Enterprise Risk Management at the Department of Energy (DOE)

Office of Chief Financial Officer Office of Internal Review May 13, 2009

Recovery Act DOE Funding and Impact

Recovery Act Funding vs. FY09 Current Appropriation

20 18 16 14 12 10 4 2 8 6 0 $6,0 $16,8 $0,4 ARPA-E $1,6 $3,4 $1,1 Office of Fossil Energy $6,0 $6,0 $4,5 $4,8 $2,2 $0,1 Office of Electricity Delivery & Energy Reliability Office of Science Loan Guarantee Program Office of Environmental Management Office of Energy Efficiency and Renewable Energy FY09 Current Approp. ($14.2B) Recovery Act ($38.7B)

Enterprise Risk Management at the Department of Energy (DOE)

2

Office of Management and Budget (OMB) Requirements The American Recovery and Reinvestment Act of 2009 (Recovery Act) will usher in additional accountability and transparency requirements for agencies receiving stimulus funding.

Program offices receiving stimulus funding will have to:



Meet new compliance and reporting requirements



Assess the impact of existing process control risks



Manage new risks from stressed processes



Prepare for future oversight reviews Enterprise Risk Management at the Department of Energy (DOE)

3

Corporate Accountability Model

DOE-Wide Control & Accountability

•

Funds Management

•

Cost Management

•

Acquisition Management

•

Grants Administration

•

Loan Administration RISKS Controls Internal Process Controls Recovery Act Funding Regular Funding

•

Planning Guidance

•

Cost and Schedule

•

Metrics

•

Reporting Management Enterprise Risk Management at the Department of Energy (DOE)

4

The DOE Oversight Model has been updated to adhere to Recovery Act requirements

Expand Outreach and Coordination Monitor Planning and Reporting

Stakeholders Programs Field Offices Corporate Guidance Reporting Standards Internal Review Execution Monitoring OMB IG - GAO Validating Outcomes

Vulnerability Assessments & Risk Management Plans Evaluate Key Controls

Chief Financial Officer

Identifying Issues

Establish Recovery Act Assurance Processes HQ Risks Field Controls Contractor Enterprise Risk Management at the Department of Energy (DOE)

5

The Current Risk Management Approach: Targeted Risk Mitigation 

Codes to track Recovery Act projects and funding



CFO internal control liaison to each affected program and business office



Up front “Acknowledgement of Management’s Accountability for Internal Control” and Year-end Recovery Act assurance statement



DOE-wide assessments of key process controls



High level, cross-cutting vulnerability assessments for each program by CFO



Ad hoc vulnerability assessments and risk mitigation plans



Coordination with the Inspector General and the Government Accountability Office



“Training Flashes” for selected cross-cutting vulnerability areas Enterprise Risk Management at the Department of Energy (DOE)

     The Targeted Risk Mitigation Approach marks a Strategic Cultural Change within the DOE

Internal Controls and Risk Management to Permeate the Organization Clear Presidential, Secretarial, and Public Mandate Leadership Provides and Enforces Consistent Tone from the Top Open Communications and Cooperation Educate and Motivate to Action

An accountant is having a hard time sleeping and goes to see his doctor: "Doctor, I just can't get to sleep at night.“ “Have you tried counting sheep?“ "That's the problem - I make a mistake and then spend three hours trying to find it."

Enterprise Risk Management at the Department of Energy (DOE)

The Current Risk Management Approach: Risk Assessment 

Identified and communicated key risks and vulnerabilities to staff through office-specific placemats



Performed more detailed project level risk assessments



Educated staff on Recovery Act compliance through webinars



Planned and executed site visits Enterprise Risk Management at the Department of Energy (DOE)

Compliance and Accountability with the Recovery Act

Sample Recovery Act Assurance Statement

“Based on the results of operations and related assessments over Recovery Act funding, I am providing reasonable assurance that the following key Recovery Act objectives have been met for all activities under my cognizance:    Recovery Act funding has been expended for the intended purposes and in accordance with internal and external guidance; Reported results regarding the expenditure of funds and the outcomes achieved are accurate and verifiable; and Process controls impacting the execution of Recovery Act funding have been evaluated and are deemed effective.”

Enterprise Risk Management at the Department of Energy (DOE)

9

Questions?

“We cannot overstate the importance of this effort. We are asking the American people to trust their government with an unprecedented level of funding to address the economic emergency. In return, we must prove to them that their dollars are being invested in initiatives and strategies that make a difference in their communities and across the country. Following through on our commitments for accountability and openness will create a foundation upon which we can build as we continue to tackle the economic crisis and the many other challenges facing our nation.”

President Obama in a Memorandum to Heads of Departments and Agencies February 9, 2009 Enterprise Risk Management at the Department of Energy (DOE)

10