JOB TITLE: DIRECTOR, ENTERPRISE RISK MANAGEMENT OFFICE, OCO

JOB CODE: 03088

DEFINITION: This is administrative and professional work directing the Enterprise Risk Management Office in the Office of Comptroller Operations (OCO).

The employee in this job oversees the risk management framework and systems that ensure enterprise-wide compliance with Commonwealth risk management goals and standards. Work involves directing the development and implementation of a comprehensive enterprise risk management strategy, identifying and assessing organizational risk across agencies, and designing effective mitigation measures and internal controls. Work includes developing and implementing performance management and risk management policies and procedures; establishing reporting systems, performance indicators, and corrective action plans; formulating strategies to enhance internal controls; and providing enterprise-wide risk management education and support. Supervision is exercised over professional staff. Work is performed independently and is reviewed by the Deputy Secretary for Comptroller Operations for attainment of objectives and overall effectiveness.

EXAMPLES OF WORK: (NOTE: The examples of work are representative of the work, but every position classified to this job may not perform all examples of work listed. Conversely, this is not an all-inclusive list of work examples.)

• Directs the development, implementation, and continuous enhancement of the Commonwealth’s enterprise risk management framework.

• Directs staff responsible for analyzing enterprise risk assessments and developing recommendations for legislative and policy changes to enhance internal controls and minimize the potential for fraud.

• Develops regulations, policies, and directives to address internal control deficiencies, budgetary needs, and unmitigated material risks.

• Directs the establishment and development of practices to track, quantify, prioritize, and report identified risks for mitigation and corrective action.

• Directs the development, implementation, and maintenance of enterprise risk management, internal control development, and fraud prevention training curricula for use across Commonwealth agencies to incorporate all aspects of the risk management program and foster an ongoing risk-aware culture.

• Prepares and presents risk assessment reports to the Commonwealth Audit and Risk Management Committee, executive management, and relevant stakeholders.

• Facilitates anti-fraud efforts and discussions across Commonwealth agencies to ensure a collaborative approach is developed to monitor fraud attempts and corrective actions to improve internal controls.

• Participates in executive leadership groups focused on incident and crisis management, as well as business continuity, planning, and preparation.

• Performs the full range of supervisory duties.

• The employee in this job may participate in the performance of subordinates’ work consistent with operational or organizational requirements.

• Performs related work as required.

ENTRY LEVEL KNOWLEDGES, SKILLS, AND ABILITIES:

• Knowledge of audit policies, standards, principles, procedures, and methods as promulgated by the American Institute of Certified Public Accountants and the U.S. Government Accountability Office.

• Knowledge of risk management internal control frameworks commonly adopted by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and the U.S. Government Accountability Office.

• Knowledge of the principles and practices of program planning, administration, and evaluation.

• Knowledge of laws, rules, regulations, policies, and procedures related to risk management.

• Knowledge of the principles and methods of evaluating operational efficiency and effectiveness.

• Knowledge of the principles and practices of employee supervision.

• Knowledge of generally accepted accounting principles.

• Knowledge of the use and functionality of Microsoft Office Suite software.

• Ability to read, analyze, and interpret regulations, policies, procedures, and technical documentation.

• Ability to analyze data and identify trends.

• Ability to communicate effectively orally.

• Ability to communicate effectively in writing.

• Ability to establish and maintain effective working relationships.

MINIMUM EXPERIENCE AND TRAINING: (NOTE: Based on the Entry Level Knowledges, Skills, and Abilities)

• Seven years of experience in professional risk management including three years of supervisory experience, and a bachelor’s degree in accounting, business administration, finance, or a related field;

or

• An equivalent combination of experience and training that includes three years of professional risk management supervisory experience.

SPECIAL REQUIREMENTS:

• This position requires possession of an active Certified Public Accountant (CPA) certification issued by the State Board of Accountancy or equivalent certifying state agency, an active Certified Internal Auditor (CIA) certification issued by the Institute of Internal Auditors, or an active Certified Fraud Examiner (CFE) certification issued by the Association of Certified Fraud Examination.