Tap into greater public trust with an effective ERM program

David Riddell

David Riddell

Managing Director, North American Federal Practice, Galvanize

The phrase “Your reputation precedes you” can be a glowing compliment or a sharp criticism. Organizations are right to be concerned about the public perception of their brand and the impact on their bottom line, as a bad reputation can spell disaster for a business.

And it’s no different for government agencies, which need to focus on promoting and enhancing public trust in their actions. Public confidence is key to a government agency’s ability to provide value to citizens, manage limited resources, and carry out its mission.

That’s why a good enterprise risk management (ERM) program isn’t about simply assessing risk or escalating issues. To be truly successful, your organization has to address the right objectives, support a culture of risk awareness, and embrace data analytics.

The four objectives of ERM

Developing and embracing a more risk-aware culture is essential to bolstering and protecting positive public support for a federal agency. In fact, OMB Circular No. A-123 encourages agencies to adopt an ERM program to identify challenges early, escalate issues to agency leadership, and take quick action to mitigate risks.

The OMB Circular states that proper ERM programs address four key objectives:

  1. Strategic. Adopt and support the goals and objectives that promote an agency’s overall mission.
  2. Operational. Emphasize making efficient and effective use of limited agency resources to avoid fraud and waste.
  3. Reporting. Concentrate on the reliability of an agency to give an accurate account of its activities, such as information provided in semi-annual reports (SAR) or on public-facing websites.
  4. Compliance. An agency’s ongoing fulfillment of its responsibilities related to relevant statutes and regulations.

An effective ERM program helps safeguard assurance of financial reporting accuracy, increases transparency and integrity in agency conduct, improves compliance with existing laws and rules, and increases public confidence.

“An ERM program that properly evaluates, monitors, and helps foresee risks—along with an effective resolution program—is invaluable.”

Enabling ERM with data analytics

Active and continuous risk evaluation, monitoring, and detection capabilities must be developed to identify risk patterns and predict potential threats. Continuous efforts to highlight emerging risks as they occur is a much more effective approach than scrambling to do damage control later.

For example, financial reporting risk is a constant and ever-present concern in federal agencies that provide SARs to oversight authorities. Using data modeling and analytics tools, an agency can mine relevant data and combine and normalize disparate data. This can reveal discrepancies, outliers, and statistical anomalies, while providing a framework for more advanced predictive analysis. With a solution like FraudBond, you can rapidly route these financial exceptions in real time to the appropriate team for action.

Similarly, third parties can have a substantial impact on an agency’s risk exposure. For instance, agencies commonly scrutinize potential suppliers and contractors during the onboarding process. But agencies might not examine these third parties for compliance and performance on an ongoing basis. Automating data analytics to continually scour sanction lists, tax records, Office of Foreign Assets Control (OFAC) lists, criminal databases, and other publicly available data sources can reassure an agency that its third parties represent low risk-exposure.

Reputational risk is an often overlooked element of adopting an ERM program. An example could be commentary on social media from a disgruntled employee. The post might contain unauthorized disclosures and inaccurate information, but once it goes viral and gains traction, it can cause irreparable long-term harm with the general public. Fortunately, applying data analytics, predictive modeling, and text and sentiment analyzers can help identify, classify, and route high-risk social media postings.

No matter the risk, active monitoring and swift, agile responses to events and exceptions are the only option. (Well, if you want to maintain public confidence and oversight integrity, anyway.)

Discover the potential

No amount of guesswork will replace the power and insight that a data-driven governance approach offers. An ERM program that properly evaluates, monitors, and helps foresee risks—along with an effective resolution program—is invaluable. It provides the assurance and confidence needed to carry out the agency’s mission and policy objectives.

By building a culture of risk awareness and focusing on a technology-driven ERM program, the next time you hear, “Your reputation precedes you,” you’ll know it’s a compliment.


7 steps to performance-enhancing ERM

This eBook highlights:

  • Seven key trends in the “era of ERM.”
  • Six characteristics of data-driven, performance-enhancing ERM.
  • The ERM process flow that identifies, monitors, and manages risks.
  • How to identify if you’re making common (and risky) ERM errors.

Download eBook

Related Articles


Galvanize is now part of Diligent.

To stay up to date on the latest product offerings, research and GRC resources please visit or to login to your Galvanize products please visit www.diligent.com

Visit Diligent Login