risk management

Typically, we think of the GAO focusing on territory familiar to auditors, which is what most of the high risk list does:  managing federal real property, DOD supply chain management, NASA acquisitions management, modernizing federal disability programs.  But now it has added a politically-charged topic to its list, but has taken the middle of the road on the topic.

As the world becomes more digitized and interconnected, the door to emerging threats and proprietary data leaks has opened wider. The number of security breaches affecting enterprises across numerous industries continues to grow, seemingly day-by-day. Once a topic restricted to the IT organization, it is now unquestionably a C-suite priority. A strong plan for risk management throughout the organization has become essential.

Engaging leaders in protecting an organizations’ cyber, IT, and information assets is a critical starting point to effective security. A next logical step for any government or commercial organization is to leverage risk management and analytics to implement a mission-based security program. As organizations move forward, guidance from NIST and evolving capabilities in industry are merging to paint a path forward for agencies to follow.

So government, by nature, oftentimes puts itself at financial or reputational risk on a regular basis. Risk is not necessarily bad. After all, avoiding risk might mean that the FAA would ground all flights to prevent crashes! So, finding ways to manage risk is essential.

John Kamensky Series of Articles on Procurement Reform. Federal News Radio asks: “Is it time for fresh procurement reform or just a rereading of existing law?” And its staff has responded with over a dozen stories over the course of the week, covering more discrete topics such as a 20-year timeline of reforms, pointers on program management, the importance of leadership and organizational culture, and more. A great collection, worth the time of anyone trying to understand the breadth of issues involved. Cathleen Garman, Designated Expert.

The Department of Educaton (ED) maintains many risk management tools, two of which are new: the State Score Cards and the Entity Risk Review. This report explains how these two tools are being used and provides examples of how risk management tools have been used to track the progress of two high risk grantees: Detroit Public Schools and Puerto Rico. Based on their examination of the ED experience, the authors present a series of lessons learned and recommendations for other agencies.

Risk experts Doug Webster and Tom Stanton think not. Writing in a new report for the IBM Center for The Business of Government, they observe: “The front pages of national newspapers constantly report on actions by private companies, federal leaders, or agencies that do not appear to have considered the risks associated with various decisions and actions.

How can new leaders quickly gain situational awareness?  How can they harness ongoing processes like budget formulation and performance reporting as inputs for decision- making? How can they use and integrate expertise such as risk management and strategic foresight into actionable information? Are there decision-making frameworks and models that leaders can adapt to produce faster decisions based upon evidence? 

In their HBR article, “Managing Risks:  A New Framework,” Kaplan and Mikes say: “risk management is too often treated as a compliance issue that can be solved by drawing up lots of rules and making sure that all employees follow them.”