The IT Law Wiki
The IT Law Wiki

Citation[]

Office of Management and Budget, Management's Responsibility for Enterprise Risk Management and Internal Control (OMB Memorandum M-16-17) (July 15, 2016) (full-text).

Overview[]

The Administration has emphasized the importance of having appropriate risk management processes and systems to identify challenges early, to bring them to the attention of Agency leadership, and to develop solutions. To that end, the Office of Management and Budget (OMB) is updating this Circular to ensure Federal managers are effectively managing risks an Agency faces toward achieving its strategic objectives and arising from its activities and operations. These expanded responsibilities reinforce the purposes of the Federal Managers' Financial Integrity Act (FMFIA) and the Government Performance and Results Act Modernization Act (GPRAMA), and support the Administration's commitment to improve the efficiency and effectiveness of Government.

Since 1981, OMB Circular No. A-123 (A-123) and FMFIA have been at the center of Federal requirements to improve accountability in Federal programs and operations. Over the years, government operations have changed dramatically, becoming increasingly complex and driven by changes in technology. At the same time, resources are constrained and stakeholders expect greater program integrity, efficiency and transparency into government operations.

The policy changes in this Circular modernize existing efforts by requiring agencies to implement an Enterprise Risk Management (ERM) capability coordinated with the strategic planning and strategic review process established by GPRAMA, and the internal control processes required by FMFIA and Government Accountability Office (GAO)'s Green Book. This integrated governance structure will improve mission delivery, reduce costs, and focus corrective actions towards key risks. Implementation of this policy will engage all agency management, beyond the traditional ownership of OMB Circular No. A-123 by the Chief Financial Officer community. In particular, it will require leadership from the agency Chief Operating Officer and Performance Improvement Officer, and close collaboration across all agency mission and mission-support functions.