Presentation is loading. Please wait.

Presentation is loading. Please wait.

FHWA Risk Management Framework – Update 2012

Published byBarnard Cummings Modified over 6 years ago

Similar presentations

Presentation on theme: "FHWA Risk Management Framework – Update 2012"— Presentation transcript:

1 FHWA Risk Management Framework – Update 2012
AASHTO Internal Audit Conference 2012 – Phoenix Denise Daniel Fodera, CMQ/OE Program Management Improvement Team Federal Highway Administration

2 Learning Objectives Identify the components of the ISO risk management structure. Describe the risk management framework used by the Federal Highway Administration Recognize the steps in the risk management process Discuss how FHWA uses risk management in program oversight

3 New Risk Management Framework
Risk Initiatives Affecting FHWA International Risk Scan ISO 31000 OST/FMFIA Risk Tools

4 Risk Management - How Did We Get Here?
2001 Policy Memo Released 2004 Risk Best Practices Review 2006 1st Agency-wide Corporate Risk Management Initiative 2007 Risk Mgmt Planning 2007 User Manual Released 2009/2010 FHWA HQ's Offices conducted risk assessment for the 1st time 2009 Corporate Risk Team formed & a corporate risk approach was developed 2011 Int’l Risk Scan. ISO FMFIA Risk Tools. We are ahead of the game on this. Enterprise Risk Management is all the rage now. Change has been part of the journey for us. 2001 FHWA Policy memo 2004 Risk Best Practices Review st Agency-wide Corporate Risk Mgmt Initiative 2007 Risk Mgmt Planning 2007 User Manual Released 2009 Corporate Risk Team formed & a corporate risk approach was developed. FHWA HQ's Offices conducted risk assessment for the 1st time. 2011 All units completed FMFIA profile, Risk Tracker V1.0 Rolls out, International Scan on risk mgmt 2011 Team formed to update FHWA's Risk Manual & Tools 2012 Updated Framework delivered and deployed

5 International Risk Scan Summary of Findings
RM supports strategic organizational alignment Mature organizations have an explicit RM structure Successful organizations have a culture of RM A wide range of RM tools are in use Use of RM tools for programmatic investment decisions A variety of risk allocation methods are available Active risk communication strategies improve decision making RM enhances knowledge management and workforce development

6 ISO 31000

7 ISO Risk Management Structure
Design and Framework for managing risk Mandate and Commitment Continual improvement of the framework Implementing risk management Monitoring and review of the framework Communication and Consultation Establishing the context Risk Assessment Monitoring and Review Risk Identification Risk Analysis Risk Evaluation Risk Treatment Principles Framework Process

8 FHWA Risk Management Framework
1 - FHWA Risk Directive Design and Framework for managing risk Mandate and Commitment Continual improvement of the framework Implementing risk management Monitoring and review of the framework 2 - Risk Management Timeline 3 - Risk Management Process User Manual 4 - Risk Management Q &A 5 – “Risk Tracker” 6 - Leadership Dashboard Measure

9 FHWA Risk Management Directive
Provides the foundation for Risk Management at FHWA Defines what “risk” means to FHWA Outlines FHWA’s Risk Management Process Applies to all organizational units of FHWA.

10 Risk Management Timeline
Annual Risk Call aligned with release of Final SIP (3/15) Risk Due Date aligned with Unit Plan Due Date (5/31) Quarterly Updates of Status in Risk Tracker OST/FMFIA Unit Risk Profile annual update to be aligned with Risk/Unit Plan (hopefully) OST FMFIA Inherent Risk Assessment annual update to be done at Component Level and aligned with Risk/Unit Plan (hopefully)

11 FHWA Risk Management Process
Each of these steps answers key questions in the risk management process.

12 Step 1: What is the Context?
Internal – anything within the organization that can influence the way in which FHWA will manage risk – mission, objectives, controls, resources, etc. External – key drivers & trends having impact on objectives of the organization, relationships with, perceptions & values of external stakeholders. Risk Management - Are you reassessing previously identified risks or identifying emergent risks? Who will assess what Program Areas? Will it be done individually, in teams or as an office? With input from your partners? Context Slide. Indentify the Context. This is the step in the Risk Management Process during which you plan the process, determine what program areas, National Performance Objectives and Initiatives will be considered, gather supporting documents, understand the assessment criteria, and determine the approach that you will use. This step was previously called “Gather information about your Risks” Another way of thinking about Context is asking what is the scope, selecting the Program Areas and/or Core Elements within those areas, determining what NPO and Initiatives will be assessed, take into account the Internal and External factors that should be considered. Internal context is the internal environment in which FHWA seeks to achieve its objectives. Examples include office structure; policies, programs & organization goals & objectives, organizational capacity, Information systems etc. External context is the external environment in which FHWA seeks to achieve its objectives. Examples include political, legal, regulatory, financial etc. Gather supporting documents, this includes past risk management plans and risk assessment, the SIP, office or Division specific business plan, SWOTS or Program Assessments. Also the Federal Manager Financial Integrity Act (FMFIA) Unit Risk Profile FHWA has adopted updated Impact and Likelihood Criteria that are discussed later and are included in both the manual and RM Tools Workbook that is available at the RM SharePoint site. Risk Management –In this step, also determine if this will be a new Risk Assessment or a reassessment, Are you reassessing previously identified risks or identifying emergent risks? decide who will assess what Program Areas and what SIP NPOs, will it be done individually or as teams or as an office, will there be input from your partners, such as the DOT. Plan how the follow steps will be followed; what tools from the Tool Workbook will you use. It is understood that the plan may be modified as you move through it, but it is very help to begin the process knowing the context and parameters of the assessment. Context answers the key questions… (use key questions from user manual) Identify the Context Identify Risks Prioritize Risks Plan and Execute Response Strategies Monitor, Evaluate, and Adjust Communication and Consultation occur at each step Analyze the Risks Assess Impact Assess Likelihood Risk Assessment

13 OST/FMFIA Risk Profile (Part of Your “Context”)
Required by and Reported to OST as part of the FMFIA Assurance. Document the Unit’s Internal Controls Completed by all “Assessable Units”, including the Division Offices Integrated into our annual Risk Management Cycle A Key Part of Step 1: Setting the Context Now Managed by the OCFO in Coordination with the PMI Team

14 OST/FMFIA Inherent Risk Assessment (Part of Your “Context”)
Required by and Reported to OST as part of the FMFIA Assurance. Assess the high-level “inherent” risk of the Component or Unit Completed at the “Component” level for FHWA. DA Council to Complete One on Behalf of the Division Offices Integrated into our annual Risk Management Cycle A Key Part of Step 1: Setting the Context Managed by the OCFO in Coordination with the PMI Team

15 Step 2: Identify the Risks
When identifying risks consider your key objectives: Organizational Objectives in the SIP that affect your Unit Local Unit Objectives Program Objectives (Planning, Environment , ROW etc.) Project Objectives Ask – What Are the Risks to Meeting My Objectives? Brainstorm with the “Right” Folks answers the key questions…(use key questions from user manual) In the appendix of the 2012 User Manual a Crosswalk for Program Areas, Core Elements, and national performance objectives and national initiatives has been included for your use. Please note that the national objectives and initiatives are updated annually. Identify the Context Identify Risks Prioritize Risks Plan and Execute Response Strategies Monitor, Evaluate, and Adjust Communication and Consultation occur at each step Analyze the Risks Assess Impact Assess Likelihood Risk Assessment

16 Step 3: Analyze the Risks (Impact)
Scale 4 - Catastrophic 3 - Major 2 - Moderate 1 - Minor 0 - Insignificant Criteria Financial Reputation Business Operations Legal & Compliance Infrastructure Assets Resources & Efforts Req. Environment & Culture Safety Impact Matrix is included in the appendix of the 2012 User Manual The scale is that used by OST. Criteria come from the impacts seen, the OST definitions, the Corporate risk assessment, and what has been seen internationally. FHWA plans to do some leadership validation of these criteria. Identify the Context Identify Risks Prioritize Risks Plan and Execute Response Strategies Monitor, Evaluate, and Adjust Communication and Consultation occur at each step Analyze the Risks Assess Impact Assess Likelihood Risk Assessment

17

18 Step 3: Analyze the Risks (Likelihood)
Scale 4 - Almost Certain 3 - Likely 2 - Possible 1 - Unlikely Criteria Staffing Operational Procedures Guidance Problem History New Program Complexity Criteria Outside Control/Influence Fraud, Waste, Abuse Workforce Development/Training FHWA Involvement Consultant Use Scale is that used by OST. Criteria are those we have always been using. Identify the Context Identify Risks Prioritize Risks Plan and Execute Response Strategies Monitor, Evaluate, and Adjust Communication and Consultation occur at each step Analyze the Risks Assess Impact Assess Likelihood Risk Assessment

19

20 Step 4: Prioritize the Risks
Start with an “Expected Value” calculation (Impact Rating X Likelihood Rating) Locate the Risks on the Heat Map - a graphical plot to represent the relative placement of risks Adjust Risk Ratings (Top, High, Medium, Low) based on LEADERSHIP VALIDATION Heat Map Tool Slide 1 A graphical plot or visual tool used to represent the relative placement of risks. The expected value of the risk determines its location. For example, on a grid, a catastrophic impact and almost certain likelihood risk would be in the upper right quadrant. The heat map can also be used to indicate risk tolerance or residual risk. Where leadership deviates from the calculated ratings, this should be documented. Identify the Context Identify Risks Prioritize Risks Plan and Execute Response Strategies Monitor, Evaluate, and Adjust Communication and Consultation occur at each step Analyze the Risks Assess Impact Assess Likelihood Risk Assessment

21 Heat Map Too slide 2 Describe the tool, Y axis is Impact and the Scale 1-4 and X axis along the top row is Likelihood scale. This Heat Map is an available tool and not required. It is included in the Manual and in the RM Tools Workbook. Placing an office or Divisions EVs on the Heat Map will show a number of things, that could include, clustering of risks in one area, risks of one program to another, bias in scorers. This tool is most helpful to provide a visual summary of some of the key elements of the Risk Register. Created to improve communication and understanding of the relationship between Assessed Risks. How to use this Tool: Multiply the values from the risk impact and likelihood assessments. Using the values from the impact and likelihood matrices will give a maximum value of 16 and a minimum value of one. This is your risk "expected value." Use the expected value to sort your risks and help with risk prioritization. Use your expected values and prioritization to decide which risks require response strategies.

22 Step 5: Execute Response Strategies
Your Approach to Treating the Risks Response Strategy Type: Avoid Enhance Mitigate Transfer Accept Identify the Context Identify Risks Prioritize Risks Plan and Execute Response Strategies Monitor, Evaluate, and Adjust Communication and Consultation occur at each step Analyze the Risks Assess Impact Assess Likelihood Risk Assessment

23 Step 6: Monitor Evaluate and Adjust (Risk Tracker)
Identify the Context Identify Risks Prioritize Risks Plan and Execute Response Strategies Monitor, Evaluate, and Adjust Communication and Consultation occur at each step Analyze the Risks Assess Impact Assess Likelihood Risk Assessment

24 Step 6: Monitor Evaluate and Adjust (Leadership Dashboard)
DF Identify the Context Identify Risks Prioritize Risks Plan and Execute Response Strategies Monitor, Evaluate, and Adjust Communication and Consultation occur at each step Analyze the Risks Assess Impact Assess Likelihood Risk Assessment

25 Questions? Mike Graf michael.graf@fhwa.dot.gov 404-562-3578
Daniel Fodera

Download ppt "FHWA Risk Management Framework – Update 2012"

Similar presentations

AASHTO Internal Audit Conference 2012 – Phoenix Daniel Fodera, CMQ/OE Program Management Improvement Team Federal Highway Administration.

AASHTO Internal Audit Conference 2012 – Phoenix Daniel Fodera, CMQ/OE Program Management Improvement Team Federal Highway Administration.
Risk Management at Harvard – Panel Discussion Harvard IT Summit

Risk Management at Harvard – Panel Discussion Harvard IT Summit
Risk and RACI: Defining Clear Roles

Risk and RACI: Defining Clear Roles
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
Service Design – Section 4.5 Service Continuity Management.

Service Design – Section 4.5 Service Continuity Management.
Office of the Secretary of Defense – Comptroller Financial Improvement and Audit Readiness Directorate Unclassified 17 September 2014 GAO Revised “Green.

Office of the Secretary of Defense – Comptroller Financial Improvement and Audit Readiness Directorate Unclassified 17 September 2014 GAO Revised “Green.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.

Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.
Enterprise Risk Management in DHHS

Enterprise Risk Management in DHHS
Corporate Ethics Compliance *

Corporate Ethics Compliance *
Transportation leadership you can trust. presented to NCHRP Project 20-60 Panel presented by Cambridge Systematics, Inc. with PB Consult Inc. Texas Transportation.

Transportation leadership you can trust. presented to NCHRP Project Panel presented by Cambridge Systematics, Inc. with PB Consult Inc. Texas Transportation.
Basics of OHSAS Occupational Health & Safety Management System

Basics of OHSAS Occupational Health & Safety Management System
Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the Preface to the Standards on Internal.

Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.
ISO 9001:2008 to ISO 9001:2015 Summary of Changes

ISO 9001:2008 to ISO 9001:2015 Summary of Changes
1 Introducing Enterprise Risk Management (ERM) - The KOC Experience November 2012 Khaled Al-Awadhi Risk Management Team Kuwait Oil Company.

1 Introducing Enterprise Risk Management (ERM) - The KOC Experience November 2012 Khaled Al-Awadhi Risk Management Team Kuwait Oil Company.
©2000 Bank for International Settlements 1 F I N A N C I A L S T A B I L I T Y I N S T I T U T E BANK FOR INTERNATIONAL SETTLEMENTS On-site Examination.

©2000 Bank for International Settlements 1 F I N A N C I A L S T A B I L I T Y I N S T I T U T E BANK FOR INTERNATIONAL SETTLEMENTS On-site Examination.
1 Planning and Programming for Effective Use of External Audit Resources Victor Rezendes Managing Director Strategic Issues U.S. General Accounting Office.

1 Planning and Programming for Effective Use of External Audit Resources Victor Rezendes Managing Director Strategic Issues U.S. General Accounting Office.
Company LOGO. Company LOGO PE, PMP, PgMP, PME, MCT, PRINCE2 Practitioner.

Company LOGO. Company LOGO PE, PMP, PgMP, PME, MCT, PRINCE2 Practitioner.
Implementing Program Management Standards at Duke Energy.

Implementing Program Management Standards at Duke Energy.
Alex Ezrakhovich Process Approach for an Integrated Management System Change driven.

Alex Ezrakhovich Process Approach for an Integrated Management System Change driven.

Similar presentations

Ads by Google