by Marty Benison, Industry Executive Director for State and Local Government, Oracle
While the move to “Software as a Service” (SaaS) started prior to the pandemic, it accelerated when citizens needed to continue to do business with governments at all levels, but now they’ have to do so remotely. This digital transformation is now ingrained in the fabric of most government organizations and is here to stay. This is good news. Moving systems to SaaS subscription models, taking advantage of artificial intelligence, robotics and the Internet has allowed government organizations to remain productive and is now positioning all facets of the public sector to better deal with the loss of millions of workers through retirement that is underway. While risk mitigation strategy discussions have long been a standard part of strategic processes for state and local governments, it is important to recognize that digital transformations bring with it new risks and require a fresh look at mitigation strategies. A recent Route Fifty column, (by Katherine Barrett and Richard Greene), documents not only the financial consequences of government fraud but the loss of trust. When I was comptroller of Massachusetts, I frequently cautioned my team that reputations in government are hard earned but quickly destroyed. As their article points out, this reputational damage can quickly spread beyond one individual to a government as a whole. The good news is that with these new technologies comes the opportunity to implement an Enterprise Risk Management system (ERM) which can help offset the chances of a government’s suddenly being publicized as the victim of a fiscal fraud. But what is ERM and what are the benefits of ERM? What Is Enterprise Risk Management? Enterprise Risk Management is a process that helps an organization to achieve its mission or the strategic goals that make up the overall mission without being derailed by the negative impacts of risk events such as internal and external fraud, cybercrime, or natural disaster. Left unmanaged, these events can prevent the organization from achieving its strategic goals. Implementing an ERM system will help to better prepare for risk events and when they do occur, ERM can help to limit their impact on government services. Keys To a Successful ERM Implementation There are a number of factors that will impact the success of an ERM implementation. These include:
Ensuring that top leadership are fully behind the project
Choosing a high-quality Enterprise Resource Planning system that has an embedded Enterprise Risk Management platform
Ensuring that staff see the ERM as a program that is easy and aids success, not one that adds work or aims to apportion blame
Creating a culture that encourages and rewards the identification of risks and a transparent and balanced approach to risk acceptance or mitigation
Ensuring that these factors are in place before implementing an ERM framework will help to increase the success of the program. The Benefits of Enterprise Risk Management Implementing an ERM program can provide a wide range of benefits for state agencies, which can include both qualitative and/or quantitative benefits.
Creation of a more risk focused culture When management increases the focus on risk, it results in more discussion about risk at all levels of the agency. This in turn means that risks are identified more easily and managed more effectively. Staff become more open to sharing risk information, which leads to better decision making around risk at all levels of management.
Security and compliance are improved Ensuring that the agency’s Enterprise Risk Management application is well designed and well maintained helps to future-proof the security of the agency. This is vital to helping ensure that state agency systems remain protected against rapidly evolving cyber-attacks and unauthorized financial transactions. Choosing an ERM framework with automated controls will allow state agency management to access real-time evidence, making the compliance and audit process more efficient.
Efficient resource usage State agencies without an ERM system may need to employ large numbers of people to manage and report risk on a day-to-day basis. Implementing ERM doesn’t entirely replace the need for this, but it can improve the efficiency of state government services by allowing critical risk management functions to be carried out consistently. When the ERM system is embedded in an ERP system, monitoring of moderate risks can be mostly automated. Processes can be streamlined and eliminating redundant processes in this way allows resources to be used more efficiently. Audit samples can be replaced with 100% real time audit for risk transactions.
Improved perspective on risk ERM systems provide key metrics and measurements that assist the monitoring of risk vulnerabilities as they develop. Being able to track changes in this way allows early identification of changes to the agency’s risk profile, providing an early warning system for potential risk events. The data generated by the Enterprise Risk Management tools also empowers state agencies to make better risk-aware decisions.
Standardized risk analysis and ERM reporting ERM provides a variety of data including the status of key risk indicators, emerging risks, and mitigation strategies. ERM risk reporting is quick, flexible, and detailed, which allows state agency leadership to develop a better understanding of the agency’s risk profile, thresholds, and tolerances. This in turn gives a better framework for evaluating risk, allowing better decision making at all levels of management. It will also vastly simplify compliance and audit storing all the current risk and mitigations in a single up to date format.
Implementing a state level ERM framework can lead to better management of risk, which has many clear benefits, including empowering employees to take a more positive and proactive attitude to risk identification and mitigation. Will any technology eliminate all risks? Or course not. But, as the old saying goes, “the perfect is the enemy of the good.” The contents of this guest column reflect those of the authors and not necessarily those of Barrett and Greene, Inc. #PerformanceManagement #StateandLocalDigitalTransformation #PublicSectorFraud #GovernmentTrust #TrustinGovernment #GovernmentFraud #EnterpriseRiskManagement #StateandLocalGovernmentTransparency #RiskFocusedCulture #StateGovernmentEfficiency #PerformanceMeasurement #RiskManagement #StateandLocalGovernment #Cybercrime #Oracle #MartyBenison #SofwareasaService #RouteFifty #StateofMassachusetts #StateandLocalGovernmentLeadership #StateandLocalGovernmentFraud