Over the past year the Biden Administration through two Executive Orders (EO) and a guide from the Food and Drug Administration (FDA) has been pushing Enterprise Risk Management (ERM). This piece looks at this trend and some of its implications.
Executive Order M-22-04
On December 3, 2021, Executive Order M-22-04 was issued. The subject was “Promoting Accountability through Cooperation among Agencies and Inspector Generals (IG)”. This EO is geared towards improving cooperation between the agencies and their Inspector Generals. The EO states:
“Agency leadership and the IG should hold routine meetings to have candid discussions in a non-audit setting and maintain clear lines of communications between the appropriate IG officials and agency leaderships.” (1)
To further communications between agencies and their IGs a special process was developed. That process included specific topics which agencies and IGs should explore. The topics include:
- What controls/mitigation strategies are being used to mitigate fraud and improper payments?
- What risks have been accepted to achieve the goal of quickly reaching recipients that could potential lead to fraud, waste, abuse, or mismanagement after disruption of funds?
- What clear goals and objectives will inform program design to facilitate and demonstrate the delivery of meaningful results?
- What steps is the agency planning to take if program performance assessment indicators show risks?
While this EO is focused on coordination and communication between agency staff and their IGs, the EO requires assessment before the allocation of resources to determine possible risks which could lead to fraud or mismanagement. It also includes assessment of possible program performance risks. In other words, agencies are being encouraged to manage both financial and programmatic risks. Further, since the discussion is between the agency and their IGs, the underlying assumption is that the IG will be auditing performance and the risk management efforts.
This effort is reinforced by Executive Order M-22-12.
Executive Order M-22-12
On April 29, 2022, Executive Order M-22-12 was issued. The subject is: “Advancing Effective Stewardship of Taxpayer Resources and Outcomes in the Implementation of the Infrastructure Invest and Jobs Act (IIJA)”. The purpose of the EO is to help agencies to create “a Government-wide structure that will break down barriers and eliminate silos.” (2) It stresses the need for agencies implementing IIJA to coordinate with their IGs. It references the procedures discussed in EO M-22-04. It also stresses the need for the agency to “proactively engage their IGs, to identify major cross-cutting risk through the use of data analytics and risk assessment, …
‘(a)gencies must utilize enterprise risk management practices to identify risks associated with achieving program results.’” (3)
The focus of this EO, like EO M-22-04, is to require the agencies implementing IIJA to coordinate with their IGs to anticipate risk management problems which could impact strategic objectives. While both EOs focus on federal agencies, the FDA draft guidance shifts the emphasis to the private sector.
Food and Drug Administration Risk Management Plan Draft Guidance
In April 2022 the Food and Administration issued “Risk Management Plans to Mitigate the Potential for Drug Shortages: Guidance for Industry”. The guidance is a draft issued for comment. (4)
The guide is intended to help drug companies to develop, maintain, and implement risk management plans (RMP) which will help them anticipate drug shortages and mitigate risks. It is also a continuation of the March 2020 Coronavirus Aid, Relief, and Economic Security Act which required specified manufactures to “develop, maintain, and implement as appropriate, a ‘redundancy risk management plan that identifies and evaluates risks to the supply of the drug.’”. (5)
The FDA recommends that drug companies integrate into their Risk Management Plan (RMP) risk to their manufacturing facilities and “refine the mitigation and avoidance strategies specific to the individual drug, or its unique manufacturing process.” (6)
In short, the FDA is recommending that drug manufacturers and associated companies adopt Enterprise Risk Management. While this guide does not have the force of law, the federal intent is clear. ERM is seen as important to the protection of manufacturing processes and the ability to avoid drug shortages.
Conclusions
The two EOs and the FDA’s guidance demonstrate the Biden Administration’s push for ERM implementation. Further, EO M-22-12 and the FDA guidance, indicates that the intent is to cover a large swath of the economic activity. EO M-22-12 focuses on infrastructure which will impact state and local governments as grant and loan recipients. While the FDA guidance will impact private sector drug suppliers. More generally, EO M-22-04 and EO M-22-12 both stress the need for federal agencies, in conjunction with their IGs, to use risk management to assess the risks which might prevent their accomplishing strategic and programmatic objectives. The two EO’s also imply that the IGs will be involved in not only helping determining risks but assessing the success of mitigation efforts through audits.
Endnotes
- Executive Office of the President, 2021, Executive Order M-22-04, Promoting Accountability through Cooperation among Agencies and Inspectors Generals, page 4, https://www.whitehouse.gov/wp-content/upload/2022/12/M-22-02IG-Cooperation.pdf
- Executive Office of the President, 2022, Executive Order M-22-12, Advancing Effective Stewardship of Taxpayers Resources and Outcomes in the Implementation of the Infrastructure Investment and Jobs Act, page 1, https://www.whitehouse.gov/up-content/uploads/2022/04/M-22-12pdf.
- Ibid page 10
- Federal Drug Administration, 2022, Risk Management Plans to Mitigate the Potential for Drug Shortages: Guidance for Industry draft guidance, page 1, https://www.fda.gov/regulatory-information/search-fda-guidance-documents/risk-management-plans-mitigate-potential-drug-shortages
- Ibid page 3
- Ibid page 10
BIO:
James J. Kline has a PhD from Portland State University. He has worked for federal, state, and local government. He has consulted on economic, quality and workforce development issues. He has authored numerous articles on quality and risk management. His book “Enterprise Risk Management in Government: Implementing ISO 31000:2018” is available on Amazon. He edited “Quality Disrupted” which is also available on Amazon. He can be contacted on LinkedIn or jamesjk1236@outlook.com