Enterprise risk management, a concept that can mean different things to different people, is gaining a foothold in federal Washington. The Office of Management and Budget is making it a centerpiece of the next version of A-123, a key policy on internal controls.
That document is expected out later this year. But enterprise risk management already is standard practice at some agencies, usually those that have had to rebound from crises. The Census Bureau fits into that category. Nancy Potok served as the bureau’s chief financial officer during the 2000 decennial census. At that time, the agency primarily viewed its major risks in terms of finances and labor. It had hired hundreds of thousands of new, temporary workers to help with the count. Not only was that a major human resources challenge, but the new employees had government charge cards. Potok and her colleagues worried about abuse of those credit lines.
Today, the Bureau still worries about charge cards and a once-a-decade swell in employees, said Potok, who is now the deputy director and chief operating officer. But those aren’t the only risks.
“The difference is looking at the entire environment,” she said. “Enterprise risk management is taking a much more holistic approach. The [chief information officer] and CFO are integral parts of risk management, but we’re involving — at the executive level — leadership of the Census Bureau across all program lines to see risk.”
Those risks include not just the execution of the 2020 Census, but the 2017 economic census and other smaller surveys, Potok said.
What accounts for the change in approach between 2000 and 2015? While Potok was not at the Census Bureau at the time, she credited a 2008 contracting scandal for motivating the agency’s embrace of enterprise risk management. Then Director Stephen Murdock testified to Congress that several key contracts for the 2010 census were sound. They collapsed just weeks later and the agency scrambled to put together a Plan B.
“One of the root causes of the massive failure of these very large contracts was that the people on the frontlines did not feel comfortable raising the issues. The leaders of the organization had no idea how bad things were,” said Potok, who was not at the Census Bureau at the time.
“That was a clue that enterprise risk management, or at least a culture of people being comfortable raising information, could’ve been helpful and saved the government a billion dollars,” she said.
Potok spoke Tuesday at an event on enterprise risk management hosted by the Consortium for Advanced Management-International in Alexandria, Virginia.
Even now, many years and much effort later, the legacy of that 2008 debacle lives on at the Census Bureau, Potok said. Employees, especially those who have been around for a while, need encouragement to come forward with problems.
“My biggest problem is getting information. By the time it gets to me, it’s been so filtered,” she said. “People only want to tell me the good-news story. That’s bad from a risk-management standpoint. I want to address the problems before they become a crisis. Getting people to understand that it’s their job to elevate that information, that they won’t be punished, that they don’t have to solve everything by themselves, is a huge culture change because people are used to, ‘If I say something is wrong with my program, I will get punished.'”
To change that mentality, the Census Bureau has tried to prove it can handle the bad news in a positive way, she said.
“When people come forward early with problems, they’re getting help. They’re not getting punished,” she said. “When you can see that your leadership is redeploying resources, paying attention and is listening, it does encourage people.”
On the flip side, she said, employees get in trouble for hiding critical information.
As other agencies move toward enterprise risk management, Potok cautioned the change won’t happen overnight, or even in a year or two. At the Census Bureau, it’s six years and counting.
“You have to be in it for the long term,” she said. “You have to have leadership that’s willing to roll up their sleeves and work together. You have to walk the walk, put the incentives in place, and move the resources around.”