Managing Risk and Performance E-Book

Table of Contents

Praise Page

Series Page

Title Page

Copyright

Dedication

Foreword

Preface

Part One: Introduction and Overview

Chapter 1: Managing Risk of Federal Agencies and Their Programs through Enterprise Risk Management

Risk Management as an Essential Part of Federal Management

Risk Management as an Integral Part of Good Decision Making

The Unique Challenges of Managing a Government Agency

Establishing Effective Risk Management

Managing Risk in Government Agencies: Overview of the Book

References

Chapter 2: The Need for Effective Risk Management

Defining Risk

The Source of Uncertainty: Change

Risk and Reward

The Risk Management Process

The Essence of Organizational Success: Stakeholder Value

The Role of Information Technology in Risk Management

The Importance of Organizational Change Management

Putting It All Together

Conclusion

References

Chapter 3: Introduction to Risk Management for Government Managers

Fitting Risk Management into an Organization

Promising Practices in Risk Management

Observations about Risk Management in Government: What Works and What Doesn't

Conclusion

References

Chapter 4: Risk Management and Challenges of Managing in the Public Sector

Unique Risk Management Challenges of Public Programs

Third-Party Governance: The Challenge of Managing Risk across Organizational Boundaries

Goal Setting, Accountability, and Prioritization of Risks

Concluding Observations

References

Chapter 5: Creating and Keeping Your Options Open—It's Fundamental

The Real World Is Rarely Simple and Stable

Systems Set the Stage

Managing More Easily—Options in Time

Examples of Options in Time in Practice

Conclusion

Key Points

References

Part Two: Moving toward Enterprise Risk Management

Chapter 6: Introduction to Enterprise Risk Management for Government Managers

Shortcomings of Traditional Risk Management

The Impact of Managing Risk within Silos—a Case Study

The Maturation of Traditional Risk Management into Enterprise Risk Management

Key Principles of Enterprise Risk Management

What Enterprise Risk Management Is Not

The Payoff

Summary

References

Chapter 7: Implementation of Enterprise Risk Management at the Office of Federal Student Aid of the U.S. Department of Education

Overview of FSA

Initial Implementation of ERM at FSA

Initial Activities and Challenges in Implementing Enterprise Risk Management at FSA

Expanding the ERM Program—a Change in FSA's Business Model

Key Considerations and Challenges When Implementing the Expanded ERM Program at FSA

Conclusion

References

Acknowledgments

Chapter 8: Integrating Enterprise Risk Management with Strategic Planning and Resource Management

Context

Enterprise Risk Management and Strategy

Enterprise Risk Management and Resource Management

Conclusion

Chapter 9: Building Enterprise Risk Management into Agency Processes and Culture

Building a Shared Understanding of Risks through Conversations

The Key Enterprise Risk Management Techniques

Improved Decision Making and Prioritization

Conclusion

References

For Further Reading

Appendix: Hydro One Inc. Enterprise Risk Management Policy

Part Three: Special Topics in Risk Management and Response

Chapter 10: Risk Management and the Dynamics of Budget Cuts

The Dynamics of Protracted Budget Controversy and the Risk and Uncertainty They Create

Long-Term Budget Cuts and the Risks They Create

The Role of Risk Management in Reducing Chances of a Major Mishap

Strengthening Agencies' Ability to Deal Effectively with Budget Pressures

Conclusion

References

Chapter 11: Managing Reputational Risk

What Is Reputational Risk and What Does It Mean to Government?

What Determines Reputation and How Can Government Address These Factors?

External Influences on Reputation

Consequences of Reputational Loss for Government Organizations

Reputational Risk Mitigation

Conclusion

References

Chapter 12: Risk Management and Decision Making: Lessons from the Financial Crisis for Federal Managers

The Financial Crisis: How It Emerged, What Happened, and the Costs

Decision Making at Firms That Failed: Common Shortcomings

Decision Making at Firms That Succeeded: The Importance of Culture

Lessons in Governance, Risk Management, and Decision Making

Conclusion

References

Part Four: Conclusion

Chapter 13: Effective Enterprise Risk Management: Mapping the Path Forward

Recommendations

Conclusion

References

For Further Information

For Further Reading

About the Editors

About the Contributors

Index

Praise for Managing Risk and Performance: A Guide for Government Decision Makers

“Doing nothing rarely prevents a risk from materializing. Stanton and Webster have given government managers a clear, comprehensive, actionable road map they can use to organize and manage to anticipate and mitigate risks that put their missions in jeopardy. Managing Risk and Performance: A Guide for Government Decision Makers takes lessons learned from effective risk management in the private and public sectors and gives executives a blueprint for using those lessons to bring about a new focus on enterprise risk management in federal agencies and other organizations. The benefits of this approach are immense. The consequences of inaction are potentially catastrophic.”

—Robert J. Shea, Chairman, National Academy of Public Administration and former Associate Director for Management at the Office of Management and Budget

Founded in 1807, John Wiley & Sons is the oldest independent publishing company in the United States. With offices in North America, Europe, Australia, and Asia, Wiley is globally committed to developing and marketing print and electronic products and services for our customers' professional and personal knowledge and understanding.

The Wiley Finance series contains books written specifically for finance and investment professionals as well as sophisticated individual investors and their financial advisors. Book topics range from portfolio management to e-commerce, risk management, financial engineering, valuation and financial instrument analysis, as well as much more.

For a list of available titles, visit ourWeb site at www.WileyFinance.com.

Cover image: © iStockphoto / SoopySue

Cover design: Wiley

Copyright © 2014 by John Wiley & Sons, Inc. All rights reserved.

Published by John Wiley & Sons, Inc., Hoboken, New Jersey.

Published simultaneously in Canada.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600, or on the Web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.

Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.

Library of Congress Cataloging-in-Publication Data:

Managing risk and performance : a guide for government decision makers / [edited by] Thomas H. Stanton, Douglas W. Webster.

pages cm. — (Wiley finance series)

ISBN 978-1-118-65814-7 (hardback) — ISBN 978-1-118-84176-1 (ePDF) — ISBN 978-1-118-84180-8 (ePub) — ISBN 978-1-118-70423-3 1 (oBook). Risk management. 2. Government executives. I. Stanton, Thomas H., 1944– II. Webster, Douglas W., 1948–HD61.M264 2014

352.4— dc23

2013041081

To my father, Henry, and the memory of my mother, Ursula, with gratitude for their being role models of strength and integrity; to my wife, Marty, with thanks for her love and support over the years; and to our wonderful children, Benjamin and Joshua, and daughter-in-law, Mirah, who are blazing their own remarkable trails.

—Tom Stanton

To my parents, Bill and Lorraine, who gave me the values I share today; to my wife, Connie, who has made life's journey a deeply satisfying adventure; and to my daughters, Kathy and Dawn, who have made the journey worthwhile.

—Doug Webster

Foreword

Today, there is a positive change occurring in the nation's capital that is exciting and holds the potential to make government function better. This positive change is the increasing number of agencies recognizing the value of Enterprise Risk Management and taking action to make ERM an important part of their operational model.

The principal authors of this book are no newcomers to risk management. Doug Webster and Tom Stanton are true believers in the positive benefits of ERM and have put before us in this publication an informative collection of insights, experiences, and recommendations that cover the wide-ranging world of risk management.

They call to our attention the various federal agencies that are effectively utilizing ERM today and others that have committed to do the same. Agencies where ERM is being used today, and are cited in this book, include the Office of Federal Student Aid and the Defense Logistics Agency. Other agencies that have recently started the ERM journey include the Department of Veterans Affairs and the Internal Revenue Service. The federal community's commitment to ERM is growing and, hopefully, will continue to do so in the years to come.

What is especially interesting about the growth in ERM across the federal government is its organic nature. ERM is growing naturally within agencies as leadership recognizes the need to identify and manage risk in a holistic way across the enterprise. There is no law, or regulation or executive order that has driven agencies to take up the ERM mantle. It is a strong testament to the need for ERM in government today that agencies are implementing it simply because it is the right thing to do.

All aspects of agency operations are threatened by risks—assets, programs, finance, systems, reputation, and relationships, to mention a few. Risks need to be understood and managed for the good of the taxpayers (who pay the bills) and the good of the beneficiaries (for whom programs were created). When risks are understood and managed properly, programs operate more efficiently and effectively, greater value is gained from every dollar spent, performance improves, and innovation can be enhanced. ERM is important because it brings discipline, structure, and focus to the full cycle of managing risks.

It is important to recognize that risks are operational and strategic. Agency programs can be harmed by what is not known (or known and ignored) about today and what is not known (or known and ignored) about tomorrow. While addressing today's risks, organizations must be thinking about, and planning for, risks in the future.

ERM brings a higher level of awareness to organizations and creates a culture and a set of processes that allow risks to be identified, examined, discussed, and managed in an open and threat-free environment. This cannot happen without strong and consistent support from top leadership.

Once identified, risks cannot and should not always be eliminated. The elimination of risks has costs and benefits. The acceptance or mitigation of risks should be treated as a potential investment decision in an organization's business decision processes. Simply put, some risks are worth taking and others are not. Leadership awareness of risks and the courage to make the acceptance-mitigation decisions is needed to help agencies make the most of positive opportunities and avoid the advent of crises that could have been prevented.

It is my hope that this book will be widely read in the federal community and that it will educate readers and stimulate further attention and discussion among the federal risk management community and beyond.

—W. Todd Grams*

* W. Todd Grams is a senior executive who has served as the chief of staff, chief information officer, and chief financial officer at the Internal Revenue Service; the executive in charge of management at the Department of Veterans Affairs; and the chief financial officer of the Veterans Health Administration; he has also held various positions at the Office of Management and Budget and the Department of Commerce.

Preface

This is a book for decision makers in government who seek to carry out their agencies' missions without getting blindsided by unexpected failures. The book shares experiences of federal government officials and others about how to set up a sound risk management program, how to manage it, and how to use it to support agency missions and programs.

The core lesson of this book is that effective risk management is an essential part of increasing the performance of a government agency or program. In other words, like brakes on a car that permit drivers to drive at a good speed, risk management allows managers to propel their agencies forward in ways that would be unwise or even disastrous if no one knew where the potential obstacles lay.

The question then becomes how to build risk management into agency decision making so that it enhances rather than retards performance. Here lessons of the financial crisis are directly relevant. A study of a dozen large financial firms found eight that failed and four that successfully navigated the crisis. There was a critical management difference between these firms: Successful firms built a process of constructive dialogue between their risk officers and parts of the company that wanted to do deals. This helped inform decision makers about when to stop buying subprime mortgages or making other loans in an overheated market. The failed firms, by contrast, either lacked or disregarded information about the risks of plunging ahead as the better-managed firms pulled back.

Managing risk in government allows managers to navigate the shoals of Washington (or wherever they may be headquartered) with a better sense of when to move forward and when to pull back. This book seeks to help managers (1) to appreciate the need for sound risk management, (2) to think through the major types of risk that could prevent their agency from achieving its mission, and (3) to build a risk management approach and processes to help understand the nature of risk/reward trade-offs in major decisions (or failures to act on major issues).

The book also makes the argument, backed by evidence from a range of organizations, that risk management can and should be cost-effective; the risk management office facilitates identification and prioritization of major risks for the organization, but management of those risks belongs to heads of the units most affected. This allows the risk office to remain lean and agile rather than large and expensive. Support from the top of the organization is much more important than a lavish budget.

This book consists of four parts. The first part introduces risk management as a part of good management more generally. It presents chapters that:

The second part presents the concept of Enterprise Risk Management (ERM), which allows organizations to identify and prioritize the major risks they need to address. Chapters in this section:

The third part addresses special topics in risk management. Chapters in this section:

Finally, the book's conclusion presents a chapter to:

It has been the experience of the editors, who are officers of the Association of Federal Enterprise Risk Management (AFERM), that government agencies are increasingly following the lead of private companies in adopting risk management, and ERM in particular. The purpose of this book is to allow readers to build the necessary approaches to risk management before rather than after your agency experiences a potentially painful lesson.

Part One

Introduction and Overview

Chapter 1

Managing Risk of Federal Agencies and Their Programs through Enterprise Risk Management

Thomas H. Stanton

Fellow, Center for Advanced Governmental Studies, Johns Hopkins University

Risk Management as an Essential Part of Federal Management

The world manifests increasing complexity, and this in turn has increased vulnerabilities for the people of the United States and our government. High-impact events, once thought to occur only rarely, happen with increasing frequency. In the early 2000s alone, costly events included the terrorist attack of September 11, 2001, Hurricane Katrina, the BP Gulf oil spill, and the near meltdown of the financial system, to name some of the larger ones. Chronic costly events include medical errors in U.S. hospitals and periodic outbreaks of food-borne illness such as salmonella and E. coli. Other high-impact risks that materialize from time to time include cyberattacks to bring down systems or steal critical information, and a variety of other homeland security events.

Government plays a role in all of these, either in trying to prevent risk from materializing or in trying to respond effectively. Sometimes there are concatenations of risks, such as when the financial crisis results in a massive increase in workload for the unprepared Federal Housing Administration (FHA) or when a crisis expands from the mortgage market to the larger financial system or when an agency's uncontrolled spending on conferences leads to reputational harm.

Many agencies try to focus on specific risks that gave them problems in the past, such as financial or operational risks for federal financial programs, or acquisition and investment risks for departments and agencies that rely heavily on procurement of major systems and other support for the agency's mission.

However, in today's complex world it is not enough to focus on specific risks identified in the past. A tragic example comes from Camp Lejeune, North Carolina, the nation's largest U.S. Marine Corps base. At Camp Lejeune the Corps trains marines to deal with risks of combat but neglected to respond to reports of contaminated groundwater that ultimately took the lives of hundreds of people, mostly babies, and impaired the health of many more marines and their families over several decades (Fears 2012; House Subcommittee on Oversight 2010).

This book seeks to present a broader concept of risk management, known as Enterprise Risk Management (ERM). Private firms developed the concept and practice of ERM, and federal agencies increasingly adopt ERM into their processes and practices. ERM relates to the fundamental question that federal managers face: “What are the risks that could prevent my agency from achieving its mission and objectives?” Depending on the circumstances and varying from agency to agency, major risks may involve loss of capable people, or lack of adequate systems, or inadequate internal controls, or failure to comply with legal and policy requirements, or need to move operations to a more secure site, or any number of diverse risks.

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!