Work Item
ASTM WK77233

New Guide for Enterprise Risk Management and Resilience Integration

1. Scope

1 Scope 1.1 The purpose of this guide is to provide effective and reliable consultative guidance to assist governmental agencies at all levels and corporate, public, and private entities with developing comprehensive Enterprise Risk Management (ERM) plans. 1.2 This guide will help to increase the effectiveness and reliability of ERM plans in identifying, mitigating, and in some cases eliminating singular or multifaceted risks associated with both existing and future projected threats or vulnerabilities that those threats could exploit.

Keywords

References: GAO, Standards for Internal Control in the Federal Government (Green Book), ISO 31000 (Risk Management), ISO 9000:2015 (Quality Management Systems (QMS), and ISO - The Integrated Use of Management System Standards. OMB Circular A-11 for Strategic Reviews, OMB Circular A-119: Federal Participation in the Development and Use of Voluntary Consensus Standards and Conformity Assessment Activities and OMB Circular No. A-123, Managements Responsibility for Enterprise Risk Management and Internal Control.::

Rationale

Enterprise Risk Management (ERM) is an organizational process that allows management to identify, prioritize, and mitigate risks across a broader spectrum of activities than traditional risk management to evaluate the impact of risks that can adversely impact an organization's accomplishment mission/s. Subsequently, ERM provides the foundation for strategic-level decision-making across organizational departments and "silos" and eliminates the problems with existing silos in this regard. In addition to internal risks, ERM considers external risks, as well as a combination thereof, and external factors such as natural and economic failures, which could multiply the negative impacts associated with the risks. ERM and resilience integration allows management to identify risks that can adversely impact the effective administration of an agency, organizational, departmental, and workforce policies. Having an ERM guide means that agencies, organizations, departments, and workforce champions will be better positioned to promote and absorb ERM foresight and have a more effective decision-making framework and basis for making implementation-related decisions more effectively. Many organizations have multiple or separate continuity of operation strategies, succession, and risk mitigation plans which may not reflect ERM and resilience. As a result, the development of effective, comprehensive ERM plans would allow management to respond more quickly and effectively to address risks to an organization. Several methodologies exist for addressing risk management, but the distinction between and the applicability for enterprise-wide governance documents that reference voluntary consensus standards and conformity assessment, federal guidance, internal controls would benefit all stakeholders. It would be advantageous to have an ASTM standard guide that provides recommended practices for cooperation and coordination across organizations with respect to ERM and Resilience Integration for creating a more effective and consistent approach.

The title and scope are in draft form and are under development within this ASTM Committee.

Details

Developed by Subcommittee: E54.02

Committee: E54

Staff Manager: Kevin Shanahan

Work Item Status

Date Initiated: 06-08-2021

Technical Contact: John Bridges III

Item: 000

Ballot:

Status: