Reports
Challenges faced by nations over the last several years demonstrated that managing risk in the public sector has taken on new significance.

Government orga­nizations must tackle risk and uncertainty in a more systematic and enterprise manner. The authors of this new report, Peter Young and Trang Hoang, provide timely and insightful perspectives that underscore the connection between lead­ership actions that support government risk management and successful efforts to implement enterprise risk management (ERM). The report explores two dis­tinct concepts—risk leadership and ERM readiness. The authors aim to better understand the question of ERM readiness, seeking to ascertain the measure by which an organization can self-evaluate readiness for ERM implementation. The findings outlined in this report will help those planning to adopt ERM, as well as those in more advanced stages of implementation.

Supported by nearly two dozen interviews, the authors address how the role that risk leaders play in ERM implementation is essential to accessing an orga­nization’s readiness. Based on an analysis of survey results and interviews with U.S. federal leaders regarding ERM practices, along with supporting evidence from scholarly and professional research, the authors document observations and offer insights on the interconnection between risk leadership and organiza­tional ERM readiness.

The report describes the importance of risk leaders having an overall vision of the interaction between organizational structure and ERM readiness, given the siloed nature of many government operations. Authors Young and Hoang point out that a successful ERM implementation should create more open and agile government structures and operations, enabling agencies to better prepare and react to uncertainty. The authors describe how effective risk leadership can influence ERM implementation, promoting sustainably resilient outcomes that go beyond simply preventing and controlling threats.

Many of this report’s findings and observations support work of the IBM Center’s “Future Shocks” initiative, a collaboration with the National Academy of Public Administration and the IBM Institute for Business Value. The initiative frames a proactive strategy in identifying and addressing potential disruptions to governments and nations, including through following fundamental principles of risk leadership that foster a culture of foresight and adaptability. By leveraging insights from this report and our Future Shocks initiative, organizations can enhance their ERM readiness—enabling them to identify, assess, and mitigate risks that may arise from emerging trends, technological advancements, or unforeseen events. This connection underscores the impor­tance of integrating innovative approaches to anticipate and manage risks in a complex and dynamic envi­ronment. Young and Hoang conclude with a discussion around the positioning of ERM as an essential tool for fostering sustainable organizational resilience.

Along with complementing insights from our Future Shocks work, this report adds to the Center’s rich library of risk management research, including Managing Risk in Government: An Introduction to Enterprise Risk Management by Karen Hardy; Managing Risk, Improving Results: Lessons for Improving Government Management from GAO’s High Risk List by Donald Kettl; Improving Government Decision Making through Enterprise Risk Management by Thomas Stanton and Douglas Webster; Managing Cybersecurity Risk in Government by Anupam Kumar, James Haddow, and Rajni Goel, and Risk Management in the AI Era: Navigating the Opportunities and Challenges of AI Tools in the Public Sector by Justin Bullock and Matthew Young.

We hope that the insights and findings in this report help government leaders and stakeholders as they con­tinue to mature their risk management capabilities, while building resilient and innovative organizations.