Leveraging Technology to Enhance Your Agency s ERM Capabilities

Size: px

Start display at page:

Download "Leveraging Technology to Enhance Your Agency s ERM Capabilities"

Myrtle Harrell
5 years ago
Views:

1 The 2018 ERM ANNUAL SUMMIT Leveraging Technology to Enhance Your Agency s ERM Capabilities LATAIGA PROCTOR US Census Bureau W. CURTIS McNEIL Architect of the Capitol Moderator: MARIANNE ROTH Bureau of Consumer Financial Protection Breakout Session 1E

2 Polling Question 1 In mobile app, go to: Polling Questions > 17 - Session 1E 11:15) - Question 1 What software or system(s) does your organization use to support your ERM program? 1. Standard business software (e.g., excel/word/powerpoint) 2. Collaboration technology (e.g., Sharepoint, project server) 3. Governance, Risk, and Compliance (GRC) program 4. Other COTS 5. None 6. Unknown

3 3

4 Polling Question 2 In mobile app, go to: Polling Questions > 17 - Session 1E 11:15) - Question 2 Do you feel some sort of technology would enhance the capabilities of your current ERM program? 1. Strongly agree 2. Agree 3. Neutral 4. Disagree 5. Strongly disagree

5 5

6 Polling Question 3 In mobile app, go to: Polling Questions > 17 - Session 1E 11:15) - Question 3 What are the biggest barriers to using technology to enhance ERM capabilities? (select all that apply) 1. Lack of champions 2. Inability to secure program/department cooperation 3. Lack of a compelling business case or method to demonstrate ROI 4. Belief it is too complex to undertake integration 5. Inability to secure necessary budget 6. Available technology/software not aligned with GRC needs 7. Not knowing how to start or implement

7 7

8 US Census Bureau Enterprise Risk Management IT Solution LaTaiga Proctor, PMP Office of Program, Performance, and Stakeholder Integration

9 Census ERM Framework Executive Sponsorship ERM Plan ERM Standards, Guidance & Training ERM Policy Governing Bodies ERM Tools 9

10 Census Top-down & Bottom-up Approach to ERM Top Down Approach Enterprise Risk Review Board (ERRB) Program Risk RRBs Portfolio Mgmt. Governing Boards Project Risk RRBs Bottom Up Approach 10

11 ERM IT Solution Objective Increase visibility of risks & issues across the organization Enhance analysis & reporting Support business decisions 11

12 ERM IT Solution Built within Microsoft Project Server with Census customizations including: Multi-layer risk environment enables risk movement features elevation/de-elevation, transfer and sharing of risks Workflows InfoPath, Nintex, SharePoint SharePoint Forms, Reports Business Intelligence SSRS Reporting, Report Builder, Power BI On-site Microsoft support services 12

13 Portfolio View of Risks The Risk Solution enables a portfolio view of risks creating top-down, bottom-up management of risks across the enterprise Level 1 Enterprise Risks Level 2 Major Program Risks Level 3 Project Risks Level 4 Sub-Project Risks 13

14 Program 1 Business Line 1 Sub-Project Risks Sub-Project Risks Sub-Project Risks Key Level 1 Enterprise Level 2 Major Programs Level 3 Projects Level 4 Sub-Projects Program 2 ERM Portfolio View of Risks Enterprise Risks Business Line 2 Program 3 Program 4 Business Line3 Business Line 4 Sub-Project Risks Sub-Project Risks 4.2 Risk Categories enable visibility of common risks across the enterprise: Strategic Operational Safety & Security Compliance/Regulatory Financial Reputation Political Fraud COOP & Disaster Recovery Technology

15 Standardized Form Tracking Standard risk form w/required fields to ensure required data is collected from all levels Provides versioning controls to monitor changes in the risk data 15

16 Detailed Mitigation & Contingency Tracking Enables tracking of mitigation & contingency plan by: Strategy Action Steps Action Step Owner Pulls in risk data from the risk form Enables tracking of the status at the lowest levels 16

17 EPMT Risk Elevation Criteria Worksheet Automates movement of risks from subproject to master project; master project to program & program to enterprise risk registers Ensures audit trail capability for initiation, movement and closure of risks 17

Category Active Risks by Rating Top Risks Report Summary

18 Risk Reporting Current risk tool customizations include: Standardized drill down reports, including: Risk Matrix Risk by Category Active Risks by Rating Top Risks Report Summary reports for transparency of subordinate programs/projects Word Search query 18

19 Business Intelligence Center Read access to active risks/issues at all levels Accessible to all Census employees Downloadable data to Excel, Word, or PDF Key word search Enterprise reports with drill down capability Risk training 19

20 Risk IT Solution Benefits Centralized database Risk analysis & assessment Real-time decision support Integration of risk activity Bureau-wide Consistent risk management practices Mitigation & contingency plan tracking Elevation, de-elevation/transfer of risks Links to project schedules Dashboards w/drilldown capability Custom & ad hoc risk reporting Portfolio view of risks Permission based access Prioritization of project, program & enterprise risks Visibility of like or similar risks Active directory alerts & notifications Exportable risk data Audit trail of risk activity Web-based 20

21 Additional Information For additional information please call or LaTaiga Proctor, PMP US Census Bureau Office of Program, Performance, and Strategic Integration Telephone:

22 Architect of the Capitol Enterprise Risk Management Tool (ERMT) W. Curtis McNeil, RIMS-CRMP-Fed, LSSGB Architect of the Capitol, Office of the Chief Financial Officer

23 Architect of the Capitol - Organization Chart 23

24 Holistic View of Risk Strategic Goals, Mission Objectives and Expected Outcomes Enterprise Focus on Risk Governance Strategic Operational Reputational Cybersecurity Financial Compliance Safety 24

25 Enterprise Risk Management Tool (ERMT) Dashboard Homepage 25

three levels of the strategic goal process www.aoc.

26 Risk Entry Form Recommend jurisdictional risk to promotion at an enterprise level Align risk to all three levels of the strategic goal process 26 This slide contains sample data for demonstrational purposes only.

Response Entry Form Attach files that directly align with

avoid, reduce, or share Assign dates and track risk

27 Response Entry Form Attach files that directly align with the identified response strategy (e.g., corrective action plans, schedules, etc.) Select the appropriate risk response strategy: accept, avoid, reduce, or share Assign dates and track risk responses to completion 27 This slide contains sample data for demonstrational purposes only.

28 Risk Zoom In Function Key Feature: Provides a zoom in function that allows management to view the likelihood, impact, and aggregate risk rankings over a 15- month period of performance This slide contains sample data for demonstrational purposes only.

29 Risk Snapshot Report 29

Benefits of Technology Integration with ERM Provides a consolidated portfolio view of risks that allows management to conveniently view risk related metrics and identify trends

30 Benefits of Technology Integration with ERM Provides a consolidated portfolio view of risks that allows management to conveniently view risk related metrics and identify trends (INNOVATE) Provides direct alignment to strategic goals, objectives and strategies (INTEGRATE) Supports the documentation of our decisionmaking processes (MOTIVATE) 30

31 Key Takeaways in Leveraging Technology to Advance your ERM Program Technology is an ENABLER to support ERM processes Garbage in garbage out DOES NOT replace having difficult conversations about risk, but it does assist with keeping the conversation FOCUSED 31

32 For Questions or Additional Information W. Curtis McNeil, RIMS-CRMP-Fed, LSSGB Architect of the Capitol, Office of the Chief Financial Officer Phone:

33 Polling Question 4 In mobile app, go to: Polling Questions > 17 - Session 1E 11:15) - Question 4 Does leadership and management (at all levels) have quality, reliable, timely, current, useful risk information readily available when it makes decisions? 1. Yes 2. No 3. Unknown

34 34

35 Polling Question 5 In mobile app, go to: Polling Questions > 17 - Session 1E 11:15) - Question 5 Can your ERM program view/monitor all risks across your organization? 1. Yes 2. Somewhat 3. No 4. Unknown

36 36

37 Polling Question 6 In mobile app, go to: Polling Questions > 17 - Session 1E 11:15) - Question 6 Which of the expected benefits of risk technology is most important to you? 1. Reduce/eliminate redundant or duplicative activities 2. Greater ability to present risk information to leadership and senior management 3. Greater ability to gather information quickly and efficiently 4. Greater ability to identify risks

38 38