Server room


Tackling enterprise risk management (ERM) in government

Understanding the Office of Management and Budget’s (OMB's) Circular A-123 and implementing ERM in your agency

​Federal agencies face unprecedented risks to achieving their mission, goals, and objectives. To confront this dynamic risk environment, OMB raised the bar and expects agencies to effectively identify and manage risks using an enterprise approach. These expectations and related requirements are prescribed in a revised OMB Circular A-123 titled, Management’s Responsibly for Enterprise Risk Management and Internal Control.

OMB’s ERM Development and Implementation Deadlines

ERM benefits

When appropriately implemented, ERM enables greater enterprise-wide discipline and reliability to help agencies better manage risks.

  1. Reduces chance of crises and problems, thereby allowing leadership to focus more on mission priorities
  2. Helps protect the agency’s reputation
  3. Identifies, elevates, and manages risks so that the right risks get to the right people at the right time
  4. Creates a culture where risk identification and elevation is encouraged and rewarded
  5. Builds line-of-sight into risks across organizational stovepipes to create the opportunity to leverage mitigation approaches for risks with similar root causes
  6. Provides greater knowledge and insights into enterprise risk to improve resource allocation and strategic decision-making

ERM success factors and why Deloitte Advisory

To achieve a positive, short-term impact and set the stage for long-term program maturation, Deloitte Advisory recommends a phased approach to implementing and sustaining an ERM program.

An agency’s success will be impacted by the following factors:

  • Acquiring and maintaining buy-in from top leadership
  • Framing ERM as a program to help achieve its mission, not as a “gotcha” exercise
  • Using a consistent and common framework to identify and manage risk across the agency
  • Integrating the framework into the agency’s current risk-management capabilities
  • Tailoring the framework to the agency’s mission and programs, culture, and organizational and management structure
  • Creating a culture where identification and elevation of risks is encouraged and rewarded

For more than a decade, Deloitte Advisory’s ERM specialists have helped over 100 clients implement and mature ERM programs, including small and large federal agencies and Fortune 250 organizations.

In the news

Agencies get a new playbook for managing risks
Source: Government Executive–August 3, 2016

7 steps to raise the bar on your agency’s enterprise risk management strategy
Source: Federal News Radio–July 29, 2016

OMB prepares to ratchet up enterprise risk management
Source: Government Executive–February 29, 2016

For media inquiries, please contact Megan Doern
+1 202 368 0524

Get in touch

Todd Grams

Todd Grams

Managing Director | Deloitte & Touche LLP

Todd is a Deloitte Risk and Financial Advisory managing director at Deloitte & Touche LLP, serving as a senior advisor on enterprise risk management to federal government clients. He is a former feder... More