For the seventh consecutive year Guidehouse and the Association for Federal Enterprise Risk Management (AFERM) have collaborated to survey Federal government professionals for their insights into the current state of Enterprise Risk Management (ERM) in their organizations.
Results of the 2021 survey, which is designed to provide federal leaders with perspective on the current state and trends of ERM in the U.S. Federal Government, show ERM continues to exhibit performance levels reflective of an emerging capability, although incremental positive trends are evident across most areas measured in the survey.
Responses to several new survey questions intended to gauge the impact of COVID-19 indicate that in many agencies, organizations took on greater amounts of risk and increased their ERM activities, particularly related to the identification of emerging risks.
“During the past year, Federal government leaders have continued to navigate uncertainties associated with nearly every aspect of agencies’ operations – from adjusting to the shifts in priorities and other changes that accompany a new presidential administration to the ongoing impacts of the COVID-19 pandemic,” said Kate Sylvis, ERM Solutions Leader at Guidehouse. “Even in the midst of significant change, we are seeing the continuation of many positive trends related to the effectiveness and adoption of ERM practices, which shows that agencies are continuing to prioritize and enhance their ERM capabilities.”
According to this year’s report, released at AFERM’s 14th Annual ERM Summit, ERM program leaders—who often split their time amongst many duties within their organizations—are spending more time focused on ERM, and are reporting larger budgets than in prior years. This year’s results indicate the percentage of ERM program leaders spending more than 75% of their time focused on ERM nearly doubled to 31% this year. Nearly 40% of respondents report an increase in their budget for ERM activities over the past year, and the percentage of respondents reporting annual budgets for ERM activities greater than $1M also doubled this year.
Additionally, this year’s survey results show some shifts in terms of the most impactful improvements organizations could make to better position themselves to respond to current and anticipated risks.
- “Cybersecurity/privacy” remains the top risk area receiving the greatest management attention. It also tops the list of risks Federal agencies believe have the greatest impact on strategic objectives, currently and over the next 3-5 years.
- The top benefits of ERM programs cited by respondents were outcomes that support senior leaders in guiding their organization: “Enhanced management decision-making” and “Improved strategy execution.” Despite this, “Tone-at-the-top, executive support for risk management” is at the top spot in the list of most impactful improvement areas, for the first time since 2018, with just under half of respondents (45%) making that selection.
- Integration of ERM with other management processes decreased this year, in all four integration areas in our survey (in order of degree of integration): Internal Control Programs, Strategic Planning, Execution Processes, and Budgetary Processes.
- Culture and leadership-related challenges continue to be the most prominent barriers facing organizations attempting to establish and maintain a formal ERM program (with “Bridging silos across organizations,” “Rigid culture resistant to change,” and “Executive level buy-in and support,” as the top three items selected).
“These areas highlight where ERM program leaders may wish to redouble their efforts to ensure ERM provides value to decision makers in their organizations and helps to manage the uncertainties and complexities 2022 surely will bring,” added Sylvis.