This testimony focuses on the work during the past five years on combating terrorism and advocates a risk management approach for such programs. Risk management is a systematic process to analyze threats, vulnerabilities, and the criticality (or relative importance) of assets to better support decisions on use of resources. This testimony takes a strategic and long-term view to help guide future programs and responses to combat terrorism and other threats. First, some background to past work related to risk management, including recommendations and individual agency experiences, is discussed. Second, the elements and benefits of risk management are presented. In the recent capstone report on combating terrorism, the General Accounting Office (GAO) made several recommendations to improve the Federal government’s ability to combat terrorism. The key recommendation of the GAO was implemented on October 8, 2001 when President Bush signed Executive Order 13228, establishing the Office of Homeland Security as the single focal point for overall leadership and coordination. While the GAO has not reviewed the functions and responsibilities of the newly established Office or the associated Homeland Security Council, efforts to develop a national strategy for homeland security should include a risk management approach. The GAO continues to believe that risk management is the best approach to guide programs and responses to better prepare against terrorism and other threats. After threat, vulnerability, and criticality assessments have been completed and evaluated in this risk-based decision process, key actions can be taken to better prepare the nation against potential attacks or events. Threat assessments alone are insufficient to support the key judgments and decisions that must be made. However, in conjunction with vulnerability and criticality assessments, leaders and managers can make better decisions based on this risk management approach. If the Federal government were to apply this approach universally and if similar approaches were adopted by other segments of society, in-depth defenses against acts of terrorism would be effectively and efficiently implemented. Without a risk management approach, there is little assurance that programs to combat terrorism are prioritized and properly focused.