Enterprise Risk Management - A Guide for Government Professionals

Read more

Practical guide to implementing Enterprise Risk Management processes and procedures in government organizations
 
Enterprise Risk Management: A Guide for Government Professionals is a practical guide to all aspects of risk management in government organizations at the federal, state, and local levels. Written by Dr. Karen Hardy, one of the leading ERM practitioners in the Federal government, the book features a no-nonsense approach to establishing and sustaining a formalized risk management approach, aligned with the ISO 31000 risk management framework. International Organization for Standardization guidelines are explored and clarified, and case studies illustrate their real-world application and implementation in US government agencies. Tools, including a sample 90-day action plan, sample risk management policy, and a comprehensive implementation checklist allow readers to immediately begin applying the information presented.
 
The book also includes results of Hardy's ERM Core Competency Survey for the Public Sector; which offers an original in-depth analysis of the Core Competency Skills recommended by federal, state and local government risk professionals. It also provides a side-by-side comparison of how federal government risk professionals view ERM versus their state and local government counterparts.
 
Enterprise Risk Management provides actionable guidance toward creating a solid risk management plan for agencies at any risk level. The book begins with a basic overview of risk management, and then delves into government-specific topics including:
* U.S. Federal Government Policy on Risk Management
* Federal Manager's Financial Integrity Act
* GAO Standards for internal control
* Government Performance Results Modernization Act
 
The book also provides a comparative analysis of ERM frameworks and standards, and applies rank-specific advice to employees including Budget Analysts, Program Analysts, Management Analysts, and more. The demand for effective risk management specialists is growing as quickly as the risk potential. Government employees looking to implement a formalized risk management approach or in need of increasing their general understanding of this subject matter will find Enterprise Risk Management a strategically advantageous starting point.

List of contents

Figures, Tables, and Exhibits ix
 
Foreword xi
 
Preface: Managing Risk in the Current Federal Environment xiii
 
Introduction 1
 
State of Risk Management in Government 5
 
How This Book Should Be Used 7
 
Emerging Risks Today 7
 
Top Government Risks 10
 
Criteria 11
 
Profiles of Select High-Risk Areas in Government 13
 
Chapter One Why Enterprise Risk Management? 27
 
Status of ERM in the Government 29
 
Limitations to ERM 30
 
Risk Management: What It Is and Why It Matters 32
 
What Is Risk? 33
 
Evolution of Risk Management 36
 
Traditional Risk Management versus Enterprise Risk Management 38
 
U.S. Federal Government Policy on Risk Management 41
 
Establishing an Agency Risk Management Policy 46
 
ERM Policy and Practice in Canada 48
 
Linking ERM and Internal Control 54
 
What Are the Standards for Internal Control? 55
 
Assessing Internal Control Structures 68
 
Overall Internal Control Summaries 68
 
Chapter Two Examples of Risk Management in the Federal Government 81
 
Health Risks 82
 
Security Risks 82
 
Financial Risks 85
 
Transportation Safety Risks 86
 
External Risks 87
 
Case Study: Applying Risk Management in Government: National Institutes of Health 89
 
Case Study: National Archives and Records Administration 95
 
Chapter Three Managing and Communicating Risk 105
 
Writing Risk Statements 111
 
Developing a Risk Statement 112
 
Inventory of Risk Statements 113
 
Risk Assessment Techniques 120
 
Chapter Four Risk Management
 
Frameworks and Standards 125
 
Why Voluntary Standards? A Look at OMB Circular A-119 126
 
GAO Risk Management Framework 129
 
ISO 31000: International Risk Management Standard 135
 
COSO ERM Integrated Framework 138
 
OCEG Red Book 2.0: 2009 140
 
FERMA: 2002 140
 
BS 31100: 2008 142
 
An Expanded View of ISO 31000 143
 
Chapter Five Risk and Performance Management 151
 
Risk and Performance: Government 153
 
Managing Risk to Performance 157
 
An Expanded View of Strategic Risk Management 160
 
Risk and Performance: Private Sector 167
 
Standard & Poor's ERM Analysis 170
 
Chapter Six Building a Risk Culture 173
 
Risk Culture Survey 177
 
Chapter Seven ERM Maturity and Assessment 181
 
ERM Maturity Models 181
 
The Role of the Internal Auditor in ERM 194
 
Case Study: The Public Safety Canada Audit of Integrated Risk Management 196
 
Chapter Eight ERM Core Competencies 209
 
ERM Core Competency Survey 209
 
Summary of Survey Results 211
 
Federal versus State and Local Government Views of ERM 216
 
Chapter Nine ERM Best Practices of Federal Agencies 223
 
Ninety-Day Action Plan 223
 
Sample Implementation Plan 224
 
Words of Wisdom 225
 
Chapter Ten Conclusion 227
 
Notes 231
 
Appendix: Index of Survey Questions and Responses 243
 
About the Author 279
 
Index 281
 
Figures, Tables, and Exhibits
 
Figures
 
Figure 1.1. Evolution of Risk Management 37
 
Figure 1.2. Siloed and Enterprise Approach to Risk Management 41
 
Figure 4.1. GAO Risk Management Framework 131
 
Figure 4.2. ISO 31000 Risk Management Framework 135
 
Figure 4.3. COSO's ERM Framework Highlights 138
 
Figure 4.4. FERMA Risk Management Standard 141
 
Fig

About the author

Karen Hardy

Summary

Practical guide to implementing Enterprise Risk Management processes and procedures in government organizations Enterprise Risk Management: A Guide for Government Professionals is a practical guide to all aspects of risk management in government organizations at the federal, state, and local levels. Written by Dr.