Federal Student Aid Overview of Risk Management

1
Federal Student Aid Overview of Risk Management

• David Revill and Cynthia Vitter

2
Agenda

• Changing business model
• Enterprise Risk Management Defined
• FSAs Key Strategic Drivers
• Authorization of the Risk Management Committee
• Risk Management Group Functional Alignments
• Key Tools Used to Communicate Significant Risks
• How the Risk Management Group Identifies Risks /
  Issues
• Risk Management Organization Key Functions
• Risk Management Group Overview
• Audit Liaison Overview
• Internal Review Overview
• Risk Analysis Reporting Overview
• Portfolio Analytics Overview
• Acquisition Risk Management Overview
• Summary

3
Things that impacted FSAs business model

• FSAs business model changed from Direct Lending
  and Bank Lending (FFEL) to 100 Direct Lending,
  effective 7/1/2010
• Driven by and against the back drop of a global
  financial crisis
• Rising cost of education AND expanded for- profit
  sector

4
What do we mean by Enterprise Risk Management?

• A successful ERM program can assist an
  organization to
• Work toward a more integrated and comprehensive
  assessment of risks, and an objective, consistent
  approach to managing them
• Through a consistent risk governance framework,
  help establish enhanced clarity around risk
  management roles and responsibilities
• Help create a more common language and improved
  customized view of risk across the agency
• Monitor more completely an organizations risk
  level as compared to its risk appetite, to
  include correlations and dependencies across
  products and risk types
• Increase focus on both traditional and emerging
  risk types

5
FSAs Key Strategic Drivers

• Goal A Improve Customer Experience Increase
  Program Completions Supports Operational
  Delivery of Title IV Aid
• Goal B Enhance Postsecondary Financial
  Institution Support
• Goal C Build Stronger Business Management
  Capabilities Supporting Processes
• Goal E Enhance Employee Experience

Goal D Reduce Mismanagement by Postsecondary
Financial Institutions Understand and Manage
Loan Portfolio Risk
6
Authorization of the Risk Management Committee
(RMC)

• In January 2010, former Chief Operating Officer
  (COO), William Taggart officially authorized the
  RMC and announced the new Risk Management
  Leadership
• The RMC is chaired by Fred Anderson, Senior
  Advisor to the COO and includes certain members
  of the Operating Committee
• Risk Management Committee Members include

Chief Risk Officer (CRO) Chief Business Operations Officer
Chief Operating Officer (COO) Chief of Staff
Chief Program Compliance Officer Chief Customer Experience Officer
Chief Performance Officer Chief Financial Officer (CFO)
Chief Information Officer Head of Acquisitions
7
Group Functional Alignments
8
Key Tools Used to Communicate Significant Risks

• FSA Enterprise Level Risk Diagnostic Summary, a
  one pager that is used to identify, track and
  communicate key risks
• FSA Significant Operational Issues Dashboard, is
  the documentation that used to support the rating
  of the risk type in the risk summary
• Risk Management Significant Risk Database, an
  aggregation of potential risk issues

9
Risk Types

• At Federal Student Aid, Enterprise Risk
  Management is divided to identify,
  assess, manage, and report risk management
  activities amongst the following five categories
• Operational
• Student Aid Administration Risks
• Portfolio Analytics and Forecasting
• Reputational
• Marketing 
• These risks are identified by the work done by
  individuals in five Risk Management Groups
• - Internal Review - Portfolio Analytics
• Risk Analysis Reporting - Acquisitions Risk
  Management

10
Internal Review Overview

• INTERNAL REVIEW GROUP has two functions Internal
  Reviews and Audit Liaisons.
• Internal Reviews focus reviews of FSA Operations.
  They are responsive to business units requests to
  review specific processes that require a
  confirmation of functionality
• They also focus on Special Initiatives that are
  projects that address validating CAP controls,
  OIG responses, process improvement and other
  unique requirements
• Audit Liaisons is the connection between FSA and
  the various entities that seek to examine FSAs
  processes of operations. Audit Liaison has taken
  a more prominent role as the number of
  examinations have increased.

11
Audit Liaison Overview

• Who Audits Federal Student Aid?
• The Government Accountability Office (GAO), is
  an independent, nonpartisan agency that works for
  Congress. The head of GAO is the Comptroller
  General, who is appointed to a 15-year term by
  the President.
• The Department of Educations Office of
  Inspector General (OIG), is an independent office
  within the Department of Education established by
  the Inspector General Act of 1978. The Inspector
  General is appointed by the President and submits
  semiannual reports to Congress. The Inspector
  General reports to and is under the direct
  supervision of the Secretary of Education.
  However, the Secretary cannot prevent or prohibit
  OIG from initiating or carrying out any audit or
  investigation.
• What Do They Audit?
• Auditors study, evaluate, and determine if the
  Federal Student Aid programs internal accounting
  and administrative controls, policies, and
  procedures are in compliance with applicable
  laws, regulations and Department directives.
• Why Do They Audit Federal Student Aid?
• Auditors follow money because fraud, risk and
  abuse are associated with large government
  programs. FSA delivers roughly 150 billion
  annually in student aid.
• The GAOs mission is to support congressional
  oversight of an agencys operations to determine
  whether funds are being spent efficiently and
  effectively and to report on how well government
  operations and policies are meeting their
  objectives. GAOs work is frequently conducted at
  the request of congressional committees or
  subcommittees or is mandated by law.
• The OIGs mission is to keep the Secretary and
  Congress informed about problems and deficiencies
  related to the administration of programs. Each
  year, the OIG circulates its work plan for
  comment by Department officials. The OIGs work
  plan details the areas it intends to focus on in
  its future work. Some audits are mandated to be
  conducted annually, such as the annual financial
  statement audit and the Federal Information
  Security Management Act (FISMA) audit.

12
Risk Analysis Reporting Overview

• Some of the key activities of Risk Analysis
  Reporting are
• Coordinate technical aspects of FSAs risk
  diagnostic
• Prioritize risk through control environment
  assessment, heat map, and other activities based
  on event probability and inherent impact
• Enhance enterprise risk management framework to
  include the following
• Risk taxonomy across 5 broad areas of risk
  (operational, student aid administration,
  portfolio analytics forecasting, market, and
  reputational)
• Completion of FSA enterprise-level control
  assessment for Risk Management Committee and
  other key oversight stakeholders
• Coordinate business unit risk oversight and
  program compliance activities across the
  enterprise
• Conduct targeted risk assessments including
  mitigation status based upon risk diagnostic
• Continuously perform data analysis to provide
  clear visibility into key risk and mitigation
  efforts

13
Portfolio Analytics Overview

• Portfolio Performance Management Services (PPMS),
  is a centralized enterprise student loan and
  grant portfolio analytics resource supporting FSA
  Stakeholders, Leaders and Functional Groups.
  PPMS has created an End-to-End portfolio
  analytics framework with a focus on defined,
  repeatable portfolio metrics.
• The summary statistics, updated monthly for FSA
  leadership, aligned historical data (Fall 2014)
  to cover total portfolio outstanding's,
  originations, repayment, entitlements,
  delinquency and defaults.
• PPMS analytics defines key borrower behavior
  characteristics, and performs defined work and
  flexible ad hoc analysis to meet changing
  organizational needs.
• Core group objectives are to move loan portfolio
  insight and understanding from static views to
  actionable findings for use throughout the FSA
  organization in support of FSA functional groups
  efficient achievement of its strategic
  objectives.

14
Federal Student AidAcquisition Risk Management

• FSA operates as a public-private partnership
  staffed by 1,168 full-time employees and is
  augmented by contractors who provide outsourced
  business operations.
• A major role of FSA is to coordinate and monitor
  the activity of the large number of federal,
  state, non-profit, and private entities involved
  in federal student aid delivery, within a
  statutory framework established by Congress and a
  regulatory framework established by the
  Department of Education.
• Vendors and contractors represent over 80 of
  FSAs annual budget.

15
Acquisition Risk Management

• Acquisition Risk Management
• A method of indentifying and mitigating the risks
  associated in acquiring assets and outsourcing of
  key processes. It addresses the End-to-End Key
  Risk Points of the acquisition process. It is
  fundamentally connected to FSAs ability to
• Develop comprehensive business case analyses
• Deliver on project management plans
• Facilitate contract solicitations and awards
• Understand assets and labor interdependencies
• Manage vendor relationships
• Acquisition Risk Management Framework
• An organized and disciplined approach to
  implement Acquisition Risk Management at FSA. It
  is the first ever initiative to look at the
  acquisition process in FSA. It is based on a
  three prong approach
• Risk Governance management practices
• Risk Evaluation risk identification and
  measurement
• Risk Response risk mitigation

16
Summary

• FSAs business model changed in 2010 with
  transition to 100 Direct Lending.
• FSAs strategic business drivers led to the
  elevation and expansion of FSAs Risk Management
  Office. It also formalized the RMC
• RMO communicates risks to the RMC through the
  Significant Risk Diagnostic Summary which is
  supported by the Significant Operational Risk
  Issues Dashboard.
• RMO tracks the following types of risk
  Operational, Student Aid Administration,
  Portfolio Analytics and Forecasting,
  Reputational, and Marketing.
• RMO is made up of four groups
• Internal Review
• Risk Analysis and Reporting
• Portfolio Analytics
• Acquisition Risk Management

17
Questions and Answers