The vendor is required to provide enterprise risk management consultant services the knowledge and a framework to identify and evaluate emerging risks.
- Develop an ERM Program and Implementation Plan:
•Analyze and report on the feasibility of developing an ERM program through a multi-phased approach to implementation, moving from one program area to the next, identifying and analyzing risks, documenting response strategies, then consolidating the risks and determining appropriate rankings enterprise wide for mitigation and monitoring.
•Prepare a questionnaire/survey to identify key risks for individual divisions/departments for current and future use.
•Conduct an initial risk assessment of a designated department as a pilot program.
•Analyze the risks identified in the pilot program and develop treatment strategies.
•Identify and assess current controls used to mitigate risks for appropriateness.
•Enhance risk identification and monitoring tools currently utilized by divisions/departments.
•Prepare an ERM implementation plan using a phased roll-out, addressing potential milestones, and potential dependencies.
- Program and Support Organizational Risk Assessment:
•Provide division leaders (or their designee) with the knowledge, training and skills necessary to build a common understanding of the universe of risks facing agency that can be spread across the entire organization and replicated for continued use.
•Provide assistance, as needed, to the Risk Administrator for workshops with division leaders (or their designee) to rank risks and assign ownership of each risk.
•Provide assistance, as needed, with consolidating risks and associated risk responses documented using risk oversight software.
•Report vital areas and activities driving risks for the organization and pinpoint triggers to assist in the development of KRI’s through a comprehensive risk assessment.
•Identify areas of strength that can be leveraged/incorporated into an organization-wide approach.
•Identify gaps and create program initiatives to protect agency assets and reputation from significant risks.
- Create a Roadmap to ERM Integration:
•Create a roadmap to achieving ERM integration into daily processes.
•Develop a risk governance structure that defines levels of authority and the associated processes for decision-making and escalation of high impact risk activities.
•Support agency strategy by embedding risk considerations into agency planning, daily operations and long-term goals.

- Contract Period/Term: 2 years