Skip to main content
Poole College of Management
Enterprise Risk Management Initiative
ERM Fundamentals

Risk Management Practices that are Working for Public and Private Sectors

September 1, 2010 3-min. read

The Department of Homeland Security (DHS) Office of Risk Management and Analysis (RMA) conducted a survey to see what actions are being taken by both public and private sector organizations with respect to their enterprise risk management efforts.  Their study consisted of over twenty, one-hour interviews with executives at Fortune 500 organizations, staff-level risk managers at governmental agencies, and individuals from other organizations who understand risk management well.  They used this study to help guide the RMA and the Risk Steering Committee in their efforts of building a risk management program for the DHS. They have also taken some advice from the results recorded.  These are the key areas that respondents listed from the survey:

Integrating Risk Management and Analysis Across Organizations

  • Organizations are trying to understand and manage risk at a holistic, enterprise-wide level: Organizations want to fully understand how risk affects the whole entity and what they can do to manage those risks.
  • Risk is understood and assessed in relation to the organization’s objectives: They are looking to tie objectives into major risk assessments.
  • Risk management should be incorporated into strategic planning: Prioritizing the idea of risk management as a part of strategic planning.
  • Organizations focus on strengthening their tracking and monitoring of risks: Conducting more periodic risk assessments.
  • Leadership must be aware of risks: Incorporate risk management into regular top leadership meetings.
  • Use of proper communications about risks: Creating a more efficient level of communication of risks from top to bottom in the organization.
  • Alignment of Risk Management in Organizational Structure
  • Organizations need to customize risk management programs to fit their culture: Each organization is different so there is no one standard risk management program to rely on.
  • Support of risk management from the leadership level is critical: Executive sponsorship is a key mentioned throughout all respondents.
  • Accountabilities for risk management need to be defined: Make sure everyone knows who is responsible for their part.
  • ERM needs some form of central risk management offices and committees: Use of tools and techniques to accomplish central risk management.
  • Executives serve as sponsors of risk management programs: Make sure the executives act as a sponsor for each risk management technique throughout the organization.
  • Limited scope needs to be broadened within organizations: Limited resources lead to limited risk management programs that must be broadened over time.
  • Use of comparative studies and maturity models: Use of standards to benchmark results.
  • Implementing risk management should be expanded within the staff:  Change the attitude about risk management throughout the whole organization.

Successful Risk Analysis Techniques

  • Keep risk information in a simple and relevant style: It is very easy to have misunderstandings involved with risk information so there must be simplicity drawn into the presentation.
  • Establish a formal risk position: This allows for an organization to decide on the amount of risk they are willing to accept that could affect their ability to achieve their goals.
  • Must identify emerging risks: Desire to anticipate major risks before they happen.
  • Provide anonymity when assessing risk: This helps to eliminate any fear of reporting risks to leaders or executives.
  • Diversify thought when considering risk: It is necessary to incorporate a wide range of backgrounds and viewpoints into the analysis.

Public vs. Private Sector

  • Secure consistent support from leadership: Many public sector respondents listed that support was tough to garner due to high turnover rates.
  • Manage politically controversial risks: Public sector must deal with this where private sector avoids these more so.
  • Manage risks at an enterprise-wide level: Private sector is doing this more so than public sector.
  • Link risk management and key objectives: Lack of this has caused the public sector to fall behind the private sector participants in implementing enterprise risk management programs.

Original Article Source:  “Risk Management Practices in the Public and Private Sector: Executive Summary”, Homeland Security: Office of Risk Management and Analysis, September 2010

Click on the link below to download the full article.

More From Enterprise Risk Management Initiative

Side of Hunt

What is Enterprise Risk Management (ERM)?
Executive Perspectives on Top Risks 2024

REPORT: Executive Perspectives on Top Risks for 2024 and a Decade Later
Elona Ruka-Wright

Integrating ERM with Other Risk and Assurance Functions