[Nicole Puri]

AFERM has developed a Federal ERM Practice Document which lays out a voluntary, suggested set of practices for ERM in the federal government. The document has been through extensive peer review over the last few months, but we want to make sure that you, our members, have the opportunity to review and comment before we finalize and publish it. Please use this space to add your thoughts on how the document could be improved, such as areas that may lack clarity, or where the peer review may have missed something you consider important. All comments will be reviewed but the Board committee overseeing this document will be the final arbiter of any proposed changes. Thanks to all of you for your time and effort in making this document practical and a true reflection of the best ERM has to offer in the federal government! Please note that the comment period will end on 11/30/21.

Click Here to Download the Document

[Tawhid Rahman]

Hi Nicole – Thank you for sharing the document. Not sure if it’s an issue on my end….I am getting an error message when I am trying to open the Word file after downloading it.

[John Bridges]

I am getting the same message – unable to view or open.

[Scott McNulty]

The details of the error state “Xml parsing error”.

[John Bridges]

I am getting the same message – unable to view or open (latest version)

[Kathleen Sobieralski]

The link in the original message above, from Nicole Puri, is working!

[Nicole Puri]

Hi all – a new document has been uploaded which you should be able to view now. Apologies for the inconvenience!

[MHQ]

Since some people are still having issues with the new Word file, I’ve attached a pdf here.

Attachments:

You must be logged in to view attached files.

[Michael True]

Nicole
I was once advised when writing technical documents to avoid the use of the word “that”. I have edited the document with this in mind and in tracked changes.

Attachments:

You must be logged in to view attached files.

[John Bridges]

Thank you for sharing the Draft (Federal ERM Areas of Practice Guidance – 2021) as risk practitioners seeking a unity of effort approach to risk management across federal and private sector venues. Enterprise Risk Management (ERM) implementation, deployment, and sustainment strategies continue to evolve and need a framework reference, which this guide provides. While reviewing the guide, I believe a section should address traditional risk management versus ERM, including identifying potential gap analysis measures when confronted with existing silo approaches.

Since ERM is promoted as the methodology by which enterprises monitor, analyze, and control risks from across the enterprise while identifying underlying correlations and thus optimizing risk-taking behavior, the guide should further emphasize its “constancy of purpose.” ERM promotes the necessity for a “one picture, one plan” strategy encouraging a dynamic, ongoing process to identify ERM opportunities and emerging risks.

The draft Federal ERM Areas of Practice Guidance – 2021 is very well positioned to promote a “unity of effort” approach associated with existing or multiple approaches and methodologies across the federal workforce associated with risk, including:

• Traditional Risk Management
• Enterprise Risk Management
• Integrated Risk Management
• Agile Risk Tolerance
• Scrum
• Foresight

Again, disparate approaches and philosophies may exist across agencies, confusing the existing culture and behavior across agencies deploying risk management or ERM program, prompting the concern of whether we should acknowledge the above or advocate only for ERM.

Today, ERM provides the best approach and fit across federal activities to ensure continuous improvement and compliance supported by the Evidence Act, OMB Circular No. A-11 (2021), 260.29 through 260.32, OMB Circular A-119: Federal Participation in the Development and Use of Voluntary Consensus Standards and Conformity Assessment Activities and OMB Circular No. A-123.

[David Tattam]

Thank you for the chance to comment on the draft papers. I come with an Australian perspective and have worked with many Government Agencies in ERM so make comments based on that background.

1. ERM. I concur with John, that a greater emphasis could be made on what ERM truly is as compared to “traditional” siloed risk management. Some thoughts to consider and emphasize may include

1. Risk is managed consistently across the enterprise. This means managing all risks:
a. Using the same framework and methodologies
b. Using the same risk processes
c. Using the same definition and construct of risk, regardless of risk type
2. Risks are managed in the same Enterprise Risk Management System, not disparate, disconnected risk specific systems. ERM should manage all of your risks, Third Party, Cyber, EHS, Fraud and so on, under the one framework and system.
3. All risk processes and related risk data, such as risk assessments, incident management and controls assurance are integrated to allow a complete picture of each risk at any time.
4. Risks are aggregated and collated to provide an overall enterprise risk profile rather than each different risk type being reported separately.

2. Use of diagrams and infographics. It maybe useful to intersperse the written word with a number of diagrams that bring the elements together to provide context. For example, to explain the linkages between all of the parts of ERM and how they fit together so that the reader has a complete “jigsaw puzzle” view. I find this is very helpful to assist the reader understand the context.

Altogether a fantastic initiative to foster ERM practices in Government and you should be applauded for these efforts.

Regards

David

[Author]

Posts