Enterprise Risk Management, Long Used by Companies, Takes Hold in Government
Federal agencies have adopted risk controls in recent years following a string of high-profile controversies
Federal agencies are taking a cue from the corporate world, appointing chief risk officers and putting in place more processes to identify and manage operational risks.
A big reason, according to government risk managers: Many agencies haven’t had strong controls in place to guard against reputational and other nonfinancial risks, and there is increasing sensitivity to how those risks can affect public confidence in the government.
“It’s just the nature of government; we are subject to more scrutiny,” said Tom Brandt, chief risk officer at the Internal Revenue Service and president of the Association for Federal Enterprise Risk Management. “When something goes off track in the government, it is more likely to end up on the front page of a newspaper.”
Enterprise risk management is a method used by organizations to identify and prioritize threats that span across business lines and could affect their ability to operate. Many big companies have adopted more mature risk-management programs in recent decades, following high-profile accounting scandals and the global economic crisis.