ABSTRACT

Government organizations face numerous risks, such as cyber-risks, natural disasters, the prospect of implementation failure, improper conduct, fraud and abuse and the risk of rapid unanticipated changes in policy or budgets. As budget constraints grow tighter for some agencies, a new type of risk – capacity risk – threatens to increase the gap between agency responsibilities and the resources available to meet those responsibilities. Agencies already may have risk management systems in place to address specialized risks in their operations. Loan and loan guarantee programs manage the risk of default on their loans, healthcare programs monitor for fraud risk and homeland security agencies manage risks of dangerous people getting onto airplanes or dangerous cargoes getting onto ships, for example. Enterprise risk management (ERM) complements these activities by eliciting information and investigating major risks of all types. Implementing ERM is a process that entails organizational change and requires many government agencies to overcome bureaucratic obstacles and barriers presented by the organizational culture in order to move beyond the basics. This chapter provides an overview of ERM and why it is a powerful management tool. It touches on ways ERM can add value to agency decisions and a range of agency operations, reviews lessons and key points from case studies and select special topics that highlight how leading public sector organizations have worked to overcome internal barriers and cultural obstacles. Finally, it concludes with a look at ERM as the sign of a new way to manage more effectively in the increasingly complex environment for government agencies.