Ask the Experts

Should agencies automatically focus resources on risks with the highest levels of residual risk, or should more energy be placed on those that may exceed established risk tolerances (regardless of residual risk level)?

ERM informs the resource allocation and internal decision-making processes and should not necessarily trigger the focus of resources in any one direction. There may be a range of other factors that agency leaders must consider when deciding where and how to address key risks.

[More]

What are some effective methods to report the status and/or results of ERM activities to management?

Reporting will vary depending on leadership and how the audience best receives information.  However, reporting will likely focus on the accomplishments of the ERM program, particularly as it relates to enabling an agency effectively managing risk tolerances at the goal and objective levels and risk appetite at the agency level.  To accomplish this, agency leadership (more…)

[More]

How can the OIG’s risk assessment process for audit planning purposes coexist with the ERM program’s assessment for risk management purposes? Where is the line drawn for collaboration?

When it comes to discussing matters of risk management within an organization, there will always be some overlap.  However, the Risk Manager should remain focused on the primary business/mission objective, the risk created from executing toward that objective, and what responses the organization would have for the risk created. When discussing the OIG and an (more…)

[More]