Dr. Hardy is an expert risk management professional with extensive experience in the public sector. Dr. Hardy is the co-founder of the Association for Federal Enterprise Risk Management and served on the U.S. Technical Advisory Group for ISO 31000. She has worked at Citibank and the White House Office of Management and Budget.
She has published numerous articles in national and international journals. Her best-selling book “Enterprise Risk Management: A Guide for Government Professionals” is available on Amazon. She is also the creator and host of the FLIP THIS RISK® Podcast on iTunes, Apple, Spotify and other podcast platforms. You can check out the podcast at Anchor.fm/FlipThisRiskPodcast.
- Your book “Enterprise Risk Management: A Guide for Government Professionals” was published in 2015. This is the same year as the revision of OMB A-123, which mandated federal agencies adopt Enterprise Risk Management (ERM). Looking back, how well has the adoption of ERM in the federal agencies met your expectation?
Hardy: The adoption of ERM by federal agency, since the issuance of revised OMB Circular A 123 in July 2016, has progressed nicely. The revised policy specifically required that the CFO Act agencies establish Risk Profile. If you think about how the 24 CFO ACT Agencies (Chief Financial Officer -CFO) have different missions, goals, and objectives, implementation of OMC A-123 would seem insurmountable. However, thanks to the organic cultivation of ERM practices, government agencies have been able to build a community that supports ERM implementation across the board. Secondly, the internal motivations of government-wide councils and implementation playbooks, as well as additional policy requirements in areas such as performance management and cyber security risk have all helped to maintain the momentum towards ERM adoption and integration of ERM.
- You are a founding member of the Association of Federal Enterprise Risk Management and have extensive experience promoting and implementing ERM in federal agencies. What do you consider the greatest impediment to ERM implementation at the federal level?
Hardy: The hurdles shift ever so often because we are seeing that an increase in engagement of agencies in the internal government communities coupled with collaborations with industry and non-government organizations who support ERM drives what becomes the biggest challenges. In one year, the challenge could be integrating ERM in strategy, and another year it could by integrating ERM in Cyber Security or convincing an agency of ERM’s value. But I still believe a long-term and recurring challenge will be the non-mandatory requirement for each CFO ACT agency to have a Chief Risk Officer in the C-Suite. I believe by not having this consistent and recurring Executive presence at the table leaves ERM integration into the decision-making process to much to chance. Currently the Chief Risk Officer (CRO) role is not a mandatory role but is encouraged. That’s not enough, especially when you think about how dynamic risk is now.
Bio:
Karen Hardy can be reached at: