Skip to page navigation
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

OPM.gov / Policy / Enterprise Risk Management Program / ERM Key Authorities /
Skip to main content

ERM Key Authorities

To understand how federal agencies manage risk effectively, it’s important to start with the policies that guide them. The following laws and directives form the foundation of Enterprise Risk Management (ERM) in the U.S. government, shaping how agencies plan strategically, maintain accountability, and ensure operational integrity.

ERM Key Authorities

Office of Management and Budget (OMB) Circular A-123
This is the cornerstone directive, updated in July 2016, that requires federal agencies to establish and integrate an ERM capability into their operations.

Government Performance and Results Act (GPRA) Modernization Act
This act requires agencies to link their strategic planning, strategic review processes, and risk management activities.

Federal Managers Financial Integrity Act (FMFIA) of 1982
This act establishes the requirement for effective internal control systems, which ERM processes help to achieve and enhance.
Control Panel