Widgetized Section

Go to Admin » Appearance » Widgets » and move Gabfire Widget: Social into that MastheadOverlay zone

ERM in State and Local Government

The views expressed are those of the author and do not necessarily reflect the views of ASPA as an organization. 

By Carl Gabrini
June 20, 2017

Enterprise risk management (ERM) has not received much attention from the public sector. The Committee of Sponsoring Organizations (COSO) introduced the ERM framework in 2004, about a decade after the issuance of the internal control framework. Since its introduction, those in the private sector have been giving significantly more attention to ERM. An internet search for any mention of it within the context of state and local government reveals few examples of its application within those settings. Even the federal government has begun to embrace ERM. In 2016, the Office of Management and Budget (OMB) released a revised circular A-123, providing guidance to federal agencies applying ERM. The purpose of this column is to briefly identify one example of a state applying the ERM framework.

nestingThe relationship of ERM to the system of internal controls could is like a Russian doll. They are separate, but one is not able to describe ERM without considering the system of internal controls as an integral element of it. The system of internal controls is embedded within the larger ERM framework. A system of internal controls is oriented toward decisions or transactions. In explaining the purpose of internal controls, I often use the system of features on a roadway which are designed to ensure that individuals traveling on the roadway can get from one place to another safely and on time. ERM is global in focus and oriented toward the strategic planning process. The purpose of the ERM process is to ensure an organization achieves its overall mission or individual strategic goals critical to achieving the overall mission.

Most state risk management offices focus on protecting agencies against insurable risks. Few states mention ERM anywhere on their websites. The State of Washington is one exception. On their risk management web page, they have a link to information about ERM. The website describes ERM as a process designed to focus on agency goal achievement. The agency employs a process to identify and mitigate the risks which may interfere with their ability to successfully accomplish their strategic goals. Whereas traditional thinking about internal controls focuses on individual transactions, the ERM process explained on the website is more comprehensive and strategic in nature. For example, an organization establishes internal controls to protect vulnerable assets from misuse or misappropriation. ERM would instead focus on strategic goals, for example one strategic goal of the Washington State Department of Health is to ensure core business services are efficient, innovative and transparent.

The State of Washington Enterprise Services agency provides information to other state agencies to assist them in applying ERM. The website offers a link to a training template for use by agencies. The template is a PowerPoint presentation which may be employed to help train agency staff for the implementation of ERM. The website also contains a link to information explaining how to conduct a root cause analysis. This analysis is a crucial element in identifying actual causes of problems. It is not uncommon to mistake symptoms for causes. Addressing symptoms provides temporary relief, but to mitigate the problem, the cause must be identified and cured. Finally, the website contains links to other resources an agency may find useful in planning to implement an ERM system, including an article outlining problems and pitfalls when implementing ERM, and another focused on best practices in Washington State government.

If a state or local government considers implementing ERM, the first step in doing so would likely involve education. It is critical that those planning the implementation educate themselves by reading all the available material and talking with others in both the public and private sectors that have gone through the effort of implementing an ERM system. In reflecting on implementing ERM at the state or local level, I identified several major challenges which need to be considered. First is dealing with the traditional problems associated with decisions made in a bureaucracy. Second are problems in coordinating and gaining approval for governance changes in the face of the responsible elected legislative body. Third, various interest groups within the larger electorate may seek to influence changes in governance. Finally, there are general issues associated with implementation, such as defining the scope or assigning responsibility.

In this brief essay, ERM is explained and compared with internal control systems. An example of a state implementation of ERM is identified and briefly examined. Finally, some of the challenges to implementing ERM are identified. State and local governments would benefit from thoughtful reflection about their current governance systems. Included in this reflection should be the possibility of adopting ERM as part of that system. As a starting point, interested individuals should read the COSO literature on ERM and the information about the State of Washington’s efforts at implementing ERM. An interested reader may also want to download and read the revised OMB circular A-123. Often the federal government is a catalyst for change. Implementation of an effective ERM system will support the entity’s efforts to achieve its mission and related goals.

Author: Dr. Gabrini currently teaches accounting at Dalton State College. He holds a Ph.D. in Public Administration from Florida State University, a master’s degree in taxation from the University of Central Florida, and an active C.P.A. license issued by the State of Florida. He held various professional positions over 25 years prior to entering academia. Contact email address [email protected].

1 Star2 Stars3 Stars4 Stars5 Stars (4 votes, average: 2.00 out of 5)

Leave a Reply

Your email address will not be published. Required fields are marked *