Details

<p>Figures, Tables, and Exhibits ix</p> <p>Foreword xi</p> <p>Preface: Managing Risk in the Current Federal Environment xiii</p> <p><b>Introduction 1</b></p> <p>State of Risk Management in Government 5</p> <p>How This Book Should Be Used 7</p> <p>Emerging Risks Today 7</p> <p>Top Government Risks 10</p> <p>Criteria 11</p> <p>Profiles of Select High-Risk Areas in Government 13</p> <p><b>Chapter One Why Enterprise Risk Management? 27</b></p> <p>Status of ERM in the Government 29</p> <p>Limitations to ERM 30</p> <p>Risk Management: What It is and Why It Matters 32</p> <p>What is Risk? 33</p> <p>Evolution of Risk Management 36</p> <p>Traditional Risk Management versus Enterprise Risk Management 38</p> <p>U.S. Federal Government Policy on Risk Management 41</p> <p>Establishing an Agency Risk Management Policy 46</p> <p>ERM Policy and Practice in Canada 48</p> <p>Linking ERM and Internal Control 54</p> <p>What Are the Standards for Internal Control? 55</p> <p>Assessing Internal Control Structures 68</p> <p>Overall Internal Control Summaries 68</p> <p><b>Chapter Two Examples of Risk Management in the Federal Government 81</b></p> <p>Health Risks 82</p> <p>Security Risks 82</p> <p>Financial Risks 85</p> <p>Transportation Safety Risks 86</p> <p>External Risks 87</p> <p>Case Study: Applying Risk Management in Government: National Institutes of Health 89</p> <p>Case Study: National Archives and Records Administration 95</p> <p><b>Chapter Three Managing and Communicating Risk 105</b></p> <p>Writing Risk Statements 111</p> <p>Developing a Risk Statement 112</p> <p>Inventory of Risk Statements 113</p> <p>Risk Assessment Techniques 120</p> <p><b>Chapter Four Risk Management Frameworks and Standards 125</b></p> <p>Why Voluntary Standards? A Look at OMB Circular A-119 126</p> <p>GAO Risk Management Framework 129</p> <p>ISO 31000: International Risk Management Standard 135</p> <p>COSO ERM Integrated Framework 138</p> <p>OCEG Red Book 2.0: 2009 140</p> <p>FERMA: 2002 140</p> <p>BS 31100: 2008 142</p> <p>An Expanded View of ISO 31000 143</p> <p><b>Chapter Five Risk and Performance Management 151</b></p> <p>Risk and Performance: Government 153</p> <p>Managing Risk to Performance 157</p> <p>An Expanded View of Strategic Risk Management 160</p> <p>Risk and Performance: Private Sector 167</p> <p>Standard & Poor’s ERM Analysis 170</p> <p><b>Chapter Six Building a Risk Culture 173</b></p> <p>Risk Culture Survey 177</p> <p><b>Chapter Seven ERM Maturity and Assessment 181</b></p> <p>ERM Maturity Models 181</p> <p>The Role of the Internal Auditor in ERM 194</p> <p>Case Study: The Public Safety Canada Audit of Integrated Risk Management 196</p> <p><b>Chapter Eight ERM Core Competencies 209</b></p> <p>ERM Core Competency Survey 209</p> <p>Summary of Survey Results 211</p> <p>Federal versus State and Local Government Views of ERM 216</p> <p><b>Chapter Nine ERM Best Practices of Federal Agencies 223</b></p> <p>Ninety-Day Action Plan 223</p> <p>Sample Implementation Plan 224</p> <p>Words of Wisdom 225</p> <p><b>Chapter Ten Conclusion 227</b></p> <p>Notes 231</p> <p>Appendix: Index of Survey Questions and Responses 243</p> <p>About the Author 279</p> <p>Index 281</p>

<p><b>KAREN HARDY</b> is an expert risk management professional with extensive experience in the public sector. Dr. Hardy is a co-founder of the Association for Federal Enterprise Risk Management and serves on the U.S. Technical Advisory Group for ISO 31000. She also worked at Citibank and The White House Office of Management and Budget. She has published articles in numerous national and international publications, including Canada's <i>Public Sector Digest</i>.</p>

<p><b>PRAISE FOR <i>ENTERPRISE RISK MANAGEMENT</i></b></p> <p>"We applaud Dr. Hardy's latest contribution to the field of enterprise risk management. Her book, which expands on earlier work done for the IBM Center, provides a thorough foundation for public managers to appreciate and act upon the challenges they face, no matter at what level of government. Her book serves as a sorely-needed resource guide for busy executives, offering real-life examples, best practices, and different models for use."<br /> <b>—Daniel Chenok,</b> Executive Director, IBM Center for the Business of Government</p> <p>"C. W. Ceram once wrote: 'Genius is the ability to reduce the complicated to the simple.' With this quote in mind, I have often found the topic of Risk Management and the related readings to be quite complicated to grasp and implement. Then along comes Dr. Hardy and her book, <i>Enterprise Risk Management</i>. She is a risk-management genius in that she takes this challenging concept and helps the reader to truly understand Risk Management and how to implement a solid Risk Management Approach."<br /> <b>—Christopher P. Neck,</b> Associate Professor of Management, University Master Teacher, Arizona State University</p> <p>"Dr. Hardy provides public sector professionals with a much-needed, comprehensive resource manual on the adoption of Enterprise Risk Management as a modern managerial tool. Through effective and practical advice, she does an excellent job of guiding readers through a step-by-step process, focusing on how to strengthen decision making at the strategic level."<br /> <b>—Stefano Losi,</b> Enterprise Risk Management Programme Officer, United Nations, New York*</p> <p>*The views expressed herein are those of the author and do not necessarily represent the views of the United Nations.</p>

US