Managing enterprise risk in defense takes a new approach and modern tools

When agencies are dealing with tens of thousands of people and billions of dollars in spend, enterprise risk management is not so simple. It requires a different approach to management and a modernization path all its own. srcLogic has been on the front lines of risk management and will give clear guidance on where to start, who to include, which technologies work best, and lessons learned along the way.

Transcript:

• Good day everyone. I'm Doug Averill, PEGA's industry market lead for government, and I'm here to talk about enterprise risk management and defense and how it takes a new approach and modern tools. I'm joined by Jason Noker and Tara Teaford from srclogic. Welcome. Maybe Jason and Tara . We could start off with you introducing yourselves and srclogic.
• Sure. Thanks Doug. I'm Jason. I'm one of the principals here at source logic.
• And I'm Tara Teaford. I am the program manager at source logic. We are a PEGA gold implementation partner and authorized training provider based just outside Washington DC, in Vienna, Virginia.
• Fantastic. Now enterprise risk management. Isn't something that maybe is a top of mind for a lot of folks. Maybe you could start us off by just describing what is enterprise risk management and what are the challenges you see in that space?
• Sure, Doug. So when I think about enterprise risk management, I think about an integrated approach to evaluating risk across the organization. So rather than evaluating risks within silos, we're looking at it holistically across the entire Department of Defense. So when you think about different types of risks that they're measuring the different dimensions that they're, that they're trying to track and evaluate you look at, you have operational risk, you have human capital risk, we have acquisition risk, we have cybersecurity and IT risk, which is where you see a lot of the battle space moving to today. And then lastly, you see financial risks. I think one of the biggest challenges that we see across the DOD is just the size and complexity of the organization. So if you think about the D- the department of defense, you have a $700 billion budget. You have roughly $3 trillion of assets. That alone would be probably the 20th largest economy in the world. So our department of defense is roughly the size of Switzerland. And when you think about the complexity and the disparity, and then the geographic disparity, you know, we're on every continent and we're in every time zone. So just trying to manage processes, trying to manage, you know, have any kind of agility in an organization that complex is probably the largest challenge that they're facing today.
• Yeah. Got it. Got it. Yeah. Huge numbers too. Really good point. In terms of the scale of all of this, now, you, you talked about the different kind of flavors of risks that you're, you're looking at, and, and we often break those into people, process and technology. If you think about sort of the hierarchy of those, is any one of those sort of the most important to adreni- identifying or addressing enterprise risk management? Is it all three? How do you think about that?
• Yeah, we think it is all three, but people is definitely one of the tougher challenges that we face. We're all very familiar with the traditional challenges with people being resistant to change. There's internal politicking, there's territorialism. I don't want to change the way that we had already always done. So those people challenges tend to exacerbate the challenges and trying to re-engineer process. Technology actually is the least challenging of the three, but we do find that a real significant challenge is around policy. So we have these organizations that are really trying to engineer change and try to transform their organizations with cold world policy, cold war policy. These are, these are antiquated policies that are hindering a lot of the ability to transform the organization. So that's what we're really trying to help these organizations move beyond.
• Got it. Got it. So if you're thinking about, you really hit on one of the things I see a lot too, is the technology enabling the organizational change. And if you're thinking about the change from sort of beginning, beginning state to current, to end state, you know, how do you see technology bridging that gap? What does it bring that actually enables those other things?
• Sure. So, you know, some of the customers or some of the organizations that we work with today, like the Marine Corps, for example, they've identified that they need to become more agile. They understand that they need continuous integration, continuous delivery. They understand that the future for, for their IT environment is going to be something in the cloud and they need the capabilities to do this fast. So as Tara mentioned, you know, they have analog policies in a digital world. And what we're finding is that the technology is becoming a forcing function to actually change those policies. So if you look at what the Marine Corps is doing, you know, for them, the long pole in the tent has always been getting the authority to operate. So getting permission to deploy an application to production. This is something that used to take anywhere from 12 to 18 months. And now, because we've put everything onto this low-code platform, which is PEGA, we, we have a continuous ATO. So we've taken that 12 month process and we've turned it down into somewhere around 30 days. So we now have the capability to adapt to change. We have the capability to adapt to changing requirements, to complex requirements and to do it in a safe and secure way in less than a month. So it's really a new approach. It's something that, you know, the CIO there has embraced and really been a visionary pushing forward.
• That's fantastic. So in that description, you just gave of the technology really pushing that change forward. You know, I think about what you just described and what I see a lot in government, which is we're moving from that idea of technology is the solution to technology is an enabler of change generally. And it could be organizational change. One of the great things I know you guys have seen, and I've certainly seen it's, it's a really satisfying moment is that moment where you can almost literally see lights go off with, with our clients and with the people we work with when they can realize what's going on and that they now have technology to enable organizational change. Are there any like that or, you know, what sort of brought those together?
• Sure. So I've going to think about modernization, especially in the public sector. I think what you see a lot of, is what you're seeing is, you're seeing people rebuild a legacy applications with a little bit more modern technology. So maybe you had a cold fusion application that turned into dot net that turned into struts, and now it's going to some JavaScript framework. And instead of re-engineering the fundamental processes and the policies that underlie that application and taking a more transformational approach, people are just, re-skinning it. They're putting a nice new interface on it and they're not future, you know, they're not really, it's going to be legacy again in the next two to three years. So I think for us, in terms of working with specifically the Marine Corps, their "aha" moment was we just started a new transformation effort. So new modernization effort, and the very first thing that our champion or project sponsor told us was "think big". So don't just rebuild what we already have on the PEGA platform, but actually take advantage of the tools that are there, take advantage of the capabilities in the platform to actually optimize our business process and solve our business challenges. So for us, that means taking a step back, figuring out where's that application fit in holistically within the organization and how can we help push them forward with the technology rather than just, you know, rebuilding and redoing the same thing over and over again.
• So is there a specific part of this toolkit that this platform that you bring to bear that enables all this organizational change, something in that kit that really sort of initially resonates with people and they say, "That's where we need to start" or "That's the capability we ought to be thinking about first"?
• Yeah. So, so for me, the first one that pops into mind is the air force. Specifically the air force research lab. So when you look at what they're doing is, they're, they're trying to actually transform their entire organization from the IT side, from the enterprise business systems side. And what they wanted was they wanted a single common platform that was centrally managed, but then they wanted to have actually federated development and distributed decentralized control so that you could take a foundational set of capabilities at the headquarters level and then push that out to the field so that each application could be tailored to the specific business processes of that technical directorate or that organization. And all of that, again, running from one central platform. So what we're able to do there is using again, you know, kind of that reuse and inheritance model that's innate to PEGA is we've given people the tools to start 20 to 30% finished right out of the gate. So the security, the infrastructure, the integrations, the organizational rules and data models are already in place. So all people have to do is finish the application; actually build their business process the way they want it, and that gets them across the finish line and much, much faster, a much greater time to value than we've really ever seen anywhere in the DOD.
• Got it. No, that's, that's great. So last question, where do you see sort of the, the, the non-obvious opportunities in defense either for technology or change generally?
• Sure Doug, I think, I think one of the things that's, that's not necessarily obvious is really when you talk about the relationship between the military or the service and the service men or women. And I think that when you look at what things are happening in the commercial world at the traditional enterprise level, you're talking about really building relationships across channels. And I think that that translates actually very well to the relationship between the Marine Corps and the Marine between the army and the soldier. And I think that's something that's probably been under utilized to date is taking advantage of those commercial best practices to really engage with the stakeholders. So you want to improve your retention. You want to make it as easy as possible for the person who's making a sacrifice for us, to to automate or to streamline those mundane, innocuous tasks that really they're used to doing since they were born. So everything today, when you look at, you know, what's happening in technology, we're still building apps that are made for the computer. But if you look at the 18 year old kid, they've had a cell phone since birth and they may actually not have a laptop. So we should design applications with them in mind, we should take the advantage of the tools, you know, like the chat bot, like the artificial intelligence to figure out how to really engage them, not like a customer, but as somebody that we care about.
• And we are seeing our customers take a page out of the commercial playbook. We have a customer right now for whom we are building an acquisition system. And we walked in on our first day and she said, "I want this to work like Amazon." We as consumers and as soldiers, and as Marines are used to seamless apps that work every time we log onto the computer or pick up our mobile device. And so that's what we're trying to create for them. And I like to see the federal government transforming itself into something that operates as smoothly as the commercial.
• That's a great point of view, really sort of taking that empathetic from the end user point of view and building for them. So thank you very much, Jason and Tara, from srclogic for joining us today on enterprise risk management. I think there's a lot of really great approaches and technology that you've been able to apply in your space.
• Thank you for having us.
• Thanks Doug.

Tags