Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal Tech Talk
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- The New Generation of Database
- Satellite Communications: Acquiring SATCOM in Tight Times
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Value of Health IT
Shows & Panels
Three lessons in risk management
Thursday - 2/16/2012, 9:45am EST
Webster is presenting at the AGA National Leadership Conference Thursday. He shared his top three takeaways from his presentation:
- Tone must be set from the top.
"If the leader doesn't set the right tone at the top, particularly from an enterprise level, it's very difficult, if not even impossible, to have effective risk management at an enterprise level," Webster said.
- Risk is "vastly more" than compliance and internal controls.
The idea of risk management is not new, Webster said, but the need to incorporate risk management into the decisionmaking process is "greater than it's ever been." Managers must consider the external environment, such as budget challenges, he said.
- Link risks to achieving specific objectives
Managers usually consider risk later in the process, but it should be part of the goal-setting, Webster said.
"Without that kind of meaningful relationship to objectives and performance, risk doesn't really get a seat the table," he said.
He pointed to the Defense Logistics Agency as an example of an agency that has implemented enterprise-wide risk management.