A Guide for Government Professionals
Buch, Englisch, 336 Seiten, Format (B × H): 196 mm x 241 mm, Gewicht: 825 g
ISBN: 978-1-118-91102-0
Verlag: Wiley
Enterprise Risk Management: A Guide for Government Professionals is a practical guide to all aspects of risk management in government organizations at the federal, state, and local levels. Written by Dr. Karen Hardy, one of the leading ERM practitioners in the Federal government, the book features a no-nonsense approach to establishing and sustaining a formalized risk management approach, aligned with the ISO 31000 risk management framework. International Organization for Standardization guidelines are explored and clarified, and case studies illustrate their real-world application and implementation in US government agencies. Tools, including a sample 90-day action plan, sample risk management policy, and a comprehensive implementation checklist allow readers to immediately begin applying the information presented.
The book also includes results of Hardy's ERM Core Competency Survey for the Public Sector; which offers an original in-depth analysis of the Core Competency Skills recommended by federal, state and local government risk professionals. It also provides a side-by-side comparison of how federal government risk professionals view ERM versus their state and local government counterparts.
Enterprise Risk Management provides actionable guidance toward creating a solid risk management plan for agencies at any risk level. The book begins with a basic overview of risk management, and then delves into government-specific topics including:
* U.S. Federal Government Policy on Risk Management
* Federal Manager's Financial Integrity Act
* GAO Standards for internal control
* Government Performance Results Modernization Act
The book also provides a comparative analysis of ERM frameworks and standards, and applies rank-specific advice to employees including Budget Analysts, Program Analysts, Management Analysts, and more. The demand for effective risk management specialists is growing as quickly as the risk potential. Government employees looking to implement a formalized risk management approach or in need of increasing their general understanding of this subject matter will find Enterprise Risk Management a strategically advantageous starting point.
Fachgebiete
Weitere Infos & Material
Figures, Tables, and Exhibits ix
Foreword xi
Preface: Managing Risk in the Current Federal Environment xiii
Introduction 1
State of Risk Management in Government 5
How This Book Should Be Used 7
Emerging Risks Today 7
Top Government Risks 10
Criteria 11
Profiles of Select High-Risk Areas in Government 13
Chapter One Why Enterprise Risk Management? 27
Status of ERM in the Government 29
Limitations to ERM 30
Risk Management: What It Is and Why It Matters 32
What Is Risk? 33
Evolution of Risk Management 36
Traditional Risk Management versus Enterprise Risk Management 38
U.S. Federal Government Policy on Risk Management 41
Establishing an Agency Risk Management Policy 46
ERM Policy and Practice in Canada 48
Linking ERM and Internal Control 54
What Are the Standards for Internal Control? 55
Assessing Internal Control Structures 68
Overall Internal Control Summaries 68
Chapter Two Examples of Risk Management in the Federal Government 81
Health Risks 82
Security Risks 82
Financial Risks 85
Transportation Safety Risks 86
External Risks 87
Case Study: Applying Risk Management in Government: National Institutes of Health 89
Case Study: National Archives and Records Administration 95
Chapter Three Managing and Communicating Risk 105
Writing Risk Statements 111
Developing a Risk Statement 112
Inventory of Risk Statements 113
Risk Assessment Techniques 120
Chapter Four Risk Management
Frameworks and Standards 125
Why Voluntary Standards? A Look at OMB Circular A-119 126
GAO Risk Management Framework 129
ISO 31000: International Risk Management Standard 135
COSO ERM Integrated Framework 138
OCEG Red Book 2.0: 2009 140
FERMA: 2002 140
BS 31100: 2008 142
An Expanded View of ISO 31000 143
Chapter Five Risk and Performance Management 151
Risk and Performance: Government 153
Managing Risk to Performance 157
An Expanded View of Strategic Risk Management 160
Risk and Performance: Private Sector 167
Standard & Poor's ERM Analysis 170
Chapter Six Building a Risk Culture 173
Risk Culture Survey 177
Chapter Seven ERM Maturity and Assessment 181
ERM Maturity Models 181
The Role of the Internal Auditor in ERM 194
Case Study: The Public Safety Canada Audit of Integrated Risk Management 196
Chapter Eight ERM Core Competencies 209
ERM Core Competency Survey 209
Summary of Survey Results 211
Federal versus State and Local Government Views of ERM 216
Chapter Nine ERM Best Practices of Federal Agencies 223
Ninety-Day Action Plan 223
Sample Implementation Plan 224
Words of Wisdom 225
Chapter Ten Conclusion 227
Notes 231
Appendix: Index of Survey Questions and Responses 243
About the Author 279
Index 281
Figures, Tables, and Exhibits
Figures
Figure 1.1. Evolution of Risk Management 37
Figure 1.2. Siloed and Enterprise Approach to Risk Management 41
Figure 4.1. GAO Risk Management Framework 131
Figure 4.2. ISO 31000 Risk Management Framework 135
Figure 4.3. COSO's ERM Framework Highlights 138
Figure 4.4. FERMA Risk Management Standard 141
Figure 4.5. World Map of ISO 31000 145
Figure 5.1. Illustration of Goal Relationships 158
Figure 5.2. Identifying Risks to Strategic Objectives 160
Figure 7.1. Risk Maturity Rating by Industry 187
Figure 8.1. Risk Manager Core Competency Model 210
Tables
Table P.1. American Society for Public Administration Code of Ethics xviii
Table I.1. Agency Hiring Activities 2
Table I.2. Changes to GAO's High Risk List, 1990-2013 10
Table 1.1. Definition of Risk 34
Table 1.2. Selected White Collar Occupational Groups, Job Series, and Potential Risks 39
Table 1.3. Policies for Managing Various Types of Risk in Government 43
Table 1.4. What Components Are in Place at Your Organization to Aid in ERM Implementation? 48
Figures, Tables, and Exhibits
Table 3.1. Risk Taxonomy 107
Table 4.1. GAO Risk Management Framework Matrix 132
Table 5.1. Advantages of GPRA Implementation 156
Table 5.2. Adidas Group 2012 Corporate Risk Assessment 169
Table 6.1. Methods for Influencing Cultural Change 176
Table 7.1. Five Levels of SEI Process Maturity 183
Table 7.2. Aon RMI Five Levels of Maturity 186
Table 7.3. Treasury Board Risk Management Capability Model 191
Table 7.4. Public Service of Canada Key Risks Related to Integrated Risk Management 206
Table 8.1. ERM Components in Place in Organizations to Aid ERM Implementation 212
Table 8.2. Top Three ERM Components in Place: State and Local Government versus Federal Government 212
Table 8.3. Risk Management Training Rubric 214
Exhibits
Exhibit 1.1. Template for a General Risk Management Policy in the United States 47
Exhibit 1.2. Canada's Risk Management Framework Policy 49
Exhibit 3.1. Inventory of Risk Statements 114
Exhibit 3.2. State of Washington Risk Map 124
Exhibit 4.1. Comparison of Standards and Frameworks 127
Exhibit 5.1. Overview of the GPRA Modernization Act of 2010 155
Exhibit 5.2. Six Principles of Strategic Risk Management 162
Exhibit 5.3. Strategic Risk Management Checklist 163
Exhibit 5.4. Glossary of Key Performance Terms 164
Exhibit 5.5. The Challenge of Applying Strategic Risk Management to Homeland Security 165
Exhibit 5.6 "At Risk" Brands as Reported by 24/7 Wall St. 168
Exhibit 6.1. Sample Risk Culture Survey 177
Exhibit 7.1. Canada Treasury Board Risk Management Capability Model: An Excerpt 188