Office of Enterprise Planning, Risk and Compliance (EPRC)
The Office of Enterprise Planning, Risk and Compliance (EPRC) is responsible for establishing and implementing short and long term strategic plans, policies, goals, objectives, and operating procedures related to regulatory changes, risk assessment, control failures, breaches in physical and data security, compliance activities, internal audits, privacy, ethics, incompatible activities statement, and disaster recovery. The office provides heightened leadership and improved coordination of planning, risk, and compliance for the Department. EPRC is comprised of four offices:
- The Information Security Office (ISO) is responsible for protecting CDI’s information assets; managing vulnerabilities within CDI’s information processing infrastructure; managing threats and incidents impacting CDI’s information resources; developing and maintaining policies to ensure appropriate use of CDI’s information assets; and educating employees about their information security and privacy protection responsibilities.
- The Office of Strategic Planning (OSP) is responsible for all elements of strategic planning including the development of CDI's Strategic Plan and implementation of strategies to support the vision, mission, values and goals. The office wrote CDI's Workforce and Succession Plan and is involved in completing all of the strategies outlined in the report. OSP is also involved in projects including but not limited to; the coordination of the Annual Report of the Commissioner, the annual Employee Engagement Survey, department-wide training and development opportunities, performance management efforts and projects related to the intranet.
- The Internal Audits Unit (IAU) conducts internal audit engagements and special projects comprising the two-year CDI audit plan. IAU is also responsible for the CDI Whistleblower Act program and the complaint reporting process and investigation. In addition, IAU is the designated central contact point to coordinate all external audits and monitor the implementation of corrective action plans.
- The Risk and Compliance (RAC) Unit provides CDI management with independent and objective ongoing risk assessment and internal control monitoring necessary for policy decisions to assure a healthy and vibrant CDI work environment and effective business practices that value CDI resources. RAC also provides assurance of the Ethics Orientation Training.
The EPRC reports to the Chief Deputy Commissioner and collaborates with CDI Programs to provide timely, professional, and objective services to satisfy customer needs.