Congress Sheds Light on DHS Risk Management Function
Last week the House Homeland Security Subcommittee on Transportation and Infrastructure Protection convened a public hearing to address the ways in which DHS is focused on assessing and managing risk. The hearing highlighted the risk posed by the chemical facility industry, but also invoked such policy issues as public-private partnerships, governance mechanisms, and expectations of the public.
Two recent publications entered into the record by Chairwoman Jackson-Lee were “Challenges of Applying Risk Management to Terrorism Security Policy,” and the April 2008 report by GAO, entitled “Highlights of a Forum: Strengthening the Use of Risk Management Principles in Homeland Security.”
Robert Jamison, DHS Undersecretary for the National Protection and Programs Directorate, which oversees the Department’s Office of Risk Management and Analysis (RMA), described the vision thing as follows:
Establish and institutionalize an integrated risk management framework. This framework will consist of the doctrine, principles, processes, guidance, and information flows that will enable risk-informed and cost-effective decision making within components and at the DHS headquarters level. A properly executed risk management framework effectively serves as a force multiplier, as it enables better alignment of security priorities and resources to needs.
Conduct strategic, integrated risk analysis. We must be informed, at the strategic level, by an integrated departmental risk assessment. The integrated risk assessment should leverage the various risk analyses being conducted within and outside the Department.
The RMA, which was established under Section 872 of the Homeland Security Act of 2002, manages the Risk Steering Committee that U/S Jamison chairs and that is the principle vehicle for knitting together the component agencies’ efforts to define, manage, and reduce risk in their respective domains.
The RMA also is charged with developing a standard risk lexicon, which I presume has to do with unifying the cacophony of terms used to describe the vagaries of risk across the Department. No easy task. As part of this effort to rationalize the risk paradigm that DHS runs, RMA is developing the Risk Assessment Process for Informed Decision-Making, or “RAPID.” (Hey, they got SAFETY Act and PATRIOT Act to serve as acronyms.) Furthermore, RMA is in the process of developing a strategic regional risk assessment process/tool and a risk communications strategy. Perhaps the latter will evolve the color-coded medium currently in use.
UPDATE: Thanks to reader RK for his email correcting this post. It had previously cited the creation of RMA under a section of the Homeland Security Act of 2002, but implied that RMA was formed around the time of the Act. Rather, the Secretary used a section of the Act to create the Office of Risk Management and Analysis in 2007.