An official website of the United States government
Here's how you know
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

News | Dec. 7, 2020

Risk management team working to automate agency data on risks, internal controls

By Beth Reece

A Defense Logistics Agency Headquarters team established in July 2019 to integrate risk management and internal controls across the agency is working to automate management of data on the agency’s risks and associated controls.

The effort will merge agency-wide information and eliminate the manual process of documenting risks and corrective actions through spreadsheets, said Erich Gabris, chief of the Risk Management Division.

“Currently this data is being kept on SharePoint and everyone has their own version that’s updated with different frequencies,” he said. “A governance risk and compliance capability with modern software tools will allow us to track risks more cohesively in a more visible fashion.”

The team, which is aligned under the DLA chief of staff, has finalized over 200 pages of policies and procedures that provide a common methodology for identifying, assessing and mitigating risk through internal controls, added Air Force Col. Scott Ritzel, DLA’s chief risk officer. The team works with risk owners across DLA to manage over 60 risks that span the entire enterprise, with the top four being supply chain security, industrial base vulnerabilities, cash and obligation authority management, and critical information technology systems.

The ERM team has also created a new Enterprise Risk Management Dashboard to display metrics associated with these risks. The dashboard provides enterprise-wide visibility and will be updated as key risk indicators are refined.

In a recent memorandum to employees, DLA Director Navy Vice Adm. Michelle Skubic highlighted the importance of ERM and internal controls, which are mandated by the Office of Management and Budget Circular A-123. Both “should have a stronger role in improving business processes than auditor findings and recommendations,” she said.

Circular A-123 emphasizes the inclusion of risk management and internal controls in existing business practices as an essential part of managing federal agencies. ERM focuses on identifying, assessing and managing risk, while internal control processes reduces or eliminates it.

“Every DLA employee must display integrity and ethical values daily through our attitudes and behavior,” Skubic wrote, adding that the agency is committed in fiscal 2021 to fostering transparency and accountability as well as public trust as it develops long-term plans for military sustainment. DLA’s Enterprise Risk Management program underpins this commitment.