Synopses & Reviews
Based on the author's IBM Center for the Business of Government Report, Managing Risk in Government: An Introduction to Enterprise Risk Management, the book is a practical guide to all aspects of risk management in government organizations at the federal, state and local levels. Key to the content is alignment with ISO 31000, an internationally recognized framework issued in 2009 by the International Organization for Standardization (ISO) which provides guidelines on establishing and sustaining a formalized risk management approach that can be adopted by any organization – including public, private, not-for-profit and government organizations.
Table of Contents
Foreword (
Introduction
• The Public Administrator as Risk Manager
• Risk Management: What It Is and Why It Matters
• Evolution of Risk Management
Foundations of Success:
• ISO31000- the Risk Management Standard for Decision-makers
Risk Management in Government Agencies
U.S. Federal Government Policy on Risk Management
Federal Manager’s Financial Integrity Act
OMB Circular A-119
GAO Standards for Internal Control
• Risk Management Policies in Foreign Provinces
• Risk Management in State Government
• Examples of Risk in the Federal Government
• Select Case Studies
Centers for Disease Control and Prevention
BP Oil Spill
• Select Risk Assessment Report Analysis
o National Archives and Records Administration
o Federal Housing Administration
o Mortgage Financing: FHA and Ginnie Mae
International View of ISO31000 in Public Agencies
Why Enterprise Risk Management in the Federal Government
• Overview
• Limitations to ERM
• ERM Frameworks & Standards: A Comparative Analysis
• Operational, Financial and Strategic Risk
• Quantifying and Qualifying Risk: Tools for Action
Risk and Performance Management
• Government Performance Results Modernization Act
o Understanding Strategic Risk
• Risk and Performance Reporting in Private Sector Organizations
• The U.S. Government Accountability Office High Risk List
o Top Government Risks
• Understanding and Building a Risk Maturity Capability Model in your Agency
Risk Management and the Government Employee
• ISO31000 for the Budget Analyst
• ISO31000 for the Grants Management Specialist
• ISO31000 for the Program Analyst
• ISO31000 for the Management Analyst
• ISO31000 for the Administrative Officer
Building a Risk Culture: Behaviors, Skills, and Competencies
• 2013 Survey Results from FederalERM.org
Risk Management Tools, Templates and Resources
• Sample Risk Management Policy
• Sample 90-Day Plan of Action
• Implementation Checklist for ISO31000
Risk Vocabulary
Synopsis
Winner of the 2017 Most Promising New Textbook Award by Textbook & Academic Authors Association (TAA)
Practical guide to implementing Enterprise Risk Management processes and procedures in government organizations Enterprise Risk Management: A Guide for Government Professionals is a practical guide to all aspects of risk management in government organizations at the federal, state, and local levels. Written by Dr. Karen Hardy, one of the leading ERM practitioners in the Federal government, the book features a no-nonsense approach to establishing and sustaining a formalized risk management approach, aligned with the ISO 31000 risk management framework. International Organization for Standardization guidelines are explored and clarified, and case studies illustrate their real-world application and implementation in US government agencies. Tools, including a sample 90-day action plan, sample risk management policy, and a comprehensive implementation checklist allow readers to immediately begin applying the information presented.
The book also includes results of Hardy's ERM Core Competency Survey for the Public Sector; which offers an original in-depth analysis of the Core Competency Skills recommended by federal, state and local government risk professionals. It also provides a side-by-side comparison of how federal government risk professionals view ERM versus their state and local government counterparts.
Enterprise Risk Management provides actionable guidance toward creating a solid risk management plan for agencies at any risk level. The book begins with a basic overview of risk management, and then delves into government-specific topics including:
- U.S. Federal Government Policy on Risk Management
- Federal Manager's Financial Integrity Act
- GAO Standards for internal control
- Government Performance Results Modernization Act
The book also provides a comparative analysis of ERM frameworks and standards, and applies rank-specific advice to employees including Budget Analysts, Program Analysts, Management Analysts, and more. The demand for effective risk management specialists is growing as quickly as the risk potential. Government employees looking to implement a formalized risk management approach or in need of increasing their general understanding of this subject matter will find Enterprise Risk Management a strategically advantageous starting point.
Synopsis
Practical guide to implementing Enterprise Risk Management processes and procedures in government organizationsEnterprise Risk Management: A Guide for Government Professionals is a practical guide to all aspects of risk management in government organizations at the federal, state, and local levels. Written by Dr. Karen Hardy, one of the leading ERM practitioners in the Federal government, the book features a no-nonsense approach to establishing and sustaining a formalized risk management approach, aligned with the ISO 31000 risk management framework. International Organization for Standardization guidelines are explored and clarified, and case studies illustrate their real-world application and implementation in US government agencies. Tools, including a sample 90-day action plan, sample risk management policy, and a comprehensive implementation checklist allow readers to immediately begin applying the information presented.
The book also includes results of Hardy's ERM Core Competency Survey for the Public Sector; which offers an original in-depth analysis of the Core Competency Skills recommended by federal, state and local government risk professionals. It also provides a side-by-side comparison of how federal government risk professionals view ERM versus their state and local government counterparts.
Enterprise Risk Management provides actionable guidance toward creating a solid risk management plan for agencies at any risk level. The book begins with a basic overview of risk management, and then delves into government-specific topics including:
- U.S. Federal Government Policy on Risk Management
- Federal Manager's Financial Integrity Act
- GAO Standards for internal control
- Government Performance Results Modernization Act
The book also provides a comparative analysis of ERM frameworks and standards, and applies rank-specific advice to employees including Budget Analysts, Program Analysts, Management Analysts, and more. The demand for effective risk management specialists is growing as quickly as the risk potential. Government employees looking to implement a formalized risk management approach or in need of increasing their general understanding of this subject matter will find Enterprise Risk Management a strategically advantageous starting point.
Table of Contents
Foreword
Preface: Managing Risk in the Current Federal Environment
Environmental Factors
Introduction
State of Risk Management in Government
Roadmap: How this book should be used
Emerging Risks Today
Top Government Risks
Profiles of Select High Risk Areas in Government
Chapter One: Why Enterprise Risk Management?
State of ERM in Government
Limitations to ERM
Risk Management: What It Is and Why It Matters
What Is Risk?
Evolution of Risk Management
Traditional Risk Management versus Enterprise Risk Management
U.S. Federal Government Policy on Risk Management
Establishing an Agency Risk Management Policy
ERM Policy and Practice in Canada
Linking ERM to Internal Controls
What Are the Standards for Internal Control?
Assessing Internal Control Structures
Chapter Two: Examples of Risk Management in the Federal Government
Health Risk
Security Risk
Financial Risk
Transportation Safety Risk
External Risk
Credibility/Reputation Risk
Case Study: Applying Risk Management in Government: National Institutes of Health
Case Study: Applying Risk Management in Government: National Archives and Records Administration
Chapter Three: Managing and Communicating Risk
Writing Risk Statements
Developing a Risk Statement
Inventory of Risk Statements
Risk Assessment Techniques
Chapter Four: Risk Management Frameworks and Standards
Why Voluntary Standards? A Look at OMB Circular A-119
Comparison of Standards and Frameworks
GAO Risk Management Framework
ISO 31000: International Risk Management Standard
COSO ERM Integrated Framework
OCEG Red Book 2.0: 2009
FERMA 2002
BS 31100: 2008
An Expanded View of ISO 31000
Chapter Five: Risk and Performance Management
Risk and Performance: Government
Managing Risk to Performance
An Expanded View of Strategic Risk Management
Risk and Performance: Private Sector
Standard & Poor’s ERM Analysis
Chapter Six: Building a Risk Culture
Chapter Seven: ERM Maturity and Assessment
ERM Maturity Models
The Role of the Internal Auditor in ERM
Case Study: The Public Safety Canada Audit of Integrated Risk Management
Chapter Eight: ERM Core Competencies
ERM Core Competency Survey
Summary of Survey Results
Federal versus State and Local Government Views of ERM
Chapter Nine: ERM Best Practices of Federal Agencies
Ninety-Day Action Plan
Sample Implementation Plan
Words of Wisdom
Chapter Ten: Conclusion
Notes
Index of Survey Questions and Responses
About the Author