www.pwc.com/federalERM
Enterprise Risk Management in the Public Sector
2015 Survey Results
The 2015 survey is our inaugural survey performed in collaboration with the Association for Federal Enterprise Risk Management (AFERM). It is designed to provide Public Sector risk managers and leadership with perspective on ERM trends in the Government. Welcome Welcome to our inaugural survey on and in-person interviews to establish a Enterprise Risk Management (ERM) in deeper understanding of public sector > the Public Sector, a collaborative effort perspectives on risk management. between the Association for Federal While we feel that the participants Enterprise Risk Management (AFERM) provide a representative sample of and PwC. In undertaking this survey, Federal risk leaders, it is important to AFERM and PwC surveyed the public note that this sample may not represent sector risk management community to government risk authorities as a whole. collect information on the current state This report compiles the results of the of ERM in the government, and present survey and interviews to provide you the data and insight within this report. As with keen insight into the current state the recent and pending revisions to Office of risk management practices, and of Management and Budget (OMB) opportunities for future improvement. Circulars A-11, A-123, and other Federal As this effort matures each year, we guidance continue to evolve the Federal intend to expand our scope to include a risk and compliance landscape, an broader list of agencies and participants, expectation exists for agencies to assess and further promote the identification of and manage their risks in new and more emerging trends. rigorous ways. In addition, Government leaders are aligning their organizational Results structures to proactively identify and Federal risk leaders indicate that mitigate risks at the portfolio level. effective risk management is a necessity Several Federal Agencies are modifying and that ERM is widely recognized their internal governance and control as a growing best practice in the environments, and implementing ERM Federal government. Leaders across as a new practice. As ERM continues to the government anticipate that the grow in prominence in the public sector, amount of resources deployed in we recognize the need to understand support of ERM will increase in both current risk management capabilities in the near-term and the foreseeable government and engage Federal leaders future. Importantly, we also identify to identify trends, concerns, benefits, and that the successful implementation strategies to enhance risk management. and maturation of an ERM program in We intend that our survey will be an the Federal space requires the staunch ongoing, annual effort to gather and support and commitment of agency provide information to the public sector leadership. A common practice of risk management community and successful ERM programs is that they are government leaders. championed by executive leadership and often a risk-focused officer within the Scope organization; this enables risk innovators This inaugural survey includes input to break down organizational silos and from government officials working in encourages thoughtful risk analysis in risk and compliance leadership and major decision-making processes. You support roles at nearly 30 Federal will find additional insights and leading Departments, Agencies or Organizations. practices in the pages to follow. The survey consisted of a series of online Tom Stanton Brian Wodarski President Principal Association for Federal Public Sector Risk Consulting Leader Enterprise Risk Management
1 PwC Enterprise Risk Management in the Public Sector Contents
01 Welcome 03 Executive Summary 05 Survey Results 05 Theme 1: ERM is a growing priority in the Government
10 Theme 2: ERM enables Federal Agencies to better define and proactively respond to risks
12 Theme 3: Departments and agencies with ERM capabilities built dedicated programs and processes to effectively manage risk
15 Theme 4: Barriers continue to inhibit the implementation of ERM
17 Theme 5: Evolution of Technology to support ERM 19 About Us 20 Thank You 21 Survey Demographics 22 Contact Information
Enterprise Risk Management in the Public Sector PwC 2 Executive Summary
Executives across the Federal government resource limitations that will prevent and at quasi-governmental organizations the full implementation of robust ERM > recognize the need for proactive risk programs.Our report focuses on five management, including supporting key themes that represent the most tools, and best practices. AFERM defines significant findings from the survey ERM as a discipline that addresses the results. Each of the five themes is full spectrum of an organization’s risks, supported by a combination of survey including challenges and opportunities, findings and pertinent quotes from and integrates them into an enterprise- leaders across the public sector. wide, strategically-aligned portfolio view. ERM contributes to improved Report Themes decision-making and supports the 1. ERM is a growing priority in the achievement of an organization’s Government mission, goals, and objectives. Leaders The demand for ERM and relevant risk remain vigilant in achieving strategic management capabilities continues goals and implementing processes to to grow in the public sector. Our proactively identify risks that could respondents indicate that many of prevent or distract their organization their organizations are in the process from achieving mission objectives. While of implementing risk management commercial enterprises leverage mature programs, and those without formalized ERM programs resulting from decades processes are planning implementations of experience, the evidence shows that in the near future. Those surveyed risk management is still an emerging also indicate a strong demand for practice across the public sector. Our demonstrated organizational leadership survey respondents indicated (1) they and technology-based tools, as opposed believe that when ERM is properly to less formal functions. Respondents implemented, organizations realize also communicate a wide range of benefits and (2) that they expect the actual and perceived benefits from number of Federal agencies adopting ERM based on experience in their own ERM practices to continue to grow. agencies and interaction with others. Agencies that are not practicing ERM are However, many respondents share that beginning to consider opportunities to additional work is needed to support explore future implementations of ERM, full-scale implementation in order to yet they still communicate concerns take measured steps toward realizing the about organizational barriers and benefits of an effective ERM program.
3 PwC Enterprise Risk Management in the Public Sector 2. ERM enables Federal Agencies to 4. Barriers continue to inhibit the better define and proactively respond implementation of ERM to risks Survey respondents indicate a Our survey shows that agencies that combination of actual and perceived do not currently possess formal risk barriers that restrict their ability to management structures find it difficult to implement ERM functions, mature “We needed 18 months understand, quantify, and communicate their risk practices, and gain executive internally to incubate our the benefits of effective risk management backing within their organizations. Some techniques, as they attempt to articulate respondents state that it is difficult to risk management process. the case for ERM implementation. The build business cases to justify funding We utilized existing Working good news is that respondents with and implementing ERM programs within established risk management programs their organizations. Other respondents Groups, and only needed to indicate that their organizations realize indicate that they lack the executive buy- develop one new group. significant benefits, such as reduced in needed to achieve the benefits from duplicity of risk management and their investment. While these barriers Currently, we are working compliance efforts and existence of risk may exist, working to incorporate towards operationalizing a based indicators to support proactive risk management methodologies into process, not a one-time mitigation planning. decision-making processes and piloting 3. Departments and agencies with ERM ERM programs are both foundational exercise.” capabilities built dedicated programs steps to building a cornerstone of Andy Zino, and processes to effectively manage risk support. Smithsonian Survey respondents report that Federal 5. Evolution of Technology to support organizations with both a formal risk ERM management structure and/or ERM As risk management continues to program improve performance of their evolve, Federal risk leaders can leverage core capabilities and gain a deeper commercial leading practices and understanding of the compliance and advances in technology products in order mission risks facing their organizations. to reduce the financial commitment and With a strong, well-defined structure, ongoing maintenance costs of their ERM leaders are equipped to identify risks and compliance programs. Many of the and adjust organizational priorities survey respondents currently utilize a to enhance decision making efforts. variety of technologies to support their Organizations that possess a formal risk risk management programs, ranging management structure benefit from a from basic spreadsheets to custom portfolio view of risks and leverage the databases to advanced Governance, insight to help navigate the complexities Risk and Compliance (GRC) tools. of their mission. Agencies that already leverage GRC tools report that the effectiveness of their ERM programs benefit from increased efficiency and transparency of risk based information.
Enterprise Risk Management in the Public Sector PwC 4 Survey Results
Organizations that do not have formal Theme 1: ERM programs identify and manage risks > ERM is a growing priority in on an ad-hoc basis, and often in isolated, the Government uncoordinated processes throughout the organization. While these informal In recent years, changes in the Federal practices sustain some level of risk landscape, from shrinking budgets to awareness, a substantial opportunity “ERM will absolutely help us increased transparency, have resulted in remains for departments and agencies to achieve our mission. We are a shift in focus toward more robust risk implement proactive enterprise-wide risk management processes and technologies. management and oversight systems to currently in an immature A growing number of Federal promote mission effectiveness. Departments and Agencies initiated state, and we know that Enhancing the Perception of ERM the development of ERM programs to As many organizations are aware, risk building ERM into the improve upon legacy risk management can take on many forms. Organizations capabilities and to incorporate the budget process to support continue to evaluate their needs for consideration of risk into organizational effective risk management and the remediation will be huge. activities. While our survey shows that integration of ERM into their business a growing number of organizations are We plan to implement green processes. Although the results are working to incorporate risk management book requirements early, mixed, only 26% of respondents perceive practices into their daily operations, that their organization scores “well” or and then to build out our there are still many organizations “very well” in terms of understanding that have not formally adopted risk ERM framework.” effective management of a risk as a management programs. Bill Leibach, value-add or organizational advantage, Strengthening Risk Management a near majority (48%), deem that U.S. House of Representatives Although many organizations currently their organizations “acceptably” practice some form of risk management, understand risk management as a this year’s survey indicates that ERM value-add activity. The remainder (26%) remains a relatively new capability: 44% possess a less enthusiastic appraisal of respondents still do not have a formal of risk management’s value. Clearly, ERM program. However, among that an opportunity exists to enhance the minority group, 80% plan to develop an perception of ERM among the latter two ERM capability in the near future—more groups. specifically, almost all plan to implement within 5 years. Of those organizations that already practice ERM, 80% of respondents indicate their programs are five or fewer years old.
5 PwC Enterprise Risk Management in the Public Sector In addition, the survey respondents Interestingly, survey respondents do not identify the following as the top indicate strategic risk in their top five five perceived future risks to their current risk priorities, yet this category department or agency: is presented as the greatest perceived • Strategic Risk (56%) future risk: 56% of survey respondents forecast strategic risk among their top • Operational Risk (48%) three future areas of concern and report • Data Security / Privacy (48%) that strategic risk is managed the least • Reputational Risk (37%) at their department or agency. While • Financial / Reporting Risk (26%) the numbers illuminate that leaders are cognizant of this looming exposure, The survey indicates that 77% of 42% of respondents indicate that their respondents perceive their organizations organizations have not yet integrated are managing all organizational risk ERM with their strategic planning exposure areas at least “acceptably” (to processes. This is a significant gap include the top five risks listed above). that will need to be closed in order to The remaining 23% perceive their effectively manage this risk, and promote organizations are performing “poorly” the value of ERM programs. or “very poorly.” Despite mixed survey results, it is important to note that there is considerable room for enhancing the perception of risk management as organizations establish formal risk structures, become more aware of the benefits, and understand how incorporating leading practices enhances performance.
Figure 1: Identified gaps between current and future perceived risks
Enterprise Risk Management in the Public Sector PwC 6 Supporting Survey Questions Theme 1: > ERM is a growing priority in the Government
Q: Does your Department or Agency have a formal Enterprise Risk Management program?
Q: How long has your Department or Agency practiced enterprise risk management?
Q: If not currently practicing Enterprise Risk Management, does your Department or Agency plan to develop an ERM capability in the future?
Q: In what time frame does your Department or Agency plan to establish an ERM program?
Q: In the last 12 months, the budget for overall enterprise risk management activities has done which of the following at your Department or Agency?
7 PwC Enterprise Risk Management in the Public Sector Q: How do you rate how well your Department or Agency manages all areas of organizational risk exposure (strategic, financial, operational, compliance, reputational, etc.)?
Q: What risks are focused on and managed the MOST at your Department or Agency?
Q: What risks are focused on and managed the LEAST at your Department or Agency?
Enterprise Risk Management in the Public Sector PwC 8 Q: Please select the top three areas in terms of CURRENT perceived level of risk to your organization.
Q: Please select the top three areas in terms of FUTURE perceived level of risk to your organization.
Q: To what extent has your Department or Agency integrated ERM into strategic planning?
9 PwC Enterprise Risk Management in the Public Sector Enhancing Mission Support and Organizational Objectives The vast majority of respondents (82%) believe the implementation of an ERM program enhances their Theme 2: organization’s ability to meet mission goals and objectives. While the majority > ERM enables Federal of respondents indicate that an ERM Agencies to better define and program delivers departments and proactively respond to risks agencies value, many note ERM is in its The perceived value of ERM infancy within Federal organizations programs continues to evolve as more and they expect to realize future benefits organizations commit to implementing such as preventing a significant negative formalized ERM programs and current event from occurring, and being able risk management programs mature. to proactively respond to major issues While some Federal organizations in a more timely manner. One specific “[My organization is] better continue to struggle to define and benefit of an ERM program noted by respondents is the integration of risk at implementing major identify their risks, industry leaders are maturing their risk management considerations into decision-making programs because of ERM. programs within their organizations. By processes—an organizational practice infrequently applied within the Federal The questions that doing so, these organizations build the capacity to quickly identify emerging sector. In fact, only 8% of survey leadership asks [are more risks to their enterprise and, in some participants believe their organization insightful] and the cases, develop robust mitigation has achieved a high level of integration strategies. A common theme among of risk factors into the strategic planning expectations of senior the survey participants is a desire to functions. management are higher improve organizational risk management now. They are better able to processes to better identify and manage risks. deal with the complexity [of Perceived Benefits of ERM 82% our initiatives].” To gain a general sense of why The vast majority of respondents organizations plan to increase the (82%) believe the implementation Executive, implementation of ERM programs, it of an ERM program enhances Federal Agency helps to understand the benefits of a developed program. When asked to their organization’s ability to meet identify the benefits since establishing an mission goals and objectives. ERM program, 41% of respondents cite enhanced management decision making, and 35% experience reduced duplicity Respondents consistently state that in risk assessments and compliance once organizations implement an activities. One respondent anticipates ERM program, they will be better that ERM “would provide a strategic level suited to manage and respond in a of oversight for decision-making that coordinated approach that aligns the does not exist today.” The survey results organizational risk appetite with actions demonstrate that incorporating a risk of the organization. Organizational perspective into strategic organizational stakeholders conceptually recognize planning is a valuable benefit of an ERM the benefits an ERM program provides, program, largely due to elevating risk yet the majority of their departments concerns early in the planning process. and agencies struggle to identify and Also noted are that additional benefits tailor their risk needs to best support are realized as ERM programs evolve achievement of their agency goals and as organizations mature, develop new objectives. processes, establish leadership roles, and define functional responsibilities.
Enterprise Risk Management in the Public Sector PwC 10 Supporting Survey Questions Theme 2: > ERM enables Federal Agencies to better define and proactively respond to risks
Q: Which of the following titles best describes the person responsible for your Department or Agency’s Enterprise Risk Management program?
Q: Since developing an Enterprise Risk Management program, has your Department or Agency realized the following benefits from the ERM program? (may select more than one)
Q: How do you rate how well your Department or Agency evaluates the risk portfolio in the context of all significant internal and external environments, systems, circumstances, and stakeholders?
Q: How do you rate how well your Department or Agency views the effective management of risk as a value add / organizational advantage?
11 PwC Enterprise Risk Management in the Public Sector ERM programs and accountability Theme 3: structures enable leaders to identify > Departments and agencies these relationships that may create with ERM capabilities built intolerable pools of risk. dedicated programs and With a focus on effective risk management decisions, a growing processes to effectively number of organizations are adopting manage risk risk structures and frameworks to “We are in the infancy stages Our survey shows that the majority of provide senior leadership with the organizations plan to establish an ERM resources to make informed decisions of implementing our ERM program within the next five years. Many for their organizations. Respondents program. There is respondents agree that along with the note that by establishing an ERM implementation of an ERM program, it structure, organizational stakeholders significant support for this is essential to establish an organizational possess the ability to improve upon initiative from some, but not structure to incentivize the effective core competencies, proactively identify management and reporting of risk. risk concerns, and identify measures to all, of the key stakeholders. By having a structure with leadership mitigate risks. Once fully implemented, we roles and operational responsibilities Leveraging Industry Standards anticipate a better in place, departments and agencies are Across the government, organizations are more capable of proactively managing leveraging industry standards to manage understanding of our risks and are able to make risk based their risk management programs: 60% operations with a focus on decisions to mitigate their organizational of all respondents state they utilize the exposure. risk management.” COSO and/or ISO 31000 frameworks Creating Organizational Structure to implement ERM methodologies. Salim Mawani, Organizational structure and resource Respondents note that leveraging Smithsonian alignment is the cornerstone of an an established industry framework effective ERM program. Though ERM assists with defending the legitimacy programs exist in a variety of contexts and structure of their ERM function. and organizational structures, one It was also noted that these industry “Once all the supporting common theme (83% of respondents) frameworks help to provide a common is that programs have dedicated central vocabulary for risk that can be used components of a risk resources: 41% have a centralized across their organization. management program are in leadership structure with dedicated, centralized, risk-focused resources, and place, (e.g., reporting tool, another 42% have central resources policies and procedures, supplemented by remote resources governance, etc.), then I can embedded in the business lines. However, despite the prevalence of focus more on actually dedicated, central resources, only 36% managing risks.” of organizations have identified an official (or CRO) who is responsible for Executive, monitoring risks to mission-essential Federal Agency functions and activities. Survey respondents are generally satisfied with their organization’s efforts to embed risk management as a component in critical decisions; 77% report to be at least “acceptably” satisfied. However, some respondents report dissatisfaction regarding their organization’s ability to recognize relationships between individual risks across the organization, thereby understating the potential impact of a given risk. Well-designed and managed
Enterprise Risk Management in the Public Sector PwC 12 Supporting Survey Questions Theme 3: > Departments and agencies with ERM capabilities built dedicated programs and processes to effectively manage risk
Q: How do you rate how well your Department or Agency prioritizes and manages those exposures as an interrelated risk portfolio rather than as individual “silos”?
Q: How do you rate how well your Department or Agency recognizes relationships between individual risks across the organization that may create a combined exposure that differs from the sum of the individual risks?
13 PwC Enterprise Risk Management in the Public Sector Q: Which of the following best describes the enterprise risk management structure in your Department or Agency?
Q: Which industry standard for risk management does your Department or Agency predominately follow?
Q: Which industry standard for risk management are you aware of?
Enterprise Risk Management in the Public Sector PwC 14 Overcoming the Lack of a Federal Theme 4: Requirement > Barriers continue to inhibit Respondents note that organizations that the implementation of ERM have made the appropriate investments are beginning to realize the benefits This year’s survey provides insight “OMB needs to drive any of successful ERM programs, yet there into the barriers many organizations is still more work to be done. Several enterprise-wide ERM effort. face, which may hinder or prevent the respondents noted that the lack of a [ERM] would essentially be successful implementation of ERM Federal requirement for ERM continues programs. Understanding ERM barriers to hamper their ability to get appropriate another unfunded mandate across the public sector allows risk funding and buy-in within their (like the implementation of leaders to tailor their messaging and organization. Perhaps only by mandate strategic planning processes to take Appendix A), but the will departments and agencies possess these issues head on—working with the political capital and resources to agencies will not act unless organizational leaders to establish procure, implement, and maintain a compelled to do so.” appropriate risk management structures, formal ERM program. Understanding processes, and resources. the current fiscal climate, 50% of Project Manager, In light of the findings from the survey, respondents agree that there would need Federal Government organizations consider the following to be an OMB circular or other mandate four key barriers to be a particular in order to influence their senior hindrance to their department or agency leadership to adopt an ERM program. “To gain senior leaders’ establishing a formal ERM program. Building a Business Case for ERM Bridging Organization Silos Finally, it is noteworthy that 14% support for the development A majority (57%) of the respondents of respondents identify the lack of of an ERM program, we need indicate the largest barrier to their a business case as a barrier to their to provide them a few organization’s establishment of a department or agency establishing an formal ERM program is siloed data, ERM program. Building a strong business examples from the many decision-making, and risk management. case and obtaining executive-level buy-in risk management success It is important to note that many support are often complementary, and organizations currently use separate organizations must consider the wide stories; demonstrating the processes that enable risk management range of benefits of ERM in relation to ERM value proposition, as it from various functional perspectives. the investment. One respondent noted relates to time and cost While this provides some benefits, that this could be due to the fact that effective ERM requires collaboration organizations continue to struggle with associated with and communication across the the concept of measuring deterrence, or implementing ERM.” organization. Looking forward, 23% the prevention of negative events. While of respondents also report that these some of this can be attributed to the Honorable Robert M. Speer, silos will be a continuing inhibitor to relative immaturity of ERM programs Assistant Secretary of the Army, their organization’s establishment of an in the public sector, 0% of respondents effective ERM program. noted a case where ERM contributed Financial Management and Obtaining Executive-Level Support to the prevention of a significant Comptroller (ASA (FM&C)) The survey finds that 23% of respondents negative event from occurring, or when consider the lack of executive-level buy- ERM enabled a recovery from a loss in and support a major inhibitor to their or outage in a more timely manner. department or agency’s establishment Until these high-visibility, catastrophic of an ERM program. As with any major events are experienced, ERM may initiative, leadership buy-in is an struggle to gain legitimacy across all essential component to driving successful Federal organizations. In fact, 42% of change. Effective ERM implementation respondents indicate that a significant is enabled through executive-level buy- risk event, data breach, or crisis would in that promotes investment in tools strongly influence leadership to adopt and talent, and fosters integration with formal ERM within their organization. business processes and strategic decision making.
15 PwC Enterprise Risk Management in the Public Sector Supporting Survey Questions Theme 4: > Barriers continue to inhibit the implementation of ERM
Q: How many full time equivalents (including contractor support) are working in the enterprise risk management function?
Q: Which of the following would strongly influence senior leadership at your Department or Agency to adopt a formal ERM program?
Q: What has been the biggest barrier to your Department or Agency establishing a formal ERM program?
Q: Please select the top three improvements your Department or Agency could make to address CURRENT and FUTURE risks?
Enterprise Risk Management in the Public Sector PwC 16 assessments, monitoring and reporting, Theme 5: testing, reviewing, and auditing. Many > Evolution of Technology to respondents indicate they look to using support ERM an enterprise GRC technology solution in effort to integrate disparate stakeholders Organizations are currently leveraging a and inform leaders on the agency’s risk wide array of tools and technologies to performance. support their risk management programs Achieving Organizational Benefits ranging from basic spreadsheets Survey participants with an established to custom databases to advanced “We plan to utilize a GRC technology-enabled ERM program Governance, Risk and Compliance (GRC) indicate realization of a number of SharePoint solution in the tools. Many respondents note that GRC benefits. Perhaps the greatest benefit technology will assist in making their near-term, although we is improved reporting to support risk management responsibilities easier risk management programs (50% would eventually like to by providing complete and timely data to of respondents). Other notable GRC consider a Governance Risk support complex decision making, and to technology benefits include reduction help them manage organizational risks. and Compliance, of manual efforts (38%) and improved Although leveraging GRC technology communications and connectivity (25%). commercial-off-the-shelf to automate manual processes and Agencies that leverage GRC technology reporting is not a new concept, type tool in the longer term.” to automate their risk management acquisition of GRC technology to support processes and reporting also cite ERM Officer, ERM or other risk and compliance enhanced data integrity and reliability, programs continues to lag, with many National Institute of and greater oversight capability. organizations relying on basic technology Standards & Technology These benefits result from effective such as Excel, SharePoint, Access, and risk management—incorporating a other Microsoft Office-based software framework to elevate risk considerations, programs. review vulnerabilities, and establish As private sector organizations mitigation efforts in the strategic discovered in the recent history of planning process. their risk and compliance management Leveraging GRC Technology programs, agencies are finding they Twenty-eight percent (28%) of exhaust the functionality of these more respondents indicate their agencies are manual solutions. As ERM programs gain “Data intelligence would leveraging GRC technology to automate wider acceptance, they need more robust their risk management processes and provide the needed technology solutions that offer flexible reporting. However, the majority of workflow, survey, analytics and reporting information to prioritize, agencies have not yet invested in GRC capabilities across the enterprise. standardize, monitor, and technology and rely on a combination of Automating Risk Management become resilient to events.” Microsoft Office products and manual Agencies leverage GRC technologies to processes for risk assessments, data Executive, advance the effectiveness of their ERM compilation, analysis, monitoring, programs and increase engagement Federal Agency and reporting. While technology can across the enterprise. The capabilities help accelerate risk management and and benefits of automating processes decision making, long-term sustainment and reporting with GRC technology of these programs is largely dependent directly support risk and compliance on executive management support and management activities in which formal organizational risk processes. agencies intend to advance efforts in the coming year, including conducting
17 PwC Enterprise Risk Management in the Public Sector Supporting Survey Questions Theme 5: > Evolution of Technology to support ERM
Q: Which of the following best describes the technology used to capture / assess / report risk information at your Department or Agency?
Q: What benefits or returns has your Department or Agency realized from its eGRC tools? (as many as apply)
Q: What benefits or returns do you anticipate your Department or Agency might realize from implementing eGRC tools?
Enterprise Risk Management in the Public Sector PwC 18 About Us
AFERM AFERM is a community of practice dedicated to the advancement of Enterprise Risk Management (ERM) in the federal government through thought leadership, education and collaboration. AFERM provides programs and education about benefits, tools and leading practices of federal ERM and collaborates with other organizations and stakeholders to encourage the establishment of ERM in Federal Departments and Agencies.
PwC PwC helps organizations and individuals create the value they’re looking for. We’re a network of firms in 157 countries with more than 195,000 people who are committed to delivering quality in assurance, tax and advisory services. Find out more and tell us what matters to you by visiting www.pwc.com.
Award-Winning Excellence In 2014, PwC’s Public Sector became the first large professional services firm ever > to receive the nation’s highest Presidential honor for quality - the Malcolm Baldrige National Quality Award. The Baldrige Award was established by Congress to recognize organizations for performance excellence through innovation, improvement and visionary leadership. Winning the award demonstrates PwC Public Sector’s unparalleled commitment to quality and continuous improvement, which is embedded in everything we do and has enabled us to provide exemplary service to our Government clients.
19 PwC Enterprise Risk Management in the Public Sector Thanks
This survey report is the product of a collaborative effort between the AFERM and PwC. We extend our gratitude to the respondents, both online survey and our personal interviews. Our analysis and reporting would not be possible without your time and candid input.
If you have any questions about the results presented in this report, please do not hesitate to contact us using the information below.
Contributors
AFERM PwC www.AFERM.org www.pwc.com
Jay Ahuja Jerrod Baldwin [email protected] [email protected] Todd Grams Marc Brickhouse [email protected] [email protected] Sallyanne Harper Philip Dittmer [email protected] [email protected] Allen Runnels Jeffrey Poczatek [email protected] [email protected] Tom Stanton Shelly Turner [email protected] [email protected] Doug Webster Bryon Vincent [email protected] [email protected]
Creative: Angela D’Agostino Christina Vanecek
Enterprise Risk Management in the Public Sector PwC 20 Survey Demographics
Q: What is your role? Please select the most relevant role to you based on the options provided below.
Q: How many years have you served in this role?
Q: Please indicate the size of your Department or Agency, by number of employees.
Q: What is the total annual budget for enterprise risk management activities across your Department or Agency?
21 PwC Enterprise Risk Management in the Public Sector Contacts
For more information, please contact: Tom Stanton Brian Wodarski President Principal Association for Federal Enterprise Public Sector Risk Consulting Leader Risk Management [email protected] [email protected] (703) 918-1590 (202) 965-2200
Enterprise Risk Management in the Public Sector PwC 22 www.pwc.com/publicsector
© 2015 PwC. All rights reserved. “PwC” and “PwC US” refers to PricewaterhouseCoopers Public Sector LLP, a Delaware limited liability partnership, which is a member firm of PricewaterhouseCoopers International Limited, each member firm of which is a separate legal entity. This document is for general information purposes only, and should not be used as a substitute for consultation with professional advisors. PSP-043r_WP ERM-SR_2015