Risk management is a coordinated activity to communicate, direct and control challenges to agency goals and objectives. ERM risk profiles should capture A-123 risk and control objective assessments, including risks related to cybersecurity. This presentation developed by executives with the National Science Foundation (NSF) was presented at AFERM’s March 2018 Small Agency Community of Practice (SACoP) meeting. This presentation includes information related to FISMA and Financial Statement audit evaluations, IG management challenges, and cybersecurity risk management.