Nicole S. Matthis
In July 2016, the Office of Management and Budget (OMB) updated Circular A-123 (Management’s Responsibility for Enterprise Risk Management and Internal Control) to include a requirement that agencies implement an enterprise risk management (ERM) capability and integrate it into, and coordinate it with, an agency’s strategic planning and internal control programs and processes. Risk management is a series of coordinated activities to direct and control challenges and threats to achieving an organization’s goals.
In January 2018, the Inspector General established a new, permanent Office of Enterprise Risk Management in OIG. The Inspector General’s purpose in creating this office and implementing an ERM strategy is to develop a blueprint that will inform and educate OIG’s internal operations and oversight in the near- and long-term. ERM is a decision-making tool that the Inspector General and OIG senior leaders can use to view risks across the organization and take appropriate action. OIG will apply the results of its ERM efforts to its long-term oversight strategy.
Although OIG is not required to establish an ERM function of its own, OIG determined that doing so would be beneficial to its own efforts to assess risk and to improve its oversight. OIG also has its own strategic planning and internal control programs and processes, and establishing ERM complements those functions. The ERM office is preparing a strategic framework for these efforts and is developing OIG’s next 3- to 5-year strategic plan.