9901834.CERM_Risk_News__92 (2) The $3.5 trillion U.S. Federal Government is one of the largest and most complex organizations in the world. Recently the Office of Management and Budget mandated all federal agencies to implement and integrate Enterprise Risk Management (ERM) into their strategic planning, strategic review and internal control processes (Revised OMB Circular No. A-123, July 2016).
A few weeks later, the Federal Council of Chief Financial Officers and Performance Improvement Council issued a detailed playbook (Playbook: Enterprise Risk Management for the U.S. Federal Government, July 2016) to help government departments meet the new requirements.
This is the first in a series of articles that will examine the impetus, methods, tools and challenges in this momentous undertaking and explore what is required to make ERM successful.
Why Enterprise Risk Management (ERM)? There are three primary motivations: First, we live in dynamic, disruptive and unpredictable times. Risk, volatility, uncertainty, complexity, and ambiguity (VUCA) have become the new norm. Traditional, reactive, siloed, internally-focused, event-driven risk management efforts no longer have the capability to meet heightened risk identification and mitigation requirements.
Second, “Risk Based Thinking” (RBT) and “Risk-Based Decision Making” need to become an integral part of leadership, management, employee practices and vocabulary Each employee at every level of any organization must be involved. RBT creates a context, lens and a stimulus for decision making and action.
Third, ERM provides comprehensive, rigorous and flexible methods and tools to systematically identify, prioritize and manage risks. It improves strategic planning, decision making, communication and accountability. Ultimately, it can significantly improve organizational performance to achieve its objectives.
“We Feel Uncertainty in Our Bones…” These are the opening words, Ram Charan, the noted business advisor used in his recent book, “The Attacker’s Advantage” (Perseus, 2015). Do these words ring true to you? Does this emotional sentiment apply in your workplace? Organizational disruptions, black swans, cyber-attacks and unexpected adverse events have become commonplace. In our fast-paced, interconnected digital world, risk is unavoidable. ERM offers an organization-wide platform and tailored approach to deal with uncertainty, threats, and opportunities.
Managing risk should be everyone’s responsibility. Risk-Based Thinking and Risk-Based Problem Solving® must be integrated into all facets and all levels of organizational planning, operations, performance management and controls. Risks and opportunities need to be continually identified, analyzed, prioritized and addressed. Ideally this ongoing process will be proactive, preventive, predictive and preemptive.
ERM offers myriad benefits if effectively implemented. It establishes a governance model and a framework for strategic planning and decision making. ERM determines risk appetite and creates a risk profile to identify, assess and treat risk. ERM promotes systems-thinking, transparency and continuous improvement. Most importantly, ERM can bring clarity to ambiguity and uncertainty, and resilience to adversity.
What will be required for Enterprise Risk Management to be transformative in the Federal Government? With thirty years of experience in leading, managing and mentoring transformation efforts in well over 100 organizations; I have seen the good, the bad and the ugly. In my experience, the most important ingredient is active and visible leadership involvement. Leaders must lead by example. Employees need to be engaged, involved and provided with the training, support, tools and time to carry out their responsibilities. A thoughtful, clear, structured and well-communicated plan is also required. Planning, reporting, reward and recognition and other organizational systems need to be linked and aligned to the new desired behaviors and measures. Finally, transformation takes time. Organizational maturity is not linear; it is a step-function. Be prepared for the long haul or the ERM effort is likely to become “the flavor of the month.”