The U.S. Department of the Interior Should Take Action to Fully Implement Its Enterprise Risk Management Capability

Date Issued

Wednesday, December 4, 2024

Submitting OIG

Department of the Interior OIG

Agencies Reviewed/Investigated

Department of the Interior

Components

Departmentwide

Report Number

2023-ISP-036

Report Description

Although DOI took steps toward building an ERM capability, we found that it was not fully implemented as required by OMB Circular A-123.

Report Type

Inspection / Evaluation

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Report updated under NDAA 5274

External Link

Open Recommendations

This report has 5 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
2023-ISP-036-01	No	$0	$0
We recommend that the DOI Secretary or designee establish a risk appetite as required in the Office of Management and Budget Circular No. A-123 and implement a process to ensure Departmentwide awareness of the risk appetite.
2023-ISP-036-02	No	$0	$0
We recommend that the DOI Deputy Secretary or designee implement a process to periodically reevaluate and adjust risk appetite and tolerance levels to meet DOI's needs in accordance with the Office of Management and Budget Circular No. A-123.
2023-ISP-036-03	No	$0	$0
We recommend that the DOI Deputy Secretary or designee create a comprehensive risk profile as required by the Office of Management and Budget Circular No. A-123 and ensure it is properly approved and incorporated into discussions for decision making.
2023-ISP-036-04	No	$0	$0
We recommend that the DOI Deputy Secretary or designee establish a risk management council or an equivalent governance system to direct and oversee the establishment of DOI's risk profiles, regularly assess risk, develop appropriate risk responses, and approve the updated risk profile annually.
2023-ISP-036-05	No	$0	$0
We recommend that the DOI Deputy Secretary or designee define the enterprise risk management roles and responsibilities for DOI's leadership at the executive, bureau, and office level and ensure those roles and responsibilities are clearly communicated.