Enterprise Risk Management: A Guide for Government Professionals

PREFACE: MANAGING RISK IN THE CURRENT FEDERAL ENVIRONMENT

It has been said that the only thing constant is change and the risks and opportunities that come with it. Over the past century, we have seen constant change in every aspect of life. Traditions that were once seen as mainstays and permanent fixtures in our society are now distant memories. Thanks to changes in technology and social norms, the ways in which we live and interact with our families, businesses, and communities continue on a path of rapid evolution. Key indicators of this change include simple, yet transformational events that we may have taken for granted. Consider the once-popular radio disc jockey; to a great extent, these announcers have been replaced by iTunes playlists. For many, the iPod has erased memories of the CD player, and books have been transformed into electronic delivery devices such as the Kindle. People by the millions are unplugging from telephone landlines and instead connecting with cell phones—allowing 24/7 access from almost anywhere in the developed and developing world. Telephone booths are now on display in museums rather than on street corners, and drones are fast becoming the next big delivery service. Even the system for manufacturing products has changed. With development of the new 3D printing technology, the use of factory assembly lines will no longer be limited to big car manufacturers in Detroit or Michigan. Rather, manufacturing will be personalized and accessible to ordinary individuals, such as doctors, dentists, and small business owners. On a larger scale, these individuals may soon be able to replicate and customize organs, tools, parts, and other products in minutes—and within the confines of their private garages and offices.

Government is not exempt from this constant change, which produces both risk and opportunity. However, as agents of change, the federal workforce must be aware of the environmental factors that will influence the context in which agency risk and opportunity will be managed. These factors include, but are not limited to, the political environment, budgetary constraints, workforce culture, policies, and laws and regulations, to name just a few.

ENVIRONMENTAL FACTORS

When Theodore Roosevelt set the foundation of the Civil Service Reform Act of 1883, one of his presidential goals was to modernize, expand, and reform the federal government. This included establishing a hiring system for America’s workers based on fairness and equal access and protection.1 Certainly, Roosevelt considered the political environment as well as the risk that came with pursuing such lofty goals, yet the risk of not reforming the system would have meant forfeiting historic transformational opportunities.

Based on a merit system, Roosevelt’s philosophy regarding government reform was based on three principles:

Opportunities should be made equal for all citizens.

Only those who have merit should be appointed to federal jobs.

Public servants should not suffer for their political beliefs.

Under his leadership as both civil service commissioner and U.S. president, Roosevelt led efforts to investigate fraud and political abuse in government. During his administration, there was also great expansion of the federal government, including new laws protecting the health of Americans, regulating the pharmaceutical industry, and increasing the workforce. From 1901 to 1909, the federal workforce more than doubled, from 110,000 to 235,000 employees. That pales in comparison to the number of employees hired into the civil service system since the days of Roosevelt. However, the continuum of reform and modernization that began over one hundred years ago continues to resonate throughout government today. A snapshot of measurable changes can be seen in the employment trends impacting the federal service regarding age, salary, and education. As of September 2012, the federal government employed more than 2.6 million people in the executive branch versus 699,000 in 1940.2 By 2011, the average salary for all federal employees was $75,296, and cabinet-level agencies employed the majority of that workforce. As a whole, the federal workforce is growing better educated. The majority of federal employees have obtained at least a high school degree and nearly half at least a college degree.3 More than 40 percent of the employees added from 2004 to 2012 had at least a bachelor’s degree; an additional 53 percent had at least a master’s.4

Policies, Laws, and Regulations

In addition to seeing demographic changes, over the years since the Civil Service Reform Act the federal government has instituted many new policies, laws, and regulations that have redefined how our government works—most notably the passage of the U.S. Patriot Act, Chief Financial Officers Act of 1990, Government Performance and Results Act (GPRA) of 1993, American Recovery and Reinvestment Act (ARRA), and the Federal Manager’s Financial Integrity Act of 1982 (FMFIA). All were instituted to address and manage some level of risk and opportunity inside and outside the government. These and other policies, laws, and regulations have shaped the ways in which government operates and executes its internal day-to-day activities as well as monitors and regulates industry. Issuance of such policies also demonstrates the government’s political willingness and need to respond to changes in society as a whole. For example, in response to the Enron acts of fraud and abuse, the government created the Sarbanes-Oxley Act of 2002 (SOX), which President Bush signed into law on July 30, 2002. He characterized it as the most far-reaching reforms of American business practices since the time of Franklin Delano Roosevelt. The Act mandated a number of reforms to enhance corporate responsibility and financial disclosures and to combat corporate and accounting fraud.5

On February 13, 2009, in direct response to the economic crisis and at the urging of President Obama, Congress passed the American Recovery and Reinvestment Act (ARRA) of 2009—commonly referred to as the stimulus or the stimulus package. Not long after that, the president signed the Recovery Act into law. The three immediate goals of the Recovery Act were to:

Create new jobs and save existing ones

Spur economic activity and invest in long-term growth

Foster unprecedented levels of accountability and transparency in government spending

The Recovery Act intended to achieve those goals by providing $787 billion in:

Tax cuts and benefits for millions of working families and businesses

Funding for entitlement programs, such as unemployment benefits

Funding for federal contracts, grants, and loans

Eventually, ARRA’s original expenditure estimate of $787 billion was increased to $840 billion. To achieve the goal of transparency, the Act required recipients of Recovery funds to report on a quarterly basis how they were using the money. Today, all the data affiliated with Recovery Act spending is posted on Recovery.gov so the public can track how the money is being spent.6

A year after ARRA was passed, the Dodd-Frank Wall Street Reform and Consumer Protection Act was signed into law on July 21, 2010, by the Obama administration. The legislation set out to reshape the U.S. regulatory system in a number of areas, including but not limited to consumer protection, trading restrictions, credit ratings, regulation of financial products, corporate governance and disclosure, and transparency.7

Culture

While the demographics and policies of the federal workforce may have shifted drastically over the last century, the dedication, purpose, and level of service given by federal government workers have remained constant. In a 2013 Federal Employee Viewpoint Survey, administered by the U.S. Office of Personnel Management (OPM), civil servants showed an unwavering commitment to the missions of their organizations as well as a sense of pride and satisfaction in their work despite difficult and uncertain times. The survey also served to strengthen belief in the federal workforce at a time when their relevance and value is questioned by Congress and other opponents in the court of public opinion. OPM Director Katherine Archuleta emphasized that despite these obstacles, the results showed employees are ready and willing to meet the challenges they face and are steadfastly accountable for achieving results and knowing what is expected of them on the job.8

This confirmation of the resiliency of the federal workforce is a significant and reassuring observation, given the magnitude of their tasks and the extensive role they play in delivering, managing, and overseeing core programs and services on which our nation depends. More important, the value of public service could not have been more evident than during the 2013 government shutdown. When a group of veterans was not able to get full access to visit the War Memorial in the nation’s capital, a renewed respect for the level of service that federal employees provide to the nation resonated throughout the country. The federal workforce remains engaged and committed: over 90 percent of employees continue to be willing to put in extra effort, are constantly looking for new ways to do their jobs better, and feel their work is important.9

Given this scenario, there is every indication that the public sector has the right stuff to get the job done during times of ever-increasing change, and that the workforce is ready to manage the risks and opportunities that come with its responsibilities.

Challenges for Public Administrators

Leading scholars define public administration as all processes, organizations, and individuals associated with carrying out the laws and other rules adopted or issued by legislatures, executives, and courts.10 As the arena in which government employees work, public administration itself has changed in response to complex and often uncertain national and global political environments.11

We can clearly see how government’s role has expanded exponentially. This includes its involvement in civil and voting rights and extended presidential powers needed to respond to natural disasters, cope with economic downturns, reduce federal spending, and respond to military crises.12 As noted by Milakovich and Gordon, The challenges facing administrators accountable for implementing public programs today have become even more daunting—requiring more effective expenditures of scarcer public resource and increased commitment from all public servants.13 The task won’t be easy, so organizations such as the American Society for Public Administration (ASPA) will need to play a key role in helping to navigate the ethical framework for the public administration professional. Established in 1939 to help government employees navigate the political and managerial aspects of government operations, ASPA advances excellence in public service through a code of ethics to develop the spirit of responsible professionalism and increase awareness and commitment to ethical principles and standards (see Table P.1). While there are similar organizations advancing the practice of public administration, ASPA’s well-defined list of guiding principles serves the public sector workforce well as they oversee and execute government performance.

Table P.1 American Society for Public Administration Code of Ethics

Source: American Society for Public Administration. Reprinted with permission.

The Political and Budget Environment

Scholars have noted that the politics of administration involves agency interactions with those outside the formal structure as well as interactions among those within administrative agencies.14

Arguably, two of the biggest risks that public servants face stem from the political and budget arenas, where interaction is a key ingredient to agency success. Politically, the consistent gridlock of Congress over the past few years has made the government worker’s task more unpredictable. The level of uncertainty in funding programs and projects and the cuts to the levels of discretionary spending continue to make budgets a moving target, making it harder for agencies to nail down agency-specific goals and objectives. While the push-and-pull dynamics of congressional inner workings may be temporary, the realization of long-term financial constraints is not.

At the end of fiscal year 2012, the total federal debt was about $16.1 trillion.15 In its Fiscal Update for 2012, the Government Accountability Office (GAO) acknowledged that addressing the long-term federal fiscal challenges will likely require difficult choices affecting both government revenue and spending—challenges for which there are no quick or easy solutions. GAO noted that many of the long-term drivers, including health care cost growth and the aging population, have already begun to affect the federal budget.16 Within its simulations of long-term federal deficits, GAO projected that spending for the major health and retirement programs will increase in coming decades, putting greater pressure on the rest of the federal budget. The GAO reported that for the first few decades this spending is driven largely by the aging of the population, with the oldest members of the baby boom generation already eligible for Social Security retirement benefits and for Medicare. The number of baby boomers turning sixty-five is projected to grow in coming years, from an average of about 7,600 per day in 2011 to more than 11,000 per day in 2029.17

Another budgetary risk that continues to have a profound impact on government performance and operations is that of continuing resolutions (CR). Annually, Congress faces difficult decisions on what to fund, with the available resources, among competing priorities and interests. When these decisions aren’t agreed upon within a certain time frame, CRs are used as a stopgap measure to keep the government operating. Historically, continuing resolutions have created budget uncertainty; they have complicated agency operations as well as produced inefficiencies. Because CRs provide funding only until agreement is reached on final appropriations, they create uncertainty for agencies about both when they will receive their final appropriation and what level of funding will ultimately be available. In all but three of the last thirty years, Congress has passed CRs to provide funding for agencies to continue operating until agreement is reached on final appropriations. The biggest risks to agencies when CRs are enacted stem from the provisions and restrictions that prohibit agencies from beginning new activities and projects. This forces agencies to take only the most limited funding actions and makes it difficult to pursue their missions and plans for the future. Though the effects of CRs vary by agency and program, overall the residual impacts have been disruptive, resulting in operational challenges such as delayed hiring, a shifting of grant and contract award cycles, and the need to perform additional work to manage CR constraints.18

The Upside of Risk

Not all change in government has been negative. There have been positive outcomes as well as opportunities to expand missions and ensure sufficient services for American citizens. In the middle of the twenty-first century’s first decade, the merging of several intelligence agencies (for example, the FBI, CIA, U.S. Marshal’s Service) was proposed to Congress to create what is now the Department of Homeland Security (DHS). The DHS was established in response to a national safety and security breach, but it also brought with it bountiful opportunities to create a more streamlined agency responsive to threats and natural disasters. Over time, the biggest benefit anticipated from the restructuring was a reduced risk of terrorism for the nation.

The transition to a more effective homeland security approach was also part of a larger transformation that the government needed to undertake to meet the expectations of the American people for timely, high-quality, and cost-effective public services. Within nine months of the events of September 11, 2001, the Bush administration and Congress responded with important and aggressive actions to protect the nation. The establishment of DHS was seen as a remedy to long-standing issues and concerns in the government’s domestic security functions by instituting greater consolidation and agency coordination. Given the global challenges the government will face in the coming years, the consolidation was considered a unique opportunity to create an extremely effective and performance-based organization to strengthen the nation’s ability to protect its borders and citizens against terrorism.19

NOTES

1. Milakovich, M. E., and Gordon, G. J. Public Administration in America. Boston: Wadsworth, Cengage Learning, 2013.

2. Distribution of Federal Civilian Employment by Branch. Sept. 2012. http://www.opm.gov/policy-data-oversight/data-analysis-documentation/federal-employment-reports/employment-trends-data/2012/september/graphic-presentation-of-federal-civilian-employment.

3. U.S. Office of Personnel Management. Common Characteristics of the Government. Washington, DC: OPM, 2013.

4. Reilly, S. Retirement Wave Gaining Force. Feb. 2014. http://www.federaltimes.com/apps/pbcs.dll/article?AID=2014301300003.

5. Securities and Exchange Commission. Sarbanes-Oxley Act of 2002. Washington, DC: Government Printing Office, 2002. http://www.sec.gov/about/laws.shtml#sox2002.

6. American Recovery and Reinvestment Act. http://www.recovery.gov/arra/About/Pages/The_Act.aspx.

7. Securities and Exchange Commission, Sarbanes-Oxley Act.

8. Office of Personnel Management. 2013 Federal Employee Viewpoint Survey. http://www.opm.gov/news/releases/2013/11/opm-releases-2013-federal-employee-viewpoint-survey-governmentwide-results/.

9. Ibid.

10. Milakovich and Gordon, Public Administration in America, p. 11.

11. Ibid., p. xv.

12. Ibid.

13. Ibid.

14. Ibid., p. 11.

15. U.S. Government Accountability Office. Debt Basics. http://gao.gov/special.pubs/longterm/debt/debtbasics.html.

16. U.S. Government Accountability Office. The Federal Government’s Long-Term Fiscal Outlook: Fall 2012 Update. Report No. GAO-13–148SP. Washington, DC, 2012.

17. U.S. Government Accountability Office. Budget Issues: Effects of Budget Uncertainty from Continuing Resolutions on Agency Operations. Report No. GAO-13–464T. Washington, DC, 2013.

18. U.S. Government Accountability Office. Homeland Security: Proposal for Cabinet Agency Has Merit, But Implementation Will Be Pivotal to Success. Report No. GAO-02–886-T. Washington, DC, 2005.

19. U.S. Government Accountability Office. High Risk List 2013. Washington, DC, 2013.

INTRODUCTION

Since the first introduction of this material in 2009, the practice of risk management and, more so, that of enterprise risk management (ERM), has expanded in the federal space. For example, the Association for Enterprise Risk Management (AFERM) has been established solely for those who oversee risk management in federal agencies. The AFERM mission is to advance the practice of ERM in the federal government through thought leadership, education, and collaboration.1 AFERM provides specific programs and opportunities to educate members and stakeholders on the benefits, tools, and leading practices of federal ERM. AFERM also fosters collaboration with organizations and stakeholders to promote laws, regulations, and policies to establish federal ERM in the various agencies and departments. In addition, an International Risk Management Standard (ISO 31000) was adopted by the American National Standards Institute (ANSI), and the FederalERM.org website saw its membership exceed seven hundred government online subscribers. Government Executive magazine recognized the FederalERM.org website as an informal network to help employees learn new skills.2

There has also been a modest increase in the frequency with which job postings for chief risk officers (CROs) and risk management officers (RMOs) have been advertised on USAJOBS.gov (see Table I.1). Job titles such as risk management specialist have been identified as a new emerging occupation with a bright outlook. According to the Department of Labor, bright outlook occupations are those that are expected to grow rapidly in the next several years, will have large numbers of job openings, or are new and emerging occupations.4 According to the U.S. Department of Labor’s O∗NET OnLine, the risk management specialist occupation is projected to

Grow much faster than average (employment increase of 29 percent or more) over the period 2010–2020

Offer one hundred thousand or more job openings over the period 2010–2020

Table I.1 Agency Hiring Activities

Source: The listing of CROs hired in government agencies is taken from a random selection of USAJOBS.gov job announcement postings and organizational charts. The Chief Risk Officer is from http://erm.ncsu.edu/library/article/cro-emerging-trends/#.UwV-iMKYbVI.

The speed with which these developments have transpired in the federal environment makes this book especially timely for several reasons:

There is a growing demand for knowledge and understanding of ERM and its application to public sector organizations.

There is a lack of available information focused on the practice of ERM and how it benefits public sector organizations.

A solid blueprint for utilizing ERM in public sector organizations, namely federal agencies, is sorely needed to guide those who champion risk management practice.

There is no single resource guide available that summarizes information about ERM and risk management in general for the government workforce.

Finally, the Obama administration’s focus on accountability and transparency has also prompted a renewed focus on risk and controls. This publication aims to satisfy these needs.

In recent years, the federal government has been on the receiving end of new legislation and regulations that require it to better manage risk and improve controls in discrete areas. Generally, to meet the requirements of each of these new mandates, agencies have engaged in many compliance-driven activities. This stove-piped approach to compliance is costly and does not optimize value. This book explores how federal C-suite executives, as well as financial and operational managers, can help guide their agencies to take a more holistic approach to risk management by implementing an ERM system. This approach can help reduce the total cost of compliance by proactively mitigating risk, while helping agencies achieve greater value from their risk management activities.

Although the current focus on risk management for most federal CFOs and financial managers stems from the revised OMB Circular A-123, these are only two requirements among the many that federal agencies must address. Agencies are also required to report their results in implementing the Federal Managers’ Financial Integrity Act (FMFIA) of 1982, the Improper Payments Information Act (IPIA) of 2002, and the Federal Information Security Management Act (FISMA) of 2002, among others. Virtually all of these requirements are ultimately geared toward one objective—improved risk management—so an agency’s response to risk provides reasonable assurance that the organization will achieve its strategic objectives.

This dramatic increase in compliance requirements, coupled with the realization that compliance cannot be effectively achieved just by having discrete compliance programs in various business units, now makes it critical for organizations to move toward an enterprise-wide risk management approach. Holistic ERM starts with a focus on possible events and their classification into opportunities and risks.

Keeping track of these possible events requires good data and data governance managed at the enterprise level. It also requires a taxonomy or classification scheme of the most important risks to the entity and a common language for understanding those risks. Improved data management allows the enterprise to take advantage of modern analytical methods to quantify the impact of risk. Data analysis also enables the enterprise