integrity - service - innovation enterprise risk management for the federal government – where’s...

Integrity - Service - Innovation

Enterprise Risk Management for the Federal Government – Where’s the Value?

Donna DavisDefense Finance and Accounting Service

June 2010

04/18/23 Integrity - Service - Innovation 2

Agenda

ERM - Where’s the Value? Putting the COSO Framework to Work in the Federal Sector

Event Identification Risk Assessment Risk Response Control Activities Information and Communication Monitoring

Some Pitfalls to be Wary of A Gallery of Tools and Techniques


ERM in the Federal Government – Where’s the Value

Three Parts of Business Objective Risk Controls



Three Parts of Business Objective – what you are trying to accomplish

For ProfitFor Profit

To maximize shareholder wealth or, in the case of a corporation, to maximize the value of the firm as measured by stock price.

Realize a benefit from resources expended.

Focus on efficiency.

Not For ProfitNot For Profit

To achieve a mission or objective while protecting assets.

Achieve goals and objectives for resources expended.

Focus on effectiveness.



Three Parts of Business Objective – what you are trying to accomplish Risk – the barrier that will stop you from accomplishing the

objective


Seek Risk as a means for expanding market value.

Measure Value at Risk.


Avoid Risk seeking safest path to mission achievement.

Measure Impact of Risk on Goals and Objectives.



Three Parts of Business Objective – what you are trying to accomplish Risk – the barrier that will stop you from accomplishing the

objective Controls – the action that will remove or diminish the risk


Affect controls for the purpose of minimizing loss.


Affect controls to assure compliance, accountability, effectiveness/efficiency, reliability of reported data and safeguarding assets.


What Do We Want From the “Business” of Government? To be Affordable and Efficient To be Effective To provide Quality Service To be Dependable



What Do We Want From the Business of Government? To be Affordable and Efficient To be Effective To provide Quality Service To be Dependable

So – We need to be able to achieve the established mission in order to retain

the confidence of our funders.

We need to provide value for our services.

Bottom Line –

We need to meet our objectives and protect our assets, including intangible ones such as reputation.



What Value does ERM Provide? Supports Government’s Governance Responsibilities Improves Results Strengthens Accountability Enhances Stewardship



How does ERM support Government’s Governance Responsibilities?

By ensuring that significant risk areas associated with polices, plans, programs and operations are identified and assessed.

By ensuring that appropriate measures are in place to address unfavorable impacts and to benefit from opportunities.



How does ERM Improve Results ?

Through more informed decision-making and by ensuring that values, competencies, tools, and a supportive environment form the foundation for innovation and responsible risk-taking.

By encouraging learning from experience while respecting parliamentary controls.



How does ERM Strengthen Accountability?

By demonstrating that levels of risk associated with policies, plans, programs and operations are explicitly understood.

By facilitating the optimum balance in risk management measures and stakeholder interests.



How does ERM Enhance Stewardship?

By strengthening public service capability to safeguard people, government property and interests through increased insight to the potential impact of abnormal events.



Putting the COSO Framework to Work in the Federal Sector

DFAS-ization of COSO



DFAS alignment to the Risk Components ensures a robust program and strengthens compliance with the GAO Standards for Internal Control.



DFAS expanded the Risk Management Objectives to address data security concerns and general auditing standards.



Stratification across business units and at every level of the organization was applied to enable accurate reflection of the interrelationships of risks and create a common taxonomy for business activities.



Stratification across business units and at every level of the organization was applied to enable accurate reflection of the interrelationships of risks and create a common taxonomy for business activities.

We are actually finding this layer adds little value

as we evolve the program.


Some Pitfalls to be Wary of

Just focusing on financial risks

Trying to risk manage

EVERYthing

An obsession with internal controls – an inward

looking limitation


A Gallery of Tools and Techniques

Agency Mission and Functions Manual Provides the business objectives

COSO Framework Identifies a comprehensive view of the elements of a robust ERM

A Catchy Logo CARES – covers the five Risk Management Objectives DFAS assesses

CompliantAccountable

Reliable & AccurateEffective & Efficient

SafeguardedAuditor’s Lenses

Auditor’s Lenses



SIPOC Model Guides process mapping through a complete end to end review of the

factors impacting the business activity



IDEF Model Denotes the role of compliance/regulations/controls in the business

activity Denotes the role of the supporting mechanisms for the business activity

Integration DEFinition Model



Risk Identification Questionnaire Facilitates comprehensive and consistent assessment of potential risks

1. Policies, procedures, plans, laws, and regulations are complied with;

1. What laws are applicable to your group? A. What is the risk if laws are not followed?2. What regs are applicable to your group? B. What is the risk if regs are not followed?3. What procedures (SOPs) are applicable to your group? C. What is the risk if procedures are not followed?4. What management policies are applicable to your group? D. What is the risk if management policies are not followed?

2. Resources are used and procedures are performed in an economical and efficient manner; and

Economically:1. Do you have a program budget?2. Are you responsible for aquiring products or services? 3. Are you making decisions regarding best use of government (taxpayer resources)?

What are your risks if these resources are not used in an economical manner? Fraud, Waste, Abuse, etc?

Efficiency:1. Guidelines (policies or regs) that dictate timeliness? 2. Deliverables on budget, on time?

What are the risks if these efficiency guidelines are not met?

Courtesy of Brian Williams



Process Map & Narrative For business processes For Information Systems data flow

<Savings Bonds

Bo

nd

Iss

uin

g

Ag

en

cy>

<D

FA

S<

CS

R>

<O

PM

MyP

ay

Transfer bond data to DCPS

Enter bond data online to DCPS

DCPSIssue Bond Detail

File

Review Bond Reports

Receive Issue Bond Detail File

Bond Reports

2

1

4

3


End

Questions?

integrity - service - innovation enterprise risk management for the federal government – where’s...

Documents

value slide

integrity service

federal government wheres

business of government

measure value

quality service

market value

accounting service