GSA annually identifies and assesses risks to the agency’s strategic goals and objectives that have a significant likelihood of occurrence over a multi-year horizon. The assessment encompasses risks both to the implementation of strategic initiatives and ongoing operations. Risks are identified and prioritized through a cross-functional process by engaging a team representing GSA’s mission delivery units and core mission-support offices. Prioritized risks are then presented to GSA leadership for review and concurrence.
As an output of this year’s risk management process, GSA prioritized a set of enterprise risks. Some of the risks identified include:
- Cybersecurity - Cybersecurity operations and investments must be optimized to reduce the risk of insider and external threats to sensitive Government data. The Fraud Reduction Report in the latter section of this report provides specific mitigation plans for the cybersecurity risk.
- Workforce Succession Planning - Significant levels of retirement eligibility at GSA requires an increased focus on talent pipeline management to reduce the impact of organizational skill and knowledge gaps resulting from foreseen separations. The Statement of Assurance identifies actions taken by GSA to mitigate this risk in FY 2018.
- Legacy Database Technologies - Continued reliance on legacy database technologies increases costs and impacts operational performance. GSA is therefore identifying and pursuing Software-as-a-Service opportunities in a software deployment and reducing agency dependence on legacy systems.
- Shared Services Adoption - GSA’s ability to drive adoption of Governmentwide systems across the agency, challenging the traditional model of shared service solutions is affected by the risk that resources and priorities at customer agencies may not consistently align with shared services objectives.
Each of these risks has the potential to impact GSA’s ability to meet our mission. Organizational awareness and proactive leadership are essential to ensure the risks are managed and mitigated. GSA has developed project plans and mitigation strategies for enterprise risks while monitoring qualitative and quantitative data to gauge the pervasiveness of the risks. Planned organizational investments will also contribute to minimizing the impact of the risk and its likelihood of occurring. Effective management of these risks is an opportunity for GSA to strengthen its internal operations and external defenses to maximize value to customer agencies and the American Public.