1 / 25

FHWA Risk Management Framework – Update 2012

AASHTO Internal Audit Conference 2012 – Phoenix . FHWA Risk Management Framework – Update 2012 . Daniel Fodera, CMQ/OE Program Management Improvement Team Federal Highway Administration. Learning Objectives. Identify the components of the ISO risk management structure.

rory
Download Presentation

FHWA Risk Management Framework – Update 2012

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AASHTO Internal Audit Conference 2012 – Phoenix FHWA Risk Management Framework – Update 2012 Daniel Fodera, CMQ/OE Program Management Improvement Team Federal Highway Administration

  2. Learning Objectives • Identify the components of the ISO risk management structure. • Describe the risk management framework used by the Federal Highway Administration • Recognize the steps in the risk management process • Discuss how FHWA uses risk management in program oversight

  3. New Risk Management Framework • Risk Initiatives Affecting FHWA • International Risk Scan • ISO 31000 • OST/FMFIA Risk Tools

  4. Risk Management - How Did We Get Here?

  5. International Risk ScanSummary of Findings • RM supports strategic organizational alignment • Mature organizations have an explicit RM structure • Successful organizations have a culture of RM • A wide range of RM tools are in use • Use of RM tools for programmatic investment decisions • A variety of risk allocation methods are available • Active risk communication strategies improve decision making • RM enhances knowledge management and workforce development

  6. ISO 31000

  7. ISO Risk Management Structure Establishing the context Mandate and Commitment Design and Framework for managing risk Principles Risk Identification Risk Assessment Risk Analysis Monitoring and Review Communication and Consultation Continual improvement of the framework Implementing risk management Risk Evaluation Risk Treatment Monitoring and review of the framework Principles Framework Process

  8. FHWA Risk Management Framework Mandate and Commitment Design and Framework for managing risk 1 - FHWA Risk Directive 2 - Risk Management Timeline 3 - Risk Management Process User Manual Continual improvement of the framework Implementing risk management 4 - Risk Management Q &A 5 – “Risk Tracker” Monitoring and review of the framework 6 - Leadership Dashboard Measure

  9. FHWA Risk Management Directive Provides the foundation for Risk Management at FHWA Defines what “risk” means to FHWA Outlines FHWA’s Risk Management Process Applies to all organizational units of FHWA.

  10. Risk Management Timeline Annual Risk Call aligned with release of Final SIP (3/15) Risk Due Date aligned with Unit Plan Due Date (5/31) Quarterly Updates of Status in Risk Tracker OST/FMFIA Unit Risk Profile annual update to be aligned with Risk/Unit Plan (hopefully) OST FMFIA Inherent Risk Assessment annual update to be done at Component Level and aligned with Risk/Unit Plan (hopefully)

  11. FHWA Risk Management Process

  12. Step 1: What is the Context? • Internal – anything within the organization that can influence the way in which FHWA will manage risk – mission, objectives, controls, resources, etc. • External – key drivers & trends having impact on objectives of the organization, relationships with, perceptions & values of external stakeholders. • Risk Management - Are you reassessing previously identified risks or identifying emergent risks? Who will assess what Program Areas? Will it be done individually, in teams or as an office? With input from your partners? Analyze the Risks Identify the Context Identify Risks Prioritize Risks Plan and Execute Response Strategies Monitor, Evaluate, and Adjust Assess Impact Assess Likelihood Risk Assessment Communication and Consultation occur at each step

  13. OST/FMFIA Risk Profile(Part of Your “Context”) • Required by and Reported to OST as part of the FMFIA Assurance. Document the Unit’s Internal Controls • Completed by all “Assessable Units”, including the Division Offices • Integrated into our annual Risk Management Cycle • A Key Part of Step 1: Setting the Context • Now Managed by the OCFO in Coordination with the PMI Team

  14. OST/FMFIA Inherent Risk Assessment (Part of Your “Context”) • Required by and Reported to OST as part of the FMFIA Assurance. Assess the high-level “inherent” risk of the Component or Unit • Completed at the “Component” level for FHWA. DA Council to Complete One on Behalf of the Division Offices • Integrated into our annual Risk Management Cycle • A Key Part of Step 1: Setting the Context • Managed by the OCFO in Coordination with the PMI Team

  15. Step 2: Identify the Risks • When identifying risks consider your key objectives: • Organizational Objectives in the SIP that affect your Unit • Local Unit Objectives • Program Objectives (Planning, Environment , ROW etc.) • Project Objectives • Ask – What Are the Risks to Meeting My Objectives? • Brainstorm with the “Right” Folks Analyze the Risks Identify the Context Identify Risks Prioritize Risks Plan and Execute Response Strategies Monitor, Evaluate, and Adjust Assess Impact Assess Likelihood Risk Assessment Communication and Consultation occur at each step

  16. Step 3: Analyze the Risks (Impact) • Scale • 4 - Catastrophic • 3 - Major • 2 - Moderate • 1 - Minor • 0 - Insignificant • Criteria • Financial • Reputation • Business Operations • Legal & Compliance • Infrastructure Assets • Resources & Efforts Req. • Environment & Culture • Safety Analyze the Risks Identify the Context Identify Risks Prioritize Risks Plan and Execute Response Strategies Monitor, Evaluate, and Adjust Assess Impact Assess Likelihood Risk Assessment Communication and Consultation occur at each step

  17. Step 3: Analyze the Risks (Likelihood) • Criteria • Staffing • Operational Procedures • Guidance • Problem History • New Program • Complexity • Scale • 4 - Almost Certain • 3 - Likely • 2 - Possible • 1 - Unlikely • Criteria • Outside Control/Influence • Fraud, Waste, Abuse • Workforce Development/Training • FHWA Involvement • Consultant Use Analyze the Risks Identify the Context Identify Risks Prioritize Risks Plan and Execute Response Strategies Monitor, Evaluate, and Adjust Assess Impact Assess Likelihood Risk Assessment Communication and Consultation occur at each step

  18. Step 4: Prioritize the Risks • Start with an “Expected Value” calculation (Impact Rating X Likelihood Rating) • Locate the Risks on the Heat Map - a graphical plot to represent the relative placement of risks • Adjust Risk Ratings (Top, High, Medium, Low) based on LEADERSHIP VALIDATION Analyze the Risks Identify the Context Identify Risks Prioritize Risks Plan and Execute Response Strategies Monitor, Evaluate, and Adjust Assess Impact Assess Likelihood Risk Assessment Communication and Consultation occur at each step

  19. Step 5: Execute Response Strategies • Your Approach to Treating the Risks • Response Strategy Type: • Avoid • Enhance • Mitigate • Transfer • Accept Analyze the Risks Identify the Context Identify Risks Prioritize Risks Plan and Execute Response Strategies Monitor, Evaluate, and Adjust Assess Impact Assess Likelihood Risk Assessment Communication and Consultation occur at each step

  20. Step 6: Monitor Evaluate and Adjust (Risk Tracker) Analyze the Risks Identify the Context Identify Risks Prioritize Risks Plan and Execute Response Strategies Monitor, Evaluate, and Adjust Assess Impact Assess Likelihood Risk Assessment Communication and Consultation occur at each step

  21. Step 6: Monitor Evaluate and Adjust (Leadership Dashboard) Analyze the Risks Identify the Context Identify Risks Prioritize Risks Plan and Execute Response Strategies Monitor, Evaluate, and Adjust Assess Impact Assess Likelihood Risk Assessment Communication and Consultation occur at each step

  22. Questions? Mike Graf michael.graf@fhwa.dot.gov 404-562-3578 Daniel Fodera daniel.fodera@fhwa.dot.gov 404-562-3672

More Related