For the sixth consecutive year, the Association for Federal Enterprise Risk Management (AFERM) and Guidehouse have collaborated to survey Federal government leaders and staff for their insights into the current state of Enterprise Risk Management (ERM) in their organizations. ERM continues to exhibit performance levels that are still reflective of an emerging capability, although incremental positive trends are evident across most of the areas measured in the survey.
Previous surveys highlighted several characteristics that impact the effectiveness of ERM. That trend continues to be reflected in this year’s survey. The two demographic categories that tend to have the highest mean scores and most positive responses are:
- Organizations that incorporate risk management into the performance plans of all members of the Senior Executive Service (or equivalent)
- Organizations with ERM programs that have been running for three or more years
The two other demographics categories that also demonstrate a higher correlation for ERM effectiveness, albeit not as significant as the categories above, are:
- Organizations in which the ERM program reports directly to the Agency Head or Deputy
- Organizations with a Chief Risk Officer (CRO) in charge of their ERM program
The following is a summary of some of the additional overarching themes from this year’s survey:
- In new questions added to this year’s survey related to responses to the COVID-19 pandemic, 50% of organizations indicate that their ERM program is either “Highly Engaged” or “Extremely Engaged” in their organization’s response, only 28% of organizations had a pandemic or similar health emergency on their risk profile prior to 2020, and nearly two-thirds (64%) of respondents are anticipating implementing changes in their ERM program specifically in response to the pandemic.
- While there was an increase in the percentage of organizations that have adopted a risk appetite statement, reaching 42%, only 8% of organizations indicate that their risk appetite statement is communicated throughout the organization and integrated into strategy and decision-making.
- Integration of ERM with other processes has increased this year, with mean scores moving above the midpoint response of 3.00 in two of the four integration areas accounted for in the survey, including (in order of degree of integration): Internal Control Programs, Strategic Planning, Execution Processes, and Budgetary Processes.
- While integration scores increased, the ability of organizations to prioritize and manage risk across the organization as an interrelated risk portfolio dropped 11%. This is even while organizations have self-identified as moving up the maturity curve with an increase in “Managed” (Level 4) programs, which now represents just over a third of all agencies.
- “Cyber security/privacy” remains the top risk area receiving the greatest management attention. It is also #1 in terms of greatest perceived current risk and perceived future risk for Federal agencies. “Operational/programmatic risk” and “Human Capital risk” round out the top three in each of these categories.
- A mismatch continues to exist in several risk areas in which management is employing significant resources despite low perception of actual current and future risk. Some of these prominent risk areas include Compliance Risk, Financial Risk, Fraud Risk, and Reporting Risk.
- The cultural aspects of ERM remain below the midpoint response, on average, in most of the questions related to this important aspect of ERM capabilities. This year ended the previous trend of positive improvement across these questions, with responses indicating progress in some areas, but decline in others.
- “More clear linkage, alignment, or integration of risk with strategy and performance” remains the most impactful improvement area for better positioning organizations to respond to current and anticipated risks, with “Culture change to accept risk as part of day-to-day business” and “Tone-at-the-Top, Executive support” rounding out the top three.
- There is a new entry to the top three benefits emanating from Federal ERM programs: “Enhanced management decision-making,” “Reduced duplication in risk assessment and/or compliance activities,” and “Prevented significant negative event from occurring”, which is new at the top of the list. This latter category made one of the biggest jumps from last year, going from only 17% of respondents to 30% of respondents whose agency’s ERM program helped led to the prevention of a significant negative event.
- Similar to last year, the top three barriers to establishing and maintaining an ERM program remain the same, but each dropped in severity. These three barriers are: “Bridging silos across the organization,” “Rigid culture resistance to change,” and “Executive level buy-in and support.”
These highlights along with additional observations and insights can be accessed on the 2020 Federal ERM Survey Results Dashboard. This year, we have enhanced the presentation of the results with access to an interactive dashboard in which users can apply select demographic filters to the approximately 50 survey questions to experience firsthand over 350 visualizations for each of the two years of data available in the dashboard.
The Federal ERM survey was conducted by Guidehouse and AFERM between May 11 and May 20, 2020. Links to the online survey were sent to government members of AFERM, members of the Senior Executives Association, as well as to members of the Association of Government Accountants. The survey was only distributed to government personnel. While all respondents received the same set of initial questions, subsequent questions followed one of two prescribed paths based on whether the respondent’s organization had already implemented an ERM program.
Our survey respondents spanned the breadth of the Federal government and across a number of demographic categories. In terms of organizational representation, responses were received from a total of 37 Federal organizations including 15 Cabinet agencies. In many of these cases, additional variety was represented across multiple components or bureaus of these broad departments or agencies.
The survey results can be accessed on the Guidehouse website at guidehouse.com/insights/advanced-solutions/2020/aferm-survey-results-2020 and on the AFERM website at aferm.org/about/surveys.
Guidehouse is a leading global provider of consulting services to the public and commercial markets with broad capabilities in management, technology, and risk consulting. We help clients address their toughest challenges with a focus on markets and clients facing transformational change, technology-driven innovation and significant regulatory pressure. Across a range of advisory, consulting, outsourcing, and technology/analytics services, we help clients create scalable, innovative solutions that prepare them for future growth and success. Headquartered in Washington DC, the company has more than 8,000 professionals in more than 50 locations. Guidehouse is a Veritas Capital portfolio company, led by seasoned professionals with proven and diverse expertise in traditional and emerging technologies, markets and agenda-setting issues driving national and global economies. For more information about how Guidehouse assists public sector agencies with the design, implementation, and maturation of ERM programs, please contact any of the Guidehouse contributors listed below.
AFERM is the only professional association solely dedicated to the advancement of Enterprise Risk Management (ERM) in the Federal government through thought leadership, education and collaboration. AFERM provides programs and education about benefits, tools and leading practices of Federal ERM and collaborates with other organizations and stakeholders to encourage the establishment of ERM in Federal departments and agencies. For more information about AFERM, please visit AFERM.org.
For more information, please contact: