FHWA RISK MANAGEMENT FRAMEWORK UPDATE 2012 AASHTO Internal
- Slides: 25
FHWA RISK MANAGEMENT FRAMEWORK – UPDATE 2012 AASHTO Internal Audit Conference 2012 – Phoenix Daniel Fodera, CMQ/OE Program Management Improvement Team Federal Highway Administration
Learning Objectives Identify the components of the ISO risk management structure. Describe the risk management framework used by the Federal Highway Administration Recognize the steps in the risk management process Discuss how FHWA uses risk management in program oversight
New Risk Management Framework Risk Initiatives Affecting FHWA International Risk Scan ISO 31000 OST/FMFIA Risk Tools
Risk Management - How Did We Get Here? 2001 Policy Memo Released 2004 Risk Best Practices Review 2006 1 st Agencywide Corporate Risk Management Initiative 2009/2010 2007 Corporate FHWA HQ's Risk Team Risk Mgmt Offices Planning 2007 formed & a conducted risk User Manual corporate risk assessment for approach was Released the 1 st time developed 2011 Int’l Risk Scan. ISO 31000. FMFIA Risk Tools.
International Risk Scan Summary of Findings 1. RM supports strategic organizational alignment 2. Mature organizations have an explicit RM structure 3. Successful organizations have a culture of RM 4. A wide range of RM tools are in use 5. Use of RM tools for programmatic investment decisions 6. A variety of risk allocation methods are available 7. Active risk communication strategies improve decision making 8. RM enhances knowledge management and workforce development
ISO 31000
ISO Risk Management Structure Principles Continual improvement of the framework Implementing risk management Monitoring and review of the framework Risk Identification Risk Analysis Risk Evaluation Risk Treatment Principles Framework Process Monitoring and Review Design and Framework for managing risk Risk Assessment Mandate and Commitment Communication and Consultation Establishing the context
FHWA Risk Management Framework 1 - FHWA Risk Directive Mandate and Commitment Design and Framework for managing risk Continual improvement of the framework 2 - Risk Management Timeline Implementing risk management Monitoring and review of the framework 3 - Risk Management Process User Manual 4 - Risk Management Q &A 5 – “Risk Tracker” 6 - Leadership Dashboard Measure
FHWA Risk Management Directive Provides the foundation for Risk Management at FHWA Defines what “risk” means to FHWA Outlines FHWA’s Risk Management Process Applies to all organizational units of FHWA.
Risk Management Timeline Annual Risk Call aligned with release of Final SIP (3/15) Risk Due Date aligned with Unit Plan Due Date (5/31) Quarterly Updates of Status in Risk Tracker OST/FMFIA Unit Risk Profile annual update to be aligned with Risk/Unit Plan (hopefully) OST FMFIA Inherent Risk Assessment annual update to be done at Component Level and aligned with Risk/Unit Plan (hopefully)
FHWA Risk Management Process
Step 1: What is the Context? � Internal – anything within the organization that can influence the way in which FHWA will manage risk – mission, objectives, controls, resources, etc. � External – key drivers & trends having impact on objectives of the organization, relationships with, perceptions & values of external stakeholders. � Risk Management - Are you reassessing previously identified risks or identifying emergent risks? Who will assess what Program Areas? Will it be done individually, in teams or as an office? With input from your partners? Identify the Context Identify Risks Analyze the Risks Assess Impact Assess Likelihood Prioritize Risks Plan and Execute Response Strategies Risk Assessment Communication and Consultation occur at each step Monitor, Evaluate, and Adjust
OST/FMFIA Risk Profile (Part of Your “Context”) � Required by and Reported to OST as part of the FMFIA Assurance. Document the Unit’s Internal Controls � Completed by all “Assessable Units”, including the Division Offices � Integrated into our annual Risk Management Cycle � A Key Part of Step 1: Setting the Context � Now Managed by the OCFO in Coordination with the PMI Team
OST/FMFIA Inherent Risk Assessment (Part of Your “Context”) � Required by and Reported to OST as part of the FMFIA Assurance. Assess the high-level “inherent” risk of the Component or Unit � Completed at the “Component” level for FHWA. DA Council to Complete One on Behalf of the Division Offices � Integrated into our annual Risk Management Cycle � A Key Part of Step 1: Setting the Context � Managed by the OCFO in Coordination with the PMI Team
Step 2: Identify the Risks � When identifying risks consider your key objectives: �Organizational Objectives in the SIP that affect your Unit �Local Unit Objectives �Program Objectives (Planning, Environment , ROW etc. ) �Project Objectives � Ask – What Are the Risks to Meeting My Objectives? � Brainstorm with the “Right” Folks Identify the Context Identify Risks Analyze the Risks Assess Impact Assess Likelihood Prioritize Risks Plan and Execute Response Strategies Risk Assessment Communication and Consultation occur at each step Monitor, Evaluate, and Adjust
Step 3: Analyze the Risks (Impact) � Scale � � 4 - Catastrophic � 3 - Major � 2 - Moderate � 1 - Minor � 0 - Insignificant Identify the Context Identify Risks Criteria �Financial �Reputation �Business Operations �Legal & Compliance �Infrastructure Assets �Resources & Efforts Req. �Environment & Culture �Safety Analyze the Risks Assess Impact Assess Likelihood Prioritize Risks Plan and Execute Response Strategies Risk Assessment Communication and Consultation occur at each step Monitor, Evaluate, and Adjust
Step 3: Analyze the Risks (Likelihood) � Scale �Criteria � 4 - Almost Certain Staffing �Outside Operational Control/Influence � 3 - Likely Procedures �Fraud, Waste, Abuse � 2 - Possible Guidance �Workforce � 1 - Unlikely Problem History Development/Training New Program �FHWA Involvement Complexity �Consultant Use Identify the Context Identify Risks Analyze the Risks Assess Impact Assess Likelihood Prioritize Risks Plan and Execute Response Strategies Risk Assessment Communication and Consultation occur at each step Monitor, Evaluate, and Adjust
Step 4: Prioritize the Risks Start with an “Expected Value” calculation (Impact Rating X Likelihood Rating) Locate the Risks on the Heat Map - a graphical plot to represent the relative placement of risks Adjust Risk Ratings (Top, High, Medium, Low) based on LEADERSHIP VALIDATION Identify the Context Identify Risks Analyze the Risks Assess Impact Assess Likelihood Prioritize Risks Plan and Execute Response Strategies Risk Assessment Communication and Consultation occur at each step Monitor, Evaluate, and Adjust
Step 5: Execute Response Strategies Your Approach to Treating the Risks Response Strategy Type: Avoid Enhance Mitigate Transfer Accept Identify the Context Identify Risks Analyze the Risks Assess Impact Assess Likelihood Prioritize Risks Plan and Execute Response Strategies Risk Assessment Communication and Consultation occur at each step Monitor, Evaluate, and Adjust
Step 6: Monitor Evaluate and Adjust (Risk Tracker) Identify the Context Identify Risks Analyze the Risks Assess Impact Assess Likelihood Prioritize Risks Plan and Execute Response Strategies Risk Assessment Communication and Consultation occur at each step Monitor, Evaluate, and Adjust
Step 6: Monitor Evaluate and Adjust (Leadership Dashboard) Identify the Context Identify Risks Analyze the Risks Assess Impact Assess Likelihood Prioritize Risks Plan and Execute Response Strategies Risk Assessment Communication and Consultation occur at each step Monitor, Evaluate, and Adjust
Questions? Mike Graf michael. graf@fhwa. dot. gov 404 -562 -3578 Daniel Fodera daniel. fodera@fhwa. dot. gov 404 -562 -3672
- Shadow paging recovery technique
- Fhwa micropile
- Fhwa-536 local highway finance report
- Fhwa freight
- Market risk credit risk operational risk
- Internal audit definition
- Key risk indicators for vendor management
- Risk map risk management
- Supply chain risk management framework
- Supply chain risk management framework
- 6 steps of risk management framework
- Enterprise risk management framework for credit unions
- Data risk framework
- Goldman sachs risk management framework
- Citigroup risk management framework
- Hse risk management framework
- Octave risk management framework
- Dss risk management framework
- Anz credit risk
- Hitrust risk management framework
- Supply chain risk management
- National disaster risk reduction and management framework
- Financial risk management framework
- Credit risk evaluation framework
- Enterprise risk management integrated framework
- Jp morgan risk management framework