Risk Response - Long Term Capability Building

Size: px

Start display at page:

Download "Risk Response - Long Term Capability Building"

Emily Blair
5 years ago
Views:

1 Risk Response - Long Term Capability Building Presented to: 5 th Annual Federal Enterprise Risk Management Summit By: Edgar Calderón, Manager, Risk Management, Security & Safety, FAA David Emanuel, Director, US Government, Active Risk, Inc. Paul Ellia, SAIC, Risk Management, Security & Safety, FAA Date: 1

2 Why we perform Enterprise Risk Management? Approximately 5,000 Aircraft in ATC System at one time. 2 2

3 FAA Vision To provide the safest, most efficient aerospace system in the world FAA Mission We strive to reach the next level of safety, efficiency, environmental responsibility and global leadership. We are accountable to the American public and our stakeholders. 3 3

4 Aging Equipment The FAA currently maintains 561 manned Air Traffic Control (ATC) facilities, many of which are in need of modernization The average age for an Air Route Traffic Control Center (ARTCC) is 49 years, The average age of a Terminal Radar Approach Control (TRACON) facility is 28 years. 4 4

5 How will we handle the increased air traffic in an environment of: Aging facilities and systems Integrating current and future technologies into the current National Airspace System (NAS) while still maintaining the same level of safety Upgrading facilities and equipment in a fiscally-austere environment International Civil Aviation Organization requirement to reduce carbon emissions by

NextGen The Next Generation Air Transportation System

Destination 2025 vision Increased capacity Increased

approximate cost estimate for 30 baselined FAA ATC

billion How do we mitigate risks to NextGen in a

6 NextGen The Next Generation Air Transportation System (NextGen) provides, in support of the FAA s Destination 2025 vision Increased capacity Increased safety, and Increased situational awareness The approximate cost estimate for 30 baselined FAA ATC programs contributing to the NextGen transition is $18 billion How do we mitigate risks to NextGen in a fiscally-austere environment Cornerstone NextGen programs include: Data Comm 6 6

7 Why is Enterprise Risk Management Important? A robust Enterprise Risk Management (ERM) process allows the FAA to mitigate any negative effects of: Budget Shortfalls Decreased Personnel Antiquated Equipment Project Schedule Delays Most importantly, ERM allows the FAA to continue to provide the safest Air Traffic system in the world ERM will support a successful implementation of NextGen programs 7 7

8 Enterprise Risk Management in the ATO ( ) History of ATO Enterprise Risk Management Program Ops Director approved Risk Management Plan in May 2005 Program Ops Groups were fully integrated in day-to-day use of the Risk Management process in 2007 Risk Managers used an Access-based database to identify, track, and monitor all programmatic risks. The creation of the PMO requires a revised risk management process that encompasses all programs that reside in the PMO, and the need to coordinate risk activities between the PMO and other FAA organizations (i.e. NextGen) 8 8

Program Management Organization (PMO) The ATO s Program Management Organization, endorsed by Congress on Sep 19, 2011, implements the Agency's air traffic programs, ensuring that they are on time,

9 Program Management Organization (PMO) The ATO s Program Management Organization, endorsed by Congress on Sep 19, 2011, implements the Agency's air traffic programs, ensuring that they are on time, cost effective and within scope. This allows our operational groups to focus on the key daily mission of safely separating air traffic and maintaining our airspace system. Define Define what makes a program, based on ideas and concepts, and determine how it fits in with other programs and what it means to the NAS. Design Design the best program to meet the requirements we are given. Develop Using the tools and expertise we have gathered in this organization, develop a program using best practices and consistent management methods. Deploy Deliver our program and maintain quality and integrity. 9 9

10 Current Air Traffic Organization (ATO) Structure Systems Integration & Requirements Analysis Enterprise Services 10 10

11 PMO Enterprise Risk Management Vision (2012 and beyond) To provide a common approach to Risk Management (RM) within the PMO that will become a natural business practice to be conducted in an efficient and effective manner, ensuring the achievement of PMO goals and objectives

12 Benefits of New ERM Process Cornerstone of new process is transparency Increased Management Visibility, Traceability, and Accountability Direct Interface between PMO and External Stakeholders NextGen Program Office Technical Operations Facilities Project Teams Mission Analysis Directorate Enhanced Reporting Capabilities Gives Management Insight into Risks Creates the basis for Enterprise Risk Management in the ATO 12 12

13 Why Automate your ERM process? Exponential Data Growth Stakeholder Pressure Capital Markets Reputation Shareholder Confidence RISK & REWARD Budget Cuts/ Pressure Board Regulatory Pressure Sarbanes-Oxley DI-MGMT IMS ISO Silo d Approach To Risk Projects HSE COSO PMBOK Supply Chain COBIT HIPAA Operations Finance 13 13

14 The Real World From Risk Practitioners 14 14

15 Symptoms of the Imbalance You spend more time chasing people down than managing risks. People run and hide when you walk down the hallway. You dread the end of the month when risk status reports are due. You have templates for asking nicely, being more firm and then yelling for status. People see you as the company s Excel guru

16 Going Beyond Builds Long-term Capability Enterprise Risk Management + Business Value of ERM Compliance

17 Process Excellence Is The Key To Embed into DNA Define the Risk 1 2 Determine the impact IDENTIFY ANALYZE Ensure Performance & Visibility 6 REPORT CONTROL 3 Define & Implement Steps to Manage IMPROVE MONITOR Adjust & Improve Process & Controls 5 4 Manage Risk Behavior & Process 17 17

What controls do I have in place to mitigate those

18 Changing The Culture Will Have Everyone Thinking.. What are the material risks to my goals & strategy? What controls do I have in place to mitigate those risks? Are the controls I have in place effective? 18 18

19 6 Secrets of Highly Effective ERM Ensure Strong Board and Senior Management Support Focusing on what Impacts your Goals, Objectives and Strategy Develop Practical & Effective Policies and Procedures Drive Risk Management as an Everyday Activity Provide Effective Tools to Support the Risk Process Focus on the Goal, not the Stages of Implementation 19 19

20 The importance of understanding the risks Ability to respond to a risk is directly related to how quickly you identify the risk 20 20

21 Move away from just risk registers What good is a list of risks if you don t do anything about them? 21 21

Short Term Benefits Hard benefits based on previous customer experience = 80% reduction in cost of mitigation by reducing duplication of Risk Management = 75% reduction in time spent

22 Short Term Benefits Hard benefits based on previous customer experience = 80% reduction in cost of mitigation by reducing duplication of Risk Management = 75% reduction in time spent identifying and assessing risk. More quality time spent on managing risk = 450 man hours per month saved in data manipulation when reporting and escalating risks and opportunities 22 22

23 NOTES to support Short-term Benefits Decisions based on risk data captured in 24 hours not 3 months Informed discussion making capability by Senior Management Enables limited resources to be targeted against the key risk drivers Improved visibility and understanding improves planning and forecasting Reduced silo based approach and duplication of effort Improved accuracy and communication of risks reduces crisis prevention 23 23

24 ATO/PMO RIO Management Process 24 24

25 Enterprise Risk Management Integration 25 25

26 Risk, Issue, and Opportunity The new PMO ERM process introduces formal tracking of Issues and Opportunities to the FAA. Risk: A future event or situation with a realistic probability of occurring that may have a negative impact to the successful accomplishment of one or more program/portfolio objectives. Issue: An event or situation that has occurred or is certain to occur and has a negative impact to the successful accomplishment of one or more program/portfolio objectives. Opportunity: A future event or situation with a realistic probability of occurring that may have a positive impact to the successful accomplishment of one or more program/portfolio objectives

27 PMO RIO Management Board Structure Overview Tier 1: PMO Tier 2: Directors Yes External Orgs. RIO Status Meetings No 2 nd Level Mgr. Board Tier 3: Programs Tier 4: Programs Note: 1. All board meetings are supported by RIO Review Meetings

28 The Future of ERM in the PMO : Fully Integrate new ERM Process into the PMO Incorporate NextGen and Technical Operations Include additional External Stakeholders Expand ERM into ATO 2015 and beyond Expand ERM within the FAA 28 28

29 Questions? 29 29