Notice ID: EAC2400001
The Compliance & Oversight Group (COG) is seeking sources capable of meeting and supporting FCC’s Enterprise Risk Management (ERM) vision. An automated ERM solution will provide a robust workspace and repository to track, monitor, and test internal controls, facilitate assessments, and audits and manage risks while providing real time updates through its reporting platform.
We seek information from vendors who can provide automation platform/software, enabling FCC to accomplish its mission, through readily available, integrated, reliable, and useful risk information for day-to-day decision making.
One or multiple vendors could be used to meet these needs, and vendors are encouraged to respond to the RFI even if they can meet only a subset of the vision/need.
Objectives:
- Increase accuracy, quality, efficiency, transparency of risk management status reporting;
- Provide greater visibility and transparency of ERM processes and activities via dashboard(s); Send real‐time updates/requests for information to task owners;
- Streamline and create continuity in ERM reporting across the Commission;
- Establish centralized repository for compliance and oversight functions;
- Integration of different risk dimensions for timely and effective decision making;
- Enable analysis capability (metrics, forecasting et al); and
- Enable effective and efficient management of all processes, programs, and portfolios in achievement of objectives.
FCC is looking for the vendor to provide information regarding their ERM automation platform/software capability that supports one or more of the following:
- Integration of different data elements (simplified ingestion and information dissemination) through the tool. For example, internal control, risk, audits, strategy, performance, budget, emerging risks, improper payment risks and actual improper payments, fraud risks and actual fraud information, privacy risks, cybersecurity risks, IG’s list of management and performance challenges, voice of employee survey, customer complaints, media reports regarding agency program risks, overlap of agency risks with rest of federal government (GAO’s high‐risk list, CIGIE’s top management & performance challenges).
- Manage the risks at the program level and utilize the dashboard for everyday decision making at different levels of management with aggregation of relevant data for effective decision making
- Elevate the risks up the chain (e.g., significant risk or accepted risk), and handling its associated workflow.
- Capability for Bureau/Office (B/O) and ERM team to manage/administer all risk assessments (fraud; improper payment; entity; other future risk assessments); Capability to autoflag the risks that exceed the risk appetite, and push notifications that meet a certain criterion.
- Capability for B/Os to provide their annual internal control ratings across the agency’s performance goals, initially as draft submission and then as final submission.
- Capability for B/Os to provide (and ideally certify) their assertion letter regarding internal controls and risks through the tool.
- Track action items pertaining to any internal control, risk or audit area in a cross-functional manner.
- Task assignments, and multi‐level review capabilities.
- Email integration and automation of tasks e.g., automated reminders before the due date and for past‐due notifications.
- Initiate an update request for specific risk(s), audit recommendation(s), and action item(s) through the tool.
- Capabilities to augment the workflow, including, but not limited to suggested changes for risk response actions …
Want to get involved with OS AI? - A small number of Sponsorship Opportunities are now available here. Starting at $500.