DHS HQ Risk Lexicon

This is the second edition of the Department of Homeland Security (DHS) Risk Lexicon and represents an update of the version published in September 2008. More than seventy terms and definitions were included in the first edition of the DHS Risk Lexicon. The 2010 edition includes fifty new terms and definitions in addition to revised definitions for twenty-three of the original terms. It was produced by the DHS Risk Steering Committee (RSC). The RSC, chaired by the Under Secretary for the National Protection and Programs Directorate and administered by the Office of Risk Management and Analysis (RMA), has produced a DHS Risk Lexicon with definitions for terms that are fundamental to the practice of homeland security risk management and analysis.
The RSC is the risk governance structure for DHS, with membership from across the Department, formed to leverage the risk management capabilities of the DHS Components and to advance Departmental efforts toward integrated risk management. The DHS Risk Lexicon makes available a common, unambiguous set of official terms and definitions to ease and improve the communication of risk-related issues for DHS and its partners. It facilitates the clear exchange of structured and unstructured data that is essential to the exchange of ideas and information amongst risk practitioners by fostering consistency and uniformity in the usage of risk-related terminology for the Department. The RSC created the Risk Lexicon Working Group (RLWG) to represent the DHS risk community of interest (COI) in the development of a professional risk lexicon. The RLWG’s risk lexicon development and management process is in accordance with the DHS Lexicon Program. Terms, definitions, extended definitions, annotations, and examples are developed through a collaborative process that is open to all DHS Components.

Definitions are validated against glossaries used by other countries and professional associations. Terms, definitions, extended definitions, annotations, and examples are then standardized grammatically according to the conventions of the DHS Lexicon Program. All terms in the DHS Risk Lexicon were completed using this process and represent the collective work of the DHS risk COI. The DHS Risk Lexicon terms and definitions will be included as part of the DHS Lexicon, and future additions and revisions will be coordinated by the RSC and RLWG in collaboration with the DHS Lexicon Program.

SACoP Presentation: Enterprise Risk Management (ERM) and Cybersecurity

Risk management is a coordinated activity to communicate, direct and control challenges to agency goals and objectives. ERM risk profiles should capture A-123 risk and control objective assessments, including risks related to cybersecurity. This presentation developed by executives with the National Science Foundation (NSF) was presented at AFERM’s March 2018 Small Agency Community of Practice (SACoP) meeting. This presentation includes information related to FISMA and Financial Statement audit evaluations, IG management challenges, and cybersecurity risk management.

Download

ERM in Government Textbook: “Enterprise Risk Management: A Guide for Government Professionals”

Enterprise Risk Management: A Guide for Government Professionals is a practical guide to all aspects of risk management in government organizations at the federal, state, and local levels. Written by Dr. Karen Hardy, one of the leading ERM practitioners in the federal government, the book features a no-nonsense approach to establishing and sustaining a formalized risk management approach, aligned with the ISO 31000 risk management framework. International Organization for Standardization guidelines are explored and clarified, and case studies illustrate their real-world application and implementation in US government agencies. Tools, including a sample 90-day action plan, sample risk management policy, and a comprehensive implementation checklist allow readers to immediately begin applying the information presented.

The book also includes results of Hardy’s ERM Core Competency Survey for the Public Sector; which offers an original in-depth analysis of the Core Competency Skills recommended by federal, state and local government risk professionals. It also provides a side-by-side comparison of how federal government risk professionals view ERM versus their state and local government counterparts.

Enterprise Risk Management provides actionable guidance toward creating a solid risk management plan for agencies at any risk level. The book begins with a basic overview of risk management, and then delves into government-specific topics including:

  • U.S. Federal Government Policy on Risk Management
  • Federal Manager’s Financial Integrity Act
  • GAO Standards for internal control
  • Government Performance Results Modernization Act

The book also provides a comparative analysis of ERM frameworks and standards, and applies rank-specific advice to employees including Budget Analysts, Program Analysts, Management Analysts, and more. The demand for effective risk management specialists is growing as quickly as the risk potential. Government employees looking to implement a formalized risk management approach or in need of increasing their general understanding of this subject matter will find Enterprise Risk Management a strategically advantageous starting point.

Order Online

Risk Profile Tear Sheet

This is an example of a tear sheet for a top risk of a risk profile. Agency leaders can see everything they need to see about a risk and what is planned on one page.

Download

AGA Research Series: An Agency Guide for ERM Implementation

This AGA guide seeks to answer questions about: why ERM, how to integrate ERM into an agency’s culture and ways of doing business, and the value of ERM.

The guide is organized as follows:

  • Section I introduces ERM.
  • Section II discusses the design options for adding ERM to an agency’s processes. There is no one-size-fits-all. Rather, ERM can be viewed as a management tool that, to provide its benefits, requires a good organizational home and integration into other agency processes such as strategic planning, budgeting, and decision making.
  • Section III offers approaches to establishing the ERM function. ERM depends on widespread understanding of its benefits, and this section discusses how that can be achieved in an agency.
  • Section IV discusses the implementation of ERM and how all organizational components – agency managers and staff, the CRO, the risk committeerisk management committee, and especially agency leaders – fit together to make ERM a beneficial reality rather than merely an empty compliance exercise.
  • Finally, Section V concludes with observations about why ERM is such a powerful tool and how it differs from more traditional management approaches.
Download

UPS ERM Conversations – 2016

A 2016 Summit Presentation by Keith Cureton, VP Global Compliance & Ethics, ERM, UPS. Discusses the use of ERM conversations for risk management at UPS

Download