Management Matters Management MattersManagement Matters
Practical advice for federal leaders on managing people, processes and projects.

Managing Risk


Many of the financial firms that saw their foundations crack during the past two years had extensive risk management programs in place. Using a variety of processes developed by risk management professionals, the firms identified problems that could threaten their business plans. They had procedures to ensure those risks were factored into the decisions of top executives.

In 2007, a video that was posted on, a Web site for enterprise risk management professionals in government, showed one executive explaining his firm's rigorous risk management process. He sounded impressive, but it turns out the executive was from Freddie Mac, the government-sponsored enterprise that made very risky financial decisions that led to the worst crisis in its existence in 2008. Obviously, something was wrong with a process that failed to identify and prevent a giant management catastrophe.

Now that the feds have started a variety of programs to reverse the economic meltdown caused by Freddie Mac and other financial firms' imprudent decisions, the government's risk managers get to see if they can do a better job than their private sector counterparts.

Government risk management professionals will hold their second national conference later this year. They also gather at to discuss ways to prevent public sector risks from becoming public sector catastrophes. And they are contemplating forming an association. "All agencies manage some level of risk, but usually the traditional approach is to carry out the process in silos and within specific functional areas and not across the entire organization," says Karen Hardy, a federal enterprise risk management analyst. ERM brings "all those risk management activities within an organization under one umbrella, cutting across silos and managed within a strategic setting," she says.

Financial firms tended to follow a dot-the-i and cross-the-t approach to risk management. They complied with financial control requirements in the federal 2002 Sarbanes-Oxley Act, set up committees and shuffled papers purporting that risk was indeed being managed.

The federal government doesn't fall under Sarbanes-Oxley, but agencies do follow Office of Management and Budget Circular A-123 to demonstrate the internal controls they maintain to reduce financial risks.

But that kind of compliance-based model did not prevent major failure in the private sector, so it won't avert management disasters in the government. Instead, federal risk professionals are trying to develop management models that identify all sorts of systemic threats to their agencies' missions.

The Troubled Asset Relief Program and the economic stimulus program will be major tests of agencies' ability to identify and manage risk. Both involve massive amounts of money that must be spent quickly. Lots of money and not much time are ingredients for waste, fraud and mismanagement. Most of this money is being doled out to private firms, state and local governments, contractors and other third parties. Federal managers could quickly lose control as the money moves further away from them. Risk management professionals in government are just now formally organizing, but they're already facing a giant test.

Brian Friel covered management and human resources at Government Executive for six years and is now a National Journal staff correspondent.

<-- management matters -->

Brian Friel is founder of One Nation Analytics, an independent research, analytics and consulting firm for the federal market.

Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Sponsored by G Suite

    Cross-Agency Teamwork, Anytime and Anywhere

    Dan McCrae, director of IT service delivery division, National Oceanic and Atmospheric Administration (NOAA)

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Sponsored by One Identity

    One Nation Under Guard: Securing User Identities Across State and Local Government

    In 2016, the government can expect even more sophisticated threats on the horizon, making it all the more imperative that agencies enforce proper identity and access management (IAM) practices. In order to better measure the current state of IAM at the state and local level, Government Business Council (GBC) conducted an in-depth research study of state and local employees.

  • Sponsored by Aquilent

    The Next Federal Evolution of Cloud

    This GBC report explains the evolution of cloud computing in federal government, and provides an outlook for the future of the cloud in government IT.

  • Sponsored by LTC Partners, administrators of the Federal Long Term Care Insurance Program

    Approaching the Brink of Federal Retirement

    Approximately 10,000 baby boomers are reaching retirement age per day, and a growing number of federal employees are preparing themselves for the next chapter of their lives. Learn how to tackle the challenges that today's workforce faces in laying the groundwork for a smooth and secure retirement.

  • Sponsored by Hewlett Packard Enterprise

    Cyber Defense 101: Arming the Next Generation of Government Employees

    Read this issue brief to learn about the sector's most potent challenges in the new cyber landscape and how government organizations are building a robust, threat-aware infrastructure

  • Sponsored by Aquilent

    GBC Issue Brief: Cultivating Digital Services in the Federal Landscape

    Read this GBC issue brief to learn more about the current state of digital services in the government, and how key players are pushing enhancements towards a user-centric approach.


When you download a report, your information may be shared with the underwriters of that document.