Enterprise Risk Management

Winner of the 2017 Most Promising New Textbook Award by Textbook & Academic Authors Association (TAA)!Practical guide to implementing Enterprise Risk Management processes and procedures in government organizations Enterprise Risk Management: A Guide for Government Professionals is a practical guide to all aspects of risk management in government organizations at the federal, state, and local levels. Written by Dr. Karen Hardy, one of the leading ERM practitioners in the Federal government, the book features a no-nonsense approach to establishing and sustaining a formalized risk management approach, aligned with the ISO 31000 risk management framework. International Organization for Standardization guidelines are explored and clarified, and case studies illustrate their real-world application and implementation in US government agencies. Tools, including a sample 90-day action plan, sample risk management policy, and a comprehensive implementation checklist allow readers to immediately begin applying the information presented. The book also includes results of Hardy's ERM Core Competency Survey for the Public Sector; which offers an original in-depth analysis of the Core Competency Skills recommended by federal, state and local government risk professionals. It also provides a side-by-side comparison of how federal government risk professionals view ERM versus their state and local government counterparts. Enterprise Risk Management provides actionable guidance toward creating a solid risk management plan for agencies at any risk level. The book begins with a basic overview of risk management, and then delves into government-specific topics including: U.S. Federal Government Policy on Risk Management Federal Manager's Financial Integrity Act GAO Standards for internal control Government Performance Results Modernization Act The book also provides a comparative analysis of ERM frameworks and standards, and applies rank-specific advice to employees including Budget Analysts, Program Analysts, Management Analysts, and more. The demand for effective risk management specialists is growing as quickly as the risk potential. Government employees looking to implement a formalized risk management approach or in need of increasing their general understanding of this subject matter will find Enterprise Risk Management a strategically advantageous starting point.

Winner of the 2017 Most Promising New Textbook Award by Textbook & Academic Authors Association (TAA)!Practical guide to implementing Enterprise Risk Management processes and procedures in government organizationsEnterprise Risk Management: A Guide for Government Professionals is a practical guide to all aspects of risk management in government organizations at the federal, state, and local levels. Written by Dr. Karen Hardy, one of the leading ERM practitioners in the Federal government, the book features a no-nonsense approach to establishing and sustaining a formalized risk management approach, aligned with the ISO 31000 risk management framework. International Organization for Standardization guidelines are explored and clarified, and case studies illustrate their real-world application and implementation in US government agencies. Tools, including a sample 90-day action plan, sample risk management policy, and a comprehensive implementation checklist allow readers to immediately begin applying the information presented.The book also includes results of Hardy's ERM Core Competency Survey for the Public Sector; which offers an original in-depth analysis of the Core Competency Skills recommended by federal, state and local government risk professionals. It also provides a side-by-side comparison of how federal government risk professionals view ERM versus their state and local government counterparts.Enterprise Risk Management provides actionable guidance toward creating a solid risk management plan for agencies at any risk level. The book begins with a basic overview of risk management, and then delves into government-specific topics including:* U.S. Federal Government Policy on Risk Management* Federal Manager's Financial Integrity Act* GAO Standards for internal control* Government Performance Results Modernization ActThe book also provides a comparative analysis of ERM frameworks and standards, and applies rank-specific advice to employees including Budget Analysts, Program Analysts, Management Analysts, and more. The demand for effective risk management specialists is growing as quickly as the risk potential. Government employees looking to implement a formalized risk management approach or in need of increasing their general understanding of this subject matter will find Enterprise Risk Management a strategically advantageous starting point.

Figures, Tables, and Exhibits ixForeword xiPreface: Managing Risk in the Current Federal Environment xiiiIntroduction 1State of Risk Management in Government 5How This Book Should Be Used 7Emerging Risks Today 7Top Government Risks 10Criteria 11Profiles of Select High-Risk Areas in Government 13Chapter One Why Enterprise Risk Management? 27Status of ERM in the Government 29Limitations to ERM 30Risk Management: What It is and Why It Matters 32What is Risk? 33Evolution of Risk Management 36Traditional Risk Management versus Enterprise Risk Management 38U.S. Federal Government Policy on Risk Management 41Establishing an Agency Risk Management Policy 46ERM Policy and Practice in Canada 48Linking ERM and Internal Control 54What Are the Standards for Internal Control? 55Assessing Internal Control Structures 68Overall Internal Control Summaries 68Chapter Two Examples of Risk Management in the Federal Government 81Health Risks 82Security Risks 82Financial Risks 85Transportation Safety Risks 86External Risks 87Case Study: Applying Risk Management in Government: National Institutes of Health 89Case Study: National Archives and Records Administration 95Chapter Three Managing and Communicating Risk 105Writing Risk Statements 111Developing a Risk Statement 112Inventory of Risk Statements 113Risk Assessment Techniques 120Chapter Four Risk Management Frameworks and Standards 125Why Voluntary Standards? A Look at OMB Circular A-119 126GAO Risk Management Framework 129ISO 31000: International Risk Management Standard 135COSO ERM Integrated Framework 138OCEG Red Book 2.0: 2009 140FERMA: 2002 140BS 31100: 2008 142An Expanded View of ISO 31000 143Chapter Five Risk and Performance Management 151Risk and Performance: Government 153Managing Risk to Performance 157An Expanded View of Strategic Risk Management 160Risk and Performance: Private Sector 167Standard & Poor's ERM Analysis 170Chapter Six Building a Risk Culture 173Risk Culture Survey 177Chapter Seven ERM Maturity and Assessment 181ERM Maturity Models 181The Role of the Internal Auditor in ERM 194Case Study: The Public Safety Canada Audit of Integrated Risk Management 196Chapter Eight ERM Core Competencies 209ERM Core Competency Survey 209Summary of Survey Results 211Federal versus State and Local Government Views of ERM 216Chapter Nine ERM Best Practices of Federal Agencies 223Ninety-Day Action Plan 223Sample Implementation Plan 224Words of Wisdom 225Chapter Ten Conclusion 227Notes 231Appendix: Index of Survey Questions and Responses 243About the Author 279Index 281