Risky business: A framework for risk management in federal government
The federal government faces enormous risks carrying out its mission every day from addressing management challenges, such as aging IT systems, to responding to national emergencies such as the COVID-19 pandemic. Enterprise risk management helps agencies identify, prioritize and respond to these risks to improve decision-making and program outcomes in an ever-changing environment, according to a new issue brief called Mastering Risk: Ways to Advance Enterprise Risk Management Across Government.
Last month, the Partnership for Public Service and Deloitte held a virtual release event for the issue brief, which explores progress and achievements in federal ERM and identifies leading practices to make it an integral part of agency management.
Keynote speaker Spyro Karetsos, chief risk officer at TD Ameritrade, reflected on his early career in risk management at the Federal Reserve System, where he helped launch the organization’s first ERM program. To attract support for and adoption of ERM within the Federal Reserve, he connected everyday life with key risk concepts, using examples such as the risk and reward involved in retirement planning. These examples illustrated to agency stakeholders how the principles they use to manage risk in their personal lives can translate to the agency’s business activity.
“At the end of the day, if we could teach people that you could manage risk in your life using some technique or framework, then ultimately it doesn’t matter what type of institution you are,” he said. “[By encouraging this mindset,] we can have people think about managing their businesses and managing risk for the entity.”
Karetsos also shared his framework for weaving ERM into the fabric of an organization:
- Create a strong risk governance structure. A risk governance structure creates the processes and mechanisms leaders use to implement, direct and oversee risk management. To strengthen the effectiveness of these activities, use data to determine if the risks your organization takes on are appropriate.
- Understand risk appetite, or the amount of risk an organization is willing to accept. Your organization should create risk appetite statements that are reviewed by agency leaders every two to three years to make sure they are effectively guiding the organization’s work and are aligned with the organization’s strategic goals.
- Monitor risk level and respond when your organization is taking on too much or too little risk. “Optimizing risk, where you’re not taking too much or too little, is very essential to the elements of this framework,” he said. “And how do you optimize risk? Well, you determine the risk appetite that you’re willing to tolerate to achieve those objectives.”
Read Mastering Risk: Ways to Advance Enterprise Risk Management Across Government for additional steps leaders can consider to make ERM a critical function of agency operations.
Watch the full recording of the virtual release event below.