The Role of Risk Leadership in Defining ERM Readiness in Government
Government organizations must tackle risk and uncertainty in a more systematic and enterprise manner. The authors of this new report, Peter Young and Trang Hoang, provide timely and insightful perspectives that underscore the connection between leadership actions that support government risk management and successful efforts to implement enterprise risk management (ERM). The report explores two distinct concepts—risk leadership and ERM readiness. The authors aim to better understand the question of ERM readiness, seeking to ascertain the measure by which an organization can self-evaluate readiness for ERM implementation. The findings outlined in this report will help those planning to adopt ERM, as well as those in more advanced stages of implementation.
Supported by nearly two dozen interviews, the authors address how the role that risk leaders play in ERM implementation is essential to accessing an organization’s readiness. Based on an analysis of survey results and interviews with U.S. federal leaders regarding ERM practices, along with supporting evidence from scholarly and professional research, the authors document observations and offer insights on the interconnection between risk leadership and organizational ERM readiness.
The report describes the importance of risk leaders having an overall vision of the interaction between organizational structure and ERM readiness, given the siloed nature of many government operations. Authors Young and Hoang point out that a successful ERM implementation should create more open and agile government structures and operations, enabling agencies to better prepare and react to uncertainty. The authors describe how effective risk leadership can influence ERM implementation, promoting sustainably resilient outcomes that go beyond simply preventing and controlling threats.
Many of this report’s findings and observations support work of the IBM Center’s “Future Shocks” initiative, a collaboration with the National Academy of Public Administration and the IBM Institute for Business Value. The initiative frames a proactive strategy in identifying and addressing potential disruptions to governments and nations, including through following fundamental principles of risk leadership that foster a culture of foresight and adaptability. By leveraging insights from this report and our Future Shocks initiative, organizations can enhance their ERM readiness—enabling them to identify, assess, and mitigate risks that may arise from emerging trends, technological advancements, or unforeseen events. This connection underscores the importance of integrating innovative approaches to anticipate and manage risks in a complex and dynamic environment. Young and Hoang conclude with a discussion around the positioning of ERM as an essential tool for fostering sustainable organizational resilience.
Along with complementing insights from our Future Shocks work, this report adds to the Center’s rich library of risk management research, including Managing Risk in Government: An Introduction to Enterprise Risk Management by Karen Hardy; Managing Risk, Improving Results: Lessons for Improving Government Management from GAO’s High Risk List by Donald Kettl; Improving Government Decision Making through Enterprise Risk Management by Thomas Stanton and Douglas Webster; Managing Cybersecurity Risk in Government by Anupam Kumar, James Haddow, and Rajni Goel, and Risk Management in the AI Era: Navigating the Opportunities and Challenges of AI Tools in the Public Sector by Justin Bullock and Matthew Young.
We hope that the insights and findings in this report help government leaders and stakeholders as they continue to mature their risk management capabilities, while building resilient and innovative organizations.