Embed Size (px)
Citation preview
FHWA RISK MANAGEMENT FRAMEWORK – UPDATE 2012AASHTO Internal Audit
Conference 2012 – Phoenix
Daniel Fodera, CMQ/OEProgram Management Improvement TeamFederal Highway Administration
Learning Objectives Identify the components of the ISO risk
management structure. Describe the risk management
framework used by the Federal Highway Administration
Recognize the steps in the risk management process
Discuss how FHWA uses risk management in program oversight
New Risk Management Framework
Risk Initiatives Affecting FHWA
International Risk Scan
ISO 31000
OST/FMFIA Risk Tools
Risk Management - How Did We Get Here?
2001 Policy Memo
Released
2004 Risk Best
Practices
Review
2006 1st
Agency-wide
Corporate Risk Manage
ment Initiativ
e
2007 Risk Mgmt
Planning 2007 User
Manual Release
d
2009/2010
FHWA HQ's
Offices conducted risk assessment
for the 1st time
2009 Corporate Risk Team
formed & a
corporate risk
approach was
developed
2011Int’l Risk
Scan. ISO
31000.
FMFIA Risk
Tools.
International Risk ScanSummary of Findings
1. RM supports strategic organizational alignment
2. Mature organizations have an explicit RM structure
3. Successful organizations have a culture of RM
4. A wide range of RM tools are in use
5. Use of RM tools for programmatic investment decisions
6. A variety of risk allocation methods are available
7. Active risk communication strategies improve decision making
8. RM enhances knowledge management and workforce development
ISO 31000
ISO Risk Management Structure
Design and Framework
for managing risk
Mandateand
Commitment
Continual improvement
of the framework
Implementing risk
management
Monitoring and review of
the framework
Com
mun
icat
ion
and
Con
sulta
tion
Establishing the context
Risk A
ssessmen
t
Monitoring and R
eview
Risk Identification
Risk Analysis
Risk Evaluation
Risk Treatment
Prin
cipl
es
Principles Framework
Process
FHWA Risk Management Framework
Design and Framework
for managing risk
Mandateand
Commitment
Continual improvement
of the framework
Implementing risk
management
Monitoring and review of
the framework
1 - FHWA Risk Directive
2 - Risk Management Timeline
3 - Risk Management Process User Manual
4 - Risk Management Q &A
5 – “Risk Tracker”
6 - Leadership Dashboard Measure
FHWA Risk Management Directive
Provides the foundation for Risk Management at FHWA
Defines what “risk” means to FHWA
Outlines FHWA’s Risk Management Process
Applies to all organizational units of FHWA.
Risk Management Timeline
Annual Risk Call aligned with release of Final SIP (3/15)
Risk Due Date aligned with Unit Plan Due Date (5/31)
Quarterly Updates of Status in Risk Tracker
OST/FMFIA Unit Risk Profile annual update to be aligned with Risk/Unit Plan (hopefully)
OST FMFIA Inherent Risk Assessment annual update to be done at Component Level and aligned with Risk/Unit Plan (hopefully)
FHWA Risk Management Process
Step 1: What is the Context?
Identify the
Context
Identify Risks
Prioritize Risks
Plan and Execute Respons
e Strategie
s
Monitor, Evaluate,
and Adjust
Communication and Consultation occur at each step
Analyze the Risks
Assess Impact
Assess Likelihood
Risk Assessment
Internal – anything within the organization that can influence the way in which FHWA will manage risk – mission, objectives, controls, resources, etc.
External – key drivers & trends having impact on objectives of the organization, relationships with, perceptions & values of external stakeholders.
Risk Management - Are you reassessing previously identified risks or identifying emergent risks? Who will assess what Program Areas? Will it be done individually, in teams or as an office? With input from your partners?
Required by and Reported to OST as part of the FMFIA Assurance. Document the Unit’s Internal Controls
Completed by all “Assessable Units”, including the Division Offices
Integrated into our annual Risk Management Cycle
A Key Part of Step 1: Setting the Context
Now Managed by the OCFO in Coordination with the PMI Team
OST/FMFIA Risk Profile(Part of Your “Context”)
OST/FMFIA Inherent Risk Assessment (Part of Your “Context”)
Required by and Reported to OST as part of the FMFIA Assurance. Assess the high-level “inherent” risk of the Component or Unit
Completed at the “Component” level for FHWA. DA Council to Complete One on Behalf of the Division Offices
Integrated into our annual Risk Management Cycle
A Key Part of Step 1: Setting the Context
Managed by the OCFO in Coordination with the PMI Team
Step 2: Identify the Risks
When identifying risks consider your key objectives: Organizational Objectives in the SIP that affect your Unit Local Unit Objectives Program Objectives (Planning, Environment , ROW etc.) Project Objectives
Ask – What Are the Risks to Meeting My Objectives? Brainstorm with the “Right” Folks
Identify the
Context
Identify Risks
Prioritize Risks
Plan and Execute Respons
e Strategie
s
Monitor, Evaluate,
and Adjust
Communication and Consultation occur at each step
Analyze the Risks
Assess Impact
Assess Likelihood
Risk Assessment
Step 3: Analyze the Risks (Impact)
Scale 4 - Catastrophic 3 - Major 2 - Moderate 1 - Minor 0 - Insignificant
Criteria Financial Reputation Business Operations Legal & Compliance Infrastructure Assets Resources & Efforts Req. Environment & Culture Safety
Identify the
Context
Identify Risks
Prioritize Risks
Plan and Execute Respons
e Strategie
s
Monitor, Evaluate,
and Adjust
Communication and Consultation occur at each step
Analyze the Risks
Assess Impact
Assess Likelihood
Risk Assessment
Step 3: Analyze the Risks (Likelihood)
Scale 4 - Almost
Certain 3 - Likely 2 - Possible 1 - Unlikely
Criteria Outside
Control/Influence Fraud, Waste, Abuse Workforce
Development/Training
FHWA Involvement Consultant Use
Identify the
Context
Identify Risks
Prioritize Risks
Plan and Execute Respons
e Strategie
s
Monitor, Evaluate,
and Adjust
Communication and Consultation occur at each step
Analyze the Risks
Assess Impact
Assess Likelihood
Risk Assessment
Criteria Staffing Operational
Procedures Guidance Problem History New Program Complexity
Step 4: Prioritize the Risks
Start with an “Expected Value” calculation (Impact Rating X Likelihood Rating)
Locate the Risks on the Heat Map - a graphical plot to represent the relative placement of risks
Adjust Risk Ratings (Top, High, Medium, Low) based on LEADERSHIP VALIDATION
Identify the
Context
Identify Risks
Prioritize Risks
Plan and Execute Respons
e Strategie
s
Monitor, Evaluate,
and Adjust
Communication and Consultation occur at each step
Analyze the Risks
Assess Impact
Assess Likelihood
Risk Assessment
Step 5: Execute Response Strategies Your Approach to
Treating the Risks Response Strategy
Type: Avoid Enhance Mitigate Transfer AcceptIdentify
the Context
Identify Risks
Prioritize Risks
Plan and Execute Respons
e Strategie
s
Monitor, Evaluate,
and Adjust
Communication and Consultation occur at each step
Analyze the Risks
Assess Impact
Assess Likelihood
Risk Assessment
Step 6: Monitor Evaluate and Adjust (Risk Tracker)
Identify the
Context
Identify Risks
Prioritize Risks
Plan and Execute Respons
e Strategie
s
Monitor, Evaluate,
and Adjust
Communication and Consultation occur at each step
Analyze the Risks
Assess Impact
Assess Likelihood
Risk Assessment
Step 6: Monitor Evaluate and Adjust (Leadership Dashboard)
Dashboard Measures Worksheet
Dashboard Measure: Percent of Key Risk Response Strategies Completed
Strategic Goal: Program Delivery
Description: Percent of Key Risk Response Strategies Completed. The FY2012 target is 70% complete.
Unit of Measure (e.g., Percent): Percent
Additional Information (Including Methodology): Each unit is required to submit its top risks and corresponding response strategies for the Performance Year into the risk tracker. Each response strategy has a target completion date and a status. The measure is calculated as a percentage, using the total count of response strategies as the denominator and the total count of completed strategies as the numerator.
Data Source: Assessable Units submit status reports via the FHWA Risk Tracker at the end of each Performance Year quarter. The PMI Team consolidates the reporting.
Data Owner Contact: Michael Graf
Data Owner Telephone Number: 404-562-3578
Office Code (e.g. HOP): DFS-PMIT
Dashboard Coordinator:
Dashboard Coordinator Telephone Number:
Website (For Additional Information):
Identify the
Context
Identify Risks
Prioritize Risks
Plan and Execute Respons
e Strategie
s
Monitor, Evaluate,
and Adjust
Communication and Consultation occur at each step
Analyze the Risks
Assess Impact
Assess Likelihood
Risk Assessment
