1.1.31 Office of the Chief Risk Officer

Manual Transmittal

May 08, 2019

Purpose

(1) This transmits new IRM 1.1.31, Organization and Staffing, Office of the Chief Risk Officer.

Material Changes

(1) On April 30, 2016, the Office of the Chief Risk Officer was realigned from the Office of the Commissioner to the Deputy Commissioner for Operations Support.

(2) This new IRM section contains responsibilities and the functional statement for the Chief Risk Officer.

Effect on Other Documents

Content in IRM 1.1.1.4(5) is superseded. Office of the Chief Risk Officer is realigned from the Office of the Commissioner to the Deputy Commissioner for Operations Support.
Content in IRM 1.1.5.5 is incorporated into this new functional IRM.

Audience

Servicewide

Effective Date

(05-08-2019)

Thomas A. Brandt
Chief Risk Officer

Introduction to the Office of the Chief Risk Officer

  1. The Office of the Chief Risk Officer (CRO) oversees the Enterprise Risk Management (ERM) program, which provides an agency-wide approach to risk management to foster a risk-aware culture through education, awareness, and mitigation approaches and helps IRS units incorporate risk management principles into strategies and daily operations.

Organizational Goals

  1. Enhance ERM Capabilities: Continue to evolve and strengthen the structure, processes and policies needed to support an effective enterprise risk management program at the IRS.

  2. Facilitate ERM Activities: Help leadership and management identify, assess and address potential areas of risk that could negatively impact the achievement of IRS goals and objective.

  3. Provide ERM Outreach, Communications and Training: Development risk management training and communications to enhance understanding, awareness and utilization of effective risk management practices at all levels of the organization.

  4. Support Business Unit Executives and ERM Liaisons in Operationalizing Risk Management: Provide tools, guidance and support to help IRS business unit executives and ERM Liaisons with operationalization of risk management practices within their units.

Responsibilities

  1. The Office of the CRO:

    1. Communicates and continues to evolve and mature ERM pursuant to the IRS’s enterprise risk management vision.

    2. Participates in IRS’s strategy and objective setting discussions, including strategic planning and decision-making forums and provides risk perspective.

    3. Establishes ERM framework, structure and process, including defining roles and responsibilities.

    4. Ensures proper risk management ownership by the business units.

    5. Guides integration of ERM with other IRS planning and management activities.

    6. Promotes risk awareness at the IRS.

    7. Partners with the business and functional units on their most important risks.

    8. Reports to the IRS Commissioner on the progress of the ERM Program, status of enterprise risks and recommended actions.

    9. Represents the IRS in the Treasury ERM Council, the Federal Interagency ERM Council and other forums.

Office of the Chief Risk Officer

  1. In 2013 the Commissioner established the CRO and responsibility for ERM. The ERM Program is a process authorized by the Commissioner and effectuated by management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the IRS, to manage risk to be within its risk appetite and to provide reasonable assurance regarding the achievement of the IRS objectives.

  2. The CRO is the policy owner of the ERM Program and is responsible for oversight of the program.

  3. The CRO reports to the Deputy Commissioner for Operations Support (DCOS). A small core team of senior risk advisors report to the CRO.

Definition of Terms and Acronyms

  1. For a list of terms used throughout the Office of the CRO and ERM program see IRM 1.4.60.1.3, Definition of Terms.

  2. For a list of terms used throughout the Office of the CRO and ERM program see IRM 1.4.60.1.4, Acronyms.

Resources

  1. OMB Circular No. A-123, Management Responsibility for Enterprise Risk Management and Internal Control

  2. IRM 1.4.60, Enterprise Risk Management Program

  3. Internal Office of the CRO Website: https://irssource.web.irs.gov/CRO/Pages/Home.aspx