Managing Risk and Performance
Showing government officials how to improve their organization's risk management capabilities, Managing Risk in Government Agencies and Programs meets a growing demand from federal departments and agencies that find themselves increasingly embarrassed by risky events that raise questions about their ability to carry out their missions. Thomas H. Stanton teaches at Johns Hopkins University. He is President-Elect of the Association of Federal Enterprise Risk Management (AFERM) and a Fellow of the National Academy of Public Administration. Mr. Stanton is a former member of the Federal Senior Executive Service. He holds a Bachelor of Arts degree from the University of California–Davis, a Master of Arts from Yale University, and a Juris Doctor from Harvard Law School and has written extensively on governance and risk management in the financial crisis. Douglas W. Webster is the Founder and President of the Cambio Consulting Group, LLC, and co-founder and past President of the Association of Federal Enterprise Risk Management (AFERM). He served as Chief Financial Officer of the U.S. Department of Labor in 2008–2009 and has 20 years of experience consulting to over two dozen federal and state agencies. Dr. Webster received a Bachelor of Science in Engineering from the University of California–Los Angeles, a Master of Science in Systems Management from the University of Southern California, and a Doctorate in business administration from United States International University.
Managing Risk and Performance
Managing Risk of Federal Agencies and Their Programs through Enterprise Risk Management
Thomas H. Stanton
Fellow, Center for Advanced Governmental Studies, Johns Hopkins University
Risk Management as an Essential Part of Federal Management
The world manifests increasing complexity, and this in turn has increased vulnerabilities for the people of the United States and our government. High-impact events, once thought to occur only rarely, happen with increasing frequency. In the early 2000s alone, costly events included the terrorist attack of September 11, 2001, Hurricane Katrina, the BP Gulf oil spill, and the near meltdown of the financial system, to name some of the larger ones. Chronic costly events include medical errors in U.S. hospitals and periodic outbreaks of food-borne illness such as salmonella and E. coli . Other high-impact risks that materialize from time to time include cyberattacks to bring down systems or steal critical information, and a variety of other homeland security events.
Government plays a role in all of these, either in trying to prevent risk from materializing or in trying to respond effectively. Sometimes there are concatenations of risks, such as when the financial crisis results in a massive increase in workload for the unprepared Federal Housing Administration (FHA) or when a crisis expands from the mortgage market to the larger financial system or when an agency's uncontrolled spending on conferences leads to reputational harm.
Many agencies try to focus on specific risks that gave them problems in the past, such as financial or operational risks for federal financial programs, or acquisition and investment risks for departments and agencies that rely heavily on procurement of major systems and other support for the agency's mission.
However, in today's complex world it is not enough to focus on specific risks identified in the past. A tragic example comes from Camp Lejeune, North Carolina, the nation's largest U.S. Marine Corps base. At Camp Lejeune the Corps trains marines to deal with risks of combat but neglected to respond to reports of contaminated groundwater that ultimately took the lives of hundreds of people, mostly babies, and impaired the health of many more marines and their families over several decades (Fears 2012; House Subcommittee on Oversight 2010).
This book seeks to present a broader concept of risk management, known as Enterprise Risk Management (ERM). Private firms developed the concept and practice of ERM, and federal agencies increasingly adopt ERM into their processes and practices. ERM relates to the fundamental question that federal managers face: "What are the risks that could prevent my agency from achieving its mission and objectives?" Depending on the circumstances and varying from agency to agency, major risks may involve loss of capable people, or lack of adequate systems, or inadequate internal controls, or failure to comply with legal and policy requirements, or need to move operations to a more secure site, or any number of diverse risks.
In Chapter 6, Douglas Webster, coeditor of this book, introduces ERM for federal managers. ERM is less developed in its applications to government than it is for the private sector. A small and growing network of enterprise risk managers is working with increasing success to expand application of ERM to an increasing number of federal agencies and offices. The network recently established a formal organization known as the Association of Federal Enterprise Risk Management (AFERM) and a web site located at www.aferm.org .
The following section sounds the themes of this book. The core idea is that good risk management is an integral part of good decision making. Just as the financial crisis revealed for financial institutions, good risk management in government is integral to genera