Description
Book SynopsisWinner of the 2017 Most Promising New Textbook Award by Textbook & AcademicAuthors Association (TAA)!
Practical guide to implementing Enterprise Risk Management processes and procedures in government organizations Enterprise Risk Management: A Guide for Government Professionals is a practical guide to all aspects of risk management in government organizations at the federal, state, and local levels. Written by Dr. Karen Hardy, one of the leading ERM practitioners in the Federal government, the book features a no-nonsense approach to establishing and sustaining a formalized risk management approach, aligned with the ISO 31000 risk management framework. International Organization for Standardization guidelines are explored and clarified, and case studies illustrate their real-world application and implementation in US government agencies. Tools, including a sample 90-day action plan, sample risk management policy, and a comprehensive implementation chec
Table of Contents
Figures, Tables, and Exhibits ix
Foreword xi
Preface: Managing Risk in the Current Federal Environment xiii
Introduction 1
State of Risk Management in Government 5
How This Book Should Be Used 7
Emerging Risks Today 7
Top Government Risks 10
Criteria 11
Profiles of Select High-Risk Areas in Government 13
Chapter One Why Enterprise Risk Management? 27
Status of ERM in the Government 29
Limitations to ERM 30
Risk Management: What It is and Why It Matters 32
What is Risk? 33
Evolution of Risk Management 36
Traditional Risk Management versus Enterprise Risk Management 38
U.S. Federal Government Policy on Risk Management 41
Establishing an Agency Risk Management Policy 46
ERM Policy and Practice in Canada 48
Linking ERM and Internal Control 54
What Are the Standards for Internal Control? 55
Assessing Internal Control Structures 68
Overall Internal Control Summaries 68
Chapter Two Examples of Risk Management in the Federal Government 81
Health Risks 82
Security Risks 82
Financial Risks 85
Transportation Safety Risks 86
External Risks 87
Case Study: Applying Risk Management in Government: National Institutes of Health 89
Case Study: National Archives and Records Administration 95
Chapter Three Managing and Communicating Risk 105
Writing Risk Statements 111
Developing a Risk Statement 112
Inventory of Risk Statements 113
Risk Assessment Techniques 120
Chapter Four Risk Management Frameworks and Standards 125
Why Voluntary Standards? A Look at OMB Circular A-119 126
GAO Risk Management Framework 129
ISO 31000: International Risk Management Standard 135
COSO ERM Integrated Framework 138
OCEG Red Book 2.0: 2009 140
FERMA: 2002 140
BS 31100: 2008 142
An Expanded View of ISO 31000 143
Chapter Five Risk and Performance Management 151
Risk and Performance: Government 153
Managing Risk to Performance 157
An Expanded View of Strategic Risk Management 160
Risk and Performance: Private Sector 167
Standard & Poor’s ERM Analysis 170
Chapter Six Building a Risk Culture 173
Risk Culture Survey 177
Chapter Seven ERM Maturity and Assessment 181
ERM Maturity Models 181
The Role of the Internal Auditor in ERM 194
Case Study: The Public Safety Canada Audit of Integrated Risk Management 196
Chapter Eight ERM Core Competencies 209
ERM Core Competency Survey 209
Summary of Survey Results 211
Federal versus State and Local Government Views of ERM 216
Chapter Nine ERM Best Practices of Federal Agencies 223
Ninety-Day Action Plan 223
Sample Implementation Plan 224
Words of Wisdom 225
Chapter Ten Conclusion 227
Notes 231
Appendix: Index of Survey Questions and Responses 243
About the Author 279
Index 281
