Journey Towards Implementing Enterprise Risk Management at Federal Student Aid

Cynthia Vitters | Director

Department of Education – Federal Student Aid

Federal Student Aid (FSA) Overview

FSA is a principal office of the United States Department of Education responsible for administering the federal Title IV student loan portfolio

In FY14, FSA operated on an annual administrative budget of approximately $1.4B

Current outstanding loan portfolio is over $1.1T FSA is staffed by over 1,200 full-time employees and augmented by

thousands of contractors and vendors Workforce is based in Washington, D.C., with ten regional offices

located throughout the country FSA was designated as the Federal government’s first Performance-

Based Organization (PBO) in 1998

2

History of ERM at FSA• Established an ERM Framework in 2004

• COSO-Based Framework• First Formally Appointed Chief Risk Officer in the Federal

Government• First Formally Established Enterprise Risk Management Office in the

Federal Government

• Expanded FSA’s ERM Framework in 2010• Expanded Risk Management Office Structure• Formalized Risk Management Committee/Meetings to Include

Operating Committee Members• Our Mission is to Proactively Identify, Assess, and Report Enterprise-

Level Risks, and to Collaboratively Manage those Risks with FSA Executives, in Order to Support the FSA Enterprise in Achieving its Objectives

3

Risk Management Office Structure -Then

Enterprise Performance Management Services Group

Project Management & Oversight Group

Enterprise Risk Management Group(Chief Risk Officer)

Chief Operating Officer

Acquisitions Group Strategic Planning & Reporting Group

Risk Analysis & Reporting Internal Review

4

Risk Management Office Structure -Now

Audit Liaison Group

Risk Management Office (Chief Risk Officer)

Internal Review Division

Risk Analysis & Reporting Division

Chief of Staff

Chief Operating Officer

5

VII. Monitoring

VI. Information & Communication

- Key Management Report Monitoring

V. Control Activities

IV. Risk Response-Risk Mitigation, Risk Transfer/Sharing,

Avoidance

III. Risk Assessment-Alignment of Assurance & Oversight Functions

II. Event Identification- Business Unit Facilitated Risk Assessment

- Issues Identification & Independent Validation Process

I. Control Environment- Understanding end-to-end process (inclusive of relationships with schools, vendors,

GAs)

FSA’s Customized COSO-Based ERM Framework

- Issues Resolution / Continuous

- Executive Dashboard- Alignment of All Internal

Risk / Compliance OversightNote: Ongoing objective setting embedded in overall

process.

6