office of information technology enterprise risk management · pdf file ·...
TRANSCRIPT
Business Opportunities with
Office of Information Technology Enterprise Risk Management
Tina Burnette Executive Director
Enterprise Risk Management
18
Overview
• Executive Director, Enterprise Risk Management
• Responsible for providing the Office of Information & Technology (OI&T) with expert risk management guidance, including the identification, assessment, and mitigation of IT-related risks.
17
Acquisitions and Contractual Authority
Acquisitions and contractual commitments can only be made by Government officials having expressed authority to enter into such agreements on behalf of the United States Government. The ONLY Government officials with such authority are Warranted Contracting Officials. Any discussions of contractual requirements do not constitute contractual direction or authorization of any kind. Future contractual directions, If ANY, shall ONLY come from the cognizant Department of Veterans Affairs Warranted Contracting Officer.
16
VA’s Mission
15
OI&T’s Mission, Vision, and Guiding Principles
Mission: Collaborate with our business partners to create the best experience for all Veterans.
Vision: Become a world-class organization that provides a seamless, unified Veteran experience through the delivery of state-of-the-art technology.
Guiding Principles:
• Transparency• Accountability
• Innovation• Teamwork
14
Mission: Provide OI&T with an integrated, enterprise-wide risk management approach that ensures its information technology investments are managed in an efficient and effective environment.
Vision: ERM’s risk management approach will enable OI&T to continuously identify, assess, and mitigate risk that may preclude it from meeting its mission. ERM’s risk management framework will drive transparency and accountability, thus enhancing public trust while improving service delivery to Veterans.
ERM’s Mission and Vision
13
VA’s Organizational Alignment
12
OI&T’s Organizational Alignment
11
ERM’s Organizational Alignment
10
ERM’s ProPath Process Map
9
ERM’s Risk Severity Matrix
8
ERM’s Enterprise Risk Registry (ERR)
7
Past/Current Risk Assessment Activities
• IT Asset Management Assessments• Transparency into results resulted in aggressive actions
leading to marked improvements, reducing OI&T’s risks of lost or misused IT assets
• Security Controls Assessments• Provide OI&T leadership with a clear and independent view of
security control implementation efforts, ensuring visibility of information security risks
• Continuous Monitoring Tools Assessments• Provide oversight into effective deployment of automated
tools to ensure technical risks are identified in near real-time
6
How Can You Help Us?
• Past Approach
Utilize Veteran-owned small businesses to support our mission requirements.
• Future Approach:
Continue to utilize Veteran-owned small businesses to support our mission requirements.
5
Current/Past Awards
Name of Contract Description
Value of ContractIncumbent
ExpirationStart/Finished
Enterprise Risk Registry Development
Development of the ERR database.
$2MSBG Technology Solutions, Inc. (SDVOSB)
Complete
Enterprise Risk Registry Upgrade
Upgrades to the ERR database.
$135KSBG Technology Solutions, Inc. (SDVOSB)
Complete
Enterprise Risk Registry Operation & Maintenance (O&M)
Perform O&M activities for ERM’s Enterprise Risk Registry (ERR) database, including code fixes and patches, minor updates or enhancements, help desk support, and project management.
~$200K annuallyDSoft Technology (SDVOSB) Sept 2020
IV&V Support
Support personnel for independent verification and validation (IV&V) of VA financial applications.
~$500K annuallyLeidos, Inc. (Veteran-founded business) Sept 2017
4
Opportunities Forecast 2016-2017
Requirement DescriptionAnticipated parameters (e.g., use of particular contracting vehicles)
Anticipated date
needed
Range of Value $
Enterprise Risk Registry Operation & Maintenance (O&M)
Perform O&M activities for ERM’s Enterprise Risk Registry (ERR) database, including code fixes and patches, minor enhancements, help desk support, and project management.
Veteran-owned small business October 2020 ~$250K annually
IV&V Support
Support personnel for independent verification and validation (IV&V) of VA financial applications.
Veteran-owned small business October 2017 ~$500K annually
3
Q&A
ERM points of contact for more information:
Pat HamptonDirector, Risk Management Planning (RMP)
Steve RiffelDirector, IT Security and Compliance Risks
2
Thank you for your service to our country
– then and now.
1