Editor’s Note: Today, the Office of Management and Budget (OMB) released an update to Circular A-123, “Management’s Responsibility for Enterprise Risk Management (ERM) and Internal Control.” I sat down with David Mader, Controller at OMB, to discuss the importance of today’s update and to get his take on the future of ERM. A summary of the conversation is below.
Q: I’d like to start off with a simple question for those who may not be familiar. What is Enterprise Risk Management (ERM)?
Controller Mader: The President has made clear his commitment to a modern Federal government that delivers better services for the American people, including leveraging the best practices of the private sector to improve efficiency and effectiveness. Enterprise Risk Management (ERM) is a part of that strategy. ERM has been a common practice in the private sector for years now, and it’s not entirely new to government either. And rightly so. ERM places the focus on identifying, measuring, and assessing challenges related to mission delivery in advance—well before those challenges can become issues. As such, ERM can help create and protect value of assets, address uncertainties during decision-making, and facilitate the continual improvement of an organization.
Take for example a goal many can relate to—getting to work on time in the morning. Though as simple as getting from point A to B, there are risks involved. The metro could be single-tracking, there could be traffic along a common route, or your car could get a flat tire, to name a few. By identifying these risks in advance (before getting stuck in a stalled train or traffic), one can take necessary precautions to mitigate their effects—or in this case, still make it to work at a reasonable time.
That’s what ERM does—it identifies the range of possible events, or the full spectrum of an organization’s significant risks. This encompasses all areas, such as financial, operational, reporting, compliance, governance, strategic, reputational, and others. Moreover, ERM helps leaders understand the combined impact of risks as an interrelated portfolio, rather than addressing them within individual silos. In other words, ERM pulls all the challenges together from various parts of the organization to ensure that a portfolio view of risk is available at the highest levels of leadership to help inform decision-making. It might sound nerdy or even dry. But it’s critically important to an organization’s success.
Q: How will today’s update to OMB Circular A-123 change the way the Federal Government operates?
Controller Mader: Today’s release of the updated OMB Circular A-123 expands and strengthens best practices already in place across the Federal Government. We’ve seen these practices work successfully across multiple Federal agencies, including the Federal Student Aid office at the Department of Education, the Bureau of Fiscal Service at Treasury, and Census at Commerce. This work also builds off of our annual Strategic Reviews, which were established after the passage of the Government Performance and Results Act (GPRA) Modernization Act of 2010 to help agencies make better informed budget, legislative, and management decisions by providing an annual assessment of various challenges.
In order to take these Enterprise Risk Management practices government-wide, the updated Circular requires agencies to establish an integrated governance structure to implement an ERM capability and improve mission delivery, reduce costs, and focus corrective actions towards key risks. As a part of this, agencies are required to draft risk profiles—an analysis of the risks an agency faces to achieving its strategic objectives, as well as key operational, compliance, and reporting objectives. Further, the Circular establishes risk reporting processes to monitor whether or not the risk profile has changed and to identify if and/or when further action is needed.
Q: What steps can agencies take to quickly and effectively implement ERM capabilities in their day-to-day operations?
Controller Mader: Implementation of the updated Circular should leverage existing offices or functions within agencies that currently monitor risks and the effectiveness of the organization’s internal controls. Agency Chief Financial Officers (CFOs) typically oversee A-123 implementation, but the new ERM provisions will require engagement by all agency management. In particular, they will require leadership from the agency Chief Operating Officer and Performance Improvement Officer, and close collaboration across all agency mission and mission-support functions.
To further support agency implementation, an interagency, cross-discipline team has developed the ERM Playbook, which the CFO Council and the Performance Improvement Council will issue in the coming months. The Playbook provides best practices and other advice captured across agencies to support agency Circular A-123 implementation efforts. It will continue to evolve over time and organizations at all levels of maturity can use it as a resource to continue improvements in their ERM effectiveness.
Q: What’s next? Do you think the policy changes announced today will live beyond the Obama Administration?
Controller Mader: ERM is a good management tool that has already saved the Federal Government funding, but, more importantly, taxpayer dollars. The progress to date makes a very strong case for the benefits of ERM, and this Administration remains committed to institutionalizing the practice so it continues to benefit American taxpayers well into the future. By making ERM a routine, ingrained practice in the Federal Government, we’re arming agency leaders, new or incumbent, with the insight necessary to make risk-aware decisions and meet strategic missions quickly and successfully. The government’s internal operations have a powerful impact on service to its citizens, and this Administration has made transformation of management practices within the Federal Government a key priority.
Abdullah Hasan is the Assistant Press Secretary at the White House Office of Management and Budget.