Risk Management Fundamentals
To improve decision making, leaders in DHS and their partners in the homeland security enterprise must
practice foresight and work to understand known and uncertain risks, as best they can, in order to make
sound management decisions. These leaders need to consider the risks facing the homeland to make
appropriate resource tradeoffs and align management approaches. Addressing these risks and promoting
security is a shared responsibility that depends on unity of effort among Federal, state, local, tribal and
territorial governments, the private sector, non-governmental organizations, and the citizenry as a whole.
The Value of Risk Management
The Secretary of Homeland Security has established the requirement for DHS to build and promote an
integrated approach to homeland security risk management, working with partners across the homeland
security enterprise. The Department’s role in establishing integrated risk management is to build security,
safety, and resilience across domains by connecting efforts to prevent terrorism and enhance security,
secure and manage our borders, enforce and administer our immigration laws, safeguard and secure
cyberspace, ensure resilience to disasters, and provide essential support in assuring national and economic
security.
Improved homeland security depends on connecting information about risks, activities, and capabilities
and using this information to guide prevention, protection, response, and recovery efforts. The
establishment of sound risk management practices across DHS and the homeland security enterprise will
help protect and enhance national interests, conserve resources, and assist in avoiding or mitigating the
effects of emerging or unknown risks. At the organizational level, the application of risk management
will complement and augment strategic and operational planning efforts, policy development, budget
formulation, performance evaluation and assessments, and reporting processes.
Risk management will not preclude adverse events from occurring; however, it enables national homeland
security efforts to focus on those things that are likely to bring the greatest harm, and employ approaches
that are likely to mitigate or prevent those incidents. Furthermore, the American people, resources,
economy, and way of life are bolstered and made more
resilient by anticipating, communicating, and preparing
for hazards, both internal and external, through
comprehensive and deliberate risk management.
Risk management is not an end in and of itself, but
rather part of sound organizational practices that include
planning, preparedness, program evaluation, process
improvement, and budget priority development. The
value of a risk management approach or strategy to
decision makers is not in the promotion of a particular
course of action, but rather in the ability to distinguish
between various choices within the larger context.
Establishing the infrastructure and organizational
culture to support the execution of homeland security
risk management is a critical requirement for achieving
the Nation’s security goals. Risk management is
essential for homeland security leaders in prioritizing
competing requirements and enabling comprehensive
approaches to measure performance and detail progress.
Resilience and Risk Management
One of the foundational concepts of
homeland security is the need to build
resilient systems, communities, and
institutions that are robust, adaptable and
have the capacity for rapid recovery.
Resilience and risk management are
mutually reinforcing concepts.
Risk management contributes to the
achievement of resilience by identifying
opportunities to build resilience into
planning and resourcing to achieve risk
reduction in advance of a hazard, as well
as enabling the mitigation of
consequences of any disasters that do