AASHTO Guide for Enterprise Risk Management: An Overview

Tim Henkel, Assistant Commissioner, Mn DOT

NCHRP Project 08-93

Overview of the Guide• Enterprise Risk

Management• Provides documented

benefits• Builds credibility,

transparency • Supports decision making• Complements

performance• Provides consistency and

continuity in services• Minimizes threats,

capitalizes on opportunities

NCHRP 08-93 2

The Path to the Guide

• We reviewed the risk management guides in Australia, New Zealand, Canada, and England

• We reviewed the ISO Standard

• Interviews risk practitioners

• Reviewed private sector examples

NCHRP 08-93 3

Risk as Defined in the Guide

• “Risk is the positive or negative effects of uncertainty or variability upon agency objectives.”

• It includes• Uncertainty• Variability• Threats• Opportunities

4NCHRP 08-93

Guide Presents Risk Management as the Third Pillar

• Asset and performance management drive performance

• Risk management is an enabler

• It identifies, mitigates uncertainty to objectives

5

AssetManagement

PerformanceManagement

RiskManagement

StrategicObjectives

NCHRP 08-93

Guide Addresses Why Manage Risk

• Risks are inevitable• If something is

inevitable, it is irresponsible to ignore it

• We either practice risk management or crisis management

6NCHRP 08-93

Expansion of Risk Management• Risk management used

to be a specialty area for controlling insurance costs

• Now it is a much broader architecture for enhancing corporate competencies

• MAP-21 triggers transportation application

NCHRP 08-93 7

The Guide: Formalizing Risk

• We all generally manage risks now

• Generally, however, application of risk is episodic or limited to specific projects or tasks

• The guide will support agencies in developing a systematic, comprehensive enterprise risk management program

NCHRP 08-93 8

Guide Based on ISO

9

Establish the Context

Manage Risks

Identify Risks

Analyze Risks

Evaluate RisksCo

mm

unic

ate

and

Cons

ult

Mon

itor a

nd R

evie

w

• ISO risk process• ISO is International

Organization of Standards

• Based on earlier Australian framework

• Adopted across Europe and U.S.

• Guide adopts ISO framework

NCHRP 08-93

Elements of the Guide

• For agencies starting with ERM the guide provides a “how to manual”

• Provides draft policies• Gives staff the tools• Illustrates incorporating

risk management into decision making processes.

10

Process

Tools

Policies

NCHRP 08-93

Managing Risk at All Levels• Guide explains how

to cascade risk management to all levels of organization

• Enterprise• Program• Project• Activity

11NCHRP 08-93

Tools for Risk Identification

• Provides strategies to identify risks

• Risks come in many forms

• Guide helps to identify, categorize risks

• This feeds understanding of risks

12NCHRP 08-93

Risk Analysis Tools

13

• Provides scales for scoring the likelihood and consequence of risks

• Creates common scoring system so disparate risks can be compared

NCHRP 08-93

State of the Practice

• Two chapters illustrate application

• Critical review of state of practice

• Examples of risk applied to typical business areas

NCHRP 08-93 14

Advanced Tools

• Risk registers• Delphi Variability

Simulator• Monte Carlo• Decision Trees

NCHRP 08-93 15

Conclusion

• Guide provides a comprehensive framework• Quick Guide provides a brief summary• Chapters provide a “get started” roadmap• Advanced tools support more mature practitioners• The NCHRP Risk Implementation project provides

an opportunity for states to get engaged in implement risk management in their agency.

NCHRP 08-93 16