Implement an enterprise risk management maturity model approach by selecting an appropriate model, assessing current practices per the model, and making progress in advancing the model.
Questioned Costs
$0
Funds for Better Use
$0
Recommendation Status
Open
Source UUID
b0c6b927-c9fe-43c1-bdff-a33a408c5750-3
Recommendation Number
3
Additional Information
Agency Response Dated January 28, 2026: The revised federal guidance, Playbook: Enterprise Risk Management for the U.S. Federal Government, was issued by the OMB in November 2022 and included an unchanged Federal ERM Maturity Model, previously assessed in June 2020. The staff, with oversight by the PSAT, is selecting an appropriate model for the NRC, assessing current practices per the model, and developing an action plan with milestones to assess current practices and further advance the model.
Target Completion Date: December 31, 2026
OIG Analysis: The proposed actions meet the intent of this recommendation. The OIG will close this recommendation
after reviewing the agency’s ERM maturity model and verifying efforts to implement it.
Agency Response Dated July 25, 2025: The staff, with oversight by the PSAT, are selecting an appropriate model, assessing current practices per the model, and developing an action plan with milestones to assess current practices and further advance the model.
OIG Analysis: The proposed actions meet the intent of this recommendation. The OIG will close this recommendation
after reviewing the agency’s ERM maturity model and verifying efforts to implement it.
Agency Response Dated June 28, 2024: The revised Playbook: Enterprise Risk Management for the U.S. Federal Government guidance was issued by OMB in November 2022 and included an unchanged Federal ERM Maturity Model, previously assessed in June 2020. Staff will conduct a follow-up assessment using the Federal ERM Maturity Model and continue making progress with the implementation of this maturity model, including the development of an action plan with milestones to assess current practices and further advance the model. Target Completion Date: September 30, 2024
OIG Analysis: The proposed actions meet the recommendation’s intent. The OIG will close this recommendation after verifying the NRC’s adoption and implementation of an appropriate enterprise risk management maturity model by selecting an appropriate model, assessing current practices per the model, and making progress in advancing the model through the milestones in the maturity model action plan.
Status: Open: Resolved. The NRC staff anticipated that OMB would revise and issue its primary guidance document for maturity models by late 2021. To date, this guidance document has not been issued, and the staff has not been able to obtain a revised date for publication. However, the staff will use the one-page maturity model that OMB has already developed to draft and implement the NRC’s ERM maturity model. The implementation of this maturity model will include the development of an action plan with milestones to assess current practices and advance the model. Additional time to complete this item is necessary to facilitate further staff collaboration within the NRC. Target Completion Date: September 29, 2023.
Target Completion Date: December 31, 2026
OIG Analysis: The proposed actions meet the intent of this recommendation. The OIG will close this recommendation
after reviewing the agency’s ERM maturity model and verifying efforts to implement it.
Agency Response Dated July 25, 2025: The staff, with oversight by the PSAT, are selecting an appropriate model, assessing current practices per the model, and developing an action plan with milestones to assess current practices and further advance the model.
OIG Analysis: The proposed actions meet the intent of this recommendation. The OIG will close this recommendation
after reviewing the agency’s ERM maturity model and verifying efforts to implement it.
Agency Response Dated June 28, 2024: The revised Playbook: Enterprise Risk Management for the U.S. Federal Government guidance was issued by OMB in November 2022 and included an unchanged Federal ERM Maturity Model, previously assessed in June 2020. Staff will conduct a follow-up assessment using the Federal ERM Maturity Model and continue making progress with the implementation of this maturity model, including the development of an action plan with milestones to assess current practices and further advance the model. Target Completion Date: September 30, 2024
OIG Analysis: The proposed actions meet the recommendation’s intent. The OIG will close this recommendation after verifying the NRC’s adoption and implementation of an appropriate enterprise risk management maturity model by selecting an appropriate model, assessing current practices per the model, and making progress in advancing the model through the milestones in the maturity model action plan.
Status: Open: Resolved. The NRC staff anticipated that OMB would revise and issue its primary guidance document for maturity models by late 2021. To date, this guidance document has not been issued, and the staff has not been able to obtain a revised date for publication. However, the staff will use the one-page maturity model that OMB has already developed to draft and implement the NRC’s ERM maturity model. The implementation of this maturity model will include the development of an action plan with milestones to assess current practices and advance the model. Additional time to complete this item is necessary to facilitate further staff collaboration within the NRC. Target Completion Date: September 29, 2023.
Significant Recommendation
Yes