Moving beyond ERM to Value Based Management
By Doug Webster
The practice of enterprise risk management in the federal government has come a long way since the first federal ERM summit in 2008, the foundation of AFERM in 2011, and the inclusion of ERM as a formal federal agency requirement in OMB A-11 in 2015. However, while agencies have generally made much progress in understanding risks across the enterprise, leveraging that understanding to optimally deliver value to the American public has met multiple obstacles.
Risk, per ISO 31000 and OMB A-123, is defined as the “effect of uncertainty on objectives.” However, managing that uncertainty does not ensure that the objectives sought reflect the best use of limited resources and funding, that the objectives support the mission and strategic goals of the organization, or that the customers and other stakeholders of the organization truly value the defined set of objectives. What is ultimately needed is a framework that: (1) applies a strategic planning process to define objectives that are valued by customers and other stakeholders, (2) that balances considerations of available budget, acceptable risk and levels of performance in establishing and pursuing those objectives, (3) ensures a governance process is in place to guide and monitor progress towards achievement of objectives, and (4) recognizes when and where organizational change management is needed to ensure the sustained support of appropriate staff.
Members of AFERM certainly understand the importance of risk management, and managing those risks as a portfolio using an ERM framework. However, we as a community of risk-aware professionals can provide much greater value if we are able to explain the critical role of risk management in guiding the successful delivery of needed services from federal agencies to the American public. Providing this explanation requires that the risk management community understands and communicates: (1) how risk management contributes to the delivery of services valued by recipients, and (2) how to engage with other participants in the process.
Delivery of valued services
While risk is the effect of uncertainty on objectives, managing that uncertainty does not ensure that those objectives provide the greatest value to the ultimate service recipients and other stakeholders. Delivering such stakeholder value certainly requires a broader conversation than the management of risk. For example, how much of available resources should be dedicated to achieving a particular objective when alternative uses of those resources may be available? To what level should product and service outcomes be established in cases where a less resource intensive alternative might be available, even if resulting is less robust outcomes? What is ultimately important is to understand how an organization can best align tradeoff considerations of product or service levels sought with resources available and risks acceptable, all in an effort to deliver results driven by strategic priorities. In short, how does an agency deliver overall greatest potential value to the American public, rather than focusing solely on greatest product or service delivery level, lowest cost, or least risk?
ERM practitioners can indeed become critical participants in such a conversation and action plan. However, this participation requires seeing the management of enterprise risk as not an end objective, but rather a critical element in a broader conversation of balancing cost, performance and risk through a strategic planning process. Unfortunately, few federal agencies have undertaken the needed policy and implementation steps to integrate these considerations through a governance process guided by agency leadership.
Agencies should begin this broader discussion of value maximization with a strategic planning process that explicitly identifies key agency stakeholders, understands what those various stakeholders consider to be of value, balances potential conflicts among stakeholders of what is considered to be of value, and uses that balance to guide desired outcomes. This strategic planning process should in turn guide discussion of the level of performance desired from specific products or services to deliver stakeholder value, the balancing of budget allocations to the set of products and services proposed for delivery, and the associated levels of optimal risk accepted for each product or service.
One useful tool in initiating this broad, cross-agency conversation is the Current State Assessment, illustrated below.
An agency that considers where its outputs and activities fit into this Venn diagram can gain useful insights into where it needs to either take new actions or modify existing actions. Identifying such potential areas for improvement to the delivery of stakeholder value, as part of a strategic planning process, can then lead to meaning discussions on how to best balance the alignment of performance, cost and risk for an agency’s set of proposed outputs meeting stakeholder needs.
In summary, risk management in general and ERM in particular are important to the effective management of any large organization. However, they should ultimately be part of a larger, integrated conversation around balancing cost, performance and risk for the benefit of the organization’s customers and other stakeholders. Without such integration, even the very best ERM program will be limited in its ability to deliver true customer value.
Further information on this subject may be obtained from the book Value Based Management in Government (Webster and Cokins, 2020), or contacting Doug Webster at dwebster@tfcci.net.