Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Mobile Device Management
- The Modern Federal Threat Landscape
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- Satellite Communications: Acquiring SATCOM in Tight Times
- Transformative Technology: Desktop Virtualization in Government
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
Three lessons in risk management
Thursday - 2/16/2012, 9:45am EST
Webster is presenting at the AGA National Leadership Conference Thursday. He shared his top three takeaways from his presentation:
- Tone must be set from the top.
"If the leader doesn't set the right tone at the top, particularly from an enterprise level, it's very difficult, if not even impossible, to have effective risk management at an enterprise level," Webster said.
- Risk is "vastly more" than compliance and internal controls.
The idea of risk management is not new, Webster said, but the need to incorporate risk management into the decisionmaking process is "greater than it's ever been." Managers must consider the external environment, such as budget challenges, he said.
- Link risks to achieving specific objectives
Managers usually consider risk later in the process, but it should be part of the goal-setting, Webster said.
"Without that kind of meaningful relationship to objectives and performance, risk doesn't really get a seat the table," he said.
He pointed to the Defense Logistics Agency as an example of an agency that has implemented enterprise-wide risk management.