Shows & Panels
- AFCEA Answers
- Ask the CIO
- The Big Data Dilemma
- Carrying On with Continuity of Operations
- Connected Government
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Cyber Imperative
- Cyber Solutions for 2013 and Beyond
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Expert Voices
- Federal Executive Forum
- Federal IT Challenge
- Federal Tech Talk
- Mission-critical Apps in the Cloud
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- The Real Deal on Digital Government
- The Reality of Continuous Monitoring... Is Your Agency Secure?
- Veterans in Private Sector: Making the Transition
Shows & Panels
Three lessons in risk management
Thursday - 2/16/2012, 9:45am EST
Webster is presenting at the AGA National Leadership Conference Thursday. He shared his top three takeaways from his presentation:
- Tone must be set from the top.
"If the leader doesn't set the right tone at the top, particularly from an enterprise level, it's very difficult, if not even impossible, to have effective risk management at an enterprise level," Webster said.
- Risk is "vastly more" than compliance and internal controls.
The idea of risk management is not new, Webster said, but the need to incorporate risk management into the decisionmaking process is "greater than it's ever been." Managers must consider the external environment, such as budget challenges, he said.
- Link risks to achieving specific objectives
Managers usually consider risk later in the process, but it should be part of the goal-setting, Webster said.
"Without that kind of meaningful relationship to objectives and performance, risk doesn't really get a seat the table," he said.
He pointed to the Defense Logistics Agency as an example of an agency that has implemented enterprise-wide risk management.