Skip to main content

Identifying and Minimizing Risks to Prevent Critical Incidents

Back to the news

  • Published on: March 1, 2021

How do you gauge risk? Taking action is often seen as a risky move. But often, not taking action is riskier. And that’s the intent behind the Office of Information and Technology’s (OIT) concerted effort to formalize enterprise risk management (ERM).

Enterprise risk is, in short, a potential loss, harm, or missed opportunity that significantly compromises OIT’s ability to achieve our mission, strategic goals, and objectives. ERM takes a holistic and predictive approach, utilizing a multi-dimensional assessment that is broadly focused and continuous. It analyzes and aggregates risks and determines impacts and risk responses across the entire OIT enterprise. By contrast, traditional risk management is often fragmented, one-dimensional, narrowly-focused, and manages risks one by one, within one division.

Risk management is just one component of OIT’s strategic and operational goals, along with strategic and operational planning, performance management, and internal controls. The ERM will increase our ability to address risks that impact the quality of the Veteran experience in interacting with VA, the public’s trust in the Department, and our compliance with applicable laws, regulations, standards, and directives.

Besides fostering a risk management culture at OIT, what are the goals of ERM formalization?

  • Accurate, consistent, complete, and timely risk reporting and messaging to VA and other government agencies.
  • Predictable and consistent participation by all OIT Divisions.
  • Risk escalation and aggregation to inform governance and decision-making.
  • Formal support and consistent messaging for risk owners and stakeholders.
  • Delivery of an effective and efficient ERM program with little or no additional funding required.

The Enterprise Risk Management Working Group, created by OIT’s first ERM Directive (VA Directive 0054) and chartered by the OIT Standards and Architecture Council, is charged with:

  • Fixing accountability
  • Providing transparency
  • Building trust
  • Anticipating risks
  • Cultivating leadership confidence
  • Creating efficiencies

The Chief Risk Officer oversees these policies to provide executive leadership, direction, management, and execution to OIT’s ERM program. The Chief Risk Officer will lead a five-phase cycle for each enterprise risk. The phases are:

  1. Identifying risks.
  2. Assessing risks and approving oversight.
  3. Developing a response plan.
  4. Implementing and measuring the response plan.
  5. Monitoring and validating progress.

The new ERM Program not only supports OIT’s commitment to accountability and transparency but also helps VA operate more safely, efficiently, and effectively to meet its primary directive of supporting Veterans and their families.

Our commitment to digital and IT transformation is shaped by daily dedication to customer service and the close collaboration of our workforce, managers, and leaders. Ready to join us in improving Veterans’ care? Check out all current information and technology career opportunities on DigitalVA. You can also contact VA’s Office of the Chief Human Capital Officer at 512-326-6600, Monday thru Friday, 7 a.m. to 5 p.m. CST or by submitting a resume to

Share This Story

Page last updated on December 20, 2021


An official website of the U.S. Department of Veterans Affairs

Looking for U.S. government information and services?

We’re here anytime, day or night - 24/7