Nine Principles of a Risk Intelligent Enterprise
A risk management framework for Federal agencies
In some commercial sectors, enterprise risk management has been around for nearly two decades. Federal agencies, which share a similarly high degree of sophistication, are adopting risk management systems and methodologies to address growing internal and external pressures—from continued budget pressures to changing constituent demands.
In our experience serving large, complex organizations across the public and private sector, Deloitte has learned that, when adopted, a common set of nine principles can help improve an organization’s risk management by enabling them to:
- Address the full spectrum of risks in areas such as mission, strategy, planning, operations, finance, and governance, among others
- Acknowledge the risk management needs of specific stakeholders, departments and functions, while looking across organizational “silos”
- Consider the causes of, and interactions among, various risks and the potential impacts of multiple concurrent threats or events
- Create common terms and metrics for risk, and develop a culture in which people consider risk in every activity
- Support risk taking to enhance mission success, rather than adopting an excessively risk-averse posture
- Employ risk-based methods of decision making, particularly when allocating human, financial, technological, and other resources
As used in this document, “Deloitte” means Deloitte & Touche LLP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.