Enabling Governance, Resilience, Assurance, and Accountability in the Federal Enterprise – Introducing the DVMS
Rick Lemieux – Co-Founder and Chief Product Officer of the DVMS Institute
In an increasingly digital and interconnected world, federal agencies must not only comply with governance standards but also demonstrate resilience, operational integrity, and transparency in real time. The Digital Value Management System (DVMS) offers a unified and adaptable overlay system that enables Federal Government Digital Governance Leaders to uphold the principles of Governance, Resilience, Assurance, and Accountability (GRAA). Based on the mandates and expectations of OMB Circular A-11 (Preparation, Submission, and Execution of the Budget) and Circular A-4 (Regulatory Analysis), the DVMS transforms traditional governance practices into dynamic, data-driven systems of evidence and continuous assurance. It operationalizes what the Assurance Mandate white paper from the DVMS Institute describes as “governing by evidence” — turning compliance into confidence and oversight into measurable performance.
Governance: Aligning Strategic Intent with Operational Integrity
Governance within federal agencies has traditionally been guided by OMB Circular A-11, which sets the foundation for evidence-based planning, budgeting, and performance management. It requires agencies to connect mission objectives, financial management, and program delivery into a unified management system that links resources to outcomes, ensuring that economic and programmatic goals are met effectively and transparently.
The DVMS translates policy priorities into actionable steps. It serves as a governance layer, connecting strategic policy objectives to operational performance through its Create–Protect–Deliver (CPD) model. The CPD cycle ensures that each governance goal (“Create value”), protective measure (“Protect value”), and operational outcome (“Deliver value”) is supported by measurable evidence. Using an overlay like Minimum Viable Capabilities (MVC) and the QO–QM (Question Outcome–Question Metric) method, the DVMS converts broad policy directives from OMB circulars into specific operational indicators.
This approach updates governance by creating a living system of intent and evidence, allowing federal leaders to track how strategy, resources, and results align. Instead of relying solely on reports or checklists, governance becomes active, constantly monitored, assessed, and improved through data-driven insights. In essence, the DVMS helps leaders fulfill the core of Circular A-11’s evidence-based management and accountable oversight.
Resilience: Measuring Adaptive Capacity Across Digital Ecosystems
Resilience — the ability to maintain operations and mission performance under stress — has become a key requirement for federal digital governance. Circular A-11 requires agencies to incorporate risk management, performance, and contingency planning into their operational strategies, ensuring that government services remain stable during disruptions.
The DVMS defines resilience as a measurable system trait. Using real-time dashboards, automation, and AI-driven analytics, the DVMS turns resilience from a vague concept into a concrete, constantly validated metric. By combining data from enterprise systems, risk controls, and performance frameworks, the system allows Digital Governance Leaders to track their agency’s adaptive capacity in real time.
This capability directly supports the federal move toward integrating ongoing risk and performance management, replacing fixed reporting cycles with adaptable governance loops. The DVMS’s continual feedback system allows agencies to test and enhance operational resilience in both simulated and real conditions, ensuring readiness for cyber incidents, financial disturbances, or operational crises.
In doing so, the DVMS enables what The Assurance Mandate describes as Resilience by Design — the capacity to create, protect, and deliver value under pressure, with evidence to support it. This shift enables federal agencies to transition from reactive recovery to proactive adaptation, aligning with the resilience expectations embedded in modern governance frameworks.
Assurance: Governing by Evidence, Not Assertion
While compliance ensures adherence, assurance offers confidence — the ability to demonstrate, through evidence, that policies, controls, and systems are functioning as intended. Circular A-11, A-123, and A-4 both stress this principle. A-11 and A-123 requires agencies to use performance evidence to support accountability and budget decisions. At the same time, the 2025 Circular A-4 Policy Brief emphasizes the importance of “peer review and reasoned analysis” to ensure objectivity and evidence-based decision-making.
The DVMS exemplifies this new Assurance Mandate by transforming frameworks such as NIST CSF, ISO 27001, ITIL, and COBIT from static compliance checklists into dynamic systems of assurance evidence. Every control, process, and outcome within DVMS generates verifiable data that shows whether governance goals are being met.
In the federal ecosystem, this means executives can demonstrate — not just declare — that their programs meet performance, financial, and risk management standards. Automated assurance reporting links operational data to policy goals, offering continuous visibility into the agency’s “state of control.” This satisfies the OMB A-11 and A-123 requirement that agencies “demonstrate effective use of data to improve mission performance” and aligns with federal risk management and oversight standards that call for strong diagnostic and reporting frameworks to enable proactive portfolio management.
By embedding assurance into every operational layer, DVMS transforms oversight from a burden into a strategic advantage. Rather than preparing periodic reports for auditors, agencies can continuously assure stakeholders, Congress, OMB, and the public that their operations are effective, secure, and aligned with their mission. As The Assurance Mandate notes, “compliance brought us here; assurance takes us forward.”
Accountability: Closing the Loop Between Governance and Trust
Accountability — the fourth pillar of GRAA — guarantees that governance and assurance results are tangible and linked to trust. Under the Government Performance and Results Act (GPRA) Modernization Act of 2010, reinforced by OMB Circular A-11, agencies are required to incorporate performance management and evidence-based decision-making into their processes to promote transparency and accountability to the public.
The DVMS enhances accountability by integrating traceability into every governance function. It connects decisions, actions, and outcomes through a digital chain of evidence, enabling leaders to see not only what was done but also why it was done and how it supports mission objectives. This digital traceability meets federal oversight expectations for accountable lines of authority and independent risk management, ensuring that each outcome can be traced back to a responsible individual or system process.
Furthermore, the DVMS improves public accountability by providing evidence-based reports that can be shared with oversight agencies and the general public. In doing so, it supports the OMB’s goal of “data-driven transparency,” enhancing trust in federal agencies. In the DVMS model, accountability is not punitive; it is constructive and ongoing, promoting improvement through feedback, analytics, and learning.
Governing by Confidence: From Compliance to Capability
Perhaps the most transformative aspect of DVMS is its ability to change how governance leaders think about control. Traditional Governance, Risk, and Compliance (GRC) models focus on avoiding failure; the DVMS-enabled Governance, Resilience, Assurance, and Accountability (GRAA) model focuses on demonstrating capability.
The Assurance Mandate clarifies that compliance measures maturity, while assurance measures capability. The Dynamic Verification Management System (DVMS) facilitates this transition by substituting static compliance documents with dynamic assurance evidence. This approach not only satisfies the analytical standards set by Circular A-4 and the accountability principles outlined in A-11 and A-123, but it also empowers leaders to cultivate governance cultures based on confidence, where data and evidence foster trust both internally and externally.
In this model, oversight is ongoing, resilience can be measured, and accountability is verifiable. By combining governance, operations, and assurance into a single system, DVMS transforms the federal agency into a digitally confident enterprise — one that leads with integrity, agility, and transparency.
The Future of Federal Governance is Assured
The Digital Value Management System marks a significant advancement in how federal agencies fulfill their missions. By adhering to OMB’s modern governance directives, DVMS enables Digital Governance Leaders to implement the GRAA model, ensuring transparent governance, measurable resilience, ongoing assurance, and verifiable accountability. Moreover, DVMS offers Federal agencies a robust framework for developing effective internal control systems that enhance operations, reporting, and compliance. It empowers agency leaders to establish and maintain these controls while regularly assessing their effectiveness in accordance with the guidelines outlined in OMB Circular No. A-123.
Through DVMS, federal leaders can meet the expectations of OMB Circulars A-11, A123, and A-4 — not just by following their words but by embodying their purpose: to create a government that governs with evidence, adapts with resilience, assures with confidence, and leads with accountability. In this era of digital disruption, this is not merely about compliance — it is about leadership through assurance.
The future of federal governance, as The Assurance Mandate concludes, “is not about managing risk; it’s about proving resilience.” DVMS provides the federal enterprise with the tools to do just that — continuously, transparently, and credibly — transforming governance from a periodic audit into a dynamic system of trust.
About the Author
Rick Lemieux
Co-Founder and Chief Product Officer of the DVMS Institute
Rick has 40+ years of passion and experience creating solutions to give organizations a competitive edge in their service markets. In 2015, Rick was identified as one of the top five IT Entrepreneurs in the State of Rhode Island by the TECH 10 awards for developing innovative training and mentoring solutions for boards, senior executives, and operational stakeholders.
DVMS Cyber Resilience Professional Accredited Certification Training
Designing an Overlay System for Governing Cyber Resilience Through Assured Evidence and Transparent Accountability (GRAA) Across Complex Digital Ecosystems
From Visibility to Viability – The Dual Pillars of Cyber Resilience
Explainer Video – The Dual Pillars of Cyber Resilience
As enterprises accelerated their adoption of complex, cloud-native architectures, they encountered a new order of complexity. Infrastructure dissolved into services, workloads became ephemeral, and security boundaries blurred. In that environment, Wiz emerged as a transformational force in cloud technical security, offering radical visibility and risk prioritization across multi-cloud ecosystems.
At the same time, a broader and more consequential challenge emerged, one that extends well beyond isolated technical misconfigurations or discrete vulnerabilities.
Modern organizations function as dynamic, highly interconnected digital ecosystems shaped by siloed frameworks, technologies, applications, processes, data flows, and human actors, all operating in continuous interaction. Within this complexity, risks and outcomes are not confined to individual components; they arise from the relationships and dependencies between them.
This is the domain in which the Digital Value Management System® (DVMS) operates.
While Wiz redefined how organizations see and secure cloud environments, DVMS is redefining how enterprises govern, assure, and account for cyber resilience as an integrated dimension of digital business performance.
The Digital Value Management System® (DVMS)
Explainer Video – What is a Digital Value Management System (DVMS)
The DVMS is an overlay management system that governs cyber resilience through assured evidence and transparent accountability (GRAA) across complex digital systems.
At its core, the DVMS is a simple but powerful integration of:
- Governance Intent – shared expectations and accountabilities
- Operational Capabilities – how the digital business performs under stress
- Assurance Evidence – proof that outcomes are achieved and accountable
- Cultural Learning – for governance and operational fine-tuning
The DVMS GRAA Engine
Explainer Video – How a DVMS GRAA Engine Works
The overlay GRAA engine is powered by four DVMS models:
Create, Protect, and Deliver (CPD) – The CPD Model™ is a systems-based model within the DVMS that links strategy-risk and governance to execution to create, protect, and deliver digital business value as an integrated, continuously adaptive capability.
Minimum Viable Capabilities (MVC) – The Minimum Viable Capabilities (MVCs) model supports the seven essential, system-level organizational capabilities—Govern, Assure, Plan, Design, Change, Execute, and Innovate—required to reliably create, protect, and deliver digital business value in alignment with strategy-risk intent.
3D Knowledge (3DK) – The 3D Knowledge Model is a systems-thinking framework that maps team knowledge over time (past, present, future), cross-team collaboration, and alignment to strategic intent to ensure that organizational behavior, learning, and execution remain integrated and adaptive in delivering digital business value.
Question Outcome / Question Metric (QO/QM) – The QO/QM approach supports governance as testable intent by defining a clear Question Outcome (QO), the specific value or resilience condition that must be true at a given boundary, and pairing it with one or more Question Metrics (QM) that provide observable, decision-relevant evidence that the system can actually create, protect, and deliver that outcome under complex, living system operating conditions
The models then work together to operationalize the capabilities below that will govern the organization’s cyber resilience through assured evidence and transparent accountability
A Governance Overlay that replaces fragmentation with unity. The DVMS provides organizations with a structured way to connect strategy with day-to-day execution. Leaders gain a consistent mechanism to direct, measure, and validate performance across every system responsible for digital value.
A Behavioral Engine that drives high-trust, high-velocity decision-making. The DVMS embeds decision models and behavioral patterns that help teams think clearly and act confidently, even in uncertain situations. It is engineered to reduce friction, prevent blame-based cultures, and strengthen organizational reliability.
A Learning System that makes culture measurable, adaptable, and scalable. Culture becomes a managed asset—not an abstract concept. The DVMS provides a repeatable way to observe behavior, collect evidence, learn from outcomes, and evolve faster than threats, disruptions, or market shifts.
DVMS Benefits – Organizational and Leadership
Explainer Video – DVMS Organization and Leadership Benefits
Instead of replacing existing operational frameworks and platforms, the DVMS elevates them, connecting and contextualizing their data into actionable intelligence that enables organizations to:
- Maintain Operational Stability Amidst Constant Digital Disruption
- Deliver Digital Value and Trust Across Complex Digital Ecosystems
- Satisfy Critical Regulatory and Certification Requirements
- Leverage Cyber Resilience as a Competitive Advantage
For the CEO, the DVMS provides a clear line of sight between digital operations, business performance, and strategic outcomes—turning governance and resilience into enablers of growth and innovation rather than cost centers.
For the Board of Directors, the DVMS provides ongoing assurance that the organization’s digital assets, operations, and ecosystem are governed, protected, and resilient—supported by evidence-based reporting that directly links operational integrity to enterprise value and stakeholder trust.
For the CIO, CRO, CISO, and Auditors, the DVMS provides a unified approach to organizational digital value management, operational resilience, and regulatory compliance.
DVMS – Accredited Certification Training Programs
Explainer Video – The DVMS Training Pathway to Cyber Resilience
The DVMS Institute’s certification training programs equip leaders, practitioners, and employees with the skills to build a management architecture for governing, assuring, and accounting for resilience in complex digital ecosystems.
Through structured learning, applied certification, and authoritative publications, the Institute teaches a disciplined, outcome-driven approach to managing resilience as an integrated dimension of digital business performance.
DVMS Cyber Resilience Awareness Training
The DVMS Cyber Resilience Awareness non-certification course and its accompanying body of knowledge publication educate all employees on the fundamentals of digital business, its associated risks, the NIST Cybersecurity Framework, and their role within a shared model of governance, resilience, assurance, and accountability for resilience in complex digital ecosystems.
DVMS NISTCSF Cyber Resilience Foundation Certification Training
The DVMS NISTCSF Cyber Resilience Foundation certification training course and its accompanying body of knowledge publications provide ITSM, GRC, Cybersecurity, and Business professionals with a detailed understanding of the NIST Cybersecurity Framework and its role in a shared model of governance, resilience, assurance, and accountability for achieving resilience in complex digital ecosystems.
DVMS Cyber Resilience Practitioner Certification Training
The DVMS Practitioner certification training course and its accompanying body of knowledge publications teach ITSM, GRC, Cybersecurity, and Business practitioners how to build a unified governance, resilience, assurance, and accountability system designed to operationalize resilience in complex digital ecosystems.
Launching A DVMS Program
Explainer Video – Scaling a DVMS Program
The DVMS FastTrack is a phased, iterative approach that helps organizations mature a DVMS program over time, rather than trying to do everything simultaneously. This approach breaks the DVMS journey into manageable phases of success.
It all starts with selecting the first digital service you want to make resilient. That service then becomes the blueprint for operationalizing resilience across the remaining digital services.
DVMS Institute White Papers – The Assurance Mandate Series
Explainer Video – From Compliance Rituals to Evidence-Based Resilience
The whitepapers below present a clear progression from compliance-driven thinking to a modern system of Governance, Resilience, Assurance, and Accountability (GRAA). Together, they define an evidence-based approach to building and governing resilient digital enterprises.
The Assurance Mandate Paper explains why traditional compliance artifacts offer reassurance, not proof, and challenges boards to demand evidence that value can be created, protected, and delivered under stress.
The Assurance in Action Paper shows how DVMS turns intent into execution by translating outcomes into Minimum Viable Capabilities, aligning frameworks through the Create–Protect–Deliver model, and producing measurable assurance evidence of real performance.
The Governing by Assurance Paper extends this model to policy and regulation, positioning DVMS as a learning overlay that links governance intent, operational capability, and auditable evidence—enabling outcome-based governance and proof of resilience through measurable performance data.
Company Brochures and Presentation
Explainer Videos
- DVMS Architecture Video: David Moskowitz explains the DVMS System
- DVMS Case Study Video: Dr. Joseph Baugh Shares His DVMS Story.
- DVMS Overlay Model – What is an Overlay Model
- DVMS MVC ZX Model – Powers the CPD
- DVMS CPD Model – Powers DVMS Operations
- DVMS 3D Knowledge Model – Powers the DVMS Culture
- DVMS FastTrack Model – Enables A Phased DVMS Adoption
Digital Value Management System® is a registered trademark of the DVMS Institute LLC.
® DVMS Institute 2025 All Rights Reserved
