Unprecedented Events in 2008 - PowerPoint PPT Presentation

Office of Financial Stability  - Troubled Asset Relief Program
1 / 15

  • Uploaded on
  • Presentation posted in: General

Office of Financial Stability - Troubled Asset Relief Program Implementing Enterprise Risk Management in a Start-up Federal Organization. Unprecedented Events in 2008. 2. OFS’ Challenges at inception. Environment Encountered. Risks. Siloed information Disparate processing

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentation

Unprecedented Events in 2008

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Unprecedented events in 2008

Office of Financial Stability - Troubled Asset Relief ProgramImplementing Enterprise Risk Management in a Start-up Federal Organization

Unprecedented events in 2008

Unprecedented Events in 2008


Ofs challenges at inception

OFS’ Challenges at inception

Environment Encountered


  • Siloed information

  • Disparate processing

  • Inability to create integrated reporting

  • High degree of manual processing

  • Version control issues with documents

  • Start-up organization (Inception: October 2008 resulting from passage of Emergency Economic Stabilization Act (EESA)

  • Programs to address liquidity and financial crisis were unclear

  • Expectation of rapid response

  • Limited experience leveraging from past crises

  • Processes not established

  • No policies or procedures

  • Heavy oversight demands (GAO, SIG TARP, Congressional Oversight Panel (COP)

  • Control environment changing rapidly

  • Non-existent Governance, Risk and Compliance activities


Identification of existing erm frameworks in use

Identification of Existing ERM Frameworks In Use

Based on COSO Internal Control and Enterprise Risk Management Frameworks and other best practices


Unprecedented events in 2008

Initial establishment of the OFS’ Methodology

Design and implement risk mitigation actions

Identify major risks and assign responsibility

Define strategic objectives

Test risk mitigation actions

Set internal operational objectives

Set risk and other objectives

Monitor and report on risks

Desired outcomes of overall program

Overall objectives for OFS, including

- Vision

- Priorities

- Operational norms

Level of risk to undertake in

- Financial

- Market

- Operational

- People, Process and Systems

- Strategic

- Reputation

Listing of major risks in the organization along with priority, timing and responsibility for addressing the risk

Policies and procedures needed to manage level of risk

Other actions as needed to mitigate risks

Management information and reporting needed to ensure risks are within tolerances

Periodic and independent testing of policies and procedures to ensure they are robust



Treasury policy officials

Executive Committee (EC) in consultation with Treasury Management

Executive Committee (EC) in consultation with Treasury Management

Senior Assessment Team (SAT) in conjunction with OFS operating units (EC sets prioritization)

OFS Operating units with support from


OFS Operating units with support from

CRCO and CFO - Reporting to SAT and EC

CFO to test transactions processes, CRCO to test qualitative and performance measures


Policy development process

EC meeting

EC Risk Management meeting

Discussion and in-depth interviews with staff leading to Risk Matrix

Development of risk mitigation policies, procedures and other actions

Regular reporting to SAT on status of risks

Spread sheet tracking of risks and status


Goal was to achieve collaborative enterprise risk management

Goal was to achieve collaborative Enterprise Risk Management

Risk Assessment

Develop strategies for lowering risk



Risk Scoping

Force-Ranking of Risks

  • Location/Division

  • Statutory Group

  • Product Line

  • Commodity Group

Inherent Risks

Risk Mitigation

Residual Risk

Management Consensus

Library of Risks


Gain management consensus for risk assessment


  • Financial

  • External, e.g., Political

  • Operational

Internal Audit

Risk Factors



Self Audit

3rd Party




Source: MetricStream


Ofs governance environment established early

OFS’ Governance Environment established early

Executive Committees - Joint Chiefs Meeting, Investment Committee, IT Governance Council, Contract and Agreement Review Board, Staffing Board

Establish control environment

Conduct risk assessments

Senior Assessment Team

Potential new functions




Human Resources

Information Tech.

Asset Purchases

Asset Management

Asset Sales


Internal and external monitoring

Perform control activities by function

Information and communication

Program Functions

Support functions

Development and implementation of policies and procedures


Comprehensive view of the risks and controls

Comprehensive view of the risks and controls

OFS Risk Management Team

Conduct risk assessments

Asset Purchases

Asset Management

Asset Sales

Potential new functions




Human Resources

Information Tech.

Process owners establish control environment

Process owners execute control activities

External monitoring from Oversight Organizations

Business Functions

Support functions

Execute internal controls methodology for all components of the organization

OFS Internal Controls Team


Unprecedented events in 2008

Linkage Between Risk Management and Internal Controls Tasks

  • Leveraging stakeholder interviews

    • Internal control over operations and financial reporting

    • Annual Assurance Statement

  • Sharing process flow documentation

  • Sharing risk control matrices

  • Leveraging test plans and results

  • Jointly leading the effort to develop office-wide policies and procedures


Initial focus was on operational risk assessments

Initial Focus was on Operational Risk Assessments

The following risk categories provide a common language for evaluating operating risks, and support an assessment of key risk areas. We begin our assessment with a list of generic questions for these risk categories and tailor the questions to the specific program or business support function being addressed

Operating Risks




External Events

Reporting & Disclosure

  • Staffing Expertise & Adequacy

  • Employee Fraud & Theft

  • Staffing Workload

  • Skills

  • Training

  • Morale

  • Career Advancement

  • Supervision

  • New Product /Offerings/Structures

  • Transaction Sourcing

  • Transaction Processing

  • Vendor/Supplier

  • Data Quality

  • Legal/Compliance

  • Model Application

  • Model Design

  • Process Maturity

  • Awareness

  • Communication of the Process

  • Coordination with Other Areas

  • Policies and Procedures

  • Controls, Performance Metrics,

  • Transaction Processing

  • Stream Lining

  • Architecture, Configuration, Integration Design

  • Hardware

  • Software

  • Infrastructure

  • End User Computing

  • Security

  • Access

  • Tools

  • Backup

  • Continuity of Operations

  • Data Integrity

  • Enterprise Architecture

  • Change Management

  • External Fraud/Theft

  • Business Continuity

  • Financial Reporting & Disclosure

  • Regulatory Reporting

  • Securities Reporting & Disclosure






  • Monetary Loss

  • Fraud Potential

  • Internal Controls

  • Mission Impact

  • Communication with Oversight Organizations

  • Linkage to enterprise risk-convergence of bottoms –up and top-down view of risk ( as discussed, we need to see the individual risks collectively to form a view of the strategic risk)

  • Contractual provisions with third parties such as financial agents, internal controls, EESA non-compliance (Executive Compensation, etc. ), controls to prevent fraud


Unprecedented events in 2008

Process of Conducting Risk Assessments

  • Choose high priority programs and business support areas

  • Identify key processes/lifecycle steps within each high priority area

  • Develop risk interview questions based on understanding of underlying processes supporting programs and business support areas

  • Interview key stakeholders for each program/business area (10-12)

  • Synthesize risks

  • Assign risk ratings (high, medium, low)

  • Develop mitigation plans for areas assigned high or medium risk rating

  • Report periodically on results of risk assessments and progress against mitigation plans


Unprecedented events in 2008

We are transitioning to evaluating other types of risk


CPP, PPIP, SBA, etc.

  • Credit Risk Criteria

  • Credit Grades (Ratings)

  • Yields (Credit Spreads)

  • Concentration Amounts

  • (By Sector, Asset and Class)

  • Market Risk Criteria

  • Duration (Fixed Income)

  • Volatility, Delta, Theta,

  • Rho (Options and Warrants)

  • Equity Beta (Common Stock)


Analytical Tool

Risk Reporting and Monitoring


Unprecedented events in 2008

OFS’ approach to managing Compliance for TARP programs

Compliance Requirements

Compliance Activities at TARP

  • Laws Applicable to TARP

    • Economic Stability Act of 2008 (EESA)

    • American Recovery and Reinvestment Act of 2009 (ARRA)

  • Regulations Applicable to TARP

    • TARP Standards for Compensation and Corporate Governance (31 CFR Part 31)

    • Interim Final regulation for Conflicts of Interest (31 CFR Part 31)

  • Legal Documents

    • Governing the programs and their related activities

  • Applicable Investment Laws and Regulations

    • Investment Advisers Act of 1940

    • Investment Act of 1940

  • Each TARP program has its own unique compliance requirements

    • Capital Purchase Program (“CPP”)

    • Automotive Industry Financing Program (“AIFP”)

    • Auto Supplier Support Program (“ASSP”)

    • Small Business Administration Loans (“SBA”)

    • Systemically Significant Failing Institutions (“SSFI”)

    • Targeted Investment Program (“TIP”)

    • Asset Guarantee Program (“AGP”)

    • Term Asset-Backed Securities Loan Facility (“TALF”)

    • Making Home Affordable (“MHA”) Program

    • Public-Private Investment Program (“PPIP”)

  • Report on Non Compliance

  • Reports to Oversight Organizations

Financial Agents Compliance

Anti-Fraud Group


An integrated erm system is still a work in progress

An integrated ERM system is still a work in progress

Compliance Management (SOX, IT, Regulatory)

Risk Policy

Internal Audit Management

  • Email Integration

  • Document Interoperability

  • Manage Control Hierarchy

  • Controls testing

  • Remediation

  • 302 Certification

  • Federated Compliance Reporting



Issues Management/ Remediation

Dashboards & Reporting

  • Closed Loop Issues Management

  • Manage Risk/Control Matrix

  • Enterprise Risk Assessment

  • Define audit universe

  • Work Program Library

  • Electronic Workpapers

  • Scheduling

  • Remediation

  • Reporting

  • Resource Management

  • Other Compliance Reporting

Source: MetricStream


Unprecedented events in 2008

Challenges ahead

  • OFS is a temporary agency within US Treasury

  • Most of the staff are term employees – loss of intellectual capital

  • Scalability of the ERM function to other components of US Treasury

  • Budget pressures

  • Convincing and educating senior management of the sustainability of ERM across the organization


  • Login