Integrated Risk Management (IRM) in Government
IRM & GRC
Introduction: The Public Sector Governance Model
The public service governance model is centred on serving the public interest rather than being driven by profit or “the bottom line”. Integrated Risk Management (IRM) practices are increasingly being recognized as a core element of effective and efficient public administration.
A high-performance IRM program goes even further; weaving the proactive management of cyber, operational and business risks into the very fabric of organizational decision making.
As an executive function, IRM is much more than a collection of defensive tactics. Decisions made or declined on the strength of “gut feelings” give way to structured deliberations and the IRM program becomes a strategic business enabler – a transparent, auditable process for weighing the benefits in every opportunity against the risks each presents to the organization.
A solid IRM program requires cross-functional collaboration that can drive a shared language and harmonized metrics to help break down risk management siloes and ensure that every decision considers the costs and benefits to every operational function that may be affected.
For example, in support of Digital Transformation in government, there has been a shift to cloud services. While this shift may be seen as a new and innovative way of doing business, it is not without its risks. Between the third-party cloud service provider and the government policymakers, there are many challenges involved in getting these services delivered to the government, whose goal is ultimately to serve Canadians in a timely, effective and efficient manner.
Finding ways for government departments to work together for the overall success of Digital Transformation is key. Being able to effectively identify risks and navigate the journey of governance, risk and compliance as a whole can make or break the success of service delivery.
Public Sector Innovation
Although governments are not subjected to the same market pressures that drive innovation in business, the public sector nonetheless must answer to increasing public pressure to “do better with less” and transform its operations and organizational culture, accordingly, to accommodate demands for fiscal restraint and service value.
There are many opportunities for the public service to benefit from private sector insights and approaches to risk management and a culture of innovation which includes:
|IT||Protection of sensitive data and personal information on networks and systems, cybersecurity capabilities, information sharing|
|Legal||Document retention, contract management, compliance|
|Executive Offices & Communications||Better decision making; promotion, organizational change support, communication of success stories and lessons learned|
|HR||Performance measurement, culture change, employee engagement, employee-driven (vs. top down) innovation|
In the past two decades, private-sector concepts like innovation have gradually become part of the public service lexicon. The Government of Canada, with its long-standing history of innovation, has in recent years made a digital shift to becoming more agile, open, and user-focused. Their journey of digital transformation and service improvements through innovation is well documented here.
GRC/IRM for the Public Sector
Since 2006, Iceberg Networks has helped federal government, local municipalities, and other public sector organizations plan, deploy, and support successful implementations of Governance, Risk Management & Compliance (GRC) solutions.
GRC is also referred to as Enterprise Risk Management (ERM) or Integrated Risk Management (IRM) within some government departments. Regardless of the naming conventions, our full lifecycle of services includes executive workshops, implementation and integration, and support services tailored specifically for the unique requirements of government agencies and departments.
Iceberg Networks helps government to automate processes and procedures and implement the necessary tools to find efficiencies at all levels of the organization.
Recent Iceberg Networks projects include:
- SA&A solution for Canadian Federal Government
- Entity Models for Government wide integrated risk management programs
- Regulatory Compliance Management for a provincial agency in Ontario
- Audit and IT risk for a major provincial health care department
- SecOps deployment for a large municipality in Western Canada
- GRC Visioning workshop delivered to a major a provincial government department
- Solution for Privacy Impact Assessments (PIAs) deployed for several major health care facilities
Iceberg Networks’ partnership with RSA Archer offers overall risk management solutions for the public sector through its integrated “people, process and technology” approach. We provide significant return on investment by saving labour hours, reducing software license and training costs, increasing productivity, reducing risks and incidents, and bringing information architecture into an improved, common culture through better data sharing and the use of a common taxonomy and workflow.