and safety programs, and homeland security. In concept and language, risk management is moving more into the routines of other federal program and functional management areas.
The nature of risk is evolving as well and its dynamics originate from a variety of sources [see “Recent Risk Events”]. Characteristics of this evolution include the following:
• Risks can emerge more quickly;
• Greater transparency about risk is needed;
• Public knowledge of risk occurs more quickly; and
• There are higher expectations that risk will be addressed more quickly
With this newfound awareness, can risk management play a vital role in helping line managers understand and address the performance and accountability challenges associated with government issues?23
To help answer that question and to realize the true potential of risk management in government, Chris Mihm cited several additional actions that must be taken.24
First, there must be ongoing momentum and commitment to “continue to expand the discipline across programs” and at an enterprise level. Too often, “Federal managers take massive risks every day but too often do not consider and manage them as such.” Without the proper level of awareness, managers will not properly identify and manage risk effectively.
Second, there must be internal and external commitment to “help managers understand and calculate the risk inherent in the status quo.” Anecdotal observations and assumptions of risk made without a degree of calculation would undermine the value of risk management in an organization. The more specific the descriptions of risk made available to managers, the better they will be able to articulate the impact it will have.
And finally, actions speak louder than words. Current and future risk practitioners must demonstrate to managers “how they can use risk management to help address governance challenges.” It will be necessary to engage managers early on in action-oriented activities that show how risk management can improve their operations or performance.
HOW THIS BOOK SHOULD BE USED
This book is an update to the research report “Managing Risk in Government: An Introduction to Enterprise Risk Management,” published by the IBM Center for the Business of Government in 2009 and 2010. The practice of and interest in ERM in government has expanded since the original publication of that report, and this book is a reflection of the growth in this area.
Overall, ERM continues to be a tall order for federal risk managers to fill. To ensure success, all federal executives, managers, and employees in general need a blueprint for defining and executing effective risk management in their organizations. Readers should consider this book as a road map for sorting through the key elements that make up ERM success. It is designed to guide risk managers and champions of ERM through a practical thought process using highlighted, real-world work examples. For those in the workforce who have not been designated a specific role in ERM practice in their organization, this book provides a basic educational foundation that will equip any employee with an understanding of risk management.
This book will not answer all the questions about enterprise risk management, nor is it possible to cover all aspects of the subject in one publication. However, the reader will gain a better understanding of the key topics commonly related to ERM design and implementation. This book was written as a resource that can be shared with all employees, no matter what their role in an organization, because a basic understanding of the subject matter is the beginning of an evolving process. Readers are encouraged to maximize use of the book, tools, and other related resources available to reinforce the principles shared and increase awareness and practice of ERM.
EMERGING RISKS TODAY
Nothing seems to define or capture the absolute essence of risk better than the events that emerge from some level of uncertainty. It is then that as a society we are wholly able to grasp and understand risk in its purest sense. Unfortunately, it is when risk has materialized that our greatest sense of awareness is heightened, affording us the opportunity to gain a better understanding of the origins of uncertainty. It allows us to reflect, for a moment, on all the variables that may have contributed to the act or occurrence and permits us to assess why it happened and whether it could have been prevented.
In our society we are surrounded, daily, by events and occurrences that give us the privilege of understanding and defining the “why” and “how” of these instances when they take place. Ideally, we walk away with a better understanding of the root causes and then move forward to fortify ourselves against future challenges. We live in a society in which risks are all too real – that is, when the dangers for which we feel at risk materialize, we see and hear about them. Repeated exposure to such events socializes us to feel uncertain, though we are not always aware that this is happening. In this societal framework, we begin to understand that risks managed in our organizations are often similar to the risks we see playing out in our external environment.
In 2010, the United States witnessed what became the costliest oil spill in the country to date. On April 20, 2010, an explosion from a well site at which the mobile offshore drilling unit (MODU) Deepwater Horizon had been drilling resulted in a spill of national significance in the Gulf of Mexico. As a result of the explosion, oil flowed into the Gulf of Mexico at an estimated rate of between 12,000 and 19,000 barrels per day, according to the National Incident Command’s Flow Rate Technical Group, making it one of the largest, if not the largest spill in U.S. waters. BP, which leased the Deepwater Horizon at the time of the explosion, made efforts to contain the leak. During the later congressional testimonies, it was reported that the total cost of cleaning up this massive and potentially unprecedented spill, repairing the untold damage to the environment, as well as the potential impact to the livelihood and the economic status of the region, will be undetermined for some time. However, it was estimated that the spill cleanup and related damage claims would be in the tens of billions of dollars – well beyond the costs of the Exxon Valdez spill. Federal officials have predicted that this spill and future spills all have the potential to result in considerable costs to the private sector, as well as to federal, state, and local governments.
This was a disaster on a national scale. Of course, we as individuals are not exempt from exposure to risk, accidents, or chance. Thus, the management of risk in an organization naturally evolves from knowledge common to everyone.
In society, we experience direct and indirect exposures to risk. Regardless of the type of exposure experienced, we can learn from it and better prepare for future challenges and occurrences. What have recent events taught us about uncertainty and the management of risk, and how can we apply that knowledge in the quest to incorporate effective risk management in our organizations? “Recent Risk Events,” later in the chapter, provides a comprehensive list of the wide variety of risk events that have taken place, to help us answer these questions. Through these examples, we can conclude that failures in the systemic process of identifying and managing risks led to consequential impacts on reputation, financial investments, public trust, health, safety and security, and the environment.
Through these events, we have learned that risk impact can be far reaching and felt across borders. To take some specific examples described in “Recent Risk Events,” the international incident involving horse meat discovered in the United Kingdom underscored major safety issues and highlighted the extensive reach of the global food supply chain. We also learn that risk must be identified and mechanisms must be put in place to manage the unexpected. For instance, the Mine Safety and Health Administration’s (MSHA) extended authority to issue additional violation notices will help mitigate risks associated with the monitoring of safety problems by mine
Mihm, J. C. “Wicked Issues, Hollow Government and the Vital Need for Risk Management.” Presentation at the Federal Enterprise Risk Management Summit, Arlington, VA, Sept. 2011.
Ibid.
