How federal employees can become card-carrying experts on risk management

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.

The Office of Management and Budget raised the bar on enterprise risk management through an update to its Circular A-123 two years ago. Now federal employees can become card-carrying experts on the topic.

The Risk and Insurance Management Society (RIMS), along with the Association for Federal Enterprise Risk Management (AFERM), issued 65 new RIMS-CRMP-FED certifications to federal enterprise risk management professionals last Tuesday.

Advertisement

Tom Brandt, the IRS’s chief risk officer and president-elect of AFERM, said the new credential helps set a governmentwide standard for the skills and expertise risk analysts should have on the job, even though agencies still face challenges that are unique to their missions.

“I think what it is we’re tasked with accomplishing and the types of risk that can manifest do vary. There are some commonalities in risk that organizations will face around the workforce, human capital, IT, cyber, etc.,” Brandt said in an interview Monday. “But then when you look at the operational risk and what are the missions that we’re each tasked with delivering and what are the risks associated with those missions, there’s got to be some flexibility in the types of positions that support that work.”

While OMB’s update to Circular A-123 outlined a flexible ERM framework for agencies to follow, Cynthia Vitters, a managing director at Deloitte, and an AFERM board member, said the federal government still lacks a common career ladder for risk professionals.

“We certainly don’t see any risk analyst job series that have popped up yet. I think that it’s very possible that we could be moving into that direction,” Vitters said in an interview.

Part of the impetus behind the new credential, she added, was to better identify individuals to fill risk analysts positions in a “more streamlined way and also a more thoughtful way.”

Under the Obama administration, the Office of Personnel Management in 2012 created a new job series for Freedom of Information Act and Privacy Act personnel, the move aimed at elevating the work of transparency professionals.

But in the absence of a revamped job series for ERM professionals, Brandt said the certification does demonstrate that employees have the skills needed for the job.

“That is, I think, the one nice thing about this credential: Folks from any of those areas, if they’ve developed that base of knowledge and understanding and the practice of risk management, they can take the test and earn this credential, which can then demonstrate that they are well-equipped to support the practice of enterprise risk management in the federal sector,” he said.

Mixed results governmentwide on ERM implementation

A study released Oct. 26 by AFERM and the consulting company Guidehouse shows mixed results in how agencies have stood up ERM programs.

Nearly a quarter of the 21 agencies surveyed said they don’t have an ERM program in place, while half of the agencies have had ERM programs in place for one-to-three years, up from 37 percent in 2017.

Another 35 percent of agencies said they’ve implemented their ERM program for three-to-five years, more than double last year’s numbers.

“I think what we’ve seen is a significant increase in the number of agencies that are establishing enterprise risk management programs, developing risk profiles and really getting actively engaged in identifying and addressing risk,” Brandt said. “I think we’ve seen a lot of growth in the practice of enterprise risk management across the federal government and a number of practitioners who have taken this on as a core  responsibility on their day-to-day work within the agencies.”

AFERM worked with RIMS to create a micro-credential focused on federal enterprise risk management for its existing RIMS-Certified Risk Management Professional (RIMS-CRMP) certification.

“Through the research that we did in trying to identify what some of our credentialing options were, that was very attractive about the RIMS-CRMP and then being able to work with them in adding on this federal component was a way, I think, to offer those who are practitioners,” Brandt said.

“A strong enterprise risk management program, led by a strong risk professional can not only help identify emerging risks but, also, make important connections across the entity to more strategically address them,” RIMS Chief Operating Officer Annette Homan said in a statement. “RIMS-CRMP certification holders are invested and committed to their work and our newly awarded RIMS-CRMP-FED brings that same level of excellence to the public sector.”

Starting in January 2019, federal employees will be able to complete the RIMS-CRMP-FED testing will online.