Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
Risk: What Federal leaders need to know
Monday - 12/5/2011, 8:52pm EST
As each agency struggles with their own set of unique challenges— a one size fits all approach to risk can lead to a recipe for disaster. Along with the added pressure to do more with less— leaders have to think more strategically and find innovative ways to run their organizations more efficiently. So what strategies can agency leaders use to manage risk before becoming front page news?
Debbie Fletcher, Principal, Deloitte & Touche LLP
Mark Carey, Partner Deloitte & Touche LLP
• The growing need for risk assessment in Federal agencies
• Benefits of establishing an Enterprise Risk Management model
• Trends in the public sector that are transforming the way Federal agencies assess risk
• Program integrity
• Risk analytics, modeling and simulation
• Steps to implement an Enterprise Risk Management (ERM) program
The following is a full transcript of FedCentral' s interview with Debbie Fletcher and Mark Carey conducted by Jane Norris on December 7, 2011.
Welcome to FedCentral brought to you by Deloitte, a program where executives and federal government leaders talk about the issues and initiatives that are making a real impact on the business of government today, to help government help America. Today, we're talking about risk management and what federal leaders need to know to implement an enterprise risk management program. As agencies are struggling with their own set of unique challenges and issues, the agency leaders are thinking more strategically about finding innovative ways to run their organizations more effectively. So how can agency leaders get in front of risk before they become a news item, something that is sometimes good and sometimes is not so positive, especially for federal agencies?
Today, we talk about this issue with Mark Carey and Debbie Fletcher of Deloitte and Touche, LLP, and thank you both for joining us today.
Nice to see you. Mark Carey is currently a partner in the federal market leader of the government's regulatory and risk strategies practice at Deloitte and Touche, LLP. He has more than 17 years of risk management and compliance experience and Debbie Fletcher is a principal and business risk services leader for Deloitte's federal audited enterprise risk services practice at Deloitte and Touche, LLP. She's also been recently appointed as a global public sector enterprise risk services leader where she'll help with global industry and sector strategies. Debbie has more than 25 years of experience with financial and risk management disciplines.
So welcome to both of you, and let's start with you, Debbie. Let talk a little bit about risk management and what federal agencies need to know about the climate that requires more risk strategies.
Well, there's a variety of programmatic challenges that the federal leaders have always faced and to some degree, it's likely they've been managing some risks, intentionally or unintentionally. However, the challenges are becoming more complex and the changes are happening at a greater pace. Federal leaders are finding the need to be more in front of these challenges with this less predictable future using a more robust and implementable approach to risk management will certainly help. Even at the recent federal enterprise risk management summit, several government leaders spoke about how risk management will become fundamental to how the government operates.
For example, this'll apply to the approach of making funding decisions. Leaders will want a more thoughtful and systematic approach of risk and how these risks could impact accomplishing critical mission objectives. Agencies and programs that can more clearly connect their budget requests with risk will do better as they face these looming budget cuts.
And Debbie, I remember at that conference where some people were talking about the fact that as people do better in the budgeting process that other agencies will see that and then risk will become even more of a mainstream topic in the future and in the subsequent budget cycles.
So talk about risk. I mean, just talk about it as a discipline. What is it? What does it mean to federal agencies?
Sure, well, I mean, the concept of risk goes back a long time, and really at the very core, you're talking about the likelihood and consequence of some type of event that would have an adverse effect on your agency, on your department, your program, and what does that mean? What's a consequence? Well, we could think about the damage to the reputation of the agency, to the leaders within that agency. You can think about financial losses or additional expenditures that were not planned for in the budgeting process, or even in many cases in the federal government, you can think about the fact that lives are put at risk when things go wrong and when mistakes are made in the federal government.
All right, those have serious consequences and that is a sort of a strategic plan, then, that agencies sort of set out for themselves based on you know, what might work or what won't work. So does it have a name? It's I believe enterprise risk management is the term? Explain that. Explain what that is.
Yes, enterprise risk management or what we call an ERM is a systematic way to understand and mitigate the greatest risk that could impact the ability of an entire organization, a department, an agency, or even a program to accomplish its mission. So at the highest level, the risk management process is straightforward. There's four parts - simply identify the risk; to assess and measure risk, three, control and manage risk; and four, monitor and report the risk. However, when actually using this risk management process, there are many challenges that make it harder than it sounds to actually implement and operate effectively.
And some of those challenges, Debbie, come from the fact that you're trying to manage a whole portfolio or a whole bucket of risk across the entire department and there're different types of risks. They all have their own ways of fbeing defined and being managed, so if you're going to try to manage that portfolio, manage that group of risk, how do you do that consistently across your entire organization, and that's kind of where the Genesis that was the start of this term enterprise risk management. How do we pull it together? Instead of thinking about each risk by itself, how do we pull it together across your entire program?
So is this a relatively new concept for federal agencies?
It is relatively new. It's relatively new in the private sector, as well. It's really only been the last 20 or so years where people have started to think hey, let's think about risk in a more holistic way. It's almost like the evolution of strategy. If you go back years before when strategy started to become a common business topic or approach to managing and getting priorities on what has to go right. Enterprise risk management is almost the flip side of that coin. It's like the process of what do we have to do to make sure things don't make mistakes or lose out on opportunities to deliver services based on adverse events.
So give us some examples of key risk issues that federal agencies might face, Mark.
Well, you know, really does go across a wide range of things. Every two years, GAO issues the high risk report and this past year, I think there were over 30 programs that were listed in that report, but if you step back and look at what are the themes that emerge? What are some of the common risk you find in the federal government space? You have things like management effectiveness, program integrity, the fraud - and fraud way and abuse related issues. You have things related to failures to protect the safety and security of the public. Acquisition risk is another key topic. So those are some of the things that emerge when you look at it across a federal government.
So is it more like a program management issue? Is that kind of what risk management is?
Read Full Transcript >>.