Review of the progress and performance of major programs, including risk-mitigation and corrective actions, is guided by the Risk Management Plan developed by the Department in accordance with the Office of Management and Budget (OMB) Circular A-123, Management’s Responsibility for Internal Control. The Department’s current Management’s Responsibility for Internal Control process has a Senior Assessment Team that is lead by Principal Deputy Under Secretary (Comptroller), who is also the Responsible Officer for the Department’s Recovery Act funding. As part of the Risk Management Plan, each program will be evaluated on a quarterly basis, with a Risk Profile being submitted to the Office of the Under Secretary of Defense, Comptroller and Chief Financial Officer.
Identifying areas of high risk and high and low performance will be conducted through the Department’s Recovery Act Risk Management Plan, which is initiated with a Risk Assessment and Gap Analysis. This initial evaluation will be a one-time occurrence that will provide an overview of management capabilities and assist senior leadership with assessing their people, processes and technology to determine and coordinate resources necessary to meet the initial demands of obligating funds and public reporting. The risk assessment will review internal controls on human capital, performance, and measurement tools. This risk assessment will also evaluate the potential for financial, reporting and procurement risks; analyze Information Technology (IT) systems; and review results from any audits and investigations. Upon completion of the risk assessment, a gap analysis will be conducted.
The periodic review of each program’s progress to monitor and evaluate risk management will require the completion of a Risk Profile, the second step in the Department’s Risk Management Plan. This evaluation will be conducted on a quarterly basis and will be submitted to the Office of the Under Secretary of Defense, Comptroller and Chief Financial Officer. The completion of the Risk Profile will be a process wherein the programs will build upon each prior deliverable. This process will identify any significant uncorrected weaknesses of each program and provide more detailed information related to the questions identified in the Risk Assessment and Gap Analysis. Any program areas that require mitigation will be required to submit a Risk Management Strategy. This action strategy report will include a description of the issue, the pace of corrective action, the methodology to ensure the effectiveness of the correction action(s), the performance measures that will be achieved, and major milestones that have been taken and are planned for the future. Each program will continue to validate and test the effectiveness of mitigation strategies for the Recovery Act funds.
Additionally, the remainder of the monitoring will be done at the Project level, led by the individual Program Managers. Some examples of other techniques that will be used to aid the monitoring and evaluate any issues include: presentations, design reviews - both preliminary and critical design; monthly face-to-face status reviews; monthly VTC/Conference calls and quarterly program management review meetings; development of Integrated Master Schedules, Contract Progress Status Reports, and Contractor Funds Status Reports; and development of various contract deliverable line items such as, Monthly Funds & Man-Hour Expenditure Reports, cost vouchers, and Status Report & Project Planning Chart.