There is a distinct difference between simply meeting a requirement and creating something that adds value. Understanding this difference has been key to the growth of some of the most successful global companies but is often forgotten or ignored in the Federal world where innovation and effort are not driven by revenue motivation. With few resources, a complex organizational structure, and significant competing demands, developing and implementing an effective ERM program in the US Coast Guard is challenging. In this session, we will show how some of the same tools and approaches successful start-up companies and Venture Capitalists use to evaluate opportunity and create value are being used to build and transform the ERM program at the US Coast Guard.
Speakers: LCDR Lewis Motion, U.S. Coast Guard
Download
As successful ERM programs mature, the need to account for a broad range of stakeholder perspectives in the areas of program development, C-suite support functions, program assurance, internal and external oversight, and audit transparency grow. At HUD, aligning these different needs to help support honest lines of communication for ERM and actionable reporting has been an undertaking since day 1 of HUD’s ERM program. This panel will explore how risk-based assurance, continuous monitoring, and data analytics provide opportunities for agencies to improve performance and work more constructively with the OIG and other oversight bodies.
This session explored how risk management contributes to the ultimate goal of any organization: the delivery of maximum stakeholder value. Capturing the true value of ERM requires integration of results sought, resources allocated, and risks accepted and managed through a portfolio management process across the entire organization. Panelists shared their experiences, including challenges and end results.
Speaker: 
As agencies mature their ERM programs, greater value can be driven by leveraging ERM to support and strengthen other agency-wide management activities. These management activities (“petals”) are critical to mission success, and include Strategy, Budget, Performance, Cyber, Fraud, and Internal Control. This session will explore the various petals of ERM integration along with emerging “petals” including evidence-based decision making and program/portfolio management, how and when to coordinate your agency’s ERM program with these management activities, and provide tangible examples and lessons learned as takeaways for attendees.
Provided participants with information about best practices that the OIG community is employing to implement ERM activities and to facilitate the adoption of ERM for audit planning purposes. This session 1) shared best practices that the OIG community is employing as it relates to implementing ERM, 2) provide d information on ERM-related touch points between OIG and agencies, and 3) the use of ERM for audit planning.
Risks come in many forms and flavors, and agencies collect lots of data in various formats, both structured and unstructured. All of this data represents valuable pieces of information or context about risks. The Health Resources and Services Administration has implemented a data-driven approach to make faster and better informed risk-based decisions.
For many years, organizations have recognized that diversity and inclusion leads to better decision-making, increased productivity, and greater effectiveness. This session will explore how diversity in demographics, perspectives, and experiences and a culture of inclusion (employees feel valued, respected, and treated equitably) can enhance an organization’s ERM capabilities, resulting in better risk identification and decision-making, increased accountability, and agency-wide risk awareness.
The YMCA’s path to ERM was both a learning experience and an example of real success. Join Nancy Owens for a discussion of ERM at the YMCA, including how their thinking evolved about ERM over time, how they corralled their risks, how -they identify and manage risks, what their governance looks like and what role the audit committee plays, and how they filter on new priorities, all in the context of a not-for-profit organization.
Safeguarding the security and privacy of sensitive customer data has become a business critical requirement. Unfortunately, most struggle to effectively prioritize among the myriad cyber risks and to make a persuasive business case for mitigation, due to an inability to quantify cyber risks and a lack of a value-based ERM approach to cyber risk management. In this session, we discuss the cybersecurity and data privacy threat landscape and how a value-based ERM approach is used to identify and mitigate the key cyber risks and help a CISO align their priorities within the ERM program.