Title: Enterprise Risk Management for the Federal Government
1Enterprise Risk Management for the Federal
Government Wheres the Value?
- Donna Davis
- Defense Finance and Accounting Service
- June 2010
2Agenda
- ERM - Wheres the Value?
- Putting the COSO Framework to Work in the Federal
Sector - Event Identification
- Risk Assessment
- Risk Response
- Control Activities
- Information and Communication
- Monitoring
- Some Pitfalls to be Wary of
- A Gallery of Tools and Techniques
3ERM in the Federal Government Wheres the Value
- Three Parts of Business
- Objective
- Risk
- Controls
4ERM in the Federal Government Wheres the Value
- Three Parts of Business
- Objective what you are trying to accomplish
Not For Profit To achieve a mission or objective
while protecting assets. Achieve goals and
objectives for resources expended. Focus on
effectiveness.
For Profit To maximize shareholder wealth or, in
the case of a corporation, to maximize the value
of the firm as measured by stock price. Realize
a benefit from resources expended. Focus on
efficiency.
5ERM in the Federal Government Wheres the Value
- Three Parts of Business
- Objective what you are trying to accomplish
- Risk the barrier that will stop you from
accomplishing the objective
Not For Profit Avoid Risk seeking safest path to
mission achievement. Measure Impact of Risk on
Goals and Objectives.
For Profit Seek Risk as a means for expanding
market value. Measure Value at Risk.
6ERM in the Federal Government Wheres the Value
- Three Parts of Business
- Objective what you are trying to accomplish
- Risk the barrier that will stop you from
accomplishing the objective - Controls the action that will remove or
diminish the risk
Not For Profit Affect controls to assure
compliance, accountability, effectiveness/efficien
cy, reliability of reported data and safeguarding
assets.
For Profit Affect controls for the purpose of
minimizing loss.
7ERM in the Federal Government Wheres the Value
- What Do We Want From the Business of
Government? - To be Affordable and Efficient
- To be Effective
- To provide Quality Service
- To be Dependable
-
8ERM in the Federal Government Wheres the Value
- What Do We Want From the Business of Government?
- To be Affordable and Efficient
- To be Effective
- To provide Quality Service
- To be Dependable
- So
- We need to be able to achieve the established
mission in order to retain the confidence of our
funders. - We need to provide value for our services.
- Bottom Line
- We need to meet our objectives and protect
our assets, including intangible ones such as
reputation.
9ERM in the Federal Government Wheres the Value
- What Value does ERM Provide?
- Supports Governments Governance Responsibilities
- Improves Results
- Strengthens Accountability
- Enhances Stewardship
10ERM in the Federal Government Wheres the Value
- How does ERM support Governments Governance
Responsibilities? - By ensuring that significant risk areas
associated with polices, plans, programs and
operations are identified and assessed. - By ensuring that appropriate measures are in
place to address unfavorable impacts and to
benefit from opportunities.
11ERM in the Federal Government Wheres the Value
- How does ERM Improve Results ?
- Through more informed decision-making and by
ensuring that values, competencies, tools, and a
supportive environment form the foundation for
innovation and responsible risk-taking. - By encouraging learning from experience while
respecting parliamentary controls.
12ERM in the Federal Government Wheres the Value
- How does ERM Strengthen Accountability?
- By demonstrating that levels of risk
associated with policies, plans, programs and
operations are explicitly understood. -
- By facilitating the optimum balance in risk
management measures and stakeholder interests.
13ERM in the Federal Government Wheres the Value
- How does ERM Enhance Stewardship?
- By strengthening public service capability to
safeguard people, government property and
interests through increased insight to the
potential impact of abnormal events.
14Putting the COSO Framework to Work in the Federal
Sector
DFAS-ization of COSO
15Putting the COSO Framework to Work in the Federal
Sector
DFAS alignment to the Risk Components ensures a
robust program and strengthens compliance with
the GAO Standards for Internal Control.
16Putting the COSO Framework to Work in the Federal
Sector
DFAS expanded the Risk Management Objectives to
address data security concerns and general
auditing standards.
17Putting the COSO Framework to Work in the Federal
Sector
Stratification across business units and at every
level of the organization was applied to enable
accurate reflection of the interrelationships of
risks and create a common taxonomy for business
activities.
18Putting the COSO Framework to Work in the Federal
Sector
We are actually finding this layer adds little
value as we evolve the program.
Stratification across business units and at every
level of the organization was applied to enable
accurate reflection of the interrelationships of
risks and create a common taxonomy for business
activities.
19Some Pitfalls to be Wary of
Trying to risk manage EVERYthing
Just focusing on financial risks
An obsession with internal controls an inward
looking limitation
20A Gallery of Tools and Techniques
- Agency Mission and Functions Manual
- Provides the business objectives
- COSO Framework
- Identifies a comprehensive view of the elements
of a robust ERM - A Catchy Logo
- CARES covers the five Risk Management
Objectives DFAS assesses
Compliant Accountable Reliable
Accurate Effective Efficient Safeguarded
Auditors Lenses
21A Gallery of Tools and Techniques
- SIPOC Model
- Guides process mapping through a complete end to
end review of the factors impacting the business
activity
22A Gallery of Tools and Techniques
- IDEF Model
- Denotes the role of compliance/regulations/control
s in the business activity - Denotes the role of the supporting mechanisms for
the business activity
Integration DEFinition Model
23A Gallery of Tools and Techniques
- Risk Identification Questionnaire
- Facilitates comprehensive and consistent
assessment of potential risks
Courtesy of Brian Williams
24A Gallery of Tools and Techniques
- Process Map Narrative
- For business processes
- For Information Systems data flow
25End