Academic journal article Journal of Accountancy

How Formal ERM Implementation Can Help Federal Agencies: Risk Management Practices Can Lead to More Transparency and Better Decision-Making

Academic journal article Journal of Accountancy

How Formal ERM Implementation Can Help Federal Agencies: Risk Management Practices Can Lead to More Transparency and Better Decision-Making

Article excerpt

Government agencies are increasingly under pressure to perform their missions more effectively while simultaneously adopting new technologies and operating with limited resources. Meanwhile, the legislative branch and the taxpaying public as a whole continue to demand increased transparency and openness about how resources are being spent. The successful adoption of enterprise risk management (ERM) can assist agencies by improving efficiency, increasing transparency, and allowing the government to be a more effective steward of taxpayer resources.

On July 15, 2016, the Office of Management and Budget (OMB) issued its revised Circular A-123, Management's Responsibility for Enterprise Risk Management and Internal Control (via M-16-17), which established various ERM processes in the federal government. The OMB has definitive authority over financial management of federal executive agencies, has oversight of federal information, and establishes regulatory policy. Circular A-123 established that federal executive agencies are required to adopt the principles of the U.S. Government Accountability Office (GAO) Green Book. (Some state and local governments are adopting the Green Book principles, too; see the sidebar, "Green Book for State and Local Governments.")

The GAO provides investigative, audit, and evaluation services for the legislative branch of the federal government. The Green Book adapts to a government environment the principles of the internal control framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). (Note: The AICPA is a member of COSO.) In 2014, the GAO revised the Green Book to reflect the update of the COSO framework, which describes 17 principles of internal control.

The OMB circular required agencies to prepare their initial risk profiles for OMB submission by June 2, 2017, with the full integration of risk profiles into agency financial reports scheduled for Sept. 15, 2017. The OMB mandates that agencies complete their updated annual risk profile reporting by June 3 of subsequent years.

The revised circular requires leaders and managers across federal executive agencies to implement ERM concepts to ensure each agency's risks are being identified and managed effectively This revised policy also engages all agency managers, well beyond the CFO community, and "encourages open and candid conversations about risks facing an organization at all levels." The circular envisions significantly more interaction among each agency's CFO, chief risk officer, risk management council, and performance improvement officer, and it even advocates the use of professional-society approaches such as "maturity models."

The ERM mandates specified in the circular fall under the auspices of the Federal Managers' Financial Integrity Act (FMFIA) of 1982, as codified in 31 U.S.C. 3512. The OMB guidelines for ERM implementation also embrace a modern risk assessment framework known as the "risk maturity model."


The revised circular plainly states the responsibility of federal employees in these two well-phrased statements:

* Each federal employee is responsible for safeguarding federal assets and the efficient delivery of services to the public.

* Federal leaders and managers are responsible for establishing goals and objectives around operating environments, ensuring compliance with relevant laws and regulations, and managing both expected and unexpected or unanticipated events.

Thus, federal employees should consider incorporating ERM into management practices, help identify risks, analyze and evaluate risks, develop alternatives to risk, respond to risks, and monitor and track risks in a continuous process.

This ERM process, and its associated risk profile analysis requirement, was implemented to better incorporate the basic tenets of risk management into the lexicon of federal government accountability. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.