zimmytws/Shutterstock.com

Federal Student Aid: Pioneers Managing Risk

How the Education Department's loan office turned around a high risk program.

The Office of Federal Student Aid put in place the first formalized risk management framework in the federal government, starting its efforts in 2004. What does it look like? How did they do it?

One former federal leader, Todd Grams, says agencies that ignore risk are actually creating risk. Not surprisingly, there has been increasing interest among agencies in developing a risk management function. So what does that look like? The Education Department’s Office of Federal Student Aid began a decade ago to create a risk management function, which may serve as inspiration for other agencies considering the same.

In a recent book and presentations around town, Cynthia Jasper Vitters and Fred Anderson, risk management executives at FSA, describe their efforts and the evolution of an enterprisewide risk management function. They observe: “ERM implementation at FSA is not viewed as a compliance function.”

FSA has made or guaranteed more than $1.2 trillion in student loans, with 40 million borrowers. The office has a budget of $1 billion and a staff of about 1,200, serving 6,200 universities around the country. In 1998, FSA was legislatively designated a performance-based organization, which allowed it a certain degree of autonomy. Its chief was appointed by the secretary of Education on a term contract and was not a political appointee or career executive. Anderson and Vitters felt that the designation as a performance-based organization “helped pave the way” for the creation of a risk management function at FSA.

Because of the volume of loans and a high default rate, the Government Accountability Office placed FSA on its high risk list of programs in 1990. GAO removed FSA the next year from its high risk list, in part because FSA began to systematically pursue risk management in 2004.

Creating a Framework

Stan Dore was hired as FSA’s first chief risk officer in 2004. He set out to create an enterprisewide risk management office, which was stood up in 2006 with a small staff reporting to the Enterprise Performance Management Office.

The new office started to create a framework and implementation plan, but FSA’s chief operating officer, Theresa Shaw, resigned in 2007. The office had several acting leaders until a full-time COO was named in 2009. During that period, the FSA worked to educate senior career executives and various business units about the role of risk management in their operations

The new COO, Bill Taggart, was a former bank executive who was a strong supporter of risk management. He appointed a new chief risk officer, Fred Anderson, who raised the profile of the fledgling office, expanded the risk management framework and formalized the role of risk management in FSA’s five-year strategic plan.

Anderson became a direct report to Taggart and split the office into four groups:

  • Risk analysis and reporting
  • Internal review
  • Portfolio performance management services
  • Acquisition risk management

In addition, Taggart created FSA’s risk management committee, chaired by Anderson. Taggart attended all meetings, along with other executive members. FSA’s current COO, James Runcie, consistently attends meetings as well. The committee’s objectives are to: “identify, track and mitigate operational, portfolio, project and technology risks across the organization.”

Tips for Other Agencies

So what would it take to create a risk management function at your agency? Anderson and Vitters have six pieces of advice:

Use a phased approach to implementation. FSA developed a timebound, phased plan for its enterprise risk management approach. Each phase had defined risk criteria and an accountable owner, who is responsible for continuous review and updating based on changing conditions. An upfront investment in planning and engaging senior leaders made implementation easier.

Create a risk management committee. When Taggart established the nine-member committee, he had the risk management office define its scope and operations and ensure that its initiatives aligned with existing business functions. Executives on the committee had specific roles and portfolios of issues. Prior to each monthly meeting, issues on the agenda were vetted by the assigned member of the committee to ensure no surprises.

Ensure the right talent in the risk management office. Finding the right talent for the risk management office staff, according to the authors, is “vital to the group’s success.” They started with internal staff and supplemented with contract staff. As the function matured, they identified individuals with specific skill sets and subject matter expertise.

Integrate risk management into existing processes and functions. FSA, like other agencies, has pre-existing formal and informal oversight, compliance and internal control activities. One of the first tasks of the new chief risk officer was to inventory these activities and help align their activities with an overarching risk management strategy.

Extend risk management to contractors and other partners. FSA historically has outsourced many of its major operations—such as loan serving and collection—to outside contractors. The off also has partnerships with universities and lending institutions. The risk management office developed approaches to extend its oversight of significant risks to these partners as well.

Prioritize key risk information. Initially, the risk management office identified a large number of potential risks and scenarios. It found, however, that too many made it difficult to manage and prioritize. So, it became important to focus on the risks that might affect FSA’s goals.

By focusing attention on these elements, FSA’s risk management office was able to help ensure that risk management was viewed not as a compliance function, but rather a strategic leadership approach to managing the business of student loans. Vitters and Anderson believe this “puts FSA in a strong position to successfully manage its unique business structure.”

(Image via zimmytws/Shutterstock.com)

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.