controls. This publication aims to satisfy these needs.

      In recent years, the federal government has been on the receiving end of new legislation and regulations that require it to better manage risk and improve controls in discrete areas. Generally, to meet the requirements of each of these new mandates, agencies have engaged in many compliance-driven activities. This stove-piped approach to compliance is costly and does not optimize value. This book explores how federal C-suite executives, as well as financial and operational managers, can help guide their agencies to take a more holistic approach to risk management by implementing an ERM system. This approach can help reduce the total cost of compliance by proactively mitigating risk, while helping agencies achieve greater value from their risk management activities.

      Although the current focus on risk management for most federal CFOs and financial managers stems from the revised OMB Circular A-123, these are only two requirements among the many that federal agencies must address. Agencies are also required to report their results in implementing the Federal Managers’ Financial Integrity Act (FMFIA) of 1982, the Improper Payments Information Act (IPIA) of 2002, and the Federal Information Security Management Act (FISMA) of 2002, among others. Virtually all of these requirements are ultimately geared toward one objective – improved risk management – so an agency’s response to risk provides reasonable assurance that the organization will achieve its strategic objectives.

      This dramatic increase in compliance requirements, coupled with the realization that compliance cannot be effectively achieved just by having discrete compliance programs in various business units, now makes it critical for organizations to move toward an enterprise-wide risk management approach. Holistic ERM starts with a focus on possible events and their classification into opportunities and risks.

      Keeping track of these possible events requires good data and data governance managed at the enterprise level. It also requires a taxonomy or classification scheme of the most important risks to the entity and a common language for understanding those risks. Improved data management allows the enterprise to take advantage of modern analytical methods to quantify the impact of risk. Data analysis also enables the enterprise to gain an overall view of current risk as well as trends and potential future risks.

      It’s clear that implementing an ERM approach makes sense and yields benefits to an organization. It is my hope that federal executives will find this book useful to them as an introduction and guide to enterprise risk management.

      STATE OF RISK MANAGEMENT IN GOVERNMENT

      At a September 2011 annual summit on Federal Enterprise Risk Management, J. Christopher Mihm, managing director for strategic issues at the U.S. Government Accountability Office (GAO), summarized the state of risk management in the federal government and a path for moving forward (note: “Recent Risk Events” is reproduced at the end of this introduction):

      In a relatively short amount of time, enormous progress has been made in the area of risk management in government. Due to major efforts by many risk managers in the public and private sectors, risk management both as a discipline and a way of thinking has deepened and expanded significantly. Risk management has moved from its traditional domains into areas

Скачать книгу


<p>19</p>

U.S. Government Accountability Office. High Risk List 2013. Washington, DC, 2013.

<p>20</p>

Association of Federal Enterprise Risk Management. http://www.AFERM.org.