Expanding the 'Enterprise' in Enterprise Risk Management

Article excerpt

Whether a government agency pays benefits, issues bonds, oversees reserves or fights wars, it faces and must manage significant risk. Today's budget cuts are forcing state and federal agencies to rethink systems and methods for assessing risk events that threaten mission execution. Enterprise risk management (ERM) is the leading approach to risk assessment and a powerful tool for engaging strategic risk analysis agency-wide. At Grant Thornton LLP, we can help agencies expand the 'enterprise' in enterprise risk management by leveraging financial management expertise to address broader operational and mission concerns.

Financial managers can provide valuable perspective on both financial and non-financial risk assessment and strategy.

A high-wire activity

Risk management is the practice of identifying risks within an organization, analyzing the probability of occurrence, assessing impact on operational goals, and establishing an overall process to manage and control specific risks. There are known risks and unknown risks, and balancing the two can be a high-wire activity. Traditionally, risk management has been conducted separately at the management level, with parallel, but separate, exercises focused on the operational and the financial aspects of an activity. Tradition, however, collides with reality in today's over-stretched, understaffed public agencies. Many federal agency budgets have been hard hit; state and local budgets even more so, with no let-up seen anytime soon. In fact, having fewer resources to achieve agency mission is arguably one of the biggest risks public agencies face today, an issue that must be addressed now in every program discussion.

If agency missions are jeopardized, then all hands must be on deck. This is where ERM can be most effective since its processes by definition gather and analyze input across business units and programs. In fact, the impact of ERM analysis can be heightened by strengthening the role of financial leaders in top-level mission discussions. This makes sense because financial managers have constant access to the financiáis of dayto-day operations and long-term expertise with internal control and IT management. With this insight, they can provide valuable perspective on both financial and non-financial risk assessment and strategy, such as finding new ways to encourage business innovation and improvement even in times of massive budget shortfalls.

Pulling the plug on IT upgrades

At the top of the list of high-risk business decisions is how far to go with information technology upgrades. After years of struggling to stay current with technology, managers now face reduced funding for upgrades, creating risks for maintaining information out-put. Nobody understands better than financial managers what will happen if the plug is pulled for IT processes, which are critical for reporting and analysis and strategic decisions down the line. Reduced staffing compounds the problem, potentially leading to information slow-downs, uninformed decision-making and business paralysis. How to manage these risks? Best practices include going back to basics to assess current and future reporting needs even before strategic risk discussions take place. The value of financial reports rests in how this information is used to inform business decisions at all levels. Determine which reports matter most by:

1. Identifying financial information stakeholders and beneficiaries throughout the enterprise

2. Conducting informational reviews of current financial reporting practices agency-wide

3. Evaluating required resources and impact of recommended reporting practices

4. Streamlining reporting to match critical information needs with available funds

It serves financial managers well to take the lead in this activity. As information producers, they need to know what their audience needs. As information analysts, they need access to top data. …