The Office of Enterprise Risk Management (ERM), permanently established in January 2018, leads the Office of Inspector General’s (OIG) efforts in recognizing, planning for, and managing risks across the organization. In July 2016, the Office of Management and Budget (OMB) updated Circular A-123 (Management’s Responsibility for Enterprise Risk Management and Internal Control) to include a requirement that agencies implement an enterprise risk management capability and integrate it into, and coordinate it with, an agency’s strategic planning and internal control programs and processes. Although OIG is not required to establish an enterprise risk management function of its own, the Inspector General determined that OIG’s continued effectiveness in meeting its oversight mission requires that it adopt and integrate a risk management strategy across the organization at all levels and across functions at the enterprise level.
The Office of ERM provides decision-making tools that allow the Inspector General and OIG senior leaders to understand risks across the organization and to make informed decisions for risk treatment. The office also facilitates OIG’s strategic and work planning efforts and oversees OIG’s progress toward achieving its strategic goals and objectives.
This framework outlines the Office of Inspector General’s (OIG) approach for implementing its Enterprise Risk Management (ERM) program.