“ERM provides the capability to aggregate and assess risk, giving managers a holistic view of potential risks and cost-effectively mitigating those risks by addressing them with a portfolio perspective.”
–Dr. Karen Hardy, Deputy Director for Risk Management, U.S. Department of Commerce
In today’s environment, why is it important for the federal government to consider ERM?
Considering risk is important during times of tight budgets and limited resources. The fiscal constraints faced by the federal government require leaders and managers to scrutinize every dollar spent and reinforce the need to consider the risk impacts of each funding decision. In spite of increased speculation around spending, the budgetary environment has remained relatively stable. Similar to the way individuals reconsider personal finances during fiscal challenges, leaders must also spend with heightened awareness in order to stretch their budgets. ERM is of particular importance when budgeting against a portfolio of programs, projects, or initiatives. ERM provides the capability to aggregate and assess risk, giving managers a holistic view of potential risks and cost-effectively mitigating those risks by addressing them with a portfolio perspective.
What is your view on the current status of ERM in the federal government?
In my professional opinion, we have some way to go with standardizing an approach to ERM; although it is important to note that some progress has been made. Progress can be seen through government recognition for the need to strengthen risk management practices, either through the recruitment of a Chief Risk Officer (CRO) or Risk Management Officer (RMO) or even through the exchange of dialogue on risk management among various agency risk managers. The bottom line is that in order for ERM to be defined, implemented, and assessed for effectiveness, those in government need to practice it. Initial ERM practices may not be perfectly designed or implemented, but improvement is unlikely if risk practitioners don’t utilize the craft in the day-to-day business of government.
What are the biggest challenges or impediments to successful ERM in the federal government?
Ironically, there is a prevailing sentiment that ERM is just “another thing to do.” Proving the value of ERM and how it impacts agencies will continue to be an impediment to successful ERM adoption. Therefore, it is critical that agencies engage in some level of ERM in their organizations, share best practices and lessons learned, and push the envelope a little bit each day. It will take frequent engagement within an organization to socialize and massage the ERM muscle, but improvement will only be possible once ERM is adopted and integrated—no matter how slow the process may be at first.
Who can agencies look to within the government and academic communities for ERM best practices?
As ERM is adopted at different levels within government, agencies can effectively look to each other to garner best practices. It is easy to sit in a corner and come up with a million ideas for how ERM would or could work, but until an idea is implemented, it is still just that: an idea. It is therefore imperative that risk leaders step outside their comfort zones and routines to connect with other practitioners in the federal circle. In terms of academic communities, so many organizations have been established or enhanced by offering insight and information about ERM best practices. Various professional associations and university ERM centers are also excellent resources.
How can the federal government demonstrate and substantiate value as agencies begin to consider enterprise-wide approaches to risk management?
There has to be a link to a key measurement in order to capture sustainable value, and this could pose a significant challenge. In private industry, you may be able to tie ERM performance to stock value or decreased insurance claims. However, government needs to be able to define measurable interdependencies and correlations that link ERM to a change in performance. Some more obvious value-add and measurable indicators include increased risk transparency or level of positive feedback regarding ERM perceptions. These qualitative or “soft” values can be assessed through surveys. Additionally, understanding if a correlation exists between ERM practice and reductions in certain risk incidents could be a key area of development.