Modernizing ERM in Federal Agencies

Date: On Demand
Duration: 1 hour
Cost: No Fee

It’s been five years since the Office of Management and Budget mandated agencies establish a more holistic enterprise risk management focus. As it updated Circular A-123 in 2016, OMB introduced a governmentwide risk management program in an attempt to formalize this approach across the government.

Today agencies understand their risks, ranging from personnel to cybersecurity to the supply chain, in more and better ways than ever before. But by making better use of their data and technology, they can more rapidly help decision makers address and mitigate risks.

Dan Zitting, the CEO of Galvanize, said much of the progress over the last five years can be attributed to improved governance processes around risk management.

“I think these agencies are showing some really good progression toward best practices. I don’t always see that with government or commercial, as having quite that much clarity on having created these more broad ranging risk and governance committees. So I think that was really strong. It’s definitely a trend that way,” Zitting said on the discussion Modernizing ERM in Federal Agencies sponsored by Galvanize, a Diligent brand. “I think it’s stronger in certain industry verticals like banking, where this is a long time practice. But to see in these federal agencies stands out so much, I thought was a bit above average, quite frankly. And something that I encourage a lot of organizations to spend some more time thinking about.”

A survey by Federal News Network of six agencies found that there was no one-size fits all approach to governance. But each of the agencies who responded, which included the IRS, the U.S. Agency for International Development, the Nuclear Regulatory Commission, the Bureau of Fiscal Service, the Consumer Financial Protection Bureau and the Education Department’s Office of Federal Student Aid, highlighted the importance of applying cross-agency governance to improve their enterprise risk management.

Zitting credited OMB Circular A-123 for creating that accountability that led to the improved governance.

Driving that governance effort is, of course, data.

Zitting said survey respondents as well as other agencies are pushing hard to improve their analytics to create more quantified information for risk management.

“I thought there was some really good comments on things like, while we’re doing a better job of getting access to data and using data, it doesn’t always necessarily mean that we’ve translated the story of what that data is saying into something really meaningful and insightful,” he said. “I think that translation from hard, quantified data to a meaningful story and insight is the one that a lot of agencies struggle with. There wasn’t a lot of recognition about the use of more advanced data, in particular, using things like artificial intelligence and machine learning to perhaps identify or quantify things that we would not have thought to ask the question of your traditional analytics.”

One big challenge, Zitting said that is common across public and private sector organizations, is the ability to get the technical and mission folks to communicate more effectively.

“I think technology that is analyzing data and makes it more accessible to less technical people, but the kinds of folks who know the right questions to ask as really can really start help bridging that gap,” he said. “There are great cleansing tools that can help people in risk management or audit or other these kind of governance functions that can see what’s missing in the data and make recommendations. But I think the ultimate place for the agencies to get to is this idea of authoritative data lakes that that have been had been cleansed and having a data governance program that risk management can evaluate, rather than having to try and unwind what’s going on in the data themselves.”

Even with solid governance, cutting edge technology and authoritative data, Zitting said the final piece to this puzzle is the people. He said employees must have the skill sets to make enterprise risk management successful.

“I think we’re often times leaning really hard on the hope of kind of finding these unicorns that know everything about risk management, know everything about the technology, etc. That’s really hard,” he said. “Rather we need to think about how we build something that is more sustainable and that enables training for folks to grow into the more advanced use of technology, the more advanced techniques of risk management as we go. That’s a really big thing that I think is now starting to emerge as we all realize we need more people to fill these mandates like what A- 123 brings.”

Join moderator Jason Miller, Roth and Zitting as they discuss:

• CFPB’s approach to risk management
• Data and risk management
• Resilience and the CFPB
• Risk management priorities
• Survey takeaways
• Tools for a successful ERM program

Complimentary Registration
Please register using the form on this page or call (202) 895-5023. You may need to re-enter your registration information if you previously registered for this webinar and returned to page after clearing your cookies or using a private browser.

This program is sponsored by