Although DOI took steps toward building an ERM capability, we found that it was not fully implemented as required by OMB Circular A-123.
Open Recommendations
Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
---|---|---|---|---|---|
2023-ISP-036-01 | No | $0 | $0 | ||
We recommend that the DOI Secretary or designee establish a risk appetite as required in the Office of Management and Budget Circular No. A-123 and implement a process to ensure Departmentwide awareness of the risk appetite. | |||||
2023-ISP-036-02 | No | $0 | $0 | ||
We recommend that the DOI Deputy Secretary or designee implement a process to periodically reevaluate and adjust risk appetite and tolerance levels to meet DOI's needs in accordance with the Office of Management and Budget Circular No. A-123. | |||||
2023-ISP-036-03 | No | $0 | $0 | ||
We recommend that the DOI Deputy Secretary or designee create a comprehensive risk profile as required by the Office of Management and Budget Circular No. A-123 and ensure it is properly approved and incorporated into discussions for decision making. | |||||
2023-ISP-036-04 | No | $0 | $0 | ||
We recommend that the DOI Deputy Secretary or designee establish a risk management council or an equivalent governance system to direct and oversee the establishment of DOI's risk profiles, regularly assess risk, develop appropriate risk responses, and approve the updated risk profile annually. | |||||
2023-ISP-036-05 | No | $0 | $0 | ||
We recommend that the DOI Deputy Secretary or designee define the enterprise risk management roles and responsibilities for DOI's leadership at the executive, bureau, and office level and ensure those roles and responsibilities are clearly communicated. |