Know Your Agency’s Risk Profile
Now more than 100-days into the Biden Administration, with a new team of political appointees gradually filling out agency leadership roles, there is renewed relevance to a call that was made in 2019 for leaders to embrace Enterprise Risk Management (ERM). While no magic bullet, ERM can help these new government leaders navigate through a landscape of escalating threats and challenges by equipping them with enhanced organizational and individual capabilities for identifying, assessing and managing risks to agency missions.
In June 2019, Bill Valdez, former president, Senior Executives Association (SEA), and I authored the paper, “Getting Ahead of Risks Before They Become Government Failures: An Imperative for Agency Leaders to Embrace Enterprise Risk Management.” In that paper, we cited a finding from a survey that had been administered to SEA members by the Association for Federal Enterprise Risk Management (AFERM) in which 85% of respondents said they could envision a serious threat or disruption happening at their agency in the next 2-3 years. Unfortunately, the serious threat, in the form of a pandemic, arrived less than a year later, with wide-scale and wide-spread disruptions occurring on an unprecedented scale.
In our paper, we also referenced a report released in 2019 by the SEA in partnership with a team of researchers who warned that the U.S. Government was at risk of failure, in large part due to declines in federal workforce capabilities. This report described a state where civil servants were increasingly operating in an environment that prevented them from making decisions, hindered their ability to respond to challenges, and stifled innovation and creativity. Again, unfortunately, we’ve seen the consequences that these researchers warned us about become all too real.
In this light, it is highly advisable for new leaders to quickly obtain a copy of the Risk Profile in order to learn about the current risk landscape for their agency. Agencies are developing risk profiles per a requirement that was set forth by OMB in the summer of 2016 through an update to Circular A-123, Management’s Responsibility for Enterprise Risk Management and Internal Control. ERM provides a mechanism for focusing on critical risks to the organization as a whole, and when ERM is linked up with agency strategic planning and budget processes, it can help in obtaining resources that can be applied toward the treatment of the most serious risks an agency is faced with.
In addition to obtaining the Risk Profile, here are few other some simple actions Biden Administration appointees can take to improve the likelihood of mission success in the years ahead:
- Identify and engage with those in your agency who are implementing or practicing ERM and offer your support and involvement.
- Set the tone at the top and engage personally to demonstrate a commitment to risk awareness.
- Create an environment of openness with your leadership team where information, including bad news, travels quickly, and where people are thanked for speaking up.
- Establish an expectation that risk information and risk insights are part of managerial decision-making.
- Invest in staff to develop ERM expertise in core functional areas.
The challenges facing government have becoming increasingly complex, and the capabilities of the federal workforce to develop and deploy effective solutions have become impaired. While ERM isn’t a fix for the root causes of those problems, it can help draw additional attention to these large-scale risks, their potential impacts, and the need for action, while, in the interim, equipping leaders with the early warning indicators necessary for undertaking and deploying treatments that, hopefully, end up reducing the likelihood and/or alleviating further impact of these risks to the Country.
For more information about ERM in the Federal government, visit www.AFERM.org or download this ERM brochure.
(Note: This article reprises themes from a January 2021 article.)
Read otherTom Brandt articles
How Mature is the Federal Government’s Practice of Enterprise Risk Management (ERM)?