Inevitably, agency ERM offices will receive a knock on the door and find that the IG or GAO has arrived to initiate an audit of the ERM program. To avoid being caught unprepared for the eventual audit, there are steps ERM teams can take to become “audit-ready.” In this session, we’ll share several tools, techniques and actions that can be deployed by ERM teams to assess a program’s overall level of audit readiness, identify gaps, and pinpoint opportunities for shoring up your preparedness now. Topics to be covered include: Using a Pre-Audit Readiness Assessment Tool (PART), Considering the CIGIE ERM Practitioner’s Guide for IGs, Leveraging Maturity/Capability Models, Proactively Communicating/Engaging with the IG, and more.

Reputational Risk and the Future of Trust: Using TrustIQ to Understand and Enhance Trust in Your Organization Deloitte understands that in today’s hyper-connected world, your organization’s reputation will drive your planning, strategy and purpose. Trust and reputation are inextricably linked, with trust being the foundation of all meaningful relationships between an entity and its various stakeholders at both the individual and organizational levels. A nice-to-have is now a must-have; a principle is now a catalyst; a value is now invaluable. In this session Deloitte’s Future of Trust practice will provide a demonstration of TrustIQ, a data-driven solution that assesses both internal and external perceptions of levels of trust in your organization. We will explore the various domains of trust, how to anticipate risks to your reputation before they manifest, and how to take action to enhance and build trust with your stakeholders.

This software demonstration/tour will highlight one of the hallmarks of rPM3 Solutions’ Aperitisoft™ software – its versatility. Using inherent features and easy user configuration, the software can support a wide range of different assessment applications. Clients are currently using Aperitisoft™ to assess information security posture (NIST & ISO 27001), environmental risk assessments (ISO 14000), project risk assessments, credit risk assessments, compliance assessments, and others. The software can also support third party risk assessments, health and safety assessments and risk-based selection of program / functional area audits.

During this session, Gary Bierc and Ken Fletcher demonstrate the versatility of the system configured to conduct a simple operational programs assessment using a set of basic criteria and automated assessment scoring.

This software demonstration/tour will show you how to manage you’re OMB A-123 requirements using rPM3 Solutions’ Aperitisoft™ software solution. This feature rich software was purpose-built to support ERM practitioners and logically structured to mirror the ERM process. A built-in survey tool supports risk identification, developing likelihood and impact factors, and risk evaluation and is easily tailored to meet your specific needs and unique requirements. The survey feature supports polling, interviews, and workshops, and simplifies collecting, compiling, and manipulating risk assessment information. Intuitive forms for entering information guide users through the ERM process from setting the context and risk identification through risk response planning & monitoring (including KRIs and linking to controls). Every aspect of your ERM process is captured in Aperitisoft™, so you won’t need to use excel spreadsheets or other Office suite products to get the job done.

In this session, Gary Bierc and Ken Fletcher will demonstrate how to use the software to conduct an agency strategic risk assessment.

Emerging risks are uncertain, but often hard-hitting. Executives often conclude that a response must be complex and costly, tempting them to delay action until the threat and need are proven. Getting more precise information about emerging risks to drive action is futile, but there is hope. Panelists will explore how risk leaders can identify emerging risks that require action, plus low-cost, low-regret responses that do not rise to the level of full risk mitigation.

Many organizations, both in the public and private sectors, have set up formal ERM programs with well-defined roles and responsibilities (e.g., establishing the risk framework, defining the risk taxonomy, generating and maintaining the risk register, facilitating risk reporting). However, many ERM programs find it challenging to demonstrate real value to their organizations and perform as an equal partner, both when strategic decisions are made and as they are followed through into implementation. The panelists will share their experiences on how leading institutions have ‘cracked’ the problem and engage the audience to share their perspectives, particularly focusing on what has worked well.

Results of Federal News Network’s ERM Survey

Have you ever wondered why some ERM programs are more successful than others? We believe that being a resilient leader is key to having a successful ERM program. Join us for a discussion on key attributes of a resilient leader and strategies that risk leaders can use to launch and sustain their ERM programs. In addition, we will discuss the current environment we find ourselves in. VUCA is a phrase used in the military, but we believe our current environment can be described as volatility, uncertainty, change, and ambiguity (VUCA). Our risk leaders on the panel will discuss ways in which we can all use ERM to systemically address VUCA.