Personal tools

Enterprise Risk Management (ERM) Model


The Enterprise Risk Management Model is a new standardized framework that the Department will be using to develop, revise, and review Departmental Directives. It creates a uniform process to (1) evaluate risks and opportunities, (2) assess the relative cost/benefits of these risk/opportunities, (3) identify external controls and mechanisms that address these risk/opportunities, and finally (4) determine what controls (if any) are needed to address these risks and opportunities.

Below is a white paper developed to communicate the foundation of the Enterprise Risk Management Model. The PowerPoint presentation, developed by the Directives Team, is intended to act as an instructional document for the use of the ERM risk assessment tool. We are working to incorporate this tool into the current Justification Memorandum (JM) template and into the bi-annual training lead by MA-90. In the interim, please contact Christopher Tirado (; 202-586-4967) for assistance in using the risk assessment during the preparation of a JM to develop or revise a directive.

This training module will be updated as needed based on feedback provided during training sessions.

Document Actions