Day 1 Agenda — 2021 AFERM Summit (Tentative)

Speaker

Marianne Roth, Chair, 2021 ERM Summit Planning Committee

Speaker

Nicole Puri, President, Association for Federal Enterprise Risk Management (AFERM)

How to live under uncertainty and enjoy every bit of it!  By the end of this session, you will be able to

• Recognize the key concepts associated with uncertainty
• Recognize what is and is not a black swan event
• Identify actions and activities that organizations can take to handle uncertainty in their operations

While ERM adoption within the U.S. federal government is still in its relatively early stages following the 2016 issuance of OMB Circular A-123, many other governments world-wide have been at the practice of ERM for much longer. Through this session, participants will have the opportunity to hear from the leaders of long-standing ERM initiatives in the United Kingdom and the Canadian Province of British Columbia that are considered as best-in class examples of government-wide ERM program. They’ll share lessons learned from their experience in keeping ERM relevant during periods of change, including insights into the key skill sets of effective risk leaders along with methods for leveraging ERM to help the broader government during periods of crisis.

Integrating Environmental, Social, and Governance (ESG) issues is a critical step to understand and manage an organization’s full risk exposure. ESG captures critical issues that naturally align with risk – environmental concerns, such as climate impact, social issues such as diversity, equity, and inclusion, and governance, such as stewardship or sustainability.

The FDA and HUD panelists will provide strategies and tactics that support risk-informed decision-making. Both agencies’ speakers will describe changes they have made to their FY 2023 Budget processes to better communicate on and manage enterprise risks. These include both tools and templates as well as ideas on relationships to make sure to foster.

Current events demonstrate the potential for severe disruptions to services and product streams that we all rely on. Cybersecurity and Cyber Supply Chain Risk Management continue to be front-of-mind for federal agencies and risk managers. This session will highlight key strategies and tools presented in recent guidance issued by the National Institute of Standards and Technology (NIST) on these subjects to support effective risk reporting and integration with enterprise risk management efforts, and will provide lessons learned from practitioners.

• How can we communicate the need for ERM to new leadership and gain their buy-in.
• How do we articulate ERM successes and demonstrate the value of ERM?
• How do we continue to mature ERM capabilities and sustain organization-wide engagement?

This software demonstration/tour will show you how to manage you’re OMB A-123 requirements using rPM3 Solutions’ Aperitisoft™ software solution. This feature rich software was purpose-built to support ERM practitioners and logically structured to mirror the ERM process. A built-in survey tool supports risk identification, developing likelihood and impact factors, and risk evaluation and is easily tailored to meet your specific needs and unique requirements. The survey feature supports polling, interviews, and workshops, and simplifies collecting, compiling, and manipulating risk assessment information. Intuitive forms for entering information guide users through the ERM process from setting the context and risk identification through risk response planning & monitoring (including KRIs and linking to controls). Every aspect of your ERM process is captured in Aperitisoft™, so you won’t need to use excel spreadsheets or other Office suite products to get the job done.

In this session, Gary Bierc and Ken Fletcher will demonstrate how to use the software to conduct an agency strategic risk assessment.

Speakers

Gary Bierc, rPM3 Solutions
Ken Fletcher, Kestrel Hawk Consulting

Speaker

Alyssa Lokits, Archer

Governance, Risk and Compliance (GRC) technologies and data analytics are helping organizations automate manual processes, improve data quality, and gain insights into their data in new ways. This session will explore the criticality of GRC technology to managing risk portfolios with a lens on connecting data points to inform key strategic, operational, budgetary and acquisition decisions for an agency. The panel discussion will address the foundational elements, such as governance, people and process, needed within ERM and risk management programs to recognize technology benefits that have helped organizations improve insights into their data, mature and sustain their programs, and gain ERM adoption.

This breakout discussion will address how ERM is currently applied in organizations and agencies and how it could be applied at the broader government level. This broader level might necessitate a CRO for the United States.

This session will discuss the journey that Intermountain Healthcare has taken to design and implement a third-party supplier risk management program using Enterprise Risk Management principles. Our goal is to create an infrastructure for identifying, assessing, prioritizing, and mitigating the following nine risk categories-location risk, sourcing risk, labor risk, financial stability risk, compliance risk, logistics risk, quality assurance risk, sustainability risk, and technology risk that could cause a potential disruption to our supply chain.

The human element is increasingly recognized as the biggest vulnerability in cybersecurity and the largest contributor to operational risk yet no risk frameworks effectively quantifies or assesses human factor risks. These findings are the subject of collaborative research with leading Ivy league universities and the Cognitive Risk Institute. This session goes beyond internal controls, audit and compliance to present a framework that integrates risk governance, cybersecurity and ERM practice in novel ways based on evidence-based scientific research.

Systemic risks are all around us – we’re all still living through the cascading systemic failures of COVID. Recent systemic failures like Texas Energy, SolarWinds, and the Microsoft Exchange hack demonstrate how global connectivity and new technology innovations are introducing new systemic risks at a level and of types never seen before.  But few leaders fully understand systemic risks or know how to mitigate them. This plenary session will explore how one point of failure in a complex system can threaten the entire system and how new threats evolve and can emerge over time.

Speakers

Nicole Puri, President, AFERM

Choose from three fun options:

• Group Storytelling: Travel
• Trick or Trivia
• Boo at the Zoo