Business Opportunities with

Office of Information Technology Enterprise Risk Management

Tina Burnette Executive Director

Enterprise Risk Management

18

Overview

• Executive Director, Enterprise Risk Management

• Responsible for providing the Office of Information & Technology (OI&T) with expert risk management guidance, including the identification, assessment, and mitigation of IT-related risks.

17

Acquisitions and Contractual Authority

Acquisitions and contractual commitments can only be made by Government officials having expressed authority to enter into such agreements on behalf of the United States Government. The ONLY Government officials with such authority are Warranted Contracting Officials. Any discussions of contractual requirements do not constitute contractual direction or authorization of any kind. Future contractual directions, If ANY, shall ONLY come from the cognizant Department of Veterans Affairs Warranted Contracting Officer.

16

VA’s Mission

15

OI&T’s Mission, Vision, and Guiding Principles

Mission: Collaborate with our business partners to create the best experience for all Veterans.

Vision: Become a world-class organization that provides a seamless, unified Veteran experience through the delivery of state-of-the-art technology.

Guiding Principles:

• Transparency• Accountability

• Innovation• Teamwork

14

Mission: Provide OI&T with an integrated, enterprise-wide risk management approach that ensures its information technology investments are managed in an efficient and effective environment.

Vision: ERM’s risk management approach will enable OI&T to continuously identify, assess, and mitigate risk that may preclude it from meeting its mission. ERM’s risk management framework will drive transparency and accountability, thus enhancing public trust while improving service delivery to Veterans.

ERM’s Mission and Vision

13

VA’s Organizational Alignment

12

OI&T’s Organizational Alignment

11

ERM’s Organizational Alignment

10

ERM’s ProPath Process Map

9

ERM’s Risk Severity Matrix

8

ERM’s Enterprise Risk Registry (ERR)

7

Past/Current Risk Assessment Activities

• IT Asset Management Assessments• Transparency into results resulted in aggressive actions

leading to marked improvements, reducing OI&T’s risks of lost or misused IT assets

• Security Controls Assessments• Provide OI&T leadership with a clear and independent view of

security control implementation efforts, ensuring visibility of information security risks

• Continuous Monitoring Tools Assessments• Provide oversight into effective deployment of automated

tools to ensure technical risks are identified in near real-time

6

How Can You Help Us?

• Past Approach

Utilize Veteran-owned small businesses to support our mission requirements.

• Future Approach:

Continue to utilize Veteran-owned small businesses to support our mission requirements.

5

Current/Past Awards

Name of Contract Description

Value of ContractIncumbent

ExpirationStart/Finished

Enterprise Risk Registry Development

Development of the ERR database.

$2MSBG Technology Solutions, Inc. (SDVOSB)

Complete

Enterprise Risk Registry Upgrade

Upgrades to the ERR database.

$135KSBG Technology Solutions, Inc. (SDVOSB)

Complete

Enterprise Risk Registry Operation & Maintenance (O&M)

Perform O&M activities for ERM’s Enterprise Risk Registry (ERR) database, including code fixes and patches, minor updates or enhancements, help desk support, and project management.

~$200K annuallyDSoft Technology (SDVOSB) Sept 2020

IV&V Support

Support personnel for independent verification and validation (IV&V) of VA financial applications.

~$500K annuallyLeidos, Inc. (Veteran-founded business) Sept 2017

4

Opportunities Forecast 2016-2017

Requirement DescriptionAnticipated parameters (e.g., use of particular contracting vehicles)

Anticipated date

needed

Range of Value $

Enterprise Risk Registry Operation & Maintenance (O&M)

Perform O&M activities for ERM’s Enterprise Risk Registry (ERR) database, including code fixes and patches, minor enhancements, help desk support, and project management.

Veteran-owned small business October 2020 ~$250K annually

IV&V Support

Support personnel for independent verification and validation (IV&V) of VA financial applications.

Veteran-owned small business October 2017 ~$500K annually

3

Q&A

ERM points of contact for more information:

Pat HamptonDirector, Risk Management Planning (RMP)

patrick.hampton2@va.gov

Steve RiffelDirector, IT Security and Compliance Risks

steve.riffel@va.gov

2

Thank you for your service to our country

– then and now.

1