Risk is the effect of uncertainty on objectives. Enterprise Risk Management (ERM) is a successful business practice that has been utilized in the private sector for many years and is now being adopted into the Federal government (OMB Circular A-123). The focus of the ERM Program is to provide management with the tools and information necessary for informed decision-making at the organizational level. Risk Management is also an active process that requires participation from everyone at all levels to identify and manage risk.
The Enterprise Risk Management Office manages the NIST-wide Enterprise Risk Management (ERM) program and serves as a central resource for NIST project management efforts. It provides advice, assistance, and policy direction regarding integration of risk management and project management principles within the bureau, including processes for identification of significant risks to NIST and the Department of Commerce. The Enterprise Risk Management Office provides consultative support and analysis to NIST management on the implementation of Enterprise Risk Management, and technical and administrative support to the NIST Enterprise Risk Management Council. It also serves as the principle liaison and representative for NIST to the Department’s Office of Performance and Enterprise Risk Management (OPERM).
The NIST ERM Program mission is to build and maintain a robust and flexible ERM Program that will help identify, assess, mitigate and monitor risks to the NIST mission. ERM will also better inform management regarding an appropriate balance between risk and opportunity to assure that NIST is not missing out on valuable opportunities.
The ERM office will provide management with high quality risk management information with the goal of increasing the likelihood of NIST successfully achieving its mission objectives. For this objective to be successful, ERM must be integrated into management strategic planning and decision-making. Proactive and informed decision-making can also position NIST to be better prepared for adverse events. Outcomes can include improved customer service, reduced cost, allocation of limited resources where they are needed most as well as efficient and effective use of those resources, and more.
The core values of the ERM Program are: