aashto guide for enterprise risk management: an overview...overview of the guide • enterprise risk...
TRANSCRIPT
AASHTO Guide for Enterprise Risk Management: An Overview
Tim Henkel, Assistant Commissioner, Mn DOT
NCHRP Project 08-93
Overview of the Guide• Enterprise Risk
Management• Provides documented
benefits• Builds credibility,
transparency • Supports decision making• Complements
performance• Provides consistency and
continuity in services• Minimizes threats,
capitalizes on opportunities
NCHRP 08-93 2
The Path to the Guide
• We reviewed the risk management guides in Australia, New Zealand, Canada, and England
• We reviewed the ISO Standard
• Interviews risk practitioners
• Reviewed private sector examples
NCHRP 08-93 3
Risk as Defined in the Guide
• “Risk is the positive or negative effects of uncertainty or variability upon agency objectives.”
• It includes• Uncertainty• Variability• Threats• Opportunities
4NCHRP 08-93
Guide Presents Risk Management as the Third Pillar
• Asset and performance management drive performance
• Risk management is an enabler
• It identifies, mitigates uncertainty to objectives
5
AssetManagement
PerformanceManagement
RiskManagement
StrategicObjectives
NCHRP 08-93
Guide Addresses Why Manage Risk
• Risks are inevitable• If something is
inevitable, it is irresponsible to ignore it
• We either practice risk management or crisis management
6NCHRP 08-93
Expansion of Risk Management• Risk management used
to be a specialty area for controlling insurance costs
• Now it is a much broader architecture for enhancing corporate competencies
• MAP-21 triggers transportation application
NCHRP 08-93 7
The Guide: Formalizing Risk
• We all generally manage risks now
• Generally, however, application of risk is episodic or limited to specific projects or tasks
• The guide will support agencies in developing a systematic, comprehensive enterprise risk management program
NCHRP 08-93 8
Guide Based on ISO
9
Establish the Context
Manage Risks
Identify Risks
Analyze Risks
Evaluate RisksCo
mm
unic
ate
and
Cons
ult
Mon
itor a
nd R
evie
w
• ISO risk process• ISO is International
Organization of Standards
• Based on earlier Australian framework
• Adopted across Europe and U.S.
• Guide adopts ISO framework
NCHRP 08-93
Elements of the Guide
• For agencies starting with ERM the guide provides a “how to manual”
• Provides draft policies• Gives staff the tools• Illustrates incorporating
risk management into decision making processes.
10
Process
Tools
Policies
NCHRP 08-93
Managing Risk at All Levels• Guide explains how
to cascade risk management to all levels of organization
• Enterprise• Program• Project• Activity
11NCHRP 08-93
Tools for Risk Identification
• Provides strategies to identify risks
• Risks come in many forms
• Guide helps to identify, categorize risks
• This feeds understanding of risks
12NCHRP 08-93
Risk Analysis Tools
13
• Provides scales for scoring the likelihood and consequence of risks
• Creates common scoring system so disparate risks can be compared
NCHRP 08-93
State of the Practice
• Two chapters illustrate application
• Critical review of state of practice
• Examples of risk applied to typical business areas
NCHRP 08-93 14
Advanced Tools
• Risk registers• Delphi Variability
Simulator• Monte Carlo• Decision Trees
NCHRP 08-93 15
Conclusion
• Guide provides a comprehensive framework• Quick Guide provides a brief summary• Chapters provide a “get started” roadmap• Advanced tools support more mature practitioners• The NCHRP Risk Implementation project provides
an opportunity for states to get engaged in implement risk management in their agency.
NCHRP 08-93 16