Where should the ERM process/program reside within the agency to include who should oversee the program?

Question asked by Anonymous

AFERM Experts Say...

Within the Federal Government, there is no right answer to this question.  Some agencies have designated a Chief Risk Officer (CRO) to report to the Chief Operating Officer or Chief of Operations (COO).  In other agencies, the ERM program is led by a Risk Manager who reports to the Chief Financial Officer (CFO).  Several agencies have decided to incubate their ERM program within the CFO organization with plans to elevate the position and program when they reach a certain level of maturity.  Office of Management and Budget (OMB) Circular A-123 provides agencies with a great deal of latitude in this area in recognition that the same approach may not work across all agencies.  However, agencies are best served by a strong and independent risk management function positioned as high in the organizational structure as possible.  An executive leading ERM program efforts, who is also formally recognized as part of the agency’s senior leadership team, helps facilitate acceptance across the organization’s lines of business.  Designating a CRO at the executive level, with the program reporting to the COO, also sends a message about how agency leadership views the importance of ERM, and this message can be an effective element of an agency’s tone-at-the-top.

How are your agencies addressing the governance issue?  Share your thoughts – join the conversation!