Following the Office of Management and Budget's update to Circular A-123 this week, the government has rolled out a guide for federal agencies to assess their risk in meeting the new requirements.
Circular A-123 provides agencies with guidelines for managing their information technology resources. OMB's July 27 update provided more guidance on cybersecurity updates and IT standards.
The Chief Financial Officers Council and the Performance Improvement Council-authored "Playbook: Enterprise Risk Management for the U.S. Federal Government" lays out principles and plans to help agencies navigate their risk while making the required IT upgrades.
Related: Read the playbook
"This Playbook is intended to assist Federal managers by identifying the objectives of a strong ERM process, suggesting questions agencies should consider in establishing or reviewing their approaches to ERM, and offering examples of best practices," the book said.
Enterprise Risk Management embraces the business discipline of recognizing objectives and identifying their possible impacts when implemented. The playbook lays out ERM strategies and implementations to help agency players identify their opportunities and threats as they upgrade their IT systems.
White House officials have been pushing for broader use of ERM principles as a way for agencies to help assess risk in their mission goals, with Circular A-123 now requiring them to develop ERM capabilities.
The playbook game lays out how to set up those capabilities, including seven steps to set up an ERM model, the so-called "pitfalls" of its implementation and how to determine an agency's risk appetite—the level of risk acceptable for an agency to achieve its objective.
The playbook's authors are quick to point out that the report is not a catch-all of ERM implementation, which is unique to each agency, but provides a step-by-step plan for how stakeholders can get started with can started.
More information about the playbook can be found on the CFO website.