September 30, 2014
Historically, the Board's divisions have operated largely autonomously in performing their specified mission functions, developing organizational structures, formulating budgets, and establishing management processes. As the Board's mandate expanded in the wake of the financial crisis and the enactment of the Dodd-Frank Act, so has the Board's need for strategic planning, management processes, and coordination across divisions. In its Strategic Framework 2012-15, the Board lists three strategic themes that address various aspects of its governance challenges:
The Board's strategic framework states that achieving its strategic objectives will require more active collaboration across divisions. Collaboration will be required to fulfill the Board's supervisory expectations under the Dodd-Frank Act as well as its traditional monetary policy functions. Collaboration will also be required to carry out the Board's agenda of management process changes to keep major investments on track, identify additional opportunities for cost savings, and improve overall operations. Enhancements to the Board's management processes will allow for increased ownership of and accountability for leadership decisions, an enhanced ability to prioritize strategic needs, and a potentially reduced administrative burden. We believe that aspects of Board governance, including internal control, information technology (IT), and data, will continue to pose management challenges to the Board's efficient accomplishment of its mission.
Internal control is an integral part of managing an organization and is critical to improving organizational effectiveness and accountability. Internal control comprises the plans, methods, and procedures used to meet the organization's mission, goals, and objectives. The Federal Managers' Financial Integrity Act of 1982 (FMFIA) requires that each executive agency establish internal accounting and administrative controls in compliance with standards established by GAO and prepare an annual statement on internal control based on an evaluation performed using Office of Management and Budget guidelines. The Board is not subject to FMFIA.
Although the Board has stated that it voluntarily complies with the spirit and intent of FMFIA, it does not currently have a Boardwide process for maintaining and monitoring its administrative internal controls. Office of Inspector General (OIG) work has identified internal control weaknesses at the Board. While these control weaknesses have not prevented the Board from carrying out its mission or achieving its strategic objectives, some of them have introduced operational and reputational risks. Establishing a process for maintaining and monitoring internal controls will help ensure that the Board's controls, as designed and implemented, are effective and continue to work over time. Establishing a Boardwide process to monitor internal controls will also provide a means for the Board to identify and timely mitigate any control weaknesses that exist.
Board management identified actions that it plans to take in 2014 to implement a process for maintaining and monitoring administrative internal controls. Management plans to (1) develop a Board policy describing the requirements for appropriate administrative internal controls based on the guidance provided by the Committee of Sponsoring Organizations of the Treadway Commission2 and GAO, (2) implement the new policy using a phased approach, (3) require each Division Director to provide a reliance letter acknowledging that the division is responsible for implementing and maintaining internal controls, and (4) develop training on administrative internal controls and the Board's policy. Management noted that given the priorities and budget constraints underlying the Board's new strategic framework, creating additional infrastructure to develop and implement policies and processes must be carefully balanced with other competing resource priorities.
The Board also faces governance challenges in both the centralized and decentralized management of IT services. A primary mission of the Division of Information Technology (Division of IT) is to provide services to meet the automation and data analysis needs of its customers; however, divisions also provide IT services to their employees. Our recent audit work found that over half of Board divisions perform their own application development and help desk activities, often using differing processes, procedures, and tools. We also found that Board divisions do not track costs for IT services in a consistent manner.
The Board recently approved new delegations of authority that grant the Director of the Division of IT the authority for automation, telecommunications, and other IT matters; information security; and the formulation, approval, and implementation of the management policies for IT and information security.
The Director of the Division of IT chairs the Board's Business Technology Strategic Committee, which comprises senior IT representatives from each division. The purpose of the committee is to promote an enterprise view of the implementation and administration of IT services in a consistent, cost-sensitive, and secure manner that is informed by business needs. The Director of the Division of IT recently updated and finalized the committee's charter to increase coordination among the divisions; she also continues to hold discussions on strategic collaboration.
In 2013, the Director of the Division of IT administered a survey of IT costs across the divisions to help the Board better understand the scope and diversity of the technology services provisioned across the enterprise. Also, the Business Technology Strategic Committee designed a survey to collect information from each Board division and office to identify opportunities to improve operational efficiency.
As a result of expanded responsibilities under the Dodd-Frank Act, the Board is engaging in new data collection and analysis. New data collection and data management processes are required to perform these new responsibilities. The need for data across the divisions to support the Board's analytical challenges has also increased in terms of the quantity, sharing, awareness, access, controls, and quality. Traditionally, data were used within divisions to accomplish specific mission functions; however, to fulfill the Board's expanded responsibilities, divisions now need to increase coordination with each other and with the Board's new Office of Financial Stability Policy and Research, and they need to support the Board's participation in FSOC. A Boardwide data management view is needed to enhance the ability of staff members to obtain, interpret, and analyze these data. The Board will be challenged to expand its technology infrastructure and processes to support the increased requests for and analysis of data, as well as to enable comprehensive, enterprise-level data governance and information management practices.
In the Strategic Framework 2012–15, the Board outlined the role of a new Chief Data Officer (CDO) position. The first CDO was hired in April 2013. The CDO is working with the Board Data Council and Board divisions to establish data governance policies and to facilitate coordination across data communities at the Board and among the Board; the Federal Reserve Banks; and other regulatory agencies, such as FSOC and the U.S. Department of the Treasury's Office of Financial Research.
A new Boardwide data governance and management structure is planned to support the growing need to share large amounts of data across divisions. The CDO is reviewing the current data collections, engaging divisions, and developing a cohesive enterprise data governance framework.
