In the four years since OMB set standards for applying enterprise risk management in the government, agencies have built a foundation that makes them “ready to manage risk proactively and drive value to their organizations,” says a report from the Partnership for Public Service, which adds however that there are still barriers to overcome.
The report, done with the Deloitte consulting firm, examined implementation of a 2016 revision to OMB Circular A-123 which among other things aims to have agencies take an enterprise-wide approach to managing risk rather than a siloed approach and to have them use a deliberate process for assessing and managing risk.
The report said that “many agencies across government now have procedures for ERM and established governance and risk profiles that outline their top risks” which “has helped facilitate a culture in which agencies and their leaders are more comfortable taking risk into consideration when making decisions.” It also credited steps taken since then including creation of an OMB steering committee to oversee implementation, and the issuance of a guide to enterprise risk management by the council of agency IGs.
Says the report, “Still, many agencies face challenges to fully implement this management practice. While some have been successful at standing up ERM programs, including identifying specialists to support their activities and standardizing risk management processes, programs that typically operate in silos are often not involved in critical decision-making.”
“Several ERM specialists said in interviews that while OMB’s framework provided some guidance on how agencies can build ERM programs, their leaders have struggled to find a path forward that best fits their organizations. Others were concerned ERM would be relegated to a “check-the-box” compliance exercise,” it added.
It recommended that agencies “gain strong leadership buy-in; develop and apply risk appetite to help leaders prioritize risks; and integrate ERM with management functions and core programs.”