Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it's official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you're on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

erm

Enterprise Risk Management

The Enterprise Risk Management Priority Area focuses on promoting and facilitating a risk-aware culture across the federal government through comprehensive strategy-setting supported by quality data.

Goal Statement

Promote and facilitate a risk-aware culture across the federal government by developing a Federal ERM framework and strategies. Promote integrated strategy-setting with performance and cost management practices that are supported by quality data that agencies can rely on to manage risk in creating, preserving, and realizing value. Drive resource prioritization and allocation by leveraging risk-informed decisions across the Federal government.

Challenges

The Federal government provides essential programs and services to the American people in an environment of increasing complexity, disruption, and rapid change. Agencies face greater scrutiny and expectations from stakeholders to manage these risks more effectively, yet the government, by and large, has adopted a risk-averse culture that has limited discussions about risk appetite and tolerance. Budget uncertainties present agencies with difficult decisions on priorities and trade-offs, especially when faced with increasingly burdensome compliance and reporting mandates. Without risk-informed decision-making, these tradeoffs are often made at lower levels of management.

Opportunities

Approaching the 3-year anniversary of the introduction of ERM in OMB guidance presents an opportunity for the Federal Government to greatly advance the maturity of ERM to improve program mission accomplishment, contingency planning while driving risk-informed decision making and resource prioritization.

The Enterprise Risk Management Priority Area strategic approach is featured below:

The Enterprise Risk Management Priority Area strategic approach features the following 4 strategies. These strategies build on one another. Strategy 1: Identify and Build on Best Practices / Successes: ERM Framework Standards, Processes, Procedures 2020 update to Federal ERM Playbook v.1.1 ERM Training and  Technical Support ERM Workforce  Development Agency Best Practices Strategy 2: Standardize and Implement a Federal ERM Maturity Model Develop Federal ERM Maturity model and Assessment Methodology Conduct agency assessment of ERM Capacity and Maturity Strategy 3: Integrate Risk Management Practices Develop strategy for integration with Core Mission and Mission Support Functions Establish and lead surge Work Groups for ERM Integration on Special Topics/Needs Strategy 4: Facilitate Constructive ERM Coordination Develop strategy for  constructive engagement and  coordination with: Inspectors General Government Accountability Office Congress / Legislative  Proposals Non-Governmental Entities Enlarge
The Enterprise Risk Management Priority Area strategic approach features the following 4 strategies. These strategies build on one another. Strategy 1: Identify and Build on Best Practices / Successes: ERM Framework Standards, Processes, Procedures 2020 update to Federal ERM Playbook v.1.1 ERM Training and  Technical Support ERM Workforce  Development Agency Best Practices Strategy 2: Standardize and Implement a Federal ERM Maturity Model Develop Federal ERM Maturity model and Assessment Methodology Conduct agency assessment of ERM Capacity and Maturity Strategy 3: Integrate Risk Management Practices Develop strategy for integration with Core Mission and Mission Support Functions Establish and lead surge Work Groups for ERM Integration on Special Topics/Needs Strategy 4: Facilitate Constructive ERM Coordination Develop strategy for  constructive engagement and  coordination with: Inspectors General Government Accountability Office Congress / Legislative  Proposals Non-Governmental Entities

Below is the Executive Steering Committee organizational structure for the Enterprise Risk Management Priority Area:

Hierarchy Row 1 (from top): Executive Steering Committee (DOD, DOJ, FDIC, HHS, IRS, OMB, SBA, Treasury, VA) Hierarchy Row 2: Identify and Build on Best Practices for ERM ERM Standards, Processes, Procedures Workforce, WG ERM Playbook 1.1 Update Committee Playbook WG(s) Standardize and Implement Federal ERM Maturity Model ERM Maturity Model Maturity Model WG Agency ERM Maturity Assessment Integrate Risk Management Practices Strategic Reviews and Performance Information Technology and Systems Cybersecurity WG Budget Formulation and Resource Prioritization Budget WG Internal Control & Assurances Fraud WG (FDRAA) Surge Work Groups Lapse (2019) Facilitate Constructive ERM Coordination Legislative Branch/GAO/Congress Non Governmental Inspector Generals IG Coordination WG Enlarge
Hierarchy Row 1 (from top): Executive Steering Committee (DOD, DOJ, FDIC, HHS, IRS, OMB, SBA, Treasury, VA) Hierarchy Row 2: Identify and Build on Best Practices for ERM ERM Standards, Processes, Procedures Workforce, WG ERM Playbook 1.1 Update Committee Playbook WG(s) Standardize and Implement Federal ERM Maturity Model ERM Maturity Model Maturity Model WG Agency ERM Maturity Assessment Integrate Risk Management Practices Strategic Reviews and Performance Information Technology and Systems Cybersecurity WG Budget Formulation and Resource Prioritization Budget WG Internal Control & Assurances Fraud WG (FDRAA) Surge Work Groups Lapse (2019) Facilitate Constructive ERM Coordination Legislative Branch/GAO/Congress Non Governmental Inspector Generals IG Coordination WG
The Executive Steering Committee membership for the Enterprise Risk Management Priority Area includes:
  • Office of Management & Budget
  • Department of Defense
  • Health and Human Services
  • Department of Treasury
  • Internal Revenue Service
  • Department of Veterans Affairs
  • Federal Deposit Insurance Corporation
  • Small Business Administration
  • Department of Justice

07/28/2016

Enterprise Risk Management (ERM) Playbook Released

Today, the Chief Financial Officers Council (CFOC) and the Performance Improvement Council (PIC) release the Playbook.

Read More