This breakout discussion will address how ERM is currently applied in organizations and agencies and how it could be applied at the broader government level. This broader level might necessitate a CRO for the United States.

Governance, Risk and Compliance (GRC) technologies and data analytics are helping organizations automate manual processes, improve data quality, and gain insights into their data in new ways. This session will explore the criticality of GRC technology to managing risk portfolios with a lens on connecting data points to inform key strategic, operational, budgetary and acquisition decisions for an agency. The panel discussion will address the foundational elements, such as governance, people and process, needed within ERM and risk management programs to recognize technology benefits that have helped organizations improve insights into their data, mature and sustain their programs, and gain ERM adoption.

• How can we communicate the need for ERM to new leadership and gain their buy-in?
• How do we articulate ERM successes and demonstrate the value of ERM?
• How do we continue to mature ERM capabilities and sustain organization-wide engagement?

Current events demonstrate the potential for severe disruptions to services and product streams that we all rely on. Cybersecurity and Cyber Supply Chain Risk Management continue to be front-of-mind for federal agencies and risk managers. This session will highlight key strategies and tools presented in recent guidance issued by the National Institute of Standards and Technology (NIST) on these subjects to support effective risk reporting and integration with enterprise risk management efforts, and will provide lessons learned from practitioners.

The FDA and HUD panelists will provide strategies and tactics that support risk-informed decision-making. Both agencies’ speakers will describe changes they have made to their FY 2023 Budget processes to better communicate on and manage enterprise risks. These include both tools and templates as well as ideas on relationships to make sure to foster.

Integrating Environmental, Social, and Governance (ESG) issues is a critical step to understand and manage an organization’s full risk exposure. ESG captures critical issues that naturally align with risk – environmental concerns, such as climate impact, social issues such as diversity, equity, and inclusion, and governance, such as stewardship or sustainability.

Systemic risks are all around us – we’re all still living through the cascading systemic failures of COVID. Recent systemic failures like Texas Energy, SolarWinds, and the Microsoft Exchange hack demonstrate how global connectivity and new technology innovations are introducing new systemic risks at a level and of types never seen before.  But few leaders fully understand systemic risks or know how to mitigate them. This plenary session will explore how one point of failure in a complex system can threaten the entire system and how new threats evolve and can emerge over time.