By Dr. Temika Edwards and Nikki Wood
In the world of risk management, “What could go wrong?” is a common question. It serves as a starting point for identifying necessary controls and ensuring organizations meet their objectives. There is no perfect answer to this question, and the approach to obtaining answers may vary. For example, at the enterprise level, the answer may center around budget constraints and compliance with regulatory requirements. At the operational level, the answer may focus on staffing capacity and outdated equipment for day-to-day operations. One thing that is consistent in answering these questions is that you must first identify the priorities of your organization and assess the varying levels of risk awareness at every level. It is also important to have a champion for risk management, someone who can identify, analyze, and mitigate internal and external risks likely to impact your organization’s ability to carry-out its mission. This champion is commonly referred to as a Chief Risk Officer.
Although the position of a Chief Risk Officer (CRO) is not required by statutory regulations for enterprise risk management (ERM), it is highlighted as important by the Government Accountability Office and the Enterprise Risk Management Playbook. Both emphasize the need for a CRO, or an equivalent, to carry out necessary ERM functions, performance reporting, strategic planning, and internal control testing for federal agencies. According to a 2023 survey of 52 federal agencies, conducted by Guidehouse and the Association of Federal Enterprise Risk Management (AFERM), 65% of agencies have designated a CRO – a significant increase from a 2019 survey of 35 federal agencies, where only 43% had a designated CRO. This shift indicates a growing recognition among federal agencies of the importance of having a CRO oversee and manage enterprise risk and strengthen the organization’s risk awareness culture.
You may be thinking – this sounds great, but where do I start if I don’t have a CRO in my organization? Even if you don’t have someone with that specific title, you can take on the responsibility of being a risk management champion. There are lots of great training resources available to help you be successful in this role. And the good news is you don’t have to do it alone. AFERM is a tremendous resource for members to share success and challenges with other ERM professionals and the Chief Risk Officer Certificate program, at George Mason University (GMU) provides professionals, like us, the skills to effectively address complex risk management challenges and foster a culture of risk awareness across all levels of the organization. It is also a place where lifelong connections are made with like-minded members of your cohort. As recent graduates from the program, we can attest to the instrumental role it has played in our success as risk management leaders.
Upon completing the CRO program and analyzing data from the ERM surveys by Guidehouse and AFERM, we were able to gain support from senior leadership to establish and maintain the agency’s CRO. We also conducted benchmarking sessions within the risk community to develop trainings, risk culture surveys, policies, risk registers and risk assessment tools.
The insights from this program were instrumental in onboarding a Governance, Risk and Compliance Tool to create a framework for collecting, analyzing, and reporting on risks and audit management data in a centralized location. These are monumental successes, as our organizations had previously managed risks in Excel spreadsheets and lacked a champion to oversee enterprise risk management efforts. The focused training in the CRO program on business acumen, data analytics, understanding risk frameworks, and the importance of human centered design, provided the knowledge needed to implement these changes within the organization.
GMU’s curriculum also included a hybrid modality, which aligned with the notion that data and risk management are a perfect combination. The program demonstrated how the roles of CRO and Chief Data Officers (CDO) complement each other, emphasizing the critical need to collaborate, influence and negotiate with CDO’s in our organization. The program also highlighted the value of data-driven risk decision-making, the balance between quantitative and qualitative approaches, and distinguishing between what needs to be managed and what needs to be monitored.
Another real-world successful outcome of the program has been the ability to utilize data to enhance our risk assessments, visualize and communicate risk information, and link risk to strategy and budget. Linking risk and strategy, and financial resources leads to successful executions of the organizations mission.
If you want to develop skills in risk management, we highly recommend finding a strategic level educational program to enhance your resume. Investing in yourself by attending such a program will bring you value professionally as well as personally.
About the Authors
Dr. Temika Edwards – Dr. Temika Edwards is the Chief Financial Officer at the U.S. Department of State (DOS) Intelligence and Research Bureau (INR). At DOS INR, Dr. Edwards is responsible for financial management, strategic planning, and enterprise risk management. She also serves as the chief financial advisor to INR’s senior leaders, leads the budget/strategic planning and risk management team, responsible for managing the budget and introducing improvements in the bureau’s financial, risk and strategic planning components to improve processes, internal controls, and data-driven decision-making to steward taxpayer funds more effectively and efficiently. This included establishing a bureau-wide ERM program, developing a risk governance structure at the senior leadership level to ensure appropriate focus and emphasis on the long-term identification and mitigation of strategic risks to the bureau’s effectiveness.
She also served as Chief Risk Officer at the U.S. Department of Housing and Urban Development (HUD), Office of Inspector General (OIG), where she spearheaded the IG’s vision of the first organization-wide plan to integrate ERM, change leadership, strategic planning, and performance. She began her journey in the field of risk management overseeing branch operations at various U.S. banks and solving risk management challenges in the financial services industry. In 2008, she was selected to travel to four municipalities in China – Dalian, Shanghai, Beijing, and Suzhou – and conducted training at banking institutions and universities, sharing best practices to improve the banks’ internal operations. In 2009 she transitioned to public service after completing her MBA, joining the Transportation Security Administration (TSA), where she led a series of domestic and international initiatives that ultimately resulted in the establishment of TSA’s Enterprise Risk Management (ERM) program. After nearly a decade with TSA, she transitioned to the oversight community, at the Department of Homeland
Security, OIG, where she served as Director of Policy, Strategy and Risk. In this role, Dr. Edwards established the first community-wide ERM working group and served as co-chair of the interagency group and her expertise is recognized across the oversight community for nearly 6 years. She earned a ERM certificate from George Washington University, Chief Risk Officer certification from George Mason University, a Doctorate in Organizational Leadership from North Central University, Master’s in Business Administration from Meridith College, and a Bachelor’s degree in Business Administration from North Carolina Central University.
Nikki Wood – Nikki Wood is currently the Chief of the Management Integrity and Accountability Branch, in the CFO’s office. Nikki leads a team responsible for overseeing the agency’s Program Integrity efforts, which includes risk management, fraud risk management, internal controls, audit management, and payment integrity. Nikki’s efforts include overseeing the agency’s programmatic and administrative risk assessments of the EPA’s programs, providing agency wide guidance on internal control development and testing, along with ensuring transparency and collaboration between the EPA and the Government Accountability Office and the EPA’s Office of Inspector General. She also has over 20 years of experience in the financial and risk management sector, a Chief Risk Officer certification from George Mason University, a Master’s in Business Administration, a Master’s in Financial Management, and a Bachelor’s degree in Communications each from the University of Maryland.