In a statement released today, the Association for Enterprise Risk Management (AFERM) draws attention to and provides clarification regarding a growing area of confusion in the realm of government enterprise risk management (ERM). In the statement, AFERM notes some of the distinctions between ERM and Risk Management and highlights the negative effect of conflating the two.
AFERM highlights positive engagement from oversight bodies including the Government Accountability Office (GAO) and various inspectors general, but also notes: “in some instances, additional purposes and roles are ascribed to ERM. This risks blurring the distinction between ERM and Risk Management, undermining the intent of ERM, and creating misperceptions about its proper use” AFERM states “ERM is becoming the defacto substitute for all manner of risk management related recommendations emanating from audit reports and other areas… in many cases, the recommendations being made are more appropriate for traditional risk management practices rather than ERM.”
AFERM closes the statement stating that “ERM, when practiced appropriately, enables a holistic and organization-wide view of the most significant risks that could impact an agency in achieving its mission. It should not be diluted into a one-size fits all or catch-all for anything risk management related in government.”