The California Department of Motor Vehicles has created a risk management program to effectively identify, assess and manage enterprise risks for the department, according to DMV Deputy Director Bernard C. Soriano, who now heads the program.
"Historically, we’ve been doing some form of risk management in various pockets of the department. And now, since the beginning of the fiscal year, we’ve brought various functions together to perform risk management in a more cohesive form—focusing on auditing, information security and oversight. This helps us look at projects and analyze how they might impact other areas of the department," Soriano said.
The DMV is working with CalHR—the new combined SPB and DPA—to seek approval for this organizational change. The department is also aiming to contract out for off-the-shelf software specifically designed for risk management.
Enterprise risk management is about making and keeping department objectives. As an example of a tech initiative for which his team would be examining risk, Soriano cited a new customer flow queuing and appointment system at DMV field offices. Risk management staff will have to look at the risks involved and examine any litigation that may be needed in order to meet the project’s goal, Soriano said.
The DMV currently models its enterprise risk management practices on framework developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO), which provides specific directions on how to identify potential events that may affect the entity, manage risk to be within its "risk appetite," and provide reasonable assurance regarding the achievement of entity objectives.
"Our job is to look deeper and examine what risks are involved before making any decisions," Soriano said.
