170 likes | 360 Views
Federal Student Aid Overview of Risk Management. David Revill and Cynthia Vitter. Agenda. Changing business model Enterprise Risk Management Defined FSA’s Key Strategic Drivers Authorization of the Risk Management Committee Risk Management Group Functional Alignments
E N D
Federal Student Aid Overview of Risk Management David Revill and Cynthia Vitter
Agenda • Changing business model • Enterprise Risk ManagementDefined • FSA’s Key Strategic Drivers • Authorization of the Risk Management Committee • Risk Management Group Functional Alignments • Key Tools Used to Communicate Significant Risks • How the Risk Management Group Identifies Risks / Issues • Risk Management Organization Key Functions • Risk Management Group Overview • Audit Liaison Overview • Internal Review Overview • Risk Analysis & Reporting Overview • Portfolio Analytics Overview • Acquisition Risk Management Overview • Summary
Things that impacted FSA’s business model FSA’s business model changed from Direct Lending and Bank Lending (FFEL) to 100% Direct Lending, effective 7/1/2010 Driven by and against the back drop of a global financial crisis Rising cost of education AND expanded for- profit sector
What do we mean by Enterprise Risk Management? A successful ERM program can assist an organization to: • Work toward a more integrated and comprehensive assessment of risks, and an objective, consistent approach to managing them • Through a consistent risk governance framework, help establish enhanced clarity around risk management roles and responsibilities • Help create a more common language and improved customized view of risk across the agency • Monitor more completely an organization’s risk level as compared to its risk appetite, to include correlations and dependencies across products and risk types • Increase focus on both traditional and emerging risk types
FSA’s Key Strategic Drivers Goal D: Reduce Mismanagement by Postsecondary & Financial Institutions; Understand and Manage Loan Portfolio Risk • Goal A: Improve Customer Experience; Increase Program Completions; Supports Operational Delivery of Title IV Aid • Goal B: Enhance Postsecondary & Financial Institution Support • Goal C: Build Stronger Business Management Capabilities & Supporting Processes • Goal E: Enhance Employee Experience
Authorization of the Risk Management Committee (RMC) • In January 2010, former Chief Operating Officer (COO), William Taggart officially authorized the RMC and announced the new Risk Management Leadership • The RMC is chaired by Fred Anderson, Senior Advisor to the COO and includes certain members of the Operating Committee • Risk Management Committee Members include:
Group Functional Alignments Brenda Wensil (Acting) Chief Risk Officer Leslie Saint-Julien Administrative Assistant Vacant Deputy CRO Administration & Reporting Linda Hall Director Internal Review Group Cynthia Vitters Director Risk Analysis & Reporting Group Janice Habash Director Portfolio Performance Management Services Group Wyndon Hibler Director Acquisition Risk Management Group David Revill Director Internal Review & Special Initiatives Division Audit Liaison Team
Key Tools Used to Communicate Significant Risks • FSA Enterprise Level Risk Diagnostic Summary, a one pager that is used to identify, track and communicate key risks • FSA Significant Operational Issues Dashboard, is the documentation that used to support the rating of the risk type in the risk summary • Risk Management Significant Risk Database, an aggregation of potential risk issues
Risk Types • At Federal Student Aid, Enterprise Risk Management is divided to identify, assess, manage, and report risk management activities amongst the following five categories: • Operational • Student Aid Administration Risks • Portfolio Analytics and Forecasting • Reputational • Marketing • These risks are identified by the work done by individuals in five Risk Management Groups: • - Internal Review - Portfolio Analytics • Risk Analysis & Reporting - Acquisitions Risk Management
Internal Review Overview INTERNAL REVIEW GROUP has two functions: Internal Reviews and Audit Liaisons. Internal Reviews focus reviews of FSA Operations. They are responsive to business units requests to review specific processes that require a confirmation of functionality They also focus on Special Initiatives that are projects that address validating CAP controls, OIG responses, process improvement and other unique requirements Audit Liaisons is the connection between FSA and the various entities that seek to examine FSA’s processes of operations. Audit Liaison has taken a more prominent role as the number of examinations have increased.
Audit Liaison Overview Who Audits Federal Student Aid? • The Government Accountability Office (GAO), is an independent, nonpartisan agency that works for Congress. The head of GAO is the Comptroller General, who is appointed to a 15-year term by the President. • The Department of Education’s Office of Inspector General (OIG), is an independent office within the Department of Education established by the Inspector General Act of 1978. The Inspector General is appointed by the President and submits semiannual reports to Congress. The Inspector General reports to and is under the direct supervision of the Secretary of Education. However, the Secretary cannot prevent or prohibit OIG from initiating or carrying out any audit or investigation. What Do They Audit? • Auditors study, evaluate, and determine if the Federal Student Aid programs’ internal accounting and administrative controls, policies, and procedures are in compliance with applicable laws, regulations and Department directives. Why Do They Audit Federal Student Aid? • Auditors follow money because fraud, risk and abuse are associated with large government programs. FSA delivers roughly $150 billion annually in student aid. • The GAO’s mission is to support congressional oversight of an agency’s operations to determine whether funds are being spent efficiently and effectively and to report on how well government operations and policies are meeting their objectives. GAO’s work is frequently conducted at the request of congressional committees or subcommittees or is mandated by law. • The OIG’s mission is to keep the Secretary and Congress informed about problems and deficiencies related to the administration of programs. Each year, the OIG circulates its work plan for comment by Department officials. The OIG’s work plan details the areas it intends to focus on in its future work. Some audits are mandated to be conducted annually, such as the annual financial statement audit and the Federal Information Security Management Act (FISMA) audit.
Risk Analysis & Reporting Overview Some of the key activities of Risk Analysis & Reporting are: • Coordinate technical aspects of FSA’s risk diagnostic • Prioritize risk through control environment assessment, heat map, and other activities based on event probability and inherent impact • Enhance enterprise risk management framework to include the following: • Risk taxonomy across 5 broad areas of risk (operational, student aid administration, portfolio analytics & forecasting, market, and reputational) • Completion of FSA enterprise-level control assessment for Risk Management Committee and other key oversight stakeholders • Coordinate business unit risk oversight and program compliance activities across the enterprise • Conduct targeted risk assessments including mitigation status based upon risk diagnostic • Continuously perform data analysis to provide clear visibility into key risk and mitigation efforts
Portfolio Analytics Overview • Portfolio Performance Management Services (PPMS), is a centralized enterprise student loan and grant portfolio analytics resource supporting FSA Stakeholders, Leaders and Functional Groups. PPMS has created an End-to-End portfolio analytics framework with a focus on defined, repeatable portfolio metrics. • The summary statistics, updated monthly for FSA leadership, aligned historical data (Fall 2014) to cover total portfolio outstanding's, originations, repayment, entitlements, delinquency and defaults. • PPMS analytics defines key borrower behavior characteristics, and performs defined work and flexible ad hoc analysis to meet changing organizational needs. • Core group objectives are to move loan portfolio insight and understanding from static views to actionable findings for use throughout the FSA organization in support of FSA functional group’s efficient achievement of its strategic objectives.
Federal Student AidAcquisition Risk Management • FSA operates as a public-private partnership staffed by 1,168 full-time employees and is augmented by contractors who provide outsourced business operations. • A major role of FSA is to coordinate and monitor the activity of the large number of federal, state, non-profit, and private entities involved in federal student aid delivery, within a statutory framework established by Congress and a regulatory framework established by the Department of Education. • Vendors and contractors represent over 80% of FSA’s annual budget.
Acquisition Risk Management • Acquisition Risk Management • A method of indentifying and mitigating the risks associated in acquiring assets and outsourcing of key processes. It addresses the “End-to-End” Key Risk Points of the acquisition process. It is fundamentally connected to FSA’s ability to: • Develop comprehensive business case analyses • Deliver on project management plans • Facilitate contract solicitations and awards • Understand assets and labor interdependencies • Manage vendor relationships • Acquisition Risk Management Framework • An organized and disciplined approach to implement Acquisition Risk Management at FSA. It is the first ever initiative to look at the acquisition process in FSA. It is based on a three prong approach: • Risk Governance – management practices • Risk Evaluation – risk identification and measurement • Risk Response – risk mitigation
Summary • FSA’s business model changed in 2010 with transition to 100% Direct Lending. • FSA’s strategic business drivers led to the elevation and expansion of FSA’s Risk Management Office. It also formalized the RMC • RMO communicates risks to the RMC through the Significant Risk Diagnostic Summary which is supported by the Significant Operational Risk Issues Dashboard. • RMO tracks the following types of risk: Operational, Student Aid Administration, Portfolio Analytics and Forecasting, Reputational, and Marketing. • RMO is made up of four groups: • Internal Review • Risk Analysis and Reporting • Portfolio Analytics • Acquisition Risk Management