Risk Management Framework Update Training

Download this Presentation

0

Presentation Transcript

  • 1.FHWA Risk Management Framework – Update 2012 AASHTO Internal Audit Conference 2012 – Phoenix Daniel Fodera, CMQ/OE Program Management Improvement Team Federal Highway Administration
  • 2.Learning Objectives Identify the components of the ISO risk management structure. Describe the risk management framework used by the Federal Highway Administration Recognize the steps in the risk management process Discuss how FHWA uses risk management in program oversight
  • 3.New Risk Management Framework Risk Initiatives Affecting FHWA International Risk Scan ISO 31000 OST/FMFIA Risk Tools
  • 4.Risk Management - How Did We Get Here?
  • 5.International Risk ScanSummary of Findings RM supports strategic organizational alignment Mature organizations have an explicit RM structure Successful organizations have a culture of RM A wide range of RM tools are in use Use of RM tools for programmatic investment decisions A variety of risk allocation methods are available Active risk communication strategies improve decision making RM enhances knowledge management and workforce development
  • 6.ISO 31000
  • 7.ISO Risk Management Structure Design and Framework for managing risk Mandate and Commitment Continual improvement of the framework Implementing risk management Monitoring and review of the framework Communication and Consultation Establishing the context Risk Assessment Monitoring and Review Risk Identification Risk Analysis Risk Evaluation Risk Treatment Principles Principles Framework Process
  • 8.FHWA Risk Management Framework Design and Framework for managing risk Mandate and Commitment Continual improvement of the framework Implementing risk management Monitoring and review of the framework 1 - FHWA Risk Directive 2 - Risk Management Timeline 3 - Risk Management Process User Manual 4 - Risk Management Q &A 5 – “Risk Tracker” 6 - Leadership Dashboard Measure
  • 9.FHWA Risk Management Directive Provides the foundation for Risk Management at FHWA Defines what “risk” means to FHWA Outlines FHWA’s Risk Management Process Applies to all organizational units of FHWA.
  • 10.Risk Management Timeline Annual Risk Call aligned with release of Final SIP (3/15) Risk Due Date aligned with Unit Plan Due Date (5/31) Quarterly Updates of Status in Risk Tracker OST/FMFIA Unit Risk Profile annual update to be aligned with Risk/Unit Plan (hopefully) OST FMFIA Inherent Risk Assessment annual update to be done at Component Level and aligned with Risk/Unit Plan (hopefully)
  • 11.FHWA Risk Management Process
  • 12.Step 1: What is the Context? Identify the Context Identify Risks Prioritize Risks Plan and Execute Response Strategies Monitor, Evaluate, and Adjust Communication and Consultation occur at each step Analyze the Risks Assess Impact Assess Likelihood Risk Assessment Internal – anything within the organization that can influence the way in which FHWA will manage risk – mission, objectives, controls, resources, etc. External – key drivers & trends having impact on objectives of the organization, relationships with, perceptions & values of external stakeholders. Risk Management - Are you reassessing previously identified risks or identifying emergent risks? Who will assess what Program Areas? Will it be done individually, in teams or as an office? With input from your partners?
  • 13.Required by and Reported to OST as part of the FMFIA Assurance. Document the Unit’s Internal Controls Completed by all “Assessable Units”, including the Division Offices Integrated into our annual Risk Management Cycle A Key Part of Step 1: Setting the Context Now Managed by the OCFO in Coordination with the PMI Team OST/FMFIA Risk Profile(Part of Your “Context”)
  • 14.OST/FMFIA Inherent Risk Assessment (Part of Your “Context”) Required by and Reported to OST as part of the FMFIA Assurance. Assess the high-level “inherent” risk of the Component or Unit Completed at the “Component” level for FHWA. DA Council to Complete One on Behalf of the Division Offices Integrated into our annual Risk Management Cycle A Key Part of Step 1: Setting the Context Managed by the OCFO in Coordination with the PMI Team
  • 15.Step 2: Identify the Risks When identifying risks consider your key objectives: Organizational Objectives in the SIP that affect your Unit Local Unit Objectives Program Objectives (Planning, Environment , ROW etc.) Project Objectives Ask – What Are the Risks to Meeting My Objectives? Brainstorm with the “Right” Folks Identify the Context Identify Risks Prioritize Risks Plan and Execute Response Strategies Monitor, Evaluate, and Adjust Communication and Consultation occur at each step Analyze the Risks Assess Impact Assess Likelihood Risk Assessment
  • 16.Step 3: Analyze the Risks (Impact) Scale 4 - Catastrophic 3 - Major 2 - Moderate 1 - Minor 0 - Insignificant Criteria Financial Reputation Business Operations Legal & Compliance Infrastructure Assets Resources & Efforts Req. Environment & Culture Safety Identify the Context Identify Risks Prioritize Risks Plan and Execute Response Strategies Monitor, Evaluate, and Adjust Communication and Consultation occur at each step Analyze the Risks Assess Impact Assess Likelihood Risk Assessment
  • 17.
  • 18.Step 3: Analyze the Risks (Likelihood) Scale 4 - Almost Certain 3 - Likely 2 - Possible 1 - Unlikely Criteria Outside Control/Influence Fraud, Waste, Abuse Workforce Development/Training FHWA Involvement Consultant Use Identify the Context Identify Risks Prioritize Risks Plan and Execute Response Strategies Monitor, Evaluate, and Adjust Communication and Consultation occur at each step Analyze the Risks Assess Impact Assess Likelihood Risk Assessment Criteria Staffing Operational Procedures Guidance Problem History New Program Complexity
  • 19.
  • 20.Step 4: Prioritize the Risks Start with an “Expected Value” calculation (Impact Rating X Likelihood Rating) Locate the Risks on the Heat Map - a graphical plot to represent the relative placement of risks Adjust Risk Ratings (Top, High, Medium, Low) based on LEADERSHIP VALIDATION Identify the Context Identify Risks Prioritize Risks Plan and Execute Response Strategies Monitor, Evaluate, and Adjust Communication and Consultation occur at each step Analyze the Risks Assess Impact Assess Likelihood Risk Assessment
  • 21.
  • 22.Step 5: Execute Response Strategies Your Approach to Treating the Risks Response Strategy Type: Avoid Enhance Mitigate Transfer Accept Identify the Context Identify Risks Prioritize Risks Plan and Execute Response Strategies Monitor, Evaluate, and Adjust Communication and Consultation occur at each step Analyze the Risks Assess Impact Assess Likelihood Risk Assessment
  • 23.Step 6: Monitor Evaluate and Adjust (Risk Tracker) Identify the Context Identify Risks Prioritize Risks Plan and Execute Response Strategies Monitor, Evaluate, and Adjust Communication and Consultation occur at each step Analyze the Risks Assess Impact Assess Likelihood Risk Assessment
  • 24.Step 6: Monitor Evaluate and Adjust (Leadership Dashboard) Identify the Context Identify Risks Prioritize Risks Plan and Execute Response Strategies Monitor, Evaluate, and Adjust Communication and Consultation occur at each step Analyze the Risks Assess Impact Assess Likelihood Risk Assessment
  • 25. Questions? Mike Graf michael.graf@fhwa.dot.gov 404-562-3578 Daniel Fodera daniel.fodera@fhwa.dot.gov 404-562-3672