It’s been almost six years since agencies were told by the Office of Management and Budget to develop an enterprise approach to risk management.
Like with many of these unfunded mandates, some agencies are more successful than others.
This is why the Association for Federal Enterprise Risk Management (AFERM) saw an opportunity to provide the first of several helpful guides as ERM is becoming more important to all parts of an agency.
Daniella Datskovska, the president of the Association for Federal Enterprise Risk Management, said the new practice guide will advance and accelerate enterprise risk management.
“Why the practice guide is important is because it provides us ammunition to know when something is not right, and what are the mechanisms for escalating and elevating, and that most importantly, the element of risk culture. If I read through this document, and I know that my organization is inline with the main principles of this guidance, I feel empowered to speak up if I see that a risk is about to materialize, and I know that we pay attention as an organization,” Datskovska said in an interview with Federal News Network. “In addition to just being a well-rounded person and understanding that this is a discipline that exists and here are the examples of how you can implement some of the areas of practice related to ERM, it also empowers and gives you tools on how you need to manage risk and what are the important elements of doing that with very specific examples.”
AFERM broke down the 21-page practice guide into four areas:
- Enterprise risk governance
- ERM maturity model and maturity assessment,
- Risk appetite statement
- Establishing the context
“There is a very structured way of how we approached the practice guide. We defined what an area is. For example, if we talk about enterprise risk governance, our first area of focus, we describe what it is and we intentionally used the description as it applies to federal government,” Datskovska said. “We also define what we believe as AFERM the main principles and attributes of ERM governance or any of the other areas. We try to give very practical examples of what it means and what it looks like. So if, for example, we talk about enterprise risk governance, one of the attributes is understanding what constitutes organizational value. We would describe what an organization organizational value is; we would explain why it is important, and then we would give examples of how agency might achieve that attribute of organizational value.”