In successful organisations, risk management enhances strategic planning and prioritisation, assists in achieving objectives and strengthens the ability to be agile to respond to the challenges faced. If we are serious about meeting objectives successfully, improving service delivery and achieving value for money, risk management must be an essential and integral part of planning and decision-making. While risk practices have improved over time across government, the volatility, complexity and ambiguity of our operating environment has increased, as have demands for greater transparency and accountability for managing the impact of risks. This updated guidance builds on the previous Orange Book to help improve risk management further and to embed this as a routine part of how we operate.
Ask the Experts
Grounded in the President’s Management Agenda, this guidance will:
• Provide agencies the discretion needed to use Enterprise Risk Management and take a risk-based approach to internal controls over reporting;
• Eliminate over 100+ pages of burden and obsolete, overly prescriptive guidance to agencies; and,
• Supersede previous OMB guidance that may have provided a confusing foundation for audit criteria externally.
This is the second edition of the Department of Homeland Security (DHS) Risk Lexicon and represents an update of the version published in September 2008. More than seventy terms and definitions were included in the first edition of the DHS Risk Lexicon. The 2010 edition includes fifty new terms and definitions in addition to revised definitions for twenty-three of the original terms. It was produced by the DHS Risk Steering Committee (RSC). The RSC, chaired by the Under Secretary for the National Protection and Programs Directorate and administered by the Office of Risk Management and Analysis (RMA), has produced a DHS Risk Lexicon with definitions for terms that are fundamental to the practice of homeland security risk management and analysis.
The RSC is the risk governance structure for DHS, with membership from across the Department, formed to leverage the risk management capabilities of the DHS Components and to advance Departmental efforts toward integrated risk management. The DHS Risk Lexicon makes available a common, unambiguous set of official terms and definitions to ease and improve the communication of risk-related issues for DHS and its partners. It facilitates the clear exchange of structured and unstructured data that is essential to the exchange of ideas and information amongst risk practitioners by fostering consistency and uniformity in the usage of risk-related terminology for the Department. The RSC created the Risk Lexicon Working Group (RLWG) to represent the DHS risk community of interest (COI) in the development of a professional risk lexicon. The RLWG’s risk lexicon development and management process is in accordance with the DHS Lexicon Program. Terms, definitions, extended definitions, annotations, and examples are developed through a collaborative process that is open to all DHS Components.
Definitions are validated against glossaries used by other countries and professional associations. Terms, definitions, extended definitions, annotations, and examples are then standardized grammatically according to the conventions of the DHS Lexicon Program. All terms in the DHS Risk Lexicon were completed using this process and represent the collective work of the DHS risk COI. The DHS Risk Lexicon terms and definitions will be included as part of the DHS Lexicon, and future additions and revisions will be coordinated by the RSC and RLWG in collaboration with the DHS Lexicon Program.
Are you a member?
Not a member?
Enterprise Risk Management: A Guide for Government Professionals is a practical guide to all aspects of risk management in government organizations at the federal, state, and local levels. Written by Dr. Karen Hardy, one of the leading ERM practitioners in the federal government, the book features a no-nonsense approach to establishing and sustaining a formalized risk management approach, aligned with the ISO 31000 risk management framework. International Organization for Standardization guidelines are explored and clarified, and case studies illustrate their real-world application and implementation in US government agencies. Tools, including a sample 90-day action plan, sample risk management policy, and a comprehensive implementation checklist allow readers to immediately begin applying the information presented.
The book also includes results of Hardy’s ERM Core Competency Survey for the Public Sector; which offers an original in-depth analysis of the Core Competency Skills recommended by federal, state and local government risk professionals. It also provides a side-by-side comparison of how federal government risk professionals view ERM versus their state and local government counterparts.
Enterprise Risk Management provides actionable guidance toward creating a solid risk management plan for agencies at any risk level. The book begins with a basic overview of risk management, and then delves into government-specific topics including:
- U.S. Federal Government Policy on Risk Management
- Federal Manager’s Financial Integrity Act
- GAO Standards for internal control
- Government Performance Results Modernization Act
The book also provides a comparative analysis of ERM frameworks and standards, and applies rank-specific advice to employees including Budget Analysts, Program Analysts, Management Analysts, and more. The demand for effective risk management specialists is growing as quickly as the risk potential. Government employees looking to implement a formalized risk management approach or in need of increasing their general understanding of this subject matter will find Enterprise Risk Management a strategically advantageous starting point.
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) has unveiled an update to its Enterprise Risk Management – Integrated Framework and is seeking public comment of the proposal, from June 15 through Sept. 30. The update, Enterprise Risk Management — Aligning Risk with Strategy and Performance, is designed to address the needs of all organizations to improve their approach to managing new and existing risks as a way to help create, preserve, sustain, and realize value.
Link to COSO site: http://www.coso.org/ermupdate.html.