- This topic has 5 replies, 4 voices, and was last updated 9 months ago by
.
-
Posts
-
-
Hello ERM Community,
AFERM has developed a Federal ERM Practice Document which lays out a voluntary, suggested set of practices for ERM in the federal government. The document has been through extensive peer review over the last few months, but we want to make sure that you, our members, have the opportunity to review and comment before we finalize and publish it.
The attached practice areas expand upon the work started two years ago by the Areas of Practice Committee. Last year, this group published the first four Areas of Practice Guidance. The attached document contains Areas of Practice 5-9 (Risk Culture, Risk Identification, Risk Analysis, Risk Evaluation, Key Risk Indicators).
Please use this space to add your thoughts on how the document could be improved, such as areas that may lack clarity, or where the peer review may have missed something you consider important. All comments will be reviewed by the Areas of Practice Committee overseeing this document and will be the final arbiter of any proposed changes. Thanks to all of you for your time and effort in making this document practical and a true reflection of the best ERM has to offer in the federal government!
Please note that the comment period will end on 10/27/23.
Thanks all,
Jason -
This appears to be a very comprehensive document. I read with special interest Section 7: Risk Analysis. I’d like to hear from others in how this is executed at your agency. The reason I ask is that the techniques such as root cause, impact chain, etc. require some level of support to walk folks through the thinking. While the document notes that these are not all done for every risk, for the risks that are examined in this manner, it is led by the CRO’s office or does some of the analysis come completed from the functions/offices where the risks are identified? Further, this could be a lengthy process…what are others’ experiences in this area?
-
I would second Steve’s comments and would like to discuss what Steve is talking about more in a working group, as many of these techniques not only require high levels of support, but also would need to align with/comport with their other Orders/Policy/Guidance in effect, which may limit options.
Also, and building on Steve’s points, what about agencies in which much of the analysis leading to risk elevation is done within the bureaus/sub-offices and not within the CRO’s shop? Or, where there may not necessarily be a CRO or an official focused only on this topic? These are challenges in risk analysis we need to give more attention to because rarely, if ever, does an agency have capacity for all that is discussed within guidance documents.
-
-
-
-
- You must be logged in to reply to this topic.