Raising the Bar on Managing Enterprise Risks | Deloitte US has been added to your bookmarks.
Raising the bar on managing enterprise risks
OMB’s requirements for enterprise risk management in federal agencies
Federal agencies face unprecedented risks to achieving their mission, goals, and objectives. These risks include expansion in scope and responsibilities, increased complexity in operations and technology, leadership and staff turnover, budget cuts, and a culture where employees believe they cannot report risks to leadership. To confront this dynamic risk environment, the Office of Management and Budget (OMB) has raised the bar on risk management by expecting agencies to effectively identify and manage risks using an enterprise-wide approach.
What OMB expects from agencies on ERM?
OMB’s enterprise risk management (ERM) guidance, which is now included in both Circulars A-11 and A-123, constitutes the ERM policy framework for the Federal government. The ERM requirements are significant. OMB’s guidance should not be treated as minor tweaks to existing Circular A-11 and A-123 activities.
The requirements include:
- Establishing a governance structure to oversee the agency’s risk profile regular assessment of risk profile
- Regular assessment of risk
- Development of appropriate risk management
The Circular A-123 establishes four ERM deliverables consisting of an implementation plan, an initial risk register, a complete risk register, and integration with internal controls.
What are the benefits of ERM?
ERM can provide agencies with multiple benefits:
- Reduces chance of crises and problems allowing leadership to focus more on mission priorities
- Helps protect the agency’s reputation
- Identifies, elevates, and manages risks so that the right risks get to the right people at the right time
- Creates a culture where risk identification and elevation is encouraged and rewarded
- Builds line-of-sight into risks across organizational stovepipes to create the opportunity to leverage mitigation approaches for risks with similar root causes
- Provides greater knowledge and insights into enterprise risk to improve resource allocation and strategic decision-making