1、AASHTO Guide for Enterprise Risk Management 2016 FIRST EDITION 2016 by the American Association of State Highway and Transportation Officials. All rights reserved. Duplication is a violation of applicable law.Page iii AASHTO Guide for Enterprise Risk Management AASHTO Executive Committee OFFICERS: P
2、resident: Paul Trombino, Iowa Vice President: David Bernhardt, Maine Secretary-Treasurer: Carlos Braceras, Utah Executive Director: Bud Wright, Washington, DC REGIONAL REPRESENTATIVES: REGION I: Leslie Richards, Pennsylvania, One-Year TermPete Rahn, Maryland, Two-Year Term REGION II: Paul Mattox, We
3、st Virginia, One-Year TermCharles Kilpatrick, Virginia, Two-Year Term REGION III: Charles A. Zelle, Minnesota, One-Year TermRandall S. Blankenhorn, Illinois, Two-Year Term REGION IV: Brian Ness, Idaho, One-Year TermCarlos Braceras, Utah, Two-Year Term 2016 by the American Association of State Highwa
4、y and Transportation Officials. All rights reserved. Duplication is a violation of applicable law.Page iv AASHTO Guide for Enterprise Risk Management AASHTO Subcommittee on Asset Management The Subcommittee on Asset Management includes members from the Standing Committee on Planning (SCOP), Standing
5、 Committee on Highways (SCOH), Standing Committee on Rail Transportation (SCORT), Standing Committee on Public Transportation (SCOPT), and the SCOH Maintenance Subcommittee.Chairman: Tim Henkel, MinnesotaSecretary: Stephen Gaj, FHWAAASHTO Liaison: Matthew Hardy, Ph.D. 2016 by the American Associatio
6、n of State Highway and Transportation Officials. All rights reserved. Duplication is a violation of applicable law.Page v AASHTO Guide for Enterprise Risk Management Acknowledgements The following people contributed to the preparation or review of this guide. CONTRACTOR TEAM Principal Investigator:
7、Gordon Proctor, Gordon Proctor & Associates Shobna Varma, The Starisis Corporation Jeff Roorda, Jeff Roorda and Associates, Inc. NCHRP PROJECT PANEL Chair: Timothy A. Henkel, Assistant Commissioner, Minnesota DOT Majed N. Al-Ghandour, P.E., ManagerProgram ManagementPlanning and Programming Division,
8、 North Carolina DOT Anthony E. Carson, Risk Management Specialist, District of Columbia DOT Heather Catron, Vice-President, HDR Engineering, Inc. Kimberly Joy Doran, Acting DirectorEnterprise Risk Management Bureau, New York State DOT Evangelos I. Kaisar, Associate ProfessorDirector, Florida Atlanti
9、c University Margaret Ann “Annie“ Searle, Principal, ASA Risk Consultants Michelle A. Tucker, Chief Risk & Ethics Officer, California DOT FHWA Liaison: Michael J. Graf TSA Liaison: Edward Detwiler, Program Analyst AASHTO Liaison: Matthew Hardy, Program Director for Planning and Policy NCHRP STAFF Lo
10、ri Sundstrom, Senior Program Officer DISCLAIMER The opinions and conclusions expressed or implied herein are not necessarily those of the Transportation Research Board, the National Academies, or program sponsors. 2016 by the American Association of State Highway and Transportation Officials. All ri
11、ghts reserved. Duplication is a violation of applicable law.Page vi AASHTO Guide for Enterprise Risk Management Table of Contents Foreword 1 IntroductionAbout This Guide 3 How to Use This Guide . 4 Chapter 1: Defining Risk Management 5 Summary 5 Clarifying Risk and Risk Management 7 Managing Risks C
12、omplements Performance . 7 Enhancing Decision Making by Evaluating Risks . 10 Allocating Scarce Resources 11 Identifying and Mitigating Threats . 12 The Levels of Risk Management 13 The Risk Management Process . 15 The ISO Concepts 16 Establishing the Context . 16 Risk Identification . 17 Risk Analy
13、sis 18 Risk Evaluation . 18 Risk Management . 18 Communication and Monitoring 19 Level of Effort for Enterprise Risk Management . 20 Relying on Risk Management to Improve Performance . 21 Chapter 2: Establishing the Risk Process 25 Summary 25 Essentials for ERM: Policies, Tools, and Processes 25 Ste
14、p 1: Adopt a Risk Management Policy 26 A Sample Risk Management Policy 32 Step 2: Provide the Tools for Managing Risks 34 Step 3: Integrate Risks into Key Agency Processes . 36 Summarizing the Tasks and Responsibilities . 39 Chapter 3: Establishing the Risk Context 43 Summary 43 Identifying Risk Foc
15、us Areas and Risk Owners 43 Assigning Risks and Forming Teams to Assess Them . 43 Clarifying the Objectives and Their Environment . 44 Setting the Context around the Objective . 44 Examples of Applying the Risk Management Process . 46 Tools for the Context-Setting Exercise . 47 Basis for Further Dec
16、ision Making 48 Chapter 4: Identifying Risks .53 Summary 53 Risk Identification: First Step of Risk Assessment 53 Beginning the Risk Identification Process 53 Techniques for the Risk Identification Workshop 54 Chapter 5: Analyzing Risks 61 Summary 61 Understanding the Causes and Effects of Risks 61
17、Determining the Cause of the Risks . 63 Cause-and-Effect Analysis . 65 Risk Analysis Tools . 66 Strengths, Weaknesses of Qualitative and Quantitative Scales . 66 Consequence Categories . 70 Likelihood Table or Scale 72 2016 by the American Association of State Highway and Transportation Officials. A
18、ll rights reserved. Duplication is a violation of applicable law.Page vii AASHTO Guide for Enterprise Risk Management Rating Opportunities . 76 Chapter 6: Evaluating Risks .79 Summary 79 The Risk Appetite . 79 Dynamic and Continuous Evaluation of the Risk Appetite .82 Risk Prioritization 82 Chapter
19、7: Managing Risks 85 Summary 85 The Five Ts . 87 Chapter 8: Communicate, Consult, Monitor .95 Summary 95 Using the Agencys Risk Process . 95 Populating the Risk Register 96 The Risk Map . 98 Key Risk Indicators as Leading Metrics 100 Communicating with and Monitoring the External Environment . 101 C
20、onsulting with Stakeholders . 101 Measuring Risk Management Maturity . 102 Chapter 9: Managing Risks to Key Programs .105 Summary 105 Managing Risks to Transportation Assets 105 Examples of Risk in Asset Management Manuals 106 Asset Management Manuals 106 U.S. Asset Management Plans 111 New York Sta
21、te Department of Transportation Risk Assessment .111 Colorado Department of Transportation Asset Management Plan 112 Minnesota Department of Transportation . 113 Georgia Department of Transportation . 113 Case Study of Asset Management Liability in Australia 114 A Case Study of U.S. Transit Agency R
22、isk Management . 115 Managing Risks to Highway Safety 116 Australian, Canadian, and British Frameworks 117 U.S. Risk-Based Highway Safety Examples 120 Managing Risk from External Threats 123 General Risk or Threat Assessments . 123 Climate Change Risks 124 Rock Fall Hazard Programs . 127 Seismic Ris
23、k Assessment Approaches . 129 Bridge Scour Risks . 130 A Case Study of Balancing Investments in Assets and Preparing for External Threats 130 Managing Risks to Financial Resources 132 Managing Information and Decision Risks . 135 General Information System Risks . 135 Managing Risks to Models . 139
24、Managing Risks to Business Operations 140 Traditional Risk Management . 140 Risks from Theft, Fraud, and Malfeasance . 140 Controlling Risks to Inventory . 143 Managing Employee Safety and Workers Compensation 144 Managing Risks to Programs and Projects 146 Guidebook on Risk Analysis and Management
25、Practices to Control Project Costs 146 Caltrans Project Risk Management Handbook . 146 Project Risk Management Guidance for WSDOT Projects . 147 2016 by the American Association of State Highway and Transportation Officials. All rights reserved. Duplication is a violation of applicable law.Page viii
26、 AASHTO Guide for Enterprise Risk Management Guide for Managing Risk on Rapid Renewal Projects 147 Managing Risks on Complex Projects 148 Chapter 10: Critical Review of the State of the Practice and Case Studies 149 Summary 149 State of the Practice . 149 Corporate Sector Summary 149 From Financial
27、to Enterprise Risk Management 150 Risk Management Embedded in Corporate Practice . 152 Corporate Summary . 158 NCHRP Studies Summary . 158 Case Studies of U.S. Practice 159 Australian Risk Management Summary . 167 Chapter 11: Advanced Risk Tools 173 Summary 173 Risk Registers 173 Vermont Risk Regist
28、er 174 NCDOT Risk Register 180 Washington DOT Risk Register 182 Funding Risks . 186 Financial Risk Tools 189 Basic Spreadsheet Tools 191 Incorporating Elements of the Delphi Technique 193 Deterministic Computations Incorporating Variability . 194 Incorporating Randomness in Uncertain Variables 196 S
29、tochastic Methods Monte Carlo Simulations 199 Illustrative Example 199 Results from a Customized Simulator 200 Commercially Available Software . 204 Other Tools to Facilitate Decision Making 209 Conclusions 211 Glossary . 213 2016 by the American Association of State Highway and Transportation Offic
30、ials. All rights reserved. Duplication is a violation of applicable law.Page ix AASHTO Guide for Enterprise Risk Management List of Figures Figure 1-1. Figure Illustrates the Concept That Risk Management and Performance Management Operate as Parallel, Complementary Disciplines .8 Figure 1-2. Risk Ma
31、nagement Can Be an Enabler That Supports Asset and Performance Management. 11 Figure 1-3. Levels at Which Risk Management Is Practiced 13 Figure 1-4. The ISO Process .17 Figure 2-1. Example of a Risk Map 29 Figure 2-2. Risk Map Color Coded by Importance of Risks .35 Figure 2-3. Risk Management Flows
32、 through the Organization, Cascading from Strategic Risks to Programs, Projects, and ActivitiesThe Risk Manager, Manual, Training, Tools, and Website are Key Enablers in the Process 39 Figure 3-1. Internal and External Factors Can Create Risks .46 Figure 3-2. Internal and External Factors Greatly In
33、fluence the Risks and Opportunities Public Agencies Face 48 Figure 4-1. The Three Elements of Risk Assessment 54 Figure 4-2. Categorized Risks to the Pavement Program 59 Figure 5-1. Bowtie Diagram .64 Figure 5-2. Cause-and-Effect Diagram 65 Figure 5-3. Consequence and Likelihood Scale 67 Figure 5-4.
34、 Types of Pavement Risks and Their Consequences .72 Figure 5-5. Pavement Program Risk Map 76 Figure 6-1. Risk Treatment Threshold Graphic 81 Figure 8-1. Risk Reduction Map .99 Figure 8-2. National Highway Construction Price Trends 100 Figure 11-1. Variability of Projected State Funds During Plan Per
35、iod 192 Figure 11-2. Variability in Projected Bridge Costs Due to Inflation during Plan Period 192 Figure 11-3. Projected Uses at Different Inflation Rates 194 Figure 11-4. Variability in Projected Sources at Different Rates 195 Figure 11-5. Chart Showing the Results of One Iteration of Projected So
36、urces and Uses Using Randomly Generated Values of the Uncertain Variables within the Ranges Recommended by the Expert Panel during the TAMP Period .197 2016 by the American Association of State Highway and Transportation Officials. All rights reserved. Duplication is a violation of applicable law.Pa
37、ge x AASHTO Guide for Enterprise Risk Management Figure 11-6 Comparison of the Results of One Iteration of Projected Sources Using Random Annual Variability with the Projections Using Base Case Variation as Recommended by the Expert Panel .198 Figure 11-7 Comparison of the Results of One Iteration o
38、f Projected Uses Using Random Annual Changes in Inflation with the Projections Using Base Case Inflation as Recommended by the Expert Panel 198 Figure 11-8 Histogram of Projected Funding Gaps Using Monte Carlo Simulation 204 Figure 11-9 Sample Output Chart Format with Summary Statistics for NPV of F
39、uture Pavement Costs .208 Figure 11-10 Tornado Chart Showing the Relative Impact of Various Uncertain Inputs on the Simulation Results208 Figure 11-11 Decision Tree Showing Options and Potential Outcomes with Associated Probabilities and Costs of a Decision Involving the Completion of a Geotechnical
40、 Study 211 List of Tables Table 2-1. Risk Types and Their Owners 33 Table 2-2. Sample Risk Update Report 38 Table 2-3. Matrix of Responsibility, Accountability, Consultation, and Who Is Informed of the Steps Needed to Implement an Enterprise Risk Management Program .40 Table 3-1. Issues Surrounding
41、the Context of Asset Management Risks .49 Table 3-2. Sample Highway Safety Objective and Risk Context 50 Table 3-3. Sample Project Oversight Objective and Risk Context 51 Table 3-4. Sample ITS Objective and Risk Context 51 Table 4-1. Risks to a Theoretical Pavement Program 58 Table 5-1. Consequence
42、Table .67 Table 5-2. Consequence Descriptions for the Enterprise Level 68 Table 5-3. Consequence Levels for Program Risks .69 Table 5-4. Consequence Levels for Project or Activity Risks 69 Table 5-5. Application of Consequence Levels to the Pavement Program Risks .70 Table 5-6. Consequence Table for
43、 Program Risks .71 Table 5-7. Likelihood Scale .73 Table 5-8. Risk Matrix Values Table 74 2016 by the American Association of State Highway and Transportation Officials. All rights reserved. Duplication is a violation of applicable law.Page xi AASHTO Guide for Enterprise Risk Management Table 5-9. L
44、ikelihood and Consequences of Risks to the Pavement Program .75 Table 5-10. Threat and Opportunity Table 77 Table 7-1. Residual Risk after Treatment .91 Table 7-2. Teams Recommendations for Managing Pavement Program Risks .92 Table 8-1. Complete Risk Register .97 Table 8-2. Simplified Risk Register
45、.98 Table 8-3. Scorecard of Risk Management Activity 99 Table 8-4. Risk Maturity Matrix .103 Table 9-1. Example Risk Register from the CDOT Asset Management Plan . 112 Table 9-2. Caltrans Retrofit Criteria 129 Table 11-1. Vermont DOT Risk Matrix 174 Table 11-2. Critical Enterprise Risks from Pavemen
46、ts .174 Table 11-3. Critical Enterprise Risks from Bridges .175 Table 11-4. Critical Enterprise Risks from Budget, Planning and Programming 176 Table 11-5. Critical Enterprise Risks from Data Management and Systems 177 Table 11-6. Number of Risks Associated with VTrans Strategic Goals and Objective
47、.179 Table 11-7. NCDOT Risk Matrix .180 Table 11-8. Snapshot from NCDOTs Risk Register for Pavements.181 Table 11-9. Snapshot from NCDOTs Risk Register for Pavements.182 Table 11-10. WSDOT Risk Likelihood and Severity Rating 184 Table 11-11. Risk Identification and Risk Evaluation Component of WSDOT
48、 Risk Register184 Table 11-12. Risk Statements with Level of Risk by Category .185 Table 11-13. Example of Scores for Information Technology Risks in WSDOT .185 Table 11-14. Projected Sources of Funds for a Sample DOT During its 10-year TAMP Period .188 Table 11-15. Projected Uses of Funds for a Sam
49、ple DOT During its 10-year TAMP Period 188 Table 11-16. Historical Sources and Uses for a Sample DOT .190 Table 11-17. Summary of Recommendations from Expert Panel for Variability in Uncertain Parameters during TAMP Period 193 Table 11-18. Projected Sources, Uses and Gaps (including Present Value Computations) during TAMP Period Using Base Case Recommendations from Expert Panel for Variability in Uncertain Parameters 195 2016 by the American Association of State Highway and Transportation Officials. All rights reserved. Duplication is
