DoD Reemphasizes the Importance of Risk Management

For several years, the Office of Management and Budget (OMB) has recognized a growing need for Federal agencies to broaden their risk management perspective beyond financial risks and related internal controls addressed in OMB Circular A-123 – Management’s Responsibility for Internal Control. Since the issuance of Circular A-123 in 1981, OMB has focused primarily on financial reporting risks at the program level, with little regard for non-financial/ operational risk associated with agency missions. However, given increasing budgetary uncertainty, cyber security threats, and failure of high-profile initiatives, agencies must look more closely at managing enterprise risk.

To more clearly address these challenges, OMB recently issued an update to Circular A-123, requiring Federal agencies to implement Enterprise Risk Management (ERM) capabilities as part of their overall strategic planning and review processes. The update emphasizes the need for agencies to integrate and coordinate effective risk management with their internal control responsibilities. OMB’s intention is to foster an open and transparent culture within the Federal government that leads to early identification of risks, development of collaborative responses, and deployment of effective corrective measures.

As a complement to the OMB’s Circular A-123 update, the Chief Financial Officers Council (CFOC) and the Performance Improvement Council (PIC) have developed the Playbook: Enterprise Risk Management (ERM) for the U.S. Federal Government. The Playbook was crafted from an interagency effort to define and illustrate practices for applying ERM in the Federal government domain, specifically addressing the ERM aspect of management’s internal control responsibilities. It promotes a common understanding of ERM practices within the Federal government for supporting effective/efficient mission delivery, strategic and tactical planning, and other critical management matters. Additionally, the Playbook underscores the importance of building strong communication/data flows across all organizational levels for evaluating opportunities and related risks, operating within acceptable risk thresholds, and helping managers make better-informed decisions with a more holistic view of risks and their interdependencies.

St. Michael’s has extensive experience assisting federal agencies with matters pertaining to risk management and business processing re-engineering as they relate to financial reporting and operational controls. For more information on how we can help you, please contact us here.