Navigation Menu+

Internship Opportunity: Enterprise Risk Management

Posted on Jul 15, 2021 by in The OFI Blog |


The Smithsonian Institution (SI) is the largest museum, education and research complex offering opportunities both in person and online. SI is a trust instrumentality of the United States created by Congress in 1846.  It is not an executive branch agency and does not exercise regulatory powers, except over its own buildings and grounds.    It is currently comprised of 19 museums and the National Zoological Park. Two more museums were established by Congress in 2020 – the National Museum of the American Latino and the Smithsonian American Women’s History Museum. The Smithsonian is in early planning stages for both.  SI’s org chart is available here.  Additional information about SI is available here.

SI has elected to implement an Enterprise Risk Management program that is intended to focus on the highest risks to the organization.  SI already has extensive risk management practices throughout the organization.  The intent is to supplement, not replace, those current efforts.  While not specifically designed to a given framework, the intent is to show areas where risks could either be reduced or pursued. 

The internship is intended to represent a collaboration between what the student is looking for and the business needs.  The individual in this role will be expected to be flexible to the needs of SI based on where the Enterprise Risk management program is performing at the time the intern joins the program. 

Deliverables, among others, could include:

  • Collect risk data and update risk descriptions, update and refine risk registers
  • Draft documents for discussion that address governance, risk appetite, standard operating procedures, or other guidance on how to implement various aspects of risk management
  • Prepare various management reports on the status of risk responses, both current and proposed
  • Assisting Risk Champions with developing proposed response plans, including cost estimates, return on investment calculations and other proposed decision criteria.
  • Develop a list of proposed Key Performance Indicators and Key Risk Indicators aligned with specific data bases to determine how we might be able to measure progress.
  • Develop training programs specific for a given strategy or request.
  • Develop a list of best practices for risk management of a given risk – both as reduction and pursuance of risk (e.g., the downside and upside of risk).
  • Identify opportunities for integration with other risk management activities.
  • Create surveys to assess risk culture, risk appetite, and future risk activities
  • Build risk management case studies to communicate the Whys and Hows.


Given that this is an internship, we expect that the individual is here to learn.  Things that would make it easier for an individual to integrate easily into this internship would include:

  • A foundational understanding of risk management, enterprise risk management, internal controls, auditing, or other related topics is preferred. This knowledge can come from a variety of backgrounds – project management, cyber, business continuity, insurance – if the candidate has not worked directly in risk management.
  • We are using Archer to develop our risk register and monitor progress on our maturity model, so the ability to learn how to enter data and develop reports within this computer program would be helpful.


  • Facilitation skills: Ability to work across the organization with individuals at various levels and diverse needs and perspectives.
  • Communication skills: The ability to translate risk management “jargon” into more accessible language, ability to use Microsoft 365 products
  • Customer Service: Demonstrates the ability to be responsive and respectful to all customers, regardless of the source; a commitment to continuous improvement
  • Problem solving, Numeracy and Analytical skills: to integrate input from a variety of sources to present a balanced view, appropriate attention to detail
  • Business skills: integrity, collaboration skills, project management skills, an ability to work well under pressure and a commitment to meet deadlines

Program Requirements: 

  • This is an unpaid internship and may be managed either locally at Washington, DC or virtually. Several candidates may be eligible to participate simultaneously if the need exists.
  • As part of the application process, the supervisor will ask for a high-level description of what the intern would like to accomplish to provide for the best possible alignment in tasks assigned. The intern can suggest other risk management related activities not listed here.
  • The supervisor will be open to a discussion on how this position could be implemented, given the desired outcomes and constraints of the intern’s program requirements.
  • Amount of credit hours will depend on the amount of time invested. It is anticipated that the level of effort is about 10 hours per week or 150 hours per semester for a 3 credit course.  
  • The internship does not have to be completed in concurrence with the school semester and the term may be modified to meet both SI’s needs as well as the student’s availability.
  • If an external paper is desired, then all written products will need to be run through the Smithsonian clearance process before permission is granted to publish externally. If an internal paper is expected, then appropriate caveats for ensuring that the paper is not to be published externally must be included. 
  • The intern is responsible for completing all SI required training as specified by the supervisor.
  • The intern is responsible for completing all required paperwork required to register as well as demonstrate that they have completed the requirements for the internship.

To Apply: 

All applications must be completed through SOLAA. Applications are accepted on a rolling review basis. If you have any questions, please contact Catherine Chatfield.



Catherine Chatfield

Program Manager, Enterprise Risk Management