FIAR & Enterprise Risk Management (ERM) Update Brief to the SCESC October 24, 2017 1
BLUF -> Integration of FIAR Remediation Requirement: OSD Mgmt/Tracking Material Weaknesses (MW) Identified in Component Annual SOAs Recommended Approach: Integrate with current SCESC operations Compliance with consideration of resource burdens Blend and prioritize new MW issues with other work Track using DLMS compliance process 2
OMB Risk Management Guidance Risk Governance Framework OMB Circular No. A-123 - Figure 1: Relationship Between Internal Controls and Enterprise Risk Management 3
Managers Internal Control Program (MICP) DODI 5010.40 OSD Component Heads And Principal Staff Assistants (PSAs) Approve Component SOAs prior to submission to the Secretary of Defense Maintain ownership of DoD-wide material weaknesses (MW) Track status until resolved Assist in resolution where needed DoD And OSD Component Heads Establish a MICPs Assess risks Document and design ICs Test effectiveness of ICs Identify deficiencies prepare corrective action plans (CAP) Monitor CAP status until resolution Submit the annual statement of assurance (SOA) 4
FY17 SOA Material Weaknesses* *For Assessable Units: Requisition Processing, Inventory and OM&S Component Paraphrased Description Assessable Unit Category DLA/GSA off-line requisition systems need Fund Control Requisition Navy Interface with DLA Transaction Services. Processing TBD Air Force Lack of GFM in Govt APSR OM&S E&C Air Force Value of inventory not accurately reflective of historical cost. Inventory Valuation Navy Value of inventory not accurately reflective of historical cost. Inventory Valuation Air Force Value of OM&S not accurately reflective of historical cost. OM&S Valuation Army Value of OM&S not accurately reflective of historical cost. OM&S Valuation Army Value of OM&S not accurately reflective of the historical cost lack effective controls to assure E&C OM&S Valuation and E&C Army Value of inventory not accurately reflective of the historical cost lack effective controls to assure E&C Inventory Valuation and E&C Navy Value of OM&S not accurately reflective of historical cost. OM&S Valuation Navy Value of OM&S not accurately reflective of the historical cost lack effective controls to assure E&C OM&S Valuation and E&C 5
Supply and Finance Policy Alignment IPT 6
SFPA IPT - Projects Project Title Core Issue(s) FIAR Assertion Status Notes Wet Signature Asset Visibility E&C Closed No OSD Policy Issue(s) DMISA Asset Visibility E&C Open SVCs Leading Missing MRA Asset Visibility E&C Open Reboot required Intransit Accounting E&C Open Billing @ Shipment/Owning @ Receipt Unliquidated Obligations DVD Entries - irapt Deemed Cost Methodology TBD TBD Pending Army TBD TBD Pending Navy TBD TBD Pending OSD(L&MR) 7
Defense Logistics Management Standards (DLMS) IPT 8
Component Tracking of DLMS Compliance Component ADC Tracking Info Due-Date Status Navy 6/20/2017 Completed DLA 12/31/2017 In-Process Marine Corps 12/31/2017 In-Process Air Force 1/31/2018 In-Process Army 1/31/2018 In-Process DCMA 1/31/2018 In-Process 9
Navy Tracking - QTR3 - FY17 Total ROM # Applicable Hours Identified Est./Act. DLMS ADCs (ADCs In Compliance Navy DLMS-Relevant System Identified Process) Date Expeditionary Management 3 360 7/31/2018 Information System 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Financial And Air Clearance 82 5,161 9/30/2018 Transportation System 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Ordnance Information System 162 32,855 9/30/2018 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Joint Deficiency Reporting 1 5,000 12/31/2018 System 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Integrated Technical Item 1 160 2/28/2019 Management Program 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Navsup Wss Supply Support 3 480 3/23/2019 Program 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Oct-17 Nov-17 Dec-17 Jan-18 Feb-18 Mar-18 Apr-18 May-18 Jun-18 Jul-18 Module Test Repair Application 70 3,920 6/30/2019 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Electronic Retrograde 95 1,130 6/30/2019 Management System 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Management Support And Data 11 160 9/30/2019 Analysis 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Commercial Asset Visibility- 8 4,533 9/30/2019 Web 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Commercial Asset Visibility- 2 2,177 9/30/2019 ORM 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Naval Logistics Library 116 61,306 9/30/2019 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 One Touch Support 100 44,841 9/30/2019 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Corrective Maintenance 155 7,452 12/31/2019 Logistics System 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 Shipboard Configuration And 133 5,645 12/31/2019 Logistics Information Program 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 Trident Logistics Data System 7-12/31/2019 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 Submarine Logistics Database 69-12/31/2019 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 Naval Operational Supply 377-12/31/2021 System 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 Navy Enterprise Resource After 102 442,986 Planning 12/31/2019 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 Navair Depot Maintenance 3 1,400 TBD System 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 Product Data Reporting 57 19,858 TBD Evaluation System 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 Aug-18 Sep-18 Oct-18 Nov-18 Dec-18 Jan-19 Feb-19 Mar-19 Apr-19 May-19 Jun-19 Jul-19 Aug-19 Sep-19 Oct-19 Nov-19 Dec-19 Jan-20 Feb-20 Mar-20 Apr-20 May-20 Jun-20 Jul-20 Aug-20 Sep-20 Oct-20 Nov-20 Dec-20 10
Putting the Pieces Together SCESC SAO s MICP Remediation Mechanism Applies ERM/RMC concepts Provide Organizational Portfolio View Manage Risk Register/Risk Profile MW, NFR & PDE Approve/Monitor CAPs 11
Risk Register/Risk Profile SCESC Priority Component Risk Type Paraphrased Description Assessable Unit Category Intransit Advance Payment (AP) needed annual limit 1 Army PDE $1B COA 1 -> Relief from limit ; COA 2 -> WCF cash infusion; COA 3 -> Costly change to FOB shipment. Inventory and OM&S E&C 2 DLA PDE Missing MRAs... mitigate underlying causes policy to resolve old records. Inventory and OM&S E&C 3 OSD PDE "Deemed Cost" sustainable valuation method Inventory and Valuation 3 Navy MW "Deemed Cost" Value of inventory not accurately reflective of historical cost. Inventory Valuation 3 Navy MW "Deemed Cost" Value of OM&S not accurately OM&S Valuation 3 Navy MW "Deemed Cost" Value of OM&S not accurately OM&S Valuation and E&C 3 Army MW "Deemed Cost" Value of OM&S not accurately reflective of historical cost. OM&S Valuation 3 Army MW "Deemed Cost" Value of OM&S not accurately OM&S Valuation and E&C 3 Army MW "Deemed Cost" Value of inventory not accurately reflective of the historical cost lack effective controls Inventory Valuation and E&C 3 Air Force MW "Deemed Cost" Value of inventory not accurately reflective of historical cost. Inventory Valuation 3 Air Force MW "Deemed Cost" Value of OM&S not accurately reflective of historical cost. OM&S Valuation 4 Navy MW DLA/GSA off-line requisition system needs Fund Control Interface with DLA-Transaction Services. Requisition Processing E&C 5 Army PDE Unliquidated Obligations goods receipted... purchase order line items... missing InterfundDisbursements. Inventory and OM&S E&C 6 Air Force MW Lack of GFM in Govt APSR OM&S E&C 7 Navy PDE IRAPT Unit entry of direct vendor deliveries. Requisition Processing E&C 8 Air Force PDE DMISA - Lacking asset visibility data Inventory and OM&S E&C 12
Notional Tracking - Risk Profile Total ROM # Applicable Hours Identified Est./Act. DLMS ADCs (ADCs In Compliance Navy DLMS-Relevant System Identified Process) Date Expeditionary Management 3 360 7/31/2018 Information System 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Financial And Air Clearance 82 5,161 9/30/2018 Transportation System 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Ordnance Information System 162 32,855 9/30/2018 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Joint Deficiency Reporting 1 5,000 12/31/2018 System 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Integrated Technical Item 1 160 2/28/2019 Management Program 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Navsup Wss Supply Support 3 480 3/23/2019 Program 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Oct-17 Nov-17 Dec-17 Jan-18 Feb-18 Mar-18 Apr-18 May-18 Jun-18 Jul-18 Module Test Repair Application 70 3,920 6/30/2019 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Electronic Retrograde 95 1,130 6/30/2019 Management System 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Management Support And Data 11 160 9/30/2019 Analysis 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Commercial Asset Visibility- 8 4,533 9/30/2019 Web 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Commercial Asset Visibility- 2 2,177 9/30/2019 ORM 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Naval Logistics Library 116 61,306 9/30/2019 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 One Touch Support 100 44,841 9/30/2019 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Corrective Maintenance 155 7,452 12/31/2019 Logistics System 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 Shipboard Configuration And 133 5,645 12/31/2019 Logistics Information Program 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 Trident Logistics Data System 7-12/31/2019 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 Submarine Logistics Database 69-12/31/2019 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 Naval Operational Supply 377-12/31/2021 System 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 Navy Enterprise Resource After 102 442,986 Planning 12/31/2019 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 Navair Depot Maintenance 3 1,400 TBD System 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 Product Data Reporting 57 19,858 TBD Evaluation System 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 Aug-18 Sep-18 Oct-18 Nov-18 Dec-18 Jan-19 Feb-19 Mar-19 Apr-19 May-19 Jun-19 Jul-19 Aug-19 Sep-19 Oct-19 Nov-19 Dec-19 Jan-20 Feb-20 Mar-20 Apr-20 May-20 Jun-20 Jul-20 Aug-20 Sep-20 Oct-20 Nov-20 Dec-20 13
14
Enterprise Risk Management (ERM) OBM Circular A-123 ERM and ICs components of governance framework. Internal Controls (IC) Provides reasonable assurance entity objectives achieved. ERM Identifies, assesses, and manages risks. Reduce/eliminate potential disruptive events (PDE) at key points Portfolio view of organizational challenges Prioritize resource allocations cannot respond to all risks Risk Management Council (RMC) Establish risk profile regular assessment appropriate response Risk profile prioritized inventory significant risks portfolio perspective Risk register complete inventory of risks 15
MICP, SAO, SOA, NFR and ERM Managers Internal Control Program (MICP) Review, assess & report internal control effectiveness Senior Accounting Official (SAO) OSD Executive responsible for remediation for given Assessable Units Statement of Assurance (SOA) Annual self identification; Internal Control Material Weaknesses (MW) Notice of Findings and Recommendations (NFR) MWs identified during audit Enterprise Risk Management (ERM) Identifies, assesses, and manages risks. 16