office of information technology enterprise risk management · pdf file ·...
TRANSCRIPT
![Page 1: Office of Information Technology Enterprise Risk Management · PDF file · 2016-01-04Office of Information Technology Enterprise Risk Management ... risk management approach that](https://reader031.vdocuments.us/reader031/viewer/2022022503/5aafb87f7f8b9a25088dd792/html5/thumbnails/1.jpg)
Business Opportunities with
Office of Information Technology Enterprise Risk Management
Tina Burnette Executive Director
Enterprise Risk Management
18
![Page 2: Office of Information Technology Enterprise Risk Management · PDF file · 2016-01-04Office of Information Technology Enterprise Risk Management ... risk management approach that](https://reader031.vdocuments.us/reader031/viewer/2022022503/5aafb87f7f8b9a25088dd792/html5/thumbnails/2.jpg)
Overview
• Executive Director, Enterprise Risk Management
• Responsible for providing the Office of Information & Technology (OI&T) with expert risk management guidance, including the identification, assessment, and mitigation of IT-related risks.
17
![Page 3: Office of Information Technology Enterprise Risk Management · PDF file · 2016-01-04Office of Information Technology Enterprise Risk Management ... risk management approach that](https://reader031.vdocuments.us/reader031/viewer/2022022503/5aafb87f7f8b9a25088dd792/html5/thumbnails/3.jpg)
Acquisitions and Contractual Authority
Acquisitions and contractual commitments can only be made by Government officials having expressed authority to enter into such agreements on behalf of the United States Government. The ONLY Government officials with such authority are Warranted Contracting Officials. Any discussions of contractual requirements do not constitute contractual direction or authorization of any kind. Future contractual directions, If ANY, shall ONLY come from the cognizant Department of Veterans Affairs Warranted Contracting Officer.
16
![Page 4: Office of Information Technology Enterprise Risk Management · PDF file · 2016-01-04Office of Information Technology Enterprise Risk Management ... risk management approach that](https://reader031.vdocuments.us/reader031/viewer/2022022503/5aafb87f7f8b9a25088dd792/html5/thumbnails/4.jpg)
VA’s Mission
15
![Page 5: Office of Information Technology Enterprise Risk Management · PDF file · 2016-01-04Office of Information Technology Enterprise Risk Management ... risk management approach that](https://reader031.vdocuments.us/reader031/viewer/2022022503/5aafb87f7f8b9a25088dd792/html5/thumbnails/5.jpg)
OI&T’s Mission, Vision, and Guiding Principles
Mission: Collaborate with our business partners to create the best experience for all Veterans.
Vision: Become a world-class organization that provides a seamless, unified Veteran experience through the delivery of state-of-the-art technology.
Guiding Principles:
• Transparency• Accountability
• Innovation• Teamwork
14
![Page 6: Office of Information Technology Enterprise Risk Management · PDF file · 2016-01-04Office of Information Technology Enterprise Risk Management ... risk management approach that](https://reader031.vdocuments.us/reader031/viewer/2022022503/5aafb87f7f8b9a25088dd792/html5/thumbnails/6.jpg)
Mission: Provide OI&T with an integrated, enterprise-wide risk management approach that ensures its information technology investments are managed in an efficient and effective environment.
Vision: ERM’s risk management approach will enable OI&T to continuously identify, assess, and mitigate risk that may preclude it from meeting its mission. ERM’s risk management framework will drive transparency and accountability, thus enhancing public trust while improving service delivery to Veterans.
ERM’s Mission and Vision
13
![Page 7: Office of Information Technology Enterprise Risk Management · PDF file · 2016-01-04Office of Information Technology Enterprise Risk Management ... risk management approach that](https://reader031.vdocuments.us/reader031/viewer/2022022503/5aafb87f7f8b9a25088dd792/html5/thumbnails/7.jpg)
VA’s Organizational Alignment
12
![Page 8: Office of Information Technology Enterprise Risk Management · PDF file · 2016-01-04Office of Information Technology Enterprise Risk Management ... risk management approach that](https://reader031.vdocuments.us/reader031/viewer/2022022503/5aafb87f7f8b9a25088dd792/html5/thumbnails/8.jpg)
OI&T’s Organizational Alignment
11
![Page 9: Office of Information Technology Enterprise Risk Management · PDF file · 2016-01-04Office of Information Technology Enterprise Risk Management ... risk management approach that](https://reader031.vdocuments.us/reader031/viewer/2022022503/5aafb87f7f8b9a25088dd792/html5/thumbnails/9.jpg)
ERM’s Organizational Alignment
10
![Page 10: Office of Information Technology Enterprise Risk Management · PDF file · 2016-01-04Office of Information Technology Enterprise Risk Management ... risk management approach that](https://reader031.vdocuments.us/reader031/viewer/2022022503/5aafb87f7f8b9a25088dd792/html5/thumbnails/10.jpg)
ERM’s ProPath Process Map
9
![Page 11: Office of Information Technology Enterprise Risk Management · PDF file · 2016-01-04Office of Information Technology Enterprise Risk Management ... risk management approach that](https://reader031.vdocuments.us/reader031/viewer/2022022503/5aafb87f7f8b9a25088dd792/html5/thumbnails/11.jpg)
ERM’s Risk Severity Matrix
8
![Page 12: Office of Information Technology Enterprise Risk Management · PDF file · 2016-01-04Office of Information Technology Enterprise Risk Management ... risk management approach that](https://reader031.vdocuments.us/reader031/viewer/2022022503/5aafb87f7f8b9a25088dd792/html5/thumbnails/12.jpg)
ERM’s Enterprise Risk Registry (ERR)
7
![Page 13: Office of Information Technology Enterprise Risk Management · PDF file · 2016-01-04Office of Information Technology Enterprise Risk Management ... risk management approach that](https://reader031.vdocuments.us/reader031/viewer/2022022503/5aafb87f7f8b9a25088dd792/html5/thumbnails/13.jpg)
Past/Current Risk Assessment Activities
• IT Asset Management Assessments• Transparency into results resulted in aggressive actions
leading to marked improvements, reducing OI&T’s risks of lost or misused IT assets
• Security Controls Assessments• Provide OI&T leadership with a clear and independent view of
security control implementation efforts, ensuring visibility of information security risks
• Continuous Monitoring Tools Assessments• Provide oversight into effective deployment of automated
tools to ensure technical risks are identified in near real-time
6
![Page 14: Office of Information Technology Enterprise Risk Management · PDF file · 2016-01-04Office of Information Technology Enterprise Risk Management ... risk management approach that](https://reader031.vdocuments.us/reader031/viewer/2022022503/5aafb87f7f8b9a25088dd792/html5/thumbnails/14.jpg)
How Can You Help Us?
• Past Approach
Utilize Veteran-owned small businesses to support our mission requirements.
• Future Approach:
Continue to utilize Veteran-owned small businesses to support our mission requirements.
5
![Page 15: Office of Information Technology Enterprise Risk Management · PDF file · 2016-01-04Office of Information Technology Enterprise Risk Management ... risk management approach that](https://reader031.vdocuments.us/reader031/viewer/2022022503/5aafb87f7f8b9a25088dd792/html5/thumbnails/15.jpg)
Current/Past Awards
Name of Contract Description
Value of ContractIncumbent
ExpirationStart/Finished
Enterprise Risk Registry Development
Development of the ERR database.
$2MSBG Technology Solutions, Inc. (SDVOSB)
Complete
Enterprise Risk Registry Upgrade
Upgrades to the ERR database.
$135KSBG Technology Solutions, Inc. (SDVOSB)
Complete
Enterprise Risk Registry Operation & Maintenance (O&M)
Perform O&M activities for ERM’s Enterprise Risk Registry (ERR) database, including code fixes and patches, minor updates or enhancements, help desk support, and project management.
~$200K annuallyDSoft Technology (SDVOSB) Sept 2020
IV&V Support
Support personnel for independent verification and validation (IV&V) of VA financial applications.
~$500K annuallyLeidos, Inc. (Veteran-founded business) Sept 2017
4
![Page 16: Office of Information Technology Enterprise Risk Management · PDF file · 2016-01-04Office of Information Technology Enterprise Risk Management ... risk management approach that](https://reader031.vdocuments.us/reader031/viewer/2022022503/5aafb87f7f8b9a25088dd792/html5/thumbnails/16.jpg)
Opportunities Forecast 2016-2017
Requirement DescriptionAnticipated parameters (e.g., use of particular contracting vehicles)
Anticipated date
needed
Range of Value $
Enterprise Risk Registry Operation & Maintenance (O&M)
Perform O&M activities for ERM’s Enterprise Risk Registry (ERR) database, including code fixes and patches, minor enhancements, help desk support, and project management.
Veteran-owned small business October 2020 ~$250K annually
IV&V Support
Support personnel for independent verification and validation (IV&V) of VA financial applications.
Veteran-owned small business October 2017 ~$500K annually
3
![Page 17: Office of Information Technology Enterprise Risk Management · PDF file · 2016-01-04Office of Information Technology Enterprise Risk Management ... risk management approach that](https://reader031.vdocuments.us/reader031/viewer/2022022503/5aafb87f7f8b9a25088dd792/html5/thumbnails/17.jpg)
Q&A
ERM points of contact for more information:
Pat HamptonDirector, Risk Management Planning (RMP)
Steve RiffelDirector, IT Security and Compliance Risks
2
![Page 18: Office of Information Technology Enterprise Risk Management · PDF file · 2016-01-04Office of Information Technology Enterprise Risk Management ... risk management approach that](https://reader031.vdocuments.us/reader031/viewer/2022022503/5aafb87f7f8b9a25088dd792/html5/thumbnails/18.jpg)
Thank you for your service to our country
– then and now.
1