It’s been almost six years since the Office of Management and Budget asked agencies to develop an enterprise approach to risk management.
As with many of these unfunded mandates, some agencies do better than others.
That’s why the Association for Federal Enterprise Risk Management (AFERM) saw the opportunity to provide the first of several helpful guides, as ERM becomes increasingly important to all parts of an agency.
Daniella Datskovska, president of the Association for Risk Management of Federal Enterprises, said that new practice guide will advance and accelerate enterprise risk management.
“The reason the practice guide is important is because it gives us ammunition to know when something is wrong, and what the climbing and elevation mechanics are, and what is the most importantly, the element of risk culture. If I read this document and know that my organization adheres to the main principles of this guide, I feel empowered to speak up if I see that a risk is on the point to materialize, and I know we’re paying attention as an organization,” Datskovska said in an interview with Federal News Network. “Apart from just being a well-rounded person and understanding that this is of a discipline that exists and here are examples of how you can implement some of the practice areas related to ERM, it also empowers you and gives you tools on how you need to manage risk and what are the important elements to achieve this with very specific examples. »
AFERM has broken down the 21-page practice guide into four areas:
- Enterprise Risk Governance
- ERM maturity model and maturity assessment,
- Risk Appetite Statement
- Establish the context
“There is a very structured way of approaching the practice guide. We have defined what a zone is. For example, if we talk about enterprise risk governance, our first area of focus, we describe what that is and have intentionally used the description as it applies to the federal government,” said said Datskovska. “We also define what we believe to be AFERM, the main principles and attributes of the governance of ERM or any other domain. We try to give very concrete examples of what this means and what it looks like. So if, for example, we’re talking about enterprise risk governance, one of the attributes is understanding what constitutes organizational value. We will describe what the organizational value of an organization is; we would explain why this is important, and then give examples of how the agency might achieve this attribute of organizational value.
Special attention to small agencies
The guide also helps agencies establish processes and templates that can be used in mission and back-office areas alike.
Datskovska said agencies need to align risk decisions horizontally and vertically as well as between internal and external stakeholders.
“The structure that we followed the description, the principal, the attributes, the examples, it was really, we felt, a natural way to present information,” she said. “All the people who participated in the writing of this first publication document are all practitioners. They have designed, implemented and maintained BRM programs.
And because AFERM members are practitioners, they have also given special attention to small agencies, understanding that not all agencies have the staff and resources to develop and implement an ERM program at home. agency scale.
For example, in the section on risk appetite, AFERM wrote: “For small agencies and agencies with a board of directors, commissioners or directors, the RAS may be approved by the chief operating officer (COO), chief financial officer (CFO) or other agency executive It is good practice to discuss the RAS with the board to get their agreement and modify it as necessary to incorporate board comments.
ERM must be coherent, integrated
Datskovska said AFERM consciously wrote the guide in a way that anyone from an expert in ERM to someone just learning the practice could understand and find useful.
“I think the guide is an excellent source for receiving confirmation that you are on the right track. When you look at the example domain, the definitions of how we describe what governance is or how we describe what maturity model is or how you assess maturity, risk, appetite, etc. , but when you go beyond the definitions, and you go into the example areas, it not only provides you with confirmation that you are on the right track, but also if you look at this list of example activities and that you haven’t considered it and there’s no objective reason for it, then it’s a wonderful practical guide to what could be done in a given area,” she said. “In one of the attributes that’s been discussed within governance, for example, risk information informs agency decision-making, and that’s a good one, I think, because the objective The ultimate goal of ERM is to help senior managers and leaders across the organization make better risk-based decisions.
Another common theme throughout the guide is ensuring that ERM is consistent and integrated across the agency.
Datskovska said the guide should help agencies find gaps in their ERM program as well as understand how to close those gaps. This is where the ERM maturity model and assessment methodology comes in.
“The beauty of the maturity model that we refer to and that many agencies use is that it’s very flexible. Each agency can decide that they have reached a certain level of maturity in one pillar, like governance, but another regarding risk reporting,” she said. “One of the key factors influencing maturity is tone at the top. What support do you get from your leadership? So if someone is just starting out, they could use the module in practice areas to guide themselves. This document gives further practical recommendations on the starting point of the maturity model.
For many agencies, reaching level three is when they will begin to see the real value and evidence of ERM.
“A particular point that seems important to me and which is increasingly mentioned among practitioners is that you have to be patient. The thing is, you have to be patient to be able to see the value of the benefits become real,” she said.
Datskovska said AFERM will come up with new practice guides over the next year to focus on other aspects of ERM.