Uncovering the Strategic Value of Enterprise Risk Management for Federal Agencies
Federal agencies tend to think of enterprise risk management (ERM) as something that is only useful in the private sector. But risk is everywhere. Like commercial enterprises, federal agencies face threats every day — threats to their finances, reputation, strategic mission, and operational effectiveness. ERM is about identifying, analyzing, and addressing those risks. There are key differences in the application of ERM in federal agencies versus the private sector, but it can still be a powerful resource for strategic planning and effective policy making.
Download our white paper: The Strategic Value of Enterprise Risk Management for Federal Agencies
The Committee of Sponsoring Organizations (COSO) calls ERM a process for identifying potential events that could affect an organization, and then taking steps to reduce or eliminate the risk so the organization can achieve its objectives. The assumption is that by proactively addressing risk and understanding its likelihood and magnitude, an organization can create value for its stakeholders and make sound resource allocations. In the end, that’s the benefit you’re seeking.
ERM is different for governments
Business oversight and governance are very different in the federal sector and ERM models reflect this. For example, in the private sector, access to private capital markets, profitability, and shareholder return on investment are key concerns that keep CEOs up at night. But in the federal sector, the top-of-mind issues include legislation that reduces appropriations, decreases tax revenue, and imposes congressionally mandated fixed reductions in expenditures known as sequestration. Rather than shareholders, the key public constituencies of federal agencies are legislative and executive officials who authorize funding and the public that is dependant on government services.
Since the federal government has the power to tax and borrow from the capital markets, agencies have not traditionally had the type of short-term liquidity pressures that the private sector experiences. But today the federal government faces liquidity pressures as it struggles to meet the rising costs of entitlements like Medicare, Medicaid, Social Security, and military and civilian pensions, and to provide services and support for a growing population.
The impact of failure in the federal government, or even the lack of optimization of resources and programs, is huge. With a budget of more than $1.3 trillion and more than 4 million civilian and military employees, government touches virtually every aspect of the lives of the 310 million citizens. While a security breach at a Fortune 1000 manufacturer may put thousands of individuals or businesses at risk for fraud, a similar breach at a major intelligence agency could imperil the security of the nation.
The six-stage ERM process
Implementation of an ERM initiative in a federal agency follows a process that is similar to a commercial enterprise, although the scope of the risk is much broader due to the impact of the government on the entire economy.
Download detailed case studies illustrating how ERM works in government.
The process proceeds through six stages:
Step 1: Establishing the risk types
Some ERM models concentrate on a few limited areas, while others consider a broad array of risks. In the federal government, it is essential that a broad array of risks be considered.
Step 2: Defining the likelihood and impact of risks
Each risk is assessed and described. For example, a taxation and budget risk is assessed on the funding at risk compared to the overall budget, while an intergovernmental risk is defined by the degree to which the agency interacts with other federal agencies for services and payments.
Step 3 Defining the level of risk intensity
A heat map is created to indicate the intensity of risk. A five-point scale might include very high, high, medium, low, and very low.
Step 4: Surveying and interviewing managers
One of the best assessment tools to develop the intensity ratings for the heat map is to survey the senior and upper mid-level managers who are close to operations. Questions can cover the key risks to the agency, and may also include pre-testing with selected employees. Ratings are assigned for each question and data are compiled from department responses and compared to an overall average. The results are used to score and map risks by category and department.
Step 5: Developing a visual summary
Risk maps are completed using both the survey and interview results. A risk map displays the intensity of each risk as developed in step 4 using the very high to very low scale for each type. A rating is then assigned for each type, such as taxation and revenue risk or intergovernmental risk.
Step 6: Synthesizing the results
The power of the ERM model and the heat map become apparent when a comparison is made of the likelihood of one risk versus another. For instance, an agency with a very high rating for taxation and revenue risk but a lower rating for intergovernmental risk will prioritize strategies to lessen the tax and revenue risk. These might include implementing programs to reduce budget shortfalls.
Applying the ERM model
Decisions involving audits, budgets, and strategic plans can all benefit from an ERM assessment. The results can be used to develop a multi-year internal audit plan that concentrates resources on the highest risk areas. Results can also be a tool for developing and validating multiple budget scenarios reflecting the changing levels of congressional funding. Agencies can create alternative budget scenarios to account for projected lower appropriations, potentially higher employee turnover, and greater risk in implementing programs over time.
Agencies can also address risk in the strategic planning process, making risk consequences and tradeoffs transparent among departments. Survey and interview results also help management focus on risk in areas where they may not have done so before.
A valuable strategy for reducing risks
In an era of increased risk, ERM helps federal agencies make important policy decisions based on proactive assessments of changing circumstances. As executed by a committed, informed senior management team, ERM can also help government leaders make sound resource allocations.