Day 1 Agenda — 2018 AFERM Summit (Tentative)

Tuesday, October 30, 2018

Note: This is a tentative schedule subject to change.


7:30 am – 8:30 am
Room: Amphitheater Foyer

Summit Registration


7:30 am – 8:30 am
Room: Amphitheater Foyer

Continental Breakfast


8:30 am – 8:45 am
Room: Amphitheater

General Session 1: Welcome & Opening Comments

Speakers

Sean Vineyard, Chair, 2018 ERM Summit Planning Committee
Peggy Sherry, President, Association for Federal Enterprise Risk Management (AFERM)


8:45 am – 9:45 am
Room: Amphitheater

Plenary Session 1 — Aligning Internal Controls, Risk Management, and ERM: Challenge or Opportunity?

The awareness and acceptance of ERM in the federal government has grown consistently over the past several years.  However, as more and more organizations have endorsed ERM, they have done so with sometimes inconsistent terminology and concepts. Given the current absence of a single authoritative standard in the Federal government, this situation is likely to continue and grow.  The panel will explore experiences in the private and public sectors and use and  discuss recommendations for the federal government.

Speakers

Chris Mihm, GAO
Jim Presmanes, Haverty Furniture Companies
Doug Webster, Department of Education

Moderator

Michael Wetklow, NSF


9:45 am – 10:00 am
Room: Amphitheater

RIMS CRMP-Fed Recognition

Speakers

Peggy Sherry, President, Association for Federal Enterprise Risk Management (AFERM)
Annette Homan, RIMS COO

Stretch Break


10:00 am – 11:00 am
Room: Amphitheater

Plenary Session 2 — Innovative Strategies to Address High Risks in the Public Sector: Over-Prescription of Opioids in Government Worker Programs

During the 1-hour session the speakers will discuss the following:

  • Using data analytics to identify and mitigate risks associated with the over-prescription of opioids.
  • Integrating best practices at the federal, state and local levels and forging partnerships to help address opioid abuse
  • Leveraging lessons learned from opioid abuse to mitigate risks before they become a crisis

Speakers

Scott Dahl, Inspector General, DOL
Joseph Paduda, President, CompPharma

Moderator

Jessica Southwell, DOL OIG


11:00 am – 11:15 am

* BREAK *


11:15 am – 12:15 pm
Room: Horizon

Track 1, Session 1A — Elevating Risk Practices in Public Health Response to the Enterprise

The Federal Government supports state and local partners when requested, prepares the nation’s healthcare system, and connects people to real-time public health and medical emergency information. This panel will discuss risk management strategies used to fulfill mission objectives and save lives.

Speakers

Edward Gabriel, ASPR
Mike Vineyard, ASPR
Stephan Kaser, ASPR

Moderator

Javier Lopez, HHS


11:15 am – 12:15 pm
Room: Amphitheater

Track 2, Session 2A — The Resilient Leader's Strategies for ERM Success

What key milestones make an ERM Implementation Strategy work? In this session, participants will learn some of the not-so-conventional methods that has and can be used by resiliency in leadership to ensure the staying power of ERM practices in agencies.  Methods used over the past seven years will be shared to shed light on the opportunities and challenges associated with program implementation.  The session will discuss methods that address the deliverables in the revised A-123 policy (i.e. risk profile, governance, and integration of ERM and Internal Control) from the Department of Commerce perspective.

Speaker

Karen Hardy, DOC

Moderator

Catherine Chatfield, NOAA


11:15 am – 12:15 pm
Room: Hemisphere A

Track 3, Session 3A — Extended Enterprise Risk Management and the Public Sector

Extended enterprise risk management (EERM) is the practice of anticipating and managing exposures associated with third parties across the organization’s full range of operations as well as optimizing the value delivered by the third-party ecosystem. What does third-party risk look like? While one often thinks of data breaches involving IT providers, the tentacles of third-party risk extend into the farthest corners of the extended enterprise ecosystem.

Speakers

Jonathan Swanson, Aetna
Jason Leecost, HUD, Ginnie Mae

Moderators

Cynthia Vitters, Deloitte
Daniel Kinsella, Deloitte


12:15pm – 1:30 pm
Room: Atrium Ballroom

* LUNCH & AFERM Annual Awards Presentation *

Recognition of the AFERM Leader, Practitioner and Volunteer of the year for 2018 and AFERM Hall of Fame.

Sponsored by:

1:30 pm – 2:30 pm
Room: Hemisphere A

Track 1, Session 1B — Integration of Cybersecurity and ERM

Every Federal agency is confronted with the risks associated with cyber. Many of those agencies assign the management of this risk to the technical teams under the CIO or CISO. But cyber vulnerabilities can have much broader implications to the strategic, operational, and reputational risks of the entire agency, requiring broader engagement by senior executives at the enterprise level. This panel will describe how leaders at two Federal agencies are bringing an ERM lens to cybersecurity to do just that.

Speakers

Emery Csulak, CMS
Jenni Main, CMS
Pete Gouldmann, State

Moderator

Dennis Chesley, Guidehouse


1:30 pm – 2:30 pm
Room: Amphitheater

Track 2, Session 2B — Tools and techniques for facilitating successful executive level conversations about ERM

SES’s don't just “magically” learn how to plan and prepare for difficult leadership conversations about ERM. Learn from successful executives about different tools, techniques, templates, and approaches that can help each of you master conversations about ERM.

Speakers

Christine Jones, HHS
Frank Petersen, NASA

Moderator

Zack Poimboeuf, HHS


1:30 pm – 2:30 pm
Room: Horizon

Track 3, Session 3B — Quantifying the Impact to Drive Strategic Objectives and Inform Decision Making

Often the first step agencies take in establishing their ERM program involves conducting an enterprise-wide risk assessment, yielding a list of risks to the organization.  So what’s next?  The real value of ERM comes when there is an increased understanding of how those identified risks impact the strategic goals of the organization.  Taking a deep dive into the drivers of the risks can reveal a path toward the most appropriate deployment of resources to address the most significant and controllable core issues.  To support the forward momentum of mitigation activities, it is important to set realistic targets or metrics for those efforts to achieve.  By quantifying the impact, positive or negative, to the overall mission and strategic objectives that risk has in your organization, you can elevate your ERM program to one that provides significant value and informs decision making across the organization.

Speaker

Chad Nieboer, USMC

Moderator

Valerie Lubrano, EY


2:30 pm – 3:00 pm

* BREAK *


3:00 pm – 4:00 pm
Room: Horizon

Track 1, Session 1C — Integration as Innovation: How HUD Works Across Federal Agencies and Its Own Offices to Foster ERM/EFRM

Speakers

Larry Koskinen, HUD
Jessi Axe, HUD

Moderator

Marcus Melton, KPMG


3:00 pm – 4:00 pm
Room: Amphitheater

Track 2, Session 2C — Communicating the Value of ERM, Culture and Governance: The Positive Impacts of ERM on Morale and How to Achieve Sustainable Motivation

Over the past decade, the ERM community of practice has been making great strides in implementing ERM in the Federal government. As we sustain and improve upon these ERM programs, we can’t lose sight of the importance of motivation. We need to continue to motivate our risk management practitioners as well as our stakeholders. Hear from government leaders on the attitudes, behaviors, tone at the top and corporate values they use in managing risk and how they communicate the value of ERM, culture and governance to motivate their workforce to continue to implement and improve upon their ERM practices.

Speakers

Jennifer Hills, King County, Washington
Carissa Riddle, HUD

Moderators

Denise Lippuner, Grant Thornton


3:00 pm – 4:00 pm
Room: Hemisphere A

Track 3, Session 3C — Cyber Risk and the Chief Risk Officer: What CROs Need to Know About the New NIST Risk Management Framework

NIST is doing a major upgrade to one of its flagship security guidelines, Special Publication 800-37, the Risk Management Framework (RMF). The updated RMF 2.0, to be published this Fall, will provide many new features for Cyber Risk Officers and Enterprise Risk Management (ERM) programs. In addition to managing security risk, the RMF 2.0 will also address privacy and supply chain risks and the alignment with key constructs in the Cybersecurity Framework (CSF) as part of a comprehensive and unified ERM approach. The NIST update responds to recent Executive Orders, OMB policies, and Defense Science Board recommendations with the following design objectives to:

  • Provide closer linkage and communication between the risk management processes and activities at the C-suite or governance level of the organization and the individuals, processes, and activities at the system and operational level of the organization;
  • Institutionalize critical risk management preparatory activities at all risk management levels to facilitate a more effective, efficient, and cost-effective execution of the RMF;
  • Demonstrate how the NIST Cybersecurity Framework can be aligned with the RMF and implemented using established NIST risk management processes;
  • Integrate privacy risk management processes into the RMF to better support the privacy protection needs for which privacy programs are responsible;
  • Promote the development of trustworthy secure software and systems by aligning life cycle-based systems engineering processes in NIST Special Publication 800-160, Volume 1, with the relevant tasks in the RMF;
  • Integrate supply chain risk management (SCRM) concepts into the RMF to address untrustworthy suppliers, insertion of counterfeits, tampering, unauthorized production, theft, insertion of malicious code, and poor manufacturing and development practices throughout the SDLC; and
  • Allow for an organization-generated control selection approach to complement the traditional baseline control selection approach and support the use of the consolidated control catalog in NIST Special Publication 800-53, Revision 5 (to be published in early 2019).

Speaker

Ron Ross, NIST

Moderator

Alice Miller, MCC


4:00 pm – 4:15 pm
Room: Amphitheater

General Session 2: Day 1 Wrap-Up

Speakers

Peggy Sherry, President, AFERM
Tom Brandt, President-Elect, AFERM


4:15 pm – 6:00 pm
Room: Amphitheater Foyer

Networking Event and Annual Meeting

Speakers

Peggy Sherry, President, AFERM
Tom Brandt, President-Elect, AFERM