Insight by Pega

Better managing the business of Defense: Why DoD needs to automate enterprise risk management

This content is provided by Pega.

The Defense Department has a budget of more than $700 billion, yet it remains the only federal agency that has not yet passed a full financial audit. While it continues to make improvements in business efficiency, the department’s lack of visibility into their operations presents significant risk, as the DoD is responsible for the largest part of the discretionary budget and has more than $2.7T in assets to manage.

A centralized, integrated enterprise risk management system can provide visibility across an organization as large and complex as the Defense Department. This capability can help the department see inside its operations as well as surface areas for improvement to achieve full compliance with government auditing standards.

A successful audit requires accurate sampling in order to extrapolate from that data, and asses what’s going on across the entire enterprise compared to what should be happening. But the DoD is difficult to sample, because the requisite data doesn’t reside in centralized systems; it’s scattered across the enterprise.

Enterprise risk management within the DoD is often a manual effort using spreadsheets and email. That means the data resides at the granular level, but it can’t be easily aggregated in order to find commonalities and identify risk. And employees get so busy doing data calls, they don’t have time to focus on building stronger internal controls and changing policies to improve the situation.

“If you’re doing data calls, it means you can’t push a button and get the information you need like you should be able to,” said Cindi Stuebner, defense industry principal at Pega. “Decisions can’t be made if the data is inaccurate, and manual processes ensure errors will occur.”

That’s where automation can come into play. Stuebner said Pega helped save thousands of man hours at several defense agency customers by introducing automation into their risk management systems. Now they can see data generated using automation, not something someone manually aggregated. They also have a dashboard with powerful analytics at their fingertips to help them parse that data, identify trends, and discover where risk problems exist.

And industry-standard APIs can help to access disparate data sources, along with form digitization, so required documentation can be auto-generated in minutes, rather than days. All of that means access to better data faster, enabling better decision making in order to identify, assess, and mitigate risk.

That aligns with a key pillar of the national defense strategy: reforming the department’s business practices for greater performance and affordability. Doing this can help reduce costs and elevate work from low value manual level of effort to higher value analysis and decision making. Automation is a key tool to accomplishing this goal and achieving a higher level of accuracy in risk management.

With automation, defense officials can build one framework to reuse across multiple domains of risk. Using low-code development, which involves a drag and drop interface, processes can be easily automated, reusing key components as they go. Creating an artifact – for example, CAC integration – makes it reusable, meaning at a certain point, applications are already up to 40% completed before the automation process even starts.

And when this kind of development happens on top of an already accredited platform like the Pega Government Platform  , the new application doesn’t inject any additional cybersecurity risk because the applications built on the platform inherit the security controls of the platform. additional coding is involved, which means no new vulnerabilities available to exploit.

It’s also far more agile than the traditional DoD development process, which involved lots of siloed processes and teams that weren’t fully integrated. The traditional development approach functioned something like this: The users would describe their requirements, which would then pass through several hands before reaching developers, who would do their best to build a system as per the often multi-sourced requirements. The end result would often only partially resemble what the users had intended. With low-code development, the user can be directly involved in helping to build the application, and can help ensure what’s built is what they intended. This not only makes it more likely that an organization gets the application it needs the first time around, it also significantly accelerates the development process.

Stuebner said the time from concept to delivery on the Pega Government Platform in the DoD is around three to four months on average, much faster than traditional development within the department.

“Successful organizations all have visionary leadership who embrace the power of a platform, and use it way it should be used,” said Jason Noker, principal and co-founder of srcLogic. “If you want to do things better, this is the way.”