Calculated Risks

With the recent update of Circular A-123 by the government’s Office of Management and Budget, new agency guidelines have been provided to agencies for the management of information technologies, with particular reference to cybersecurity updates and IT standards, according to Federal Times.

Working in support of risk management during these update processes, a set of plans and principles have also been released, titled "Playbook: Enterprise Risk Management for the U.S. Federal Government." Authored by the Financial Officers Council and the Performance Improvement Council, this document "is intended to assist Federal managers by identifying the objectives of a strong ERM process, suggesting questions agencies should consider in establishing or reviewing their approaches to ERM, and offering examples of best practices."

With Circular A-123 now requiring the development of Enterprise Risk Management (ERM) capabilities, this playbook provides guidelines as to how to set up these capabilities, including considerations such as the level of risk an agency can consider to be acceptable while pursuing its objectives.