You are on page 1of 20

Risk Steering Committee

Interim Integrated Risk


Management Framework
January 2009

Homeland
Security
DHS I N T E R I M I N T E G R A T E D R I S K M A N A G E M E N T F R A M E W O R K
This page is intentionally left blank.

DHS I N T E R I M I N T E G R A T E D R I S K M A N A G E M E N T F R A M E W O R K
This page is intentionally left blank.

DHS I N T E R I M I N T E G R A T E D R I S K M A N A G E M E N T F R A M E W O R K

PG - I
I NTERIM I NTEGRATED R ISK M ANAGEMENT F RAMEWORK

The assessment and management of risk underlies the full spectrum of our homeland
security activities… We must apply a risk-based framework across all homeland security
efforts in order to identify and assess potential hazards (including their downstream
effects), determine what levels of relative risk are acceptable, and prioritize and allocate
resources among all homeland security partners …We as a Nation must organize and help
mature the profession of risk management by adopting common risk analysis principles
and standards, as well as a professional lexicon.

– National Strategy for Homeland Security, p. 41 (October 2007)

INTRODUCTION

The Department of Homeland Security (DHS) is the primary federal agency responsible
for homeland security. DHS is also the principal coordinator for policy and operations
across the national homeland security enterprise. DHS defines risk as the potential for
an unwanted outcome resulting from an incident, event, or occurrence, as determined by
its likelihood and the associated consequences.1 Homeland security risk arises from
multiple threats such as potential acts of terrorism, natural disasters, acts against our
political leadership, violations of the Nation’s borders and others. This risk represents a
complex and ever changing environment and the consequences to our people,
economy, and way of life can be severe.

Risk management is the process of identifying, assessing, analyzing, and


communicating risk and accepting, avoiding, transferring, or controlling it to an
acceptable level at an acceptable cost.2 Underpinning the need for integrated risk
management at DHS is the reality that homeland security risk is extremely complex,
requiring a unified effort to understand and effectively manage it. Our ability to manage
risk is dependent upon our ability to integrate the risk management efforts of
organizations, within and outside the Department. A common and consistent approach
to risk management must be shared by organizations responsible for homeland security
to provide the foundation for a concerted effort to secure the homeland.

This Interim Integrated Risk Management Framework (IRMF) provides a foundation for
developing follow-on policy, doctrine and guidance that will institutionalize integrated risk
management in the Department. The IRMF outlines a vision, objectives, principles and a
process for integrated risk management within DHS, and identifies how the Department

1
DHS Risk Lexicon, September 2008
2
Ibid.

DHS I N T E R I M I N T E G R A T E D R I S K M A N A G E M E N T F R A M E W O R K

PG - 1
will achieve integrated risk management by developing and maturing governance,
processes, training, and accountability methods.

The IRMF is an internal DHS document, intended for Department decision-makers,


planners, and risk analysts. It is recognized that not all of these groups will apply the
framework in the same manner. Furthermore, the IRMF serves as the foundation for a
set of follow-on doctrine and guidance intended for more specialized purposes related to
homeland security risk management.

DHS I N T E R I M I N T E G R A T E D R I S K M A N A G E M E N T F R A M E W O R K

PG - 2
1: I N T E G R AT E D R I S K M AN AG E M E N T V I S I O N

The vision for integrated risk management is to enable individual elements, groups of
elements, or the entire homeland security enterprise to simultaneously and effectively
assess, analyze and manage risk from multiple perspectives across the homeland
security mission space, as depicted in Figure 1. Although the contents of Figure 1 are
intended to be notional, the goals and functions as stated derive from the Department’s
Strategic Plan and Integrated Planning Guidance, respectively.

Figure 1: A Conceptual View of Integrated Risk Management

The homeland security …must simultaneously … to analyze and


enterprise and its assess risk from manage risk across HS
elements… multiple perspectives… mission space.

Dangerous People
DHS
Risk

Dangerous Goods

Goals
Protect CIKR
Preparedness
Hazard Internal Ops / Mgmt

Components Benefits Admin.


Risk

Functions
Domain Awareness
Incident Mgmt
Federal Partners Mission Screening
Law Enforcement
Risk

Securing
State and Local
Resources

Domain
Tribal
DHS
Risk

Private Sector
Function

Risk is assessed and managed from multiple perspectives:

ƒ Risk managed across missions within a DHS component – Example: The U.S.
Immigration and Customs Enforcement agency (ICE) manages risk across its
mission strategic goals, systematically balancing resources and efforts that support
each strategic goal using an enterprise risk management model. This requires ICE
to examine risk across the different aspects of the component’s mission.

DHS I N T E R I M I N T E G R A T E D R I S K M A N A G E M E N T F R A M E W O R K

PG - 3
ƒ Risk assessed by hazard types – Example: The Bioterrorism Risk Assessment
(BTRA) and Chemical Terrorism Risk Assessment (CTRA)3 are assessments that
can be used to inform risk management efforts across DHS and other Federal
agencies. Another example is natural hazard risk management which is led by the
Federal Emergency Management Agency (FEMA) and coordinated with State, local,
tribal and private sector partners.

ƒ Risk managed by homeland security function – Example: To identify cargo and


people who may pose a threat and/or who are ineligible for access, risk management
efforts must be balanced across physical and information-based screening.
Detecting objects which may pose a threat, granting or verifying a license, privilege,
or status, and ensuring individual privacy and redress opportunities are examples of
efforts that require such coordination.

ƒ Risk managed by security domain – Example: The Transportation Security


Administration’s (TSA) assessment of air domain risk in support of the National
Strategy for Aviation Security and development of aviation security strategies
provides one example of risk assessment and management from the domain
perspective.

Achieving the integrated risk management vision is challenging for two overarching
reasons, and both underscore the importance of continuing to work towards a common
approach to risk management. First, some elements of the homeland security enterprise
manage risk across all hazards and levels of government. Others manage specific types
of risk within specific domains, or manage risk by performing specific types of functions.
While this diversity is critical to our ability to secure the homeland, it also creates a
challenge to integrate efforts across DHS and with the Department’s partners. The
second challenge arises because the responsibility for understanding risk, making
decisions, and taking actions is often distributed across multiple elements.

Integrated risk management enables coordinated decisions across homeland security


organizations, despite the challenges of different perspectives on risk and distribution of
responsibility. Integrated risk management will enable coordination among related
elements to minimize the potential for conflicting guidance, duplicative efforts and
reporting requirements, and the inefficient use of resources. Integrated risk management
is imperative to leverage the interactions, interdependencies, relationships and
synergies of related elements.

3
2008 BTRA Report and 2008 CTRA Report, DHS Science & Technology Directorate

DHS I N T E R I M I N T E G R A T E D R I S K M A N A G E M E N T F R A M E W O R K

PG - 4
2: I N T E G R AT E D R I S K M AN AG E M E N T O B J E C T I V E S

To achieve the above integrated risk management vision and overcome the recognized
challenges, the Department will achieve the following three objectives:

A. Improve the capability of DHS components to use risk management


concepts and processes in support of their missions, while creating
mechanisms for aggregating, sharing, and using risk information and
analysis across the Department

Homeland security risk is managed at multiple organizational levels within DHS


and, in turn, DHS supports risk management performed throughout the Nation.
While the Department relies on components and associated programs to manage
risk in primary mission spaces, the effectiveness of components to manage risk
can be enhanced by maximizing the ability of all DHS entities to work with a
common, consistent and valid approach to risk management in a manner that
supports sharing the results.

B. Improve the capability of DHS as an enterprise to assess, analyze, and


manage homeland security risk

Integrated risk management is intended to enable compatibility of risk


assessments, risk analysis, and risk management information generated by DHS
components. This will lend transparency to the assessments and analyses
conducted at the component and program levels to support the development of
an improved DHS-wide capability for risk-informed strategic-level decisions. This
capability can inform DHS-wide decision processes, including the Department’s
annual planning, programming and budgeting priorities; establishment of
strategic requirements and preparedness priorities; and focus of current and
future operations. Integrated risk management will inform DHS-wide decision-
making and position the Department to effectively and efficiently achieve its
mission as an enterprise.

C. Further institutionalize a risk management culture within DHS

“To be most effective, risk management should become part of an organization’s


culture. It should be embedded into the organization’s philosophy, practices, and
business processes rather than be viewed or practiced as a separate activity.”4
At DHS, a risk management culture is one where those responsible for the
Nation’s homeland security consistently embrace and implement risk
management, and are forward looking with respect to improving capabilities.

4
Australian/New Zealand Standard AS/NZS 4360 Risk management

DHS I N T E R I M I N T E G R A T E D R I S K M A N A G E M E N T F R A M E W O R K

PG - 5
3: I N T E G R AT E D R I S K M AN AG E M E N T P R I N C I P L E S

A common set of risk management principles have been identified to assist the
Department’s risk assessment, risk analysis, and risk management endeavors to better
inform decision makers. The risk management principles5 are as follows:

ƒ Practicality: The principle of practicality means that the risk assessment, analysis
and management endeavors must consider the nature of the uncertainty inherent to
the decision and the decision context and not overstate results. The principle of
practicality is based on the acknowledgement and acceptance of the limitations of
the state of understanding about homeland security risk. These limitations arise from
the dynamic nature of homeland security threats, vulnerabilities, and consequences
as well as the uncertainty6 inherent in assessing risk. Homeland security risk
involves characteristics that traditional risk analytic methods were not developed to
address. To counter this challenge, appropriate assessment and analytic methods
need to be developed to address the uncertainty inherent with homeland security risk
and the effectiveness of mechanisms to manage it.

ƒ Appropriateness: The principle of appropriateness means that the risk


assessment, analysis or management effort should be commensurate with the
nature of the decision and the decision context. Long term strategic investments that
require significant resources should be given a commensurate amount of analytic
consideration to ensure the best alternative strategies can be properly identified.
Furthermore, when considering a decision on how to manage risk while deploying
response assets during an ongoing response to a disaster, a quick decision may be
needed, limiting the time allowed for exhaustively developing and analyzing
alternative courses of action.

ƒ Comparability: The principle of comparability requires that risk management


approaches be designed, and data be collected and analyzed in a way, that diverse
efforts can be mutually informing. In addition, doctrine, processes, and training must
be established so that those charged with risk management across DHS speak the
same language and share similar approaches to support overall integration of risk
assessment, analysis and management efforts.

5
These principles build on the broader set of risk management principles established by the Office of
Management and Budget in 1995 to define risk analysis and its purposes, and to generally guide agencies
as they use risk analysis in the regulatory context. The IRMF risk management principles succinctly
describe important characteristics of homeland security risk management that are wholly consistent with the
overall principles established by OMB while specifically focusing on the key principles for risk management
by DHS. See U.S. Office of Mgmt. and Budget, Memorandum for the Regulatory Working Group, Principles
for Risk Analysis (1995), at www.whitehouse.gov/omb/inforeg/regpol/jan1995_risk_analysis_principles.pdf.
6
The DHS Risk Lexicon defines “uncertainty” as the degree to which a calculated, estimated, or observed
value may deviate from the true value.

DHS I N T E R I M I N T E G R A T E D R I S K M A N A G E M E N T F R A M E W O R K

PG - 6
ƒ Transparency: The principle of transparency establishes that risk assessment,
analysis and management information must be available and openly conveyed when
appropriate. It is imperative that risk assessment, analysis and management
information are not portrayed as a “black box” processes. To effectively inform
decision-making risk management information must have some degree of
transparency. This transparency is critical, whether in the assessment, analysis, or
the development of alternative strategies that contribute to the decision-making.
Transparency of the assumptions made, the uncertainty involved and the associated
communications are also crucial to traceability, comparability, repeatability, and
defensibility. However, in some cases security considerations will limit the
accessibility of details.

ƒ Defensibility: The principle of defensibility requires that risk assessments, risk


analyses and the development of alternative strategies to manage risk be grounded
in sound science and methodologies. DHS must in some cases develop, and in other
cases mature, methodologies to assess, analyze and manage risk to the homeland.
This will require a significant effort by the Department to develop in-depth doctrine,
processes, and training that can be applied and defended for homeland security risk
management.

DHS I N T E R I M I N T E G R A T E D R I S K M A N A G E M E N T F R A M E W O R K

PG - 7
4: T H E DHS R I S K M AN AG E M E N T P R O C E S S

A common risk management process is outlined in Figure 2. The DHS Risk


Management Process provides a basis for framing risk management efforts and is
required to achieve the vision and objectives outlined above. The DHS risk management
process identifies the following six phases: define the context, identify potential risk,
assess and analyze risk, develop alternatives, decide and implement, and evaluate and
monitor. Framing risk management endeavors with these phases will remove any
obstacles to a shared understanding of information and analysis within the Department.

Phases within the risk management process include:

ƒ Define the Context: DHS risk management efforts are intended to achieve or
inform goals and objectives within a specified context. Therefore, the context of the
decision and related decision-maker goals and objectives must be understood and
incorporated in the design of the assessment and analysis in order to effectively
support the development of alternative strategies. This includes defining goals and
objectives that the decision supports, as well as identifying the relevant stakeholders
and the constraints that the organization and decision maker are operating under.
These goals, objectives, stakeholders, and constraints are used to influence the
design of the risk assessment and analysis.

ƒ Identify Potential Risk:


Homeland security risk Figure 2: DHS Risk Management Process
related to the context, goals
and objectives of the risk
management endeavor must
be identified. Identifying
potential homeland security
risk requires answering the
questions of “risk from what”
and “risk to what.” This is
Communication
achieved by identifying
potential threats,
vulnerabilities, or
consequences that may
impact a particular system,
asset, geographical area, or
function that is the subject of
the decision being made.

ƒ Assess and Analyze Risk: The risk identified in the previous phase is assessed
and analyzed so it can be used as a foundation for developing alternative strategies
to manage the risk. This phase of the process requires assessing and analyzing risk

DHS I N T E R I M I N T E G R A T E D R I S K M A N A G E M E N T F R A M E W O R K

PG - 8
in terms of threats, vulnerabilities, and consequences of a potential incident, event,
or occurrence. This phase also requires prioritizing risk, such that risk management
alternatives can be considered in terms of limited resources.

ƒ Develop Alternatives: Alternative risk management strategies are the ways and
means to achieve ends, or using alternative language, methods and resources to
achieve objectives. Risk management strategies, which are potentially appropriate
responses to identified and assessed risk are developed and then evaluated for
projected risk reduction and cost effectiveness. Projected risk reduction
effectiveness and cost effectiveness are the key factors considered in this phase.

ƒ Decide and Implement: Risk management requires decisions about best options
among alternative strategies with uncertain outcomes. One key event in the
execution of the risk management process is when a decision maker reviews and
selects among the alternative strategies for managing risk and makes the decision to
implement the selected strategy. Risk information is usually one of many factors
decision makers consider and is not necessarily the sole factor influencing the
decision. There may be times when the strategy selected and implemented does not
optimally reduce risk. Decision makers consider all factors when selecting and
implementing strategies.

ƒ Evaluation and Monitoring: The Evaluation and Monitoring phase focuses on


judging whether the risk management strategies implemented to achieve objectives
and manage risk were effective. This phase uses effectiveness criteria to report on
performance and results.

This risk management process supports the Department’s mission and is intended to be
compatible with other similar risk management approaches. These approaches include
the National Infrastructure Protection Plan (NIPP) risk management framework, the risk
management cycle recommended by the Government Accountability Office (GAO), the
Integrated Planning System (IPS), and the risk management approach in the Target
Capabilities List (TCL). The process is also in alignment with standards promulgated by
other governments and transnational organizations, such as the draft International
Standards Organization (ISO) 31000 standard, provisionally titled, Guidelines on
Principles and Implementation of Risk Management. The DHS risk management process
is general enough to meet the diverse needs of the Department.

Risk communication underpins each phase of the risk management process. Risk
communication is the exchange of information with the goal of improving risk
understanding, affecting risk perception and/or equipping people or groups to act
appropriately in response to an identified risk.7 Risk is a complicated concept,
intertwined with the concept of uncertainty and judged, in part, on factors such as human

7
DHS Risk Lexicon, September 2008

DHS I N T E R I M I N T E G R A T E D R I S K M A N A G E M E N T F R A M E W O R K

PG - 9
perception and tolerances. As a result, risk communication must continue throughout
the process to ensure that the decision maker, analysis team, and ultimately those
impacted by the decision share a common understanding of what the risk is, what
factors should contribute to managing it, and the associated limitations of the
assessment and analysis. Risk communication is also an essential element in executing
adopted courses of action to manage risk.

DHS I N T E R I M I N T E G R A T E D R I S K M A N A G E M E N T F R A M E W O R K

P G - 10
5: A C H I E V I N G T H E O B J E C T I V E S O F T H E IRMF

Improve the Capability of DHS Components to use Risk Management

Consistently implementing the DHS risk management process will improve the capability
of components to use risk management concepts in support of their missions, while
creating mechanisms for aggregating, sharing, and using risk information and analysis
across the Department. Integrated risk management supports the development and
implementation of a core risk management capability in each component.

Each DHS component should utilize the common risk management approach when
establishing programmatic priorities and the allocation of resources for accomplishing
missions. Component risk management capabilities can include component-level risk
management practices that are appropriate and required for respective mission spaces
and component-level decision-making. However, component-level risk management
practices must also be consistent with the common approach shared by the
Department. Adopting a common approach will enable DHS to facilitate and support
effective risk management within components, integrate component-level risk
management processes, and ensure Department-wide strategic level decisions are risk-
informed.

Improve Risk Management Capability of DHS as an Enterprise

Implementing a common risk management approach will improve the capability of DHS
as an enterprise to assess, analyze, and manage homeland security risk. This improved
risk management capability will enable the Department to fully incorporate risk-informed
decision-making into its strategic-level decision processes. Several Department-wide
strategic decision-making processes require an integrated risk management capability in
order to function optimally. Planning, Programming, Budgeting, and Execution (PPBE) is
one of these strategic decision-making processes. The PPBE is the process by which
DHS long-term strategic decisions are made to align resources to the Department’s
priorities and goals over a multi-year period. Using an integrated risk management
process to inform resource allocations on a Department-wide basis is critical to balance
resources across the set of DHS strategic objectives. Another example is the Integrated
Planning System (IPS). The IPS is the process by which DHS and its Federal, State
local and tribal partners develop plans for preventing, protecting against, responding to,
and recovering from priority hazards. Prioritization of plan development and even
aspects of plans themselves must be informed by a shared understanding of risk that will
be considerably strengthened by achieving this objective of integrated risk management.
Achieving the integrated risk management objectives is also critical for optimizing
contingency planning and crisis action planning, setting preparedness standards, guiding
the allocation of preparedness assistance, and other risk-informed Department-wide
strategic decisions.

DHS I N T E R I M I N T E G R A T E D R I S K M A N A G E M E N T F R A M E W O R K

P G - 11
Institutionalize a Risk Management Culture in DHS

This document describes a vision for integrated risk management that requires using a
common approach in terms of risk management principles and risk management
processes. It also describes how a common approach to risk management will improve
both the capabilities of Department components to implement risk management and the
capability of DHS to manage risk leveraging the interactions, interdependencies,
relationships and synergies of the enterprise. However, a common approach to applying
the risk management principles and the risk management process within components
and across the Department is not sufficient to embed integrated risk management into
the Department's philosophy, practices, and business processes.

To institutionalize an enduring risk management culture, DHS will develop and address
the following:

1. Policy, Doctrine, and Guidance: DHS must establish, maintain, and draw from a
coherent body of policy, doctrine, and guidance that articulate requirements for
integrating risk management into established DHS business processes.

This IRMF is the Departmental keystone document that focuses exclusively on


setting the goal of a unified and common approach to risk management throughout
the Department. It will be supported by additional follow-on doctrine and supporting
resources. For example, the Department is developing analytical guidelines for risk
management that will describe the state of knowledge for executing various aspects
of the risk management process. These analytical guidelines will provide orientation
for DHS risk analysis practitioners on topics related to homeland security risk
management that align with the DHS risk management principles and process. This
type of follow-on doctrine and guidance is necessary to institutionalize an enduring
risk management capability and culture.

2. Processes: DHS processes must ensure components have the ability to manage
risk, while creating repeatable mechanisms for sharing, aggregating and using
component-level risk information to inform the Department’s decision-making
processes.

To build and sustain a fully mature integrated risk management capability, the
Department must achieve four key objectives with respect to establishing and
maintaining decision-making processes:

ƒ Develop decision-making processes, where required, that utilize risk


assessment, risk analysis and risk management information

DHS I N T E R I M I N T E G R A T E D R I S K M A N A G E M E N T F R A M E W O R K

P G - 12
ƒ Apply the risk management process to decision-making processes at all levels,
when and where it is practical

ƒ Develop information-sharing structures and processes that make risk information


available among components and at the enterprise level, when and where it is
required

ƒ Develop and maintain processes for identifying and promulgating effective risk
management practices to enable continuing incremental improvements in risk
management approaches

Building and maintaining repeatable interacting processes that allow components of


the Department and other homeland security partners to work together is critical to
establishing a risk management capability and culture. The ability to receive and
provide meaningful and usable information in a timely manner among all elements of
the homeland security enterprise requires well coordinated and established
processes.

3. Governance: Integrating risk management within and across components, and


institutionalizing a risk management culture, is the responsibility of all components of
DHS. The Department’s integrated risk management capability relies on a
governance structure to coordinate risk processes, efforts, and activities throughout
the Department. Central to this risk governance structure is the DHS Risk Steering
Committee (RSC), which allows representation from all components and offices in
the Department.

The RSC will advance integrated risk management across the Department. Its
duties include:

ƒ Producing and achieving concurrence on foundational documents for integrated


risk management

ƒ Monitoring trends, issues, and progress in integrated risk management for the
Secretary of DHS

ƒ Serving as the core DHS risk management community of practice

ƒ Making risk-related recommendations to the Secretary and other senior leaders

The RSC consists of three tiers. The Chair of the RSC is the Under Secretary of
NPPD. Tier I includes the senior component leadership. Tier II includes senior
executives within each component, and Tier III includes the risk management leads
within each component.

DHS I N T E R I M I N T E G R A T E D R I S K M A N A G E M E N T F R A M E W O R K

P G - 13
4. Training and Education: DHS must ensure that its personnel and partners are
equipped to understand, communicate, and execute its system of processes and
governance through training and education. Training and education ensures that the
principles and processes of integrated risk management are applied consistently
across the Department and fosters the development and sustainment of a risk
management capability and culture.

Training and education are required to improve the skills of risk practitioners across
DHS, as well as the ability of decision makers to interpret and use the results of risk
analyses, assessments and management efforts. An essential part of this training
and education is the flexibility to allow for the development of customized,
component-level risk analyses by analysts who know the unique characteristics of
their mission space and the decision needs of their leaders, while providing the
foundation for a common approach across the Department.

Additionally, DHS will develop a broader approach to education and professional


development for the practice of homeland security risk management. Homeland
security risk management is an emerging discipline that requires education both
within the Department and across the Nation. DHS will work with its governmental,
tribal, private sector, non-profit, and academic partners to support the continued
development of security risk management education.

5. Accountability: DHS will evaluate the degree to which improvements in integrated


risk management are achieved throughout the Department. Accountability for
achieving integrated risk management will be managed through existing governance
structures. The RSC is responsible for developing and maturing performance
evaluation linked to the integrated risk management objectives.

Like any major evolution in organization processes and culture, institutionalizing an


approach to integrated risk management within DHS faces challenges and will not occur
quickly. While there is significant evidence that risk management is already being
successfully applied in many places, the Department continues to strive to improve
integration. There must be appropriate policy, doctrine, guidance, processes,
governance, and training and education within DHS to support an integrated risk
management culture.

DHS I N T E R I M I N T E G R A T E D R I S K M A N A G E M E N T F R A M E W O R K

P G - 14
6: T H E IRMF & T H E H O M E L AN D S E C U R I T Y E N T E R P R I S E – T H E W AY F O R W AR D
“DHS is uniquely positioned to lead a national effort at developing a risk management
approach to securing the homeland. Determining the risks to the homeland, and using a
risk management approach to allocate resources, make decisions, and communicate
threats, readiness, and protective actions… will require establishing and improving
performance metrics for measuring risk and building a framework for risk-informed
decision-making.”

Top Ten Challenges Facing the Next Secretary of Homeland Security, Report of the Homeland Security Advisory
Council, September 2008

This keystone document provides a foundation for advancing the Department’s risk
management capability and begins to position DHS to lead the Nation’s integrated effort
for homeland security risk management by:

• Ensuring that effective policies, approaches, methodologies, and guidelines are


developed and disseminated to enable an integrated approach to homeland security
risk management at all levels;

• Establishing the need for and facilitating the development of information sharing and
coordination structures, protocols, and models to standardize and improve the
exchange of risk information within DHS;

• Overseeing the identification and dissemination of sound risk management practices


and lessons learned; and,

• Ensuring coordination between related groups to minimize the potential for conflicting
guidance, duplicative efforts and reporting requirements, and the inefficient use of
resources.

DHS I N T E R I M I N T E G R A T E D R I S K M A N A G E M E N T F R A M E W O R K

P G - 15

You might also like