Woman With Pen Explaining

Enterprise risk management can help integrate culture, capabilities, and practices into a strategy-setting risk management plan.

Reducing risk

ERM Puts Governments Ahead of the Curve on Risk Management

  • Chris Kessler
  • 11/14/2018

Governments are complex, multi-faceted organizations that face unique risks to their operations. Changes in technology, laws, and society only increase business risks, and on any given day, something can go wrong that prevents a government entity from providing critical services to citizens and taxpayers. An effective enterprise risk management (ERM) program can help manage these risks.

What is risk?

Risk is defined as a probability of any negative occurrence, caused by external or internal vulnerabilities that can be avoided through preemptive action. In this context, risk is something that inhibits or prevents a government entity from achieving its goals.

Risks from external and internal environments should be assessed equally to mitigate the potential threats to your strategy. Externally, risk can be the result of the political environment, population changes, and legal events, whereas internal environmental risks come from things like talent and succession, the culture of your organization, and governance involvement.

Risk exists in all organizations and is unavoidable, but state and local governments are facing unprecedented challenges related to risk, preventing them from reaching their mission, goals, and objectives. Governments of all sizes and structures can benefit from the employment of an ERM methodology as a means of identifying and then mitigating risk.

Enterprise risk management

The key with an ERM methodology is the identification and management of risk, because you cannot be prepared to respond to threats that you don’t know exist.

As a governmental organization, are you identifying the threats that you face? If so, you are already employing a key concept of the ERM methodology, and may already be familiar with the common nomenclature. The purpose of an ERM methodology is to integrate a government’s culture, capabilities, and practices into a strategy-setting risk management plan. In other words, you identify your government’s risks in order to evaluate and prioritize which poses the greatest threat to your mission and strategy.

The key with an ERM methodology is the identification and management of risk, because you cannot be prepared to respond to threats that you don’t know exist. To be successful when adopting an ERM model, your government entity should have a risk-based mindset, and should be focused on continual improvement.

Questions that ERM can answer

ERM is a concept that is commonplace in the private sector, but government entities face a unique risk landscape that is changing every day. Let’s take a look at some questions that an ERM methodology would help you ask of your team members in order to mitigate risk.
  • Information technology — How do you feel about your government’s operational risk management related to cyber security threats and other IT security risks? Does your organization have a disaster recovery plan in place? What would happen to the core functions of your government if your information technology infrastructure was inoperative, even for a short period of time?
  • Federal and state funds — Does your government have limited access to federal or state funds, or are those funds shrinking? If so, how effective is your grant department at ensuring those funds support the citizens and the mission of the government?
  • Population base — What is the make-up of your population base? If your tax base is decreasing, do you need to take revenue diversification measures?
  • Talent management — How is your government handling talent management? What is your plan to enhance your employees’ capabilities while planning for the succession of key leaders and retirees? Do you have enough people in the right departments?
  • Media crisis — Do you have a crisis communication plan in place?
  • Vendors — How well are you managing and monitoring vendor performance? Are your vendors meeting their performance obligations?
  • Compliance — Does your government have the tools to monitor and manage compliance risk? Are all of your facilities ADA compliant? Are there new regulations on the horizon that will impact you?

These questions cover just some of the risks an ERM framework can help you identify and address. With the implementation of an ERM program, managements can gain a better understanding of the critical risks facing their governments, so they can make decisions to protect their organizations moving forward.

How we can help

CLA’s state and local government professionals can help you assess whether your government entity is ready for ERM. If the time is right, we can help you design and implement a customized ERM program. We can show you your risk profile, assess your current risk management processes against best practices, and strategically craft an ERM program from the ground up, tailored to your specific needs.