Enterprise Risk Management Agile Canvas: A Framework for Risk Management on Public Administration


  • Gustavo de Freitas Alves 1Hepta Tecnologia e Informática, Brasília, Brasil
  • Mary Anne Fontenele Martins Agência Nacional de Vigilância Sanitária, Brasília, Brasil
  • Rodrigo Lino de Brito Ministério da Economia, Brasília, Brasil
  • Wildenildo Oliveira dos Santos Agência Nacional de Vigilância Sanitária, Brasília, Brasil




risk management, public sector, public governance, canvas


Enterprise Risk Management (ERM) is a method of governance for managers as it offers a new point of view for monitoring and achieving an organization’s objective. The ERM practices can be adapted to public organizations for strategic, tactical, and operational purposes. The focus of this article is to report the experience of developing and applying the ERM method to a regulatory agency through a case study. This locus research subject, the National Health Surveillance Agency (ANVISA), was chosen for its relevance in the context of the Brazilian public administration on risk management, due to its needs for internal controls and poorly developed risk maturity. This work has inductive reasoning and is characterized as an exploratory typology since there is little systematic and accumulated knowledge. The investigation deals with the Canvas model and its tools related to risk management – an emerging innovation framework that has readily been explored. The ERM Agile Canvas uses visual thinking allowing participants in workshops to contribute effectively with all stages established in national and international standards. It also enhances the risks classification and analysis by mapping and visualizing all of the Canvas and objectively planning ERM treatment. The method is adaptable and applicable to other public service organizations, in such a way that in a workshop one can apply techniques and work with several types of risks simultaneously. The results allow for a relationship comparison between sections, revealing the risk meaning and causality for improved public governance.


Não há dados estatísticos.

Biografia do Autor

Gustavo de Freitas Alves, 1Hepta Tecnologia e Informática, Brasília, Brasil

PhD in Administration at University of Brasília - UnB (2020). Master´s in applied computer science at UnB (2015). Consultant for over 15 years with broad experience in Information Technology, ability to translate business needs into action, advising teams and organizations. Practical and academic abilities to deal with complex problem.

Mary Anne Fontenele Martins, Agência Nacional de Vigilância Sanitária, Brasília, Brasil

Specialization and Master’s degree in Public Health from the Federal University of Ceará (2003). PhD student in Public Health at the University of Brasília. Knowledge in health surveillance, management, strategic health planning & assessment, and application of risk identification and management techniques in public organizations.

Rodrigo Lino de Brito, Ministério da Economia, Brasília, Brasil

Master's degree (2007) in Public Health at Fundação Oswaldo Cruz (Fiocruz). Has experience in Public Management and Public Health fields. Since 2011, has worked as a Specialist in Public Policy and Government Management, developing projects in the areas of Planning, Governance and Innovation at the Ministry of Economy.

Wildenildo Oliveira dos Santos, Agência Nacional de Vigilância Sanitária, Brasília, Brasil

Specialist in Public Administration by the University of Piauí (2005), in Health Surveillance by FIOCRUZ (2011) and in Health Surveillance Management by Instituto Sírio Libanês (2012), public servant at Anvisa (2007), experience in strategic planning, project management , regulatory quality, business processes and corporate risk management.


ABRAHAMSON, E. (1991). Managerial fads and fashions: The diffusion and refection of innovations. Academy of Management Review, 16(3), 586–612. https://doi.org/10.5465/AMR.1991.4279484

ABRAHAMSON, E., & EISENMAN, M. (2008). Employee-management techniques: Transient fads or trending fashions? Administrative Science Quarterly, 53(4), 719–744. https://doi.org/10.2189/asqu.53.4.719

ALVES, G. de F.,; NETO, W. L.,; COLI, M. C.,; BERMEJO, P. H. de S.,; SANT’ ANA, T. D.,; & SALGADO, E. G. (2017). Perception of enterprise risk management in Brazilian higher education institutions. In: M. THEMISTOCLEOUS & V. MORABITO (Eds.),. Lecture Notes in Business Information Processing (pp. 506–512). Springer. https://doi.org/10.1007/978-3-319-65930-5_40

BRASIL. (2018). Gestão de Riscos Corporativos Guia Prático de GRC. Brasília, DF: ANVISA. Retrieved from https://www.gov.br/anvisa/pt-br/acessoainformacao/acoeseprogramas/gestao-de-riscos/arquivos/1535json-file-1

BRASIL. (2016). Instrução Normativa N 01/2016. Brasília, DF: Ministério do Planejamento Orçamento e Gestão, Controladoria Geral da União.

BRASIL. (2017). Agência Nacional de Vigilância Sanitária - ANVISA. PORTARIA No 854, DE 30 DE MAIO DE 2017. Brasília, DF: ANVISA.

BROMILEY, P.,; MCSHANE, M.,; NAIR, A.,; & RUSTAMBEKOV, E. (2015). Enterprise risk management: Review, critique, and research directions. Long Range Planning, 48(4), 265–276. https://doi.org/10.1016/j.lrp.2014.07.005

BROWN, T. (2009). Change by design: How design thinking transforms organizations and inspires innovation. New York, NY: HarperCollins.

CHANG, S.-I. .,; HUANG, S.-M.; ., ROAN, J.; ., CHANG, I.-C.; ., & LIU, P.-J. . (2014). Developing a risk management assessment framework for public administration in Taiwan. Risk Management, 16(3), 164–194. https://doi.org/10.1057/rm.2014.9

COSO. (2004). Enterprise risk management: Integrated framework. (Commission Committee of Sponsoring Organizations of the Treadway, Ed.). Retrieved from www.coso.org/publications.Htm

COSO. (2017). COSO enterprise risk management: Integrating with strategy and performancement. AICPA.

DAMANPOUR, F.,; SANCHEZ-HENRIQUEZ, F.,; & CHIU, H. H. (2018). Internal and external sources and the adoption of innovations in organizations. British Journal of Management, 29(4), 712–730. https://doi.org/10.1111/1467-8551.12296

DE.VRIES, H.,; BEKKERS, V.,; & TUMMERS, L. (2016). Innovation in the public sector: A systematic review and future research agenda. Public Administration, 94(1), 146–166. https://doi.org/10.1111/padm.12209

DENHARDT, R. B. ., & CATLAW, T. J. . (2015). Theories of public organization. Stamford: Cengage Learning.

DONNELLY, R.,; CLEMENT, J.,; LE HERON, R.,; & GEORGE, J. S. (2012). Redesigning risk frameworks and registers to support the assessment and communication of risk in the corporate context: Lessons from a corporate risk manager in action. Risk Management, 14(3), 222–247. https://doi.org/10.1057/rm.2012.3

EPPLER, M. J., & AESCHIMANN, M. (2009). A systematic framework for risk visualization in risk management and communication. Risk Management, 11(2), 67–89. https://doi.org/10.1057/rm.2009.4

HANSSON, S. O. (2001). Framework for public management. Risk Management, 3(3), 23–32.

HILLSON, D. (2016). The risk management handbook: A practical guide to managing the multiple dimensions of risk. (D. Hillson, Ed.),. KoganPage. London: KoganPage. Retrieved from http://www.theirm.org/publications/PUstandard.html

ISO. (2009). ISO 31000. Risk management - Principles and guidelines. International Organizational for Standardization.

ISO. (2018). ISO 31000 Risk management - Risk assessment techniques. International Organizational for Standardization. Retrieved from https://www.iso.org/about-us.html

MARTINS, M. A. F.,; SANTOS, W. O. dos,; BRITO, R. L. de,; & ALVES, G. de F. (2017). Política de gestão de riscos corporativos: O caso de uma agência reguladora da saúde. Revista Do Serviço Público, 69(1), 7–32. Retrieved from https://repositorio.enap.gov.br/handle/1/3260

MOORE, M. H. (2013). Recognizing public value. Harvard University Press.

OGC. (2010). Management of risk : Guidance for practitioners. Axelos. London: Office of Government Commerce - Axelos.

OSTERWALDER, A., & PIGNEUR, Y. (2010). Business model generation: A handbook for visionaries, game changers, and challengers. New Jersey: John Wiley & Sons.

PAULO HENRIQUE DE SOUZA BERMEJO,; SANT’ANA, T. D.,; SALGADO, E. G.,; MENDONÇA, L. C.,; ANJOS, F. H. dos,; ALVES, G. de F.,; …& NEVES, T. J. G. das. (2019). ForRisco: gerenciamento de riscos em instituições públicas na prática (2nd ed.). Evobiz.

POLLITT, C., & BOUCKAERT, G. (2011). Public management reform: A comparative analysis. Oxford University Press. USA: Oxford.

POWER, M. (2004). The risk management of everything. The Journal of Risk Finance, 5(3), 58–65. https://doi.org/10.1108/eb023001

POWER, M. (2009). The risk management of nothing. Accounting, Organizations and Society, 34(6–7), 849–855. https://doi.org/10.1016/j.aos.2009.06.001

SANTOS, C. D. dos,; SILVA, J. A. da; SILVA, D. A. da,; & ALVES, G. de F. (2018). Gestão de riscos no setor público: Revisão bibliométrica e proposta de agenda de pesquisa. In: 15th International Conference On Information Systems & Technology Management - CONTECSI - 2018 (pp. 774–794). São Paulo. https://doi.org/10.5748/9788599693148-15CONTECSI/DOCT-5561

STEIN, V., & WIEDEMANN, A. (2016). Risk governance: Conceptualization, tasks, and research agenda. Journal of Business Economics, 86(8), 813–836. https://doi.org/10.1007/s11573-016-0826-4




Como Citar

de Freitas Alves, G. ., Fontenele Martins, M. A. ., Lino de Brito, R., & Oliveira dos Santos, W. . (2020). Enterprise Risk Management Agile Canvas: A Framework for Risk Management on Public Administration. Revista Do Serviço Público, 71(c), 438-459. https://doi.org/10.21874/rsp.v71ic.4363



Especial: Caminhos da Governança Pública