slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
Unprecedented Events in 2008 PowerPoint Presentation
Download Presentation
Unprecedented Events in 2008

Loading in 2 Seconds...

play fullscreen
1 / 15

Unprecedented Events in 2008 - PowerPoint PPT Presentation

  • Uploaded on

Office of Financial Stability - Troubled Asset Relief Program Implementing Enterprise Risk Management in a Start-up Federal Organization. Unprecedented Events in 2008. 2. OFS’ Challenges at inception. Environment Encountered. Risks. Siloed information Disparate processing

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Unprecedented Events in 2008' - brant

Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Office of Financial Stability - Troubled Asset Relief ProgramImplementing Enterprise Risk Management in a Start-up Federal Organization

ofs challenges at inception

OFS’ Challenges at inception

Environment Encountered


  • Siloed information
  • Disparate processing
  • Inability to create integrated reporting
  • High degree of manual processing
  • Version control issues with documents
  • Start-up organization (Inception: October 2008 resulting from passage of Emergency Economic Stabilization Act (EESA)
  • Programs to address liquidity and financial crisis were unclear
  • Expectation of rapid response
  • Limited experience leveraging from past crises
  • Processes not established
  • No policies or procedures
  • Heavy oversight demands (GAO, SIG TARP, Congressional Oversight Panel (COP)
  • Control environment changing rapidly
  • Non-existent Governance, Risk and Compliance activities


identification of existing erm frameworks in use
Identification of Existing ERM Frameworks In Use

Based on COSO Internal Control and Enterprise Risk Management Frameworks and other best practices



Initial establishment of the OFS’ Methodology

Design and implement risk mitigation actions

Identify major risks and assign responsibility

Define strategic objectives

Test risk mitigation actions

Set internal operational objectives

Set risk and other objectives

Monitor and report on risks

Desired outcomes of overall program

Overall objectives for OFS, including

- Vision

- Priorities

- Operational norms

Level of risk to undertake in

- Financial

- Market

- Operational

- People, Process and Systems

- Strategic

- Reputation

Listing of major risks in the organization along with priority, timing and responsibility for addressing the risk

Policies and procedures needed to manage level of risk

Other actions as needed to mitigate risks

Management information and reporting needed to ensure risks are within tolerances

Periodic and independent testing of policies and procedures to ensure they are robust



Treasury policy officials

Executive Committee (EC) in consultation with Treasury Management

Executive Committee (EC) in consultation with Treasury Management

Senior Assessment Team (SAT) in conjunction with OFS operating units (EC sets prioritization)

OFS Operating units with support from


OFS Operating units with support from

CRCO and CFO - Reporting to SAT and EC

CFO to test transactions processes, CRCO to test qualitative and performance measures


Policy development process

EC meeting

EC Risk Management meeting

Discussion and in-depth interviews with staff leading to Risk Matrix

Development of risk mitigation policies, procedures and other actions

Regular reporting to SAT on status of risks

Spread sheet tracking of risks and status


goal was to achieve collaborative enterprise risk management
Goal was to achieve collaborative Enterprise Risk Management

Risk Assessment

Develop strategies for lowering risk



Risk Scoping

Force-Ranking of Risks

  • Location/Division
  • Statutory Group
  • Product Line
  • Commodity Group

Inherent Risks

Risk Mitigation

Residual Risk

Management Consensus

Library of Risks


Gain management consensus for risk assessment


  • Financial
  • External, e.g., Political
  • Operational

Internal Audit

Risk Factors



Self Audit

3rd Party




Source: MetricStream


ofs governance environment established early
OFS’ Governance Environment established early

Executive Committees - Joint Chiefs Meeting, Investment Committee, IT Governance Council, Contract and Agreement Review Board, Staffing Board

Establish control environment

Conduct risk assessments

Senior Assessment Team

Potential new functions




Human Resources

Information Tech.

Asset Purchases

Asset Management

Asset Sales


Internal and external monitoring

Perform control activities by function

Information and communication

Program Functions

Support functions

Development and implementation of policies and procedures


comprehensive view of the risks and controls
Comprehensive view of the risks and controls

OFS Risk Management Team

Conduct risk assessments

Asset Purchases

Asset Management

Asset Sales

Potential new functions




Human Resources

Information Tech.

Process owners establish control environment

Process owners execute control activities

External monitoring from Oversight Organizations

Business Functions

Support functions

Execute internal controls methodology for all components of the organization

OFS Internal Controls Team



Linkage Between Risk Management and Internal Controls Tasks

  • Leveraging stakeholder interviews
    • Internal control over operations and financial reporting
    • Annual Assurance Statement
  • Sharing process flow documentation
  • Sharing risk control matrices
  • Leveraging test plans and results
  • Jointly leading the effort to develop office-wide policies and procedures


initial focus was on operational risk assessments
Initial Focus was on Operational Risk Assessments

The following risk categories provide a common language for evaluating operating risks, and support an assessment of key risk areas. We begin our assessment with a list of generic questions for these risk categories and tailor the questions to the specific program or business support function being addressed

Operating Risks




External Events

Reporting & Disclosure

  • Staffing Expertise & Adequacy
  • Employee Fraud & Theft
  • Staffing Workload
  • Skills
  • Training
  • Morale
  • Career Advancement
  • Supervision
  • New Product /Offerings/Structures
  • Transaction Sourcing
  • Transaction Processing
  • Vendor/Supplier
  • Data Quality
  • Legal/Compliance
  • Model Application
  • Model Design
  • Process Maturity
  • Awareness
  • Communication of the Process
  • Coordination with Other Areas
  • Policies and Procedures
  • Controls, Performance Metrics,
  • Transaction Processing
  • Stream Lining
  • Architecture, Configuration, Integration Design
  • Hardware
  • Software
  • Infrastructure
  • End User Computing
  • Security
  • Access
  • Tools
  • Backup
  • Continuity of Operations
  • Data Integrity
  • Enterprise Architecture
  • Change Management
  • External Fraud/Theft
  • Business Continuity
  • Financial Reporting & Disclosure
  • Regulatory Reporting
  • Securities Reporting & Disclosure






  • Monetary Loss
  • Fraud Potential
  • Internal Controls
  • Mission Impact
  • Communication with Oversight Organizations
  • Linkage to enterprise risk-convergence of bottoms –up and top-down view of risk ( as discussed, we need to see the individual risks collectively to form a view of the strategic risk)
  • Contractual provisions with third parties such as financial agents, internal controls, EESA non-compliance (Executive Compensation, etc. ), controls to prevent fraud



Process of Conducting Risk Assessments

  • Choose high priority programs and business support areas
  • Identify key processes/lifecycle steps within each high priority area
  • Develop risk interview questions based on understanding of underlying processes supporting programs and business support areas
  • Interview key stakeholders for each program/business area (10-12)
  • Synthesize risks
  • Assign risk ratings (high, medium, low)
  • Develop mitigation plans for areas assigned high or medium risk rating
  • Report periodically on results of risk assessments and progress against mitigation plans



We are transitioning to evaluating other types of risk


CPP, PPIP, SBA, etc.

  • Credit Risk Criteria
  • Credit Grades (Ratings)
  • Yields (Credit Spreads)
  • Concentration Amounts
  • (By Sector, Asset and Class)
  • Market Risk Criteria
  • Duration (Fixed Income)
  • Volatility, Delta, Theta,
  • Rho (Options and Warrants)
  • Equity Beta (Common Stock)


Analytical Tool

Risk Reporting and Monitoring



OFS’ approach to managing Compliance for TARP programs

Compliance Requirements

Compliance Activities at TARP

  • Laws Applicable to TARP
    • Economic Stability Act of 2008 (EESA)
    • American Recovery and Reinvestment Act of 2009 (ARRA)
  • Regulations Applicable to TARP
    • TARP Standards for Compensation and Corporate Governance (31 CFR Part 31)
    • Interim Final regulation for Conflicts of Interest (31 CFR Part 31)
  • Legal Documents
    • Governing the programs and their related activities
  • Applicable Investment Laws and Regulations
    • Investment Advisers Act of 1940
    • Investment Act of 1940
  • Each TARP program has its own unique compliance requirements
    • Capital Purchase Program (“CPP”)
    • Automotive Industry Financing Program (“AIFP”)
    • Auto Supplier Support Program (“ASSP”)
    • Small Business Administration Loans (“SBA”)
    • Systemically Significant Failing Institutions (“SSFI”)
    • Targeted Investment Program (“TIP”)
    • Asset Guarantee Program (“AGP”)
    • Term Asset-Backed Securities Loan Facility (“TALF”)
    • Making Home Affordable (“MHA”) Program
    • Public-Private Investment Program (“PPIP”)
  • Report on Non Compliance
  • Reports to Oversight Organizations

Financial Agents Compliance

Anti-Fraud Group


an integrated erm system is still a work in progress
An integrated ERM system is still a work in progress

Compliance Management (SOX, IT, Regulatory)

Risk Policy

Internal Audit Management

  • Email Integration
  • Document Interoperability
  • Manage Control Hierarchy
  • Controls testing
  • Remediation
  • 302 Certification
  • Federated Compliance Reporting



Issues Management/ Remediation

Dashboards & Reporting

  • Closed Loop Issues Management
  • Manage Risk/Control Matrix
  • Enterprise Risk Assessment
  • Define audit universe
  • Work Program Library
  • Electronic Workpapers
  • Scheduling
  • Remediation
  • Reporting
  • Resource Management
  • Other Compliance Reporting

Source: MetricStream



Challenges ahead

  • OFS is a temporary agency within US Treasury
  • Most of the staff are term employees – loss of intellectual capital
  • Scalability of the ERM function to other components of US Treasury
  • Budget pressures
  • Convincing and educating senior management of the sustainability of ERM across the organization