Page 10 - MILConnection_Spring 2020
P. 10

kudos




        Mapping a State Department process flow


        Each year during the Department of State’s Annual Close season, MIL staff team
        with their government counterparts to connect over 31 processes, multiple financial
        systems, and hundreds of people to ensure a successful balancing of the government’s
        fiscal books. Before 2019, each department operated independently on their own
        processes with minimal insight to the impact on other department’s systems. Efforts
        were continuously underway to connect teams and provide transparency to how all the
        systems were interconnected. In January 2019, the Allotment Accounting department
        developed a Continuous Improvement Action Plan (CAP) to expand key stakeholder
        knowledge and awareness of the Annual Close Budget and Cash related dates, activities
        performed during fiscal year end close (which usually begins in July and finishes by
        October of each year), and resources required to perform the activities. The need existed
        for a comprehensive and collaborative big picture of all the interdependencies and
        business processes within all GFO offices.
        That’s when MIL’s Joan Cugell, a Senior Manager on the Systems, Coordination, and Implementation (SCI) Team, stepped in to guide
        the entire process. She and her team developed a comprehensive process flow map to capture and document each of the 31 processes.
        Her ability to gather all aspects of the complex process led to a gigantic process flow map which measured 4 feet by 4 feet and captured
        the entire Department of State financial Annual Close process. The process flow demonstrates exactly how all these processes tie into
        one system in order to balance the Department’s financial accounts.
        However, it isn’t so much the final product which provides the most benefit. According to Joan, the collaboration to build and feed such
        a process map required so many people from all departments—and that collaboration created deeper understanding on everyone’s
        parts about how the smallest tasks can have a trickledown effect which leads to later challenges. The process of capturing the cause
        and effect of each department’s roles eliminated duplicate efforts, non-value-added efforts, and process wastes. The communication
        during this effort also helped identify time-sensitive interdependencies and addressed areas to improve communication throughout the
        organization.
        Joan mentioned she was surprised to see the sheer number of people, departments, and systems involved and the complexity of
        how all the cross-dependencies needed to flow for a successful and on-time Annual Close. The process map is being shared with the
        Comptroller of the Global Financial Services and external auditors with the intention of implementing a yearly review prior to Annual
        Close—by doing so, the map remains a living document serving a culture of continuous improvement.

        Cyber RMF supports a successful ATO effort for NAVAIR ATC

        By: Troy Johnson

        MIL Cyber Sector’s Risk Management Framework (RMF)
        team (Blake Bishop, Alexander Jantsch, John Kriz, and Caleb
        VanDenBos, and led by Amber Shepard) made a very difficult
        process work for them and played a significant role in improving
        the Naval Air Systems Command’s (NAVAIR) Authority to
        Operate (ATO) posture. Only 12 months ago, none of NAVAIR’s
        nine air traffic control (ATC) systems were formally authorized
        to operate. Fast forward a year and six of these systems now
        have their formal RMF ATOs. This excellent work has resulted
        in significant Information Security (IS) progress for these ATC
        systems (mostly located at Webster Field).
        To those outside of the IS field, an “ATO” is the equivalent of
        ‘following the building code’ for information systems. It doesn’t
        guarantee security, but it generally makes the system much
        more secure. RMF is the Department of Defense’s approach to   MIL’s RMF process is as follows: the MIL team selects security
        mitigating risk and improving cyber resiliency. RMF also provides   controls (safeguards or countermeasures to avoid, detect,
        organizations with a structured and repeatable process for   counteract, or minimize security risks to physical property,
        managing risk related to information systems.          information, and computer systems) for each system based on
                                                               how the system was categorized and its overall importance to

         10 | The mil connection  | Spring 2020
   5   6   7   8   9   10   11   12   13   14   15