General – Page 4 – AFERM Resource Library

“Risk Appetite” Statement – USAID (June 2018)

The purpose of the Risk Appetite Statement (hereinafter “Statement”) is to provide USAID (or “Agency”) staff with broad-based guidance on the amount and type of risk the Agency is willing to accept – based on an evaluation of opportunities and threats at an organizational level, and in key risk categories – to achieve the Agency’s mission and objectives. The Statement is a critical component in USAID’s overall effort to achieve effective Enterprise Risk Management (ERM), and the leadership of the Agency reviews and updates the Statement annually as the ERM program matures and needs evolve.

Download

Taking too long?

Reload document

Open in new tab

Download [462.91 KB]

CFOC: DATA Act of 2014 – “Data Quality Playbook”

Digital Accountability and Transparency Act of 2014 (DATA Act), and complying with OMB Memorandum M-18-16

Download

Taking too long?

Reload document

Open in new tab

Download [1.41 MB]

Lessons Learned the Hard Way: Enterprise Risk Management, Public Trust and the IRS

This article, reproduced with the permission of the Association of Government Accountants, discusses how Enterprise Risk Management has helped one federal agency recover from crisis and rebuild public trust.

Download

SUMMARY OF JUNE 2017 ERM WORKSHOP: BEYOND COMPLIANCE, DRIVING ORGANIZATIONAL VALUE

In June 2017, AFERM partnered with AGA to present the 2017 ERM Workshop: Beyond Compliance, Driving Organizational Value. More than 150 federal professionals participated in this forum, to share progress and best practices related to using ERM to drive organizational value. This summary report shares the information discussed during this workshop.

Download the Summary PDF

OMB Circular A-123, Appendix A (June 6, 2018)

Grounded in the President’s Management Agenda, this guidance will:
• Provide agencies the discretion needed to use Enterprise Risk Management and take a risk-based approach to internal controls over reporting;
• Eliminate over 100+ pages of burden and obsolete, overly prescriptive guidance to agencies; and,
• Supersede previous OMB guidance that may have provided a confusing foundation for audit criteria externally.

Download

Taking too long?

Reload document

Open in new tab

Download [199.04 KB]

DHS HQ Risk Lexicon

This is the second edition of the Department of Homeland Security (DHS) Risk Lexicon and represents an update of the version published in September 2008. More than seventy terms and definitions were included in the first edition of the DHS Risk Lexicon. The 2010 edition includes fifty new terms and definitions in addition to revised definitions for twenty-three of the original terms. It was produced by the DHS Risk Steering Committee (RSC). The RSC, chaired by the Under Secretary for the National Protection and Programs Directorate and administered by the Office of Risk Management and Analysis (RMA), has produced a DHS Risk Lexicon with definitions for terms that are fundamental to the practice of homeland security risk management and analysis.
The RSC is the risk governance structure for DHS, with membership from across the Department, formed to leverage the risk management capabilities of the DHS Components and to advance Departmental efforts toward integrated risk management. The DHS Risk Lexicon makes available a common, unambiguous set of official terms and definitions to ease and improve the communication of risk-related issues for DHS and its partners. It facilitates the clear exchange of structured and unstructured data that is essential to the exchange of ideas and information amongst risk practitioners by fostering consistency and uniformity in the usage of risk-related terminology for the Department. The RSC created the Risk Lexicon Working Group (RLWG) to represent the DHS risk community of interest (COI) in the development of a professional risk lexicon. The RLWG’s risk lexicon development and management process is in accordance with the DHS Lexicon Program. Terms, definitions, extended definitions, annotations, and examples are developed through a collaborative process that is open to all DHS Components.

Definitions are validated against glossaries used by other countries and professional associations. Terms, definitions, extended definitions, annotations, and examples are then standardized grammatically according to the conventions of the DHS Lexicon Program. All terms in the DHS Risk Lexicon were completed using this process and represent the collective work of the DHS risk COI. The DHS Risk Lexicon terms and definitions will be included as part of the DHS Lexicon, and future additions and revisions will be coordinated by the RSC and RLWG in collaboration with the DHS Lexicon Program.

The Business of Government Hour: Conversation with Authors with Tom Stanton and Doug Webster

An audio conversation with AFERM members Tom Stanton and Doug Webster discussing: What is Enterprise Risk Management? How can federal agencies successfully implement ERM? What are some of the key challenges implementing ERM? Join host Michael Keegan as he explores these questions and more with Doug Webster and Tom Stanton, authors of Improving Government Decision Making through Enterprise Risk Management.

Listen Online

Why ‘complete ERM’ is a myth

A CGMA Magazine article by Neil Amato. Risk oversight has grown in importance among all types of organisations this decade, but some of the gains can be attributed to public companies responding to US Securities and Exchange Commission (SEC) rules related to risk disclosures…

View Article Online

AGA Research Series: An Agency Guide for ERM Implementation

This AGA guide seeks to answer questions about: why ERM, how to integrate ERM into an agency’s culture and ways of doing business, and the value of ERM.

The guide is organized as follows:

Section I introduces ERM.
Section II discusses the design options for adding ERM to an agency’s processes. There is no one-size-fits-all. Rather, ERM can be viewed as a management tool that, to provide its benefits, requires a good organizational home and integration into other agency processes such as strategic planning, budgeting, and decision making.
Section III offers approaches to establishing the ERM function. ERM depends on widespread understanding of its benefits, and this section discusses how that can be achieved in an agency.
Section IV discusses the implementation of ERM and how all organizational components – agency managers and staff, the CRO, the risk committeerisk management committee, and especially agency leaders – fit together to make ERM a beneficial reality rather than merely an empty compliance exercise.
Finally, Section V concludes with observations about why ERM is such a powerful tool and how it differs from more traditional management approaches.

Download

OCC Appetite Risk Assessment

The Office of the Comptroller of the Currency (OCC) is an independent agency entrusted with unique powers and authorities to administer the federal banking system. The OCC established its Enterprise Risk Management (ERM) function in 2015 to identify and assess OCC’s mission-critical risks and support the agency in managing those risks. By establishing a systematic approach to identifying, assessing, and managing risk, the OCC intends to continually improve the agency’s governance, increase accountability, and enhance overall performance.

The Office of Enterprise Risk Management, led by the Chief Risk Officer, reports directly to the Comptroller of the Currency and administers the agency’s ERM framework. As part of the framework, the Risk Appetite Statement articulates the level and type of risk the agency will accept while conducting its mission. This statement is the result of a careful evaluation of how risks affect the agency’s ability to achieve its strategic goals.

The Risk Appetite Statement establishes risk tolerance in nine categories

Download