Wednesday, October 31, 2018
Note: This is a tentative schedule subject to change.
General Session 3: Day 2 Opening Comments
Tom Brandt, President, AFERM
Plenary Session 3 — Shaping the Future Cybersecurity Risk in the Public Sector: A CIO Perspective
CIO’s lessons learned in leveraging ERM to mitigate cybersecurity risks, including:
- Innovative approaches for staying ahead of emerging risks
- Motivating a risk culture that promotes transparency
- Integrating risk monitoring with other entities (OIG, OMB, DHS, Board of Directors, others)
- Best practices for addressing (and mitigating) reputational risks
* BREAK *
Track 1, Session 1D — Applying ERM Principles to Functional Divisions: A Federal Grants Risk Management Case Study
Today, buzz words like “enterprise risk management” (ERM) and “accountability” abound in the public and private sectors. But how do they really work operationally? Faced with an $11 billion budget for grant programs but finite internal resources to manage them, the Health Resources and Services Administration (HRSA) sought a way to use risk management to improve accountability and oversight of grants. Seeking a risk-based, data driven approach to strategic decisions, HRSA embarked on a one-of-a-kind assessment of current risks and related risk management practices, and the development of risk tools for decision makers. This presentation will provide a case study for operationalizing risk management in the grants world, and more generally at the sub-agency level. Those seeking to integrate risk management into their operations will hear about project challenges and successes, key risk findings and recommendations, and considerations when taking on such a project. During the presentation, the speakers will:
- Explain the context within which HRSA determined to launch such an ambitious study, and the questions faced in developing the project;
- Briefly walk through the tools developed to document and assess key risks and opportunities;
- Describe the findings of the study and how ERM principles were applied; and
- Discuss the challenges and limitations faced with a risk management study of this kind.
Track 2, Session 2D — Gaining Agency Involvement in ERM
Focusing on how agencies are ensuring the entire agency is involved in risk management – what type of trainings, communications, etc. are being used to ensure that everyone is participating and how agencies are shifting their culture from being reluctant to talk about risk to open about it.
Track 3, Session 3D — Integrating ERM with Strategic Planning and Strategic Objective Annual Reviews
The success of ERM in federal agencies relies on the integration of strategy and risk management principles. In this session, participants will learn how Treasury incorporates these principles into the strategic planning process at the department level and the bureau level.
* BREAK *
Track 1, Session 1E — Leveraging Technology to Enhance Your Agency's ERM Capabilities
Technology cannot provide an out of the box ERM program, but it can definitely facilitate the process. This session will discuss how using technology can jump start your ERM program capabilities, and how these platforms are creating innovative solutions to challenges your ERM program may face through maturity such as risk identification, collection, collaboration, and prioritization.
Track 2, Session 2E — Check What Box? Increasing ERM Motivation through Non-Compliance Focused Techniques
Embedding ERM into existing business processes improves acceptance, creates efficiencies, and reduces pushback. This session discusses how to integrate ERM into normal business.
Track 3, Session 3E — Effective Integration of ERM and Internal Control
OMB Circular A-123 requires Federal agencies to integrate their ERM and internal controls activities. In this session, the Enterprise Risk Management Officer and Director of Internal Controls for the National Institute of Standards and Technology (NIST) will share their experiences and the progress they’ve made toward this goal. The speakers will describe NIST’s ERM-Internal Controls Integration Framework, NIST’s new Audit Subcommittee, and lessons learned.
* LUNCH & ERM Survey Results*
Track 1, Session 1F — Techniques, Templates, and Toolkits in a Flash!
Technology, tools, and templates should be seen as accelerators for a sound Enterprise Risk Management (ERM) framework, not a substitute. As with most other aspects of ERM implementation, the tools and templates developed and deployed by an ERM program should follow a maturity model approach and be customized to an organization. Tool or templates are only as good as the information input and how effectively their outputs put the right information in front of the right people at the right time. During this session, attendees will learn how federal ERM programs have developed and deployed tools to support their programs’ maturation. Organizations beginning their ERM journeys can learn what tools provided the greatest value to the ERM program and organizational leadership from the initial stages of ERM implementation. While organizations with mature ERM programs can hear how tools continue to support organizations in making risk-informed decisions.
Track 2, Session 2F — ERM: Getting Everyone on Board without Sinking the Ship
Successful ERM programs drive a cultural change that increases risk-awareness and transparency to inform risk-based decision making throughout the organization. Learn about the 10 building blocks of risk leader success, targeted risk communications, and other leading ERM practices from thought leaders in academia and non-profit sectors.
Track 3, Session 3F — Integrating ERM into an Agency’s Culture
Often it can help an agency to absorb ERM as a way of doing business if the culture is prepared beforehand. That way agency leaders (SES and political) can understand the value of ERM to them and their work. A process of cultural preparation also can help to allay fears that ERM somehow will involve excessive costs (in scarce leadership time, changed ways of doing business, and unwanted intrusions into management decisions). The ERM function in turn can benefit from the very beginning from adapting in response to feedback from agency leaders.
* BREAK *
Plenary Session 4 — Risk Leadership in a Complex Environment
- Shaping ERM in complex organizations through leadership
- Promoting an organizational culture that values risk management
- Balancing leadership style, risk tolerance and opportunity
General Session 4: Summit Wrap-Up
Tom Brandt, President, AFERM