stepped up erm teresa mckay director, defense finance and accounting service asmc washington chapter...

Stepped Up ERM

Teresa McKay Director,

Defense Finance and Accounting Service

ASMC Washington Chapter

September 17, 2008

2

Agenda

Enterprise Risk ManagementWhy We Need Enterprise Risk

ManagementCase Studies

Wounded Warrior Out of Country Payments Accounts Payable

3

A Complex Environment Fraught with Risk

6.9 million travel payments

$328 billion in military retirement

managed865 active DoD appropriations

54.5 million general ledger accounts with billions of

transactions

$446 billion in disbursements

154.6 million payroll payments

14 million commercial invoices

4

What is Enterprise Risk Management?

Enterprise Risk Management (ERM): An organization-wide approach that proactively identifies inherent risks and prevents or manages them

5

Why do we use Enterprise Risk Management?

Why do we use Enterprise Risk Management?

Why ERM

6

DFAS’ Approach to ERM

Assess Plan Execute Sustain

DFAS ERMP Implementation Activities: ERM Governance Business Environment

Identification KRI Identification and

Monitoring ERM Reporting Compliance Management

Taxonomy, Risk Classification, and Policy

Establish DFAS Risk Appetite

ERM System/ Dashboard Development

Incident Capture Process

Communication, Training, and Awareness

Risk and Control Identification and Assessment

Control Testing Issue Management and

Remediation

7

Current State Desired State, Implementation

Implementation Activities

Governance DevelopmentTrainingSub-Core Self AssessmentCore Area Risk AssessmentMap Key ProcessesPerform Risk & Control

Identification and AssessmentEstablish Risk ToleranceRisk Mitigation Develop Test PlansDevelop Internal Control

Questionnaires

Implementation Outcomes

Dashboard ReportingProactive, Risk-Aware

WorkforceCentralized repository of

policies and procedural guidance

Process Excellence

ERM Evolution

DFAS Enterprise

Risk Management

Program

Ad Hoc Managed Standardized Integrated Optimized

DFAS Risk Management Maturity

8

Identifying Risk

Document the process Identify risks and establish

controls to mitigate those risks

Evaluate, test and -- if necessary -- revise

9

Accountability is Key

Accounts Payable: Own the process Identify Risks: What all can go wrongPrioritize: Develop an integrated strategy for solutions

10

Compliance

Audit oversight Internal reviewFederal Managers’ Financial Integrity Act Compliance Improper Payments Information ActFinancial Improvement and Audit ReadinessFederal Financial Management Improvement ActClinger-Cohen ActBalanced ScorecardDepartment of defense Information Assurance and

Certification Accreditation ProcessFederal Information Security Management Act

11

Outcomes

• Streamlined accounting and personnel processes

• Better support for our customers

• Peace of mind for Warfighters and their families

12

Case Study: Wounded Warrior

BackgroundBackground

ResultsResults

• Inaccurate pay to wounded soldiers resulted in soldiers owing money to the government

• Pay and personnel systems unable to handle situation

• Congress and media were outraged

• Number of erroneous payments significantly reduced

• Hospitalized Soldiers contacted personally

• Wounded In Action (WIA) database developed

• Available financial personnel at Walter Reed and Landsthul hospitals

• Overall processes and procedures improved

13

Case Study: Out of Country Payments

BackgroundBackground

ResultsResults

• Billions of dollars spent on the Global War on Terror

• DoD unable to support financial operations in Iraq and Afghanistan using standard operating procedures

• Army needed to improve internal controls for soldiers to be supported properly

• Regulations for soldiers in contingency environment revised

• Partnered with Army to improve controls and ensure payments are properly supported

• Communication, training and interagency planning improved

• Oversight/follow-up procedures established

14

Case Study: Accounts Payable

BackgroundBackground

ResultsResults

• Disparate accounts payable processes.

• Consolidated operations and standardized processes

• Improved efficiency and effectiveness, exceeding customer expectations

• In FY07 saved $53m by eliminating rework and increasing productivity

• 55 errors identified

• Dollar impact $7,166,567

• Employee coding training opportunities identified

• Opportunities to apply Business Activity Monitoring identified

Reduced improper payments

Identified Fraud

15

Business Activity Monitoring

The Future of BAM with DFAS

Improper Payments are detected and corrective action injected automatically at the source.

Detect and Prevent

16

Questions