integrity - service - innovation enterprise risk management for the federal government – where’s...
TRANSCRIPT
Integrity - Service - Innovation
Enterprise Risk Management for the Federal Government – Where’s the Value?
Donna DavisDefense Finance and Accounting Service
June 2010
04/18/23 Integrity - Service - Innovation 2
Agenda
ERM - Where’s the Value? Putting the COSO Framework to Work in the Federal Sector
Event Identification Risk Assessment Risk Response Control Activities Information and Communication Monitoring
Some Pitfalls to be Wary of A Gallery of Tools and Techniques
04/18/23 Integrity - Service - Innovation 3
ERM in the Federal Government – Where’s the Value
Three Parts of Business Objective Risk Controls
04/18/23 Integrity - Service - Innovation 4
ERM in the Federal Government – Where’s the Value
Three Parts of Business Objective – what you are trying to accomplish
For ProfitFor Profit
To maximize shareholder wealth or, in the case of a corporation, to maximize the value of the firm as measured by stock price.
Realize a benefit from resources expended.
Focus on efficiency.
Not For ProfitNot For Profit
To achieve a mission or objective while protecting assets.
Achieve goals and objectives for resources expended.
Focus on effectiveness.
04/18/23 Integrity - Service - Innovation 5
ERM in the Federal Government – Where’s the Value
Three Parts of Business Objective – what you are trying to accomplish Risk – the barrier that will stop you from accomplishing the
objective
For ProfitFor Profit
Seek Risk as a means for expanding market value.
Measure Value at Risk.
Not For ProfitNot For Profit
Avoid Risk seeking safest path to mission achievement.
Measure Impact of Risk on Goals and Objectives.
04/18/23 Integrity - Service - Innovation 6
ERM in the Federal Government – Where’s the Value
Three Parts of Business Objective – what you are trying to accomplish Risk – the barrier that will stop you from accomplishing the
objective Controls – the action that will remove or diminish the risk
For ProfitFor Profit
Affect controls for the purpose of minimizing loss.
Not For ProfitNot For Profit
Affect controls to assure compliance, accountability, effectiveness/efficiency, reliability of reported data and safeguarding assets.
04/18/23 Integrity - Service - Innovation 7
What Do We Want From the “Business” of Government? To be Affordable and Efficient To be Effective To provide Quality Service To be Dependable
ERM in the Federal Government – Where’s the Value
04/18/23 Integrity - Service - Innovation 8
What Do We Want From the Business of Government? To be Affordable and Efficient To be Effective To provide Quality Service To be Dependable
So – We need to be able to achieve the established mission in order to retain
the confidence of our funders.
We need to provide value for our services.
Bottom Line –
We need to meet our objectives and protect our assets, including intangible ones such as reputation.
ERM in the Federal Government – Where’s the Value
04/18/23 Integrity - Service - Innovation 9
What Value does ERM Provide? Supports Government’s Governance Responsibilities Improves Results Strengthens Accountability Enhances Stewardship
ERM in the Federal Government – Where’s the Value
04/18/23 Integrity - Service - Innovation 10
How does ERM support Government’s Governance Responsibilities?
By ensuring that significant risk areas associated with polices, plans, programs and operations are identified and assessed.
By ensuring that appropriate measures are in place to address unfavorable impacts and to benefit from opportunities.
ERM in the Federal Government – Where’s the Value
04/18/23 Integrity - Service - Innovation 11
How does ERM Improve Results ?
Through more informed decision-making and by ensuring that values, competencies, tools, and a supportive environment form the foundation for innovation and responsible risk-taking.
By encouraging learning from experience while respecting parliamentary controls.
ERM in the Federal Government – Where’s the Value
04/18/23 Integrity - Service - Innovation 12
How does ERM Strengthen Accountability?
By demonstrating that levels of risk associated with policies, plans, programs and operations are explicitly understood.
By facilitating the optimum balance in risk management measures and stakeholder interests.
ERM in the Federal Government – Where’s the Value
04/18/23 Integrity - Service - Innovation 13
How does ERM Enhance Stewardship?
By strengthening public service capability to safeguard people, government property and interests through increased insight to the potential impact of abnormal events.
ERM in the Federal Government – Where’s the Value
04/18/23 Integrity - Service - Innovation 14
Putting the COSO Framework to Work in the Federal Sector
DFAS-ization of COSO
04/18/23 Integrity - Service - Innovation 15
Putting the COSO Framework to Work in the Federal Sector
DFAS alignment to the Risk Components ensures a robust program and strengthens compliance with the GAO Standards for Internal Control.
04/18/23 Integrity - Service - Innovation 16
Putting the COSO Framework to Work in the Federal Sector
DFAS expanded the Risk Management Objectives to address data security concerns and general auditing standards.
04/18/23 Integrity - Service - Innovation 17
Putting the COSO Framework to Work in the Federal Sector
Stratification across business units and at every level of the organization was applied to enable accurate reflection of the interrelationships of risks and create a common taxonomy for business activities.
04/18/23 Integrity - Service - Innovation 18
Putting the COSO Framework to Work in the Federal Sector
Stratification across business units and at every level of the organization was applied to enable accurate reflection of the interrelationships of risks and create a common taxonomy for business activities.
We are actually finding this layer adds little value
as we evolve the program.
04/18/23 Integrity - Service - Innovation 19
Some Pitfalls to be Wary of
Just focusing on financial risks
Trying to risk manage
EVERYthing
An obsession with internal controls – an inward
looking limitation
04/18/23 Integrity - Service - Innovation 20
A Gallery of Tools and Techniques
Agency Mission and Functions Manual Provides the business objectives
COSO Framework Identifies a comprehensive view of the elements of a robust ERM
A Catchy Logo CARES – covers the five Risk Management Objectives DFAS assesses
CompliantAccountable
Reliable & AccurateEffective & Efficient
SafeguardedAuditor’s Lenses
Auditor’s Lenses
04/18/23 Integrity - Service - Innovation 21
A Gallery of Tools and Techniques
SIPOC Model Guides process mapping through a complete end to end review of the
factors impacting the business activity
04/18/23 Integrity - Service - Innovation 22
A Gallery of Tools and Techniques
IDEF Model Denotes the role of compliance/regulations/controls in the business
activity Denotes the role of the supporting mechanisms for the business activity
Integration DEFinition Model
04/18/23 Integrity - Service - Innovation 23
A Gallery of Tools and Techniques
Risk Identification Questionnaire Facilitates comprehensive and consistent assessment of potential risks
1. Policies, procedures, plans, laws, and regulations are complied with;
1. What laws are applicable to your group? A. What is the risk if laws are not followed?2. What regs are applicable to your group? B. What is the risk if regs are not followed?3. What procedures (SOPs) are applicable to your group? C. What is the risk if procedures are not followed?4. What management policies are applicable to your group? D. What is the risk if management policies are not followed?
2. Resources are used and procedures are performed in an economical and efficient manner; and
Economically:1. Do you have a program budget?2. Are you responsible for aquiring products or services? 3. Are you making decisions regarding best use of government (taxpayer resources)?
What are your risks if these resources are not used in an economical manner? Fraud, Waste, Abuse, etc?
Efficiency:1. Guidelines (policies or regs) that dictate timeliness? 2. Deliverables on budget, on time?
What are the risks if these efficiency guidelines are not met?
Courtesy of Brian Williams
04/18/23 Integrity - Service - Innovation 24
A Gallery of Tools and Techniques
Process Map & Narrative For business processes For Information Systems data flow
<Savings Bonds
Bo
nd
Iss
uin
g
Ag
en
cy>
<D
FA
S<
CS
R>
<O
PM
MyP
ay
Transfer bond data to DCPS
Enter bond data online to DCPS
DCPSIssue Bond Detail
File
Review Bond Reports
Receive Issue Bond Detail File
Bond Reports
2
1
4
3
04/18/23 Integrity - Service - Innovation 25
End
Questions?