Sponsored by:
In cooperation with:
American Association of State Highway
and Transportation Ocials
National Cooperative Highway
Research Program
August 2012
International Technology
Scanning Program
Transportation Risk Management:
International Practices for Program
Development and Project Delivery
NOTICE
The Federal Highway Administration provides high-
quality information to serve Government, industry,
and the public in a manner that promotes public
understanding. Standards and policies are used to
ensure and maximize the quality, objectivity, utility,
and integrity of its information. FHWA periodically
reviews quality issues and adjusts its programs and
processes to ensure continuous quality improvement.
1. Report No.
FHWA-PL-12-029
2. Government Accession No. 3. Recipient’s Catalog No.
4. Title and Subtitle
Transportation Risk Management: International
Practices for Program Development and Project Delivery
5. Report Date
August 2012
6. Performing Organization Code
7. Author(s)
Joyce A. Curtis, Joseph S. Dailey, Daniel D’Angelo,
Steven D. DeWitt, Michael J. Graf, Timothy A. Henkel,
Dr. John B. Miller, Dr. John C. Milton, Dr. Keith R.
Molenaar, Darrell M. Richardson, Robert E. Rocco
8. Performing Organization Report No.
9. Performing Organization Name and Address
American Trade Initiatives
3 Faireld Court
Stafford, VA 22554-1716
10. Work Unit No. (TRAIS)
11. Contract or Grant No.
DTFH61-10-C-00027
12. Sponsoring Agency Name and Address
Ofce of International Programs
Federal Highway Administration
U.S. Department of Transportation
American Association of State Highway and
Transportation Ofcials
13. Type of Report and Period Covered
14. Sponsoring Agency Code
15. Supplementary Notes
FHWA COTR: Hana Maier, Ofce of International Programs
16. Abstract
Studies show that U.S. highway agencies have only recently begun to develop formal risk management policies
and procedures at the enterprise, program, and project levels. The Federal Highway Administration, American
Association of State Highway and Transportation Ofcials, and National Cooperative Highway Research
Program sponsored a scanning study of Australia and Europe to document risk management policies, practices,
and strategies for potential application in the United States.
The scan team found that the leading international transportation agencies have mature risk management
practices. The team observed that risk management supports strategic organizational alignment, helps
apportion risks to the parties best able to manage them, and facilitates good decisionmaking and accountability
at all levels of the organizations.
Team recommendations for U.S. implementation include developing executive-level support for risk
management at transportation agencies, dening risk management leadership and organizational
responsibilities, and using risk management to make the business case for transportation and build trust
with transportation stakeholders.
17. Key Words
Asset management, enterprise, performance
management, program development, project delivery,
risk management
18. Distribution Statement
No restrictions. This document is available to the public
from the: Ofce of International Programs, FHWA-HPIP,
Room 3325, U.S. Department of Transportation,
Washington, DC 20590
[email protected], www.international.fhwa.dot.gov
19. Security Classify. (of this report)
Unclassied
20. Security Classify. (of this page)
Unclassied
21. No. of Pages
80
22. Price
Free
Form DOT F 1700.7 (8-72) Reproduction of completed page authorized
Technical Report Documentation Page
Transportation Risk Management:
International Practices for Program
Development and Project Delivery
August 2012
PREPARED BY THE INTERNATIONAL SCANNING STUDY TEAM:
Joyce A. Curtis (Cochair)
FHWA
Daniel D’Angelo (Cochair)
New York State DOT
Dr. Keith R. Molenaar
(Report Facilitator)
University of Colorado
Joseph S. Dailey
FHWA
Steven D. DeWitt
North Carolina Turnpike Authority
Michael J. Graf
FHWA
Timothy A. Henkel
Minnesota DOT
Dr. John B. Miller
Barchan Foundation, Inc.
Dr. John C. Milton
Washington State DOT
Darrell M. Richardson
Georgia DOT
Robert E. Rocco
AECOM Transportation
FOR
U.S. Department of Transportation Federal Highway Administration
American Association of State Highway and Transportation Ocials
National Cooperative Highway Research Program
iv International Technology Scanning Program
International Technology
Scanning Program
T
he International Technology Scanning
Program, sponsored by the Federal Highway
Administration (FHWA), the American
Association of State Highway and
Transportation Ocials (AASHTO), and the National
Cooperative Highway Research Program (NCHRP),
evaluates innovative foreign technologies and
practices that could significantly benefit U.S. high-
way transportation systems. This approach allows
for advanced technology to be adapted and put into
practice much more eciently without spending
scarce research funds to re-create advances already
developed by other countries.
FHWA and AASHTO, with recommendations from
NCHRP, jointly determine priority topics for teams
of U.S. experts to study. Teams in the specific areas
being investigated are formed and sent to countries
where significant advances and innovations have
been made in technology, management practices,
organizational structure, program delivery, and
financing. Scan teams usually include representa-
tives from FHWA, State departments of transporta-
tion, local governments, transportation trade and
research groups, the private sector, and academia.
After a scan is completed, team members evaluate
findings and develop comprehensive reports, includ-
ing recommendations for further research and pilot
projects to verify the value of adapting innovations
for U.S. use. Scan reports, as well as the results of
pilot programs and research, are circulated through-
out the country to State and local transportation
ocials and the private sector. Since 1990, more
than 85 international scans have been organized on
topics such as pavements, bridge construction and
maintenance, contracting, intermodal transport,
organizational management, winter road mainte-
nance, safety, intelligent transportation systems,
planning, and policy.
The International Technology Scanning Program has
resulted in significant improvements and savings in
road program technologies and practices through-
out the United States. In some cases, scan studies
have facilitated joint research and technology-
sharing projects with international counterparts,
further conserving resources and advancing the
state of the art. Scan studies have also exposed
transportation professionals to remarkable advance-
ments and inspired implementation of hundreds of
innovations. The result: large savings of research
dollars and time, as well as significant improvements
in the Nation’s transportation system.
Scan reports can be obtained through FHWA
free of charge by e-mailing international@
dot.gov. Scan reports are also available
electronically and can be accessed on the FHWA
Oce of International Programs Web site at
www.international.fhwa.dot.gov.
Transportation Risk Management: International Practices for Program Development and Project Delivery v
International Technology Scan Reports
International Technology Scanning Program: Bringing Global Innovations to U.S. Highways
» Safety
Infrastructure Countermeasures to Mitigate
Motorcyclist Crashes in Europe (2012)
Assuring Bridge Safety and Serviceability in Europe
(2010)
Pedestrian and Bicyclist Safety and Mobility
in Europe (2010)
Improving Safety and Mobility for Older Road
Users in Australia and Japan (2008)
Safety Applications of Intelligent Transportation
Systems in Europe and Japan (2006)
Trac Incident Response Practices in Europe (2006)
Underground Transportation Systems in Europe:
Safety, Operations, and Emergency Response
(2006)
Roadway Human Factors and Behavioral Safety
in Europe (2005)
Trac Safety Information Systems in Europe
and Australia (2004)
Signalized Intersection Safety in Europe (2003)
Managing and Organizing Comprehensive Highway
Safety in Europe (2003)
European Road Lighting Technologies (2001)
Commercial Vehicle Safety, Technology, and Practice
in Europe (2000)
Methods and Procedures to Reduce Motorist Delays
in European Work Zones (2000)
Innovative Trac Control Technology and Practice
in Europe (1999)
Road Safety Audits—Final Report and Case Studies
(1997)
Speed Management and Enforcement Technology:
Europe and Australia (1996)
Safety Management Practices in Japan, Australia,
and New Zealand (1995)
Pedestrian and Bicycle Safety in England, Germany,
and the Netherlands (1994)
» Planning and Environment
Reducing Congestion and Funding Transportation
Using Road Pricing In Europe and Singapore (2010)
Linking Transportation Performance and
Accountability (2010)
Streamlining and Integrating Right-of-Way and
Utility Processes With Planning, Environmental, and
Design Processes in Australia and Canada (2009)
Active Travel Management: The Next Step in
Congestion Management (2007)
Managing Travel Demand: Applying European
Perspectives to U.S. Practice (2006)
Transportation Asset Management in Australia,
Canada, England, and New Zealand (2005)
Transportation Performance Measures in Australia,
Canada, Japan, and New Zealand (2004)
European Right-of-Way and Utilities Best Practices
(2002)
Geometric Design Practices for European Roads
(2002)
Wildlife Habitat Connectivity Across European
Highways (2002)
vi International Technology Scan Reports
Sustainable Transportation Practices in Europe
(2001)
Recycled Materials in European Highway
Environments (1999)
European Intermodal Programs: Planning, Policy,
and Technology (1999)
National Travel Surveys (1994)
» Policy and Information
Transportation Risk Management: International
Practices for Program Development and Project
Delivery (2012)
Understanding the Policy and Program Structure
of National and International Freight Corridor
Programs in the European Union (2012)
Outdoor Advertising Control Practices in Australia,
Europe, and Japan (2011)
Transportation Research Program Administration
in Europe and Asia (2009)
Practices in Transportation Workforce Development
(2003)
Intelligent Transportation Systems and Winter
Operations in Japan (2003)
Emerging Models for Delivering Transportation
Programs and Services (1999)
National Travel Surveys (1994)
Acquiring Highway Transportation Information
From Abroad (1994)
International Guide to Highway Transportation
Information (1994)
International Contract Administration Techniques
for Quality Enhancement (1994)
European Intermodal Programs: Planning, Policy, and
Technology (1994)
» Operations
Freight Mobility and Intermodal Connectivity in
China (2008)
Commercial Motor Vehicle Size and Weight
Enforcement in Europe (2007)
Active Travel Management: The Next Step in
Congestion Management (2007)
Managing Travel Demand: Applying European
Perspectives to U.S. Practice (2006)
Trac Incident Response Practices in Europe (2006)
Underground Transportation Systems in Europe:
Safety, Operations, and Emergency Response
(2006)
Superior Materials, Advanced Test Methods, and
Specifications in Europe (2004)
Freight Transportation: The Latin American Market
(2003)
Meeting 21st Century Challenges of System
Performance Through Better Operations (2003)
Traveler Information Systems in Europe (2003)
Freight Transportation: The European Market (2002)
European Road Lighting Technologies (2001)
Methods and Procedures to Reduce Motorist Delays
in European Work Zones (2000)
Innovative Trac Control Technology and Practice in
Europe (1999)
European Winter Service Technology (1998)
Trac Management and Traveler Information
Systems (1997)
European Trac Monitoring (1997)
Highway/Commercial Vehicle Interaction (1996)
Winter Maintenance Technology and Practices—
Learning from Abroad (1995)
Transportation Risk Management: International Practices for Program Development and Project Delivery vii
Advanced Transportation Technology (1994)
Snowbreak Forest Book—Highway Snowstorm
Countermeasure Manual (1990)
» Infrastructure—General
Infrastructure Countermeasures to Mitigate
Motorcyclist Crashes in Europe (2012)
Freeway Geometric Design for Active Trac
Management in Europe (2011)
Public-Private Partnerships for Highway
Infrastructure: Capitalizing on International
Experience (2009)
Audit Stewardship and Oversight of Large and
Innovatively Funded Projects in Europe (2006)
Construction Management Practices in Canada and
Europe (2005)
European Practices in Transportation Workforce
Development (2003)
Contract Administration: Technology and Practice in
Europe (2002)
European Road Lighting Technologies (2001)
Geometric Design Practices for European Roads
(2001)
Geotechnical Engineering Practices in Canada and
Europe (1999)
Geotechnology—Soil Nailing (1993)
» Infrastructure—Pavements
Managing Pavements and Monitoring Performance:
Best Practices in Australia, Europe, and New Zealand
(2012)
Warm-Mix Asphalt: European Practice (2008)
Long-Life Concrete Pavements in Europe and
Canada (2007)
Quiet Pavement Systems in Europe (2005)
Pavement Preservation Technology in France,
South Africa, and Australia (2003)
Recycled Materials in European Highway
Environments (1999)
South African Pavement and Other Highway
Technologies and Practices (1997)
Highway/Commercial Vehicle Interaction (1996)
European Concrete Highways (1992)
European Asphalt Technology (1990)
» Infrastructure—Bridges
Assuring Bridge Safety and Serviceability in Europe
(2010)
Bridge Evaluation Quality Assurance in Europe
(2008)
Prefabricated Bridge Elements and Systems in Japan
and Europe (2005)
Bridge Preservation and Maintenance in Europe and
South Africa (2005)
Performance of Concrete Segmental and Cable-
Stayed Bridges in Europe (2001)
Steel Bridge Fabrication Technologies in Europe and
Japan (2001)
European Practices for Bridge Scour and Stream
Instability Countermeasures (1999)
Advanced Composites in Bridges in Europe and
Japan (1997)
Asian Bridge Structures (1997)
Bridge Maintenance Coatings (1997)
Northumberland Strait Crossing Project (1996)
European Bridge Structures (1995)
All publications are available on the Internet at www.international.fhwa.dot.gov.
viii
Transportation Risk Management: International Practices for Program Development and Project Delivery ix
Contents
Executive Summary ......................... 1
Background ............................... 1
What is Risk Management? .................. 1
Purpose and Scope ........................ 2
Observations and Key Findings .............. 3
Benefits and Challenges of Formal Risk
Management .............................. 3
Benefits ................................. 3
Challenges .............................. 3
Recommendations ......................... 3
Implementation ............................ 4
Readers Guide to the Report ................ 5
Chapter 1: Introduction ...................... 7
Background and Purpose ................... 7
Methodology .............................. 7
Chapter 2: Common Definitions, Strategies, and
Tools for Risk Management ...................11
Introduction ...............................11
Risk Management Definitions ................11
Risk Management Process.................. 12
Structures for Successful Risk Management ... 13
Risk Workshops ........................... 13
Risk Registers ............................ 14
Risk Quantification ........................ 19
Heat Maps ............................... 19
Use of Risk Communication Strategies to
Improve Decisionmaking .................. 22
Risk Management Plan ..................... 22
Conclusion ............................... 23
Chapter 3: Agency Risk Management ......... 25
Introduction .............................. 25
Assigning Risk Management Roles,
Responsibilities, and Authority .............. 25
Relationship of Risk Management to Strategic
Objectives ............................... 26
Common Agency Strategic Objectives ..... 26
Common Agency Risks .................. 26
Development of an Explicit Risk
Management Structure ................... 26
Risk Management Policy ................... 28
Transport and Main Roads, Queensland,
Australia ...............................29
VicRoads, Victoria, Australia ..............30
Highways Agency, England ............... 31
Alignment of Risk Management Throughout
the Organization .......................... 31
Use of Risk Analysis to Examine Policies,
Processes, and Standards .................. 33
Achievement of a Risk Management Culture ..34
Conclusion ...............................34
Chapter 4: Program Risk Management ........ 35
Introduction .............................. 35
Program and Portfolio Risk ................. 35
Use of Risk Analysis for Asset
Management .............................36
Use of Risk Analysis for Operations
Management ............................. 38
Risk Management at the Division, Branch, or
Functional Unit Levels .....................38
Risk Management on Major Programs .......38
Conclusion .............................. 40
Chapter 5: Project Risk Management ......... 41
Introduction .............................. 41
Risk Management in Project Management .... 41
Project Cost and Schedule Risk Analysis .....42
Selection of Appropriate Project Risk
Allocation Methods........................43
Conclusion ...............................45
Chapter 6: Recommendations and
Implementation ............................ 47
Recommendations ........................ 47
Develop Executive Support for Risk
Management ........................... 47
Define Risk Management Leadership and
Organization ............................ 47
Formalize Risk Management
Approaches ............................47
Use Risk Management to Examine Policies,
Processes, and Standards ................ 47
Embed Risk Management in Business
Practices ...............................48
Identify Risk Owners and Levels ........... 48
Allocate Risks Appropriately ..............48
Use Risk Management to Make the Business
Case for Transportation ..................48
Employ Sophisticated Risk Tools but
Communicate Results Simply .............48
Implementation and Future Research ........48
Communication and Marketing ............50
Research ...............................50
Training ................................ 51
Governance ............................ 51
x Contents
Appendix A. Scan Team Members ............ 53
Appendix B. Amplifying Questions ........... 57
Appendix C. Bibliography and Recommended
Readings .................................. 61
Appendix D. Risk Management Process Stages
and Terminology Comparison ................62
Appendix E. Host Country Representatives ....64
Tables
Table 1. Risk management definitions
(from ISO 31000)
..............................
11
Table 2. Risk management scan implementation.
.....
49
Figures
Figure 1. Relationship of risk management to
transportation agency management.
...............
1
Figure 2. Levels of enterprise risk management
(agency, program, and project).
...................
2
Figure 3. U.S. scan team.
........................
8
Figure 4. Cyclical nature of the risk management process
(adapted from PMI and ISO 31000).
................
12
Figure 5. Generic risk workshop agenda and
attendees.
..................................
13
Figure 6. Transport Scotland’s risk workshop.
.......
15
Figure 7. Aligned risk management approach
(Transport and Main Roads, Australia).
.............
15
Figure 8. Risk register template from VicRoads Major
Projects Division in Victoria, Australia.
.............
16
Figure 9. Risk register template from the Highways
Agency in England.
...........................
18
Figure 10. Heat map example.
...................
20
Figure 11. Risk assessment guidance from the Highways
Agency in England.
...........................
20
Figure 12. Risk management assessment guide from the
Highways Agency in England.
....................
21
Figure 13. Risk management output
(Performance Audit Group, Transport Scotland).
.....
22
Figure 14. Program risk management plan example
(Transport and Main Roads, Queensland, Australia).
...
23
Figure 15. VicRoads Corporate Risk Management
Assessment Guide.
............................
27
Figure 16. Risk management framework
(Transport and Main Roads, Queensland, Australia)
...
28
Figure 17. Role description of the assistant director for
risk management at Transport and Main Roads,
Queensland, Australia.
.........................
29
Figure 18. Risk management roles and responsibilities
(Highways Agency, England).
....................
30
Figure 19. Risk management organizational structure
(VicRoads, Victoria, Australia).
...................
31
Figure 20. VicRoads corporate risk management
assessment scale.
.............................
32
Figure 21. Victorian Managed Insurance Authority
State Risk Register approach.
....................
32
Figure 22. M80 risk management approach
(VicRoads, Victoria, Australia).
...................
33
Figure 23. Highways Agency, England, risk escalation
process.
....................................
33
Figure 24. Risk framework maturity model
(VicRoads, Victoria, Australia).
...................
34
Figure 25. Asset management risk assessment
(Highways Agency, England).
....................
36
Figure 26. Geotechnical asset risk profile
(Highways Agency, England).
....................
37
Figure 27. Program risk analysis for Dutch waterways
(Rijkswaterstaat, the Netherlands).
................
37
Figure 28. Branch risk analysis with relation to agency
objectives (Transport and Main Roads, Queensland,
Australia).
...................................
39
Figure 29. Major risk bookmark (Transport and Main
Roads, Queensland, Australia).
...................
40
Figure 30. Cascading risk registers from project
to program to agency (Highways Agency, London,
England).
...................................
41
Figure 31. Project risk bookmark (Transport and Main Roads,
Queensland, Australia).
.........................
41
Figure 32. Range cost estimate from a risk-based
Monte Carlo analysis (Transport and Main Roads,
Queensland, Australia).
.........................
42
Figure 33. Project risk dashboard
(Transport and Main Roads, Queensland, Australia).
...
43
Figure 34. Risk allocation and project delivery selection
(Transport and Main Roads, Queensland, Australia).
...
44
Transportation Risk Management: International Practices for Program Development and Project Delivery 1
Executive Summary
Background
Managing transportation networks, including agency
management, program development, and project
delivery, is extremely complex and fraught with
uncertainty. Administrators, planners, and engineers
coordinate a multitude of organizational and techni-
cal resources to manage transportation network
performance. While most transportation agency
personnel would say they inherently identify and
manage risk in their day-to-day activities, a recent
study found that only 13 State departments of
transportation (DOT) have formal enterprise risk
management programs and even fewer have a
comprehensive approach to risk management
at the agency, program, and project levels.
1
Risk management is implicit in transportation
business practices (see figure 1). Transportation
agencies set strategic goals and objectives (e.g.,
the reliable and ecient movement of people and
1
National Cooperative Highway Research Program (2011).
Executive Strategies for Risk Management by State Depart-
ments of Transportation. NCHRP Project 20-24(74), National
Cooperative Highway Research Program, Transportation
Research Board of the National Academies, Washington, DC.
goods), but success is uncertain. Internal and
external risk events can impact the achievement of
these objectives. Likewise, agencies set perfor-
mance measures and develop asset management
systems to optimize investment decisions. Again,
risks can impact the achievement of performance
and assets. Risk is pervasive in transportation. It is
incumbent on transportation agencies to develop
explicit enterprise risk management strategies,
methods, and tools.
What is Risk Management?
The international standard ISO 31000 defines risk
as “the eects of uncertainty on objectives.
2
In
its broadest terms, risk is anything that could be
an obstacle to achieving goals and objectives.
Risk management is a process of analytical and
management activities that focus on identifying
and responding to the inherent uncertainties of
managing a complex organization and its assets.
Risk can be managed at multiple levels (see figure
2). Enterprise risk management is a term that execu-
tives use when discussing risk. For this purpose,
enterprise risk management involves three levels—
agency, program, and project risk management.
Agency risk management is the responsibility of
highway agency executives. Executives benefit from
the process, but they are also responsible for defin-
ing and championing the process. Agency risks are
the uncertainties that can aect the achievement of
the agency’s strategic objectives (e.g., agency
reputation, data integrity, funding, safety, leader-
ship). Agency risk management is the consistent
application of techniques to manage the uncertain-
ties in achieving agency strategic objectives. There-
fore, agency risk management is not a task to
complete or a box to check, but a process to consis-
tently apply and improve. As we move down a layer,
risk management at the program level involves
managing risk across a network or multiple projects
(e.g., risks inherent in city or regional transportation
2
International Organization for Standardization (ISO)
(2009). ISO 31000 Risk Management—Principles and
Guidelines. International Organization for Standardization,
Geneva, Switzerland.
Strategic
Objectives
Risk
Management
Asset
Management
Performance
Management
Figure 1. Relationship of risk management to transportation
agency management.
2 Executive Summary
planning, risk of material price escalation, design
standard changes, environment, structures). Finally,
risks may be unique to a specific project. Project risk
management occurs with sta familiar with the
specifics of that project and other technical experts
and stakeholders (e.g., utility relocation coordina-
tion, right-of-way purchase delays, geotechnical
issues, community issues). Figure 2 summarizes the
responsibility, type of risk, and risk management
strategies at these three levels.
Figure 2 describes many risk management strategies
highway agencies already practice in the United
States. Agency personnel manage risk daily. How-
ever, comprehensive risk management, from the
agency to the project level, is not common in the
United States.
3
This report describes the best prac-
tices of international organizations with the most
mature risk management programs. Adopting these
best practices will lead to improving agency gover-
nance structures, better aligning stakeholder func-
tions with facility user needs, saving short- and
long-term funds, reducing fatalities, and improving
other agency functions that have uncertainty.
3
National Cooperative Highway Research Program (2011).
Executive Strategies for Risk Management by State Depart-
ments of Transportation. NCHRP Project 20-24(74), National
Cooperative Highway Research Program, Transportation
Research Board of the National Academies, Washington, DC.
Purpose and Scope
From May 26 to June 12, 2011, a U.S. panel traveled
to Australia and Europe to learn from their signifi-
cant experience by conducting a scan of risk man-
agement practices for program development and
project delivery. The purpose of the scan was to
review and document international policies, prac-
tices, and strategies for potential application in the
Unites States. The team conducted meetings with
government agencies, academic researchers, and
private sector organizations that actively participate
in risk management eorts. The scan team also
visited project sites and personnel who were apply-
ing these practices. The scan team visited with
international organizations from the following:
New South Wales, Australia
Victoria, Australia
Queensland, Australia
London, England
Cologne, Germany
Rotterdam, Netherlands
Glasgow, Scotland
RESPONSIBILITY: Executives
TYPE: Risks that impact achievement of agency goals and objectives and involve
multiple functions
STRATEGIES: Manage risks in a way that optimizes the success of the organization
rather than the success of a single business unit or project.
RESPONSIBILITY: Program managers
TYPE: Risks that are common to clusters of projects, programs, or entire business units
STRATEGIES: Set program contingency funds; allocate resources to projects consist-
ently to optimize the outcomes of the program as opposed to solely projects.
RESPONSIBILITY: Project managers
TYPE: Risks that are specific to individual projects
STRATEGIES: Use advanced analysis techniques, contingency planning, and consistent
risk mitigation strategies with the perspective that risks are managed in projects.
AGENCY
PROGRAM
PROJECT
Figure 2. Levels of enterprise risk management (agency, program, and project).
Transportation Risk Management: International Practices for Program Development and Project Delivery 3
Observations and Key Findings
The leading international transportation agencies
have mature risk management practices. They have
developed policies and procedures to identify,
assess, manage, and monitor risks. A brief summary
of the team’s observations includes the following:
Risk management supports strategic organiza-
tional alignment.
Mature organizations have an explicit risk
management structure.
Successful organizations have a culture of risk
management.
A wide range of risk management tools are in
use.
Risk management tools are key for program-
matic investment decisions.
A variety of risk management methods are
available.
Active risk communication strategies improve
decisionmaking.
Risk management enhances knowledge man-
agement and workforce development.
A fully functioning and mature risk management
program supports performance management and
asset management. It integrates strategic planning
with performance and asset management by focus-
ing on risks that could negatively impact overall
agency performance.
Benefits and Challenges of Formal
Risk Management
For agencies that do not currently conduct enter-
prise risk management, there is an investment to
begin. Developing an organizational structure and
investing in the development of methods and tools
are not trivial tasks. An understanding of the ben-
efits and challenges is helpful in developing an
enterprise risk management program.
Benefits
Helps with making the business case for
transportation and building public trust
Avoids or minimizes managing-by-crisis and
promotes proactive management strategies
Explicitly recognizes risks in multiple invest-
ment options with uncertain outcomes
Provides a broader set of viable solution
options earlier in the process
Communicates uncertainty and helps focus
on key strategic issues
Improves organizational alignment
Promotes an understanding of the repercus-
sions of failure
Helps apportion risks to the party best able to
manage them
Facilitates good decisionmaking and account-
ability at all levels of the organization
Challenges
Gaining organizational support for risk manage-
ment at all levels
Evolving existing organizational culture, which
can be risk averse
Developing and funding organizational
expertise for risk management
Implementing and embedding a new process
for risk management
Diculty in applying risk allocation alternatives
within organizational constraints
Lack of willingness to accept and address issues
that risk management will identify
Recommendations
The risk management scan team included Federal,
State, and private sector members with well over
100 years of combined experience in the operation,
4 Executive Summary
design, and construction of U.S. transportation
systems. Through this focused research study, the
team has gained a fresh perspective on how the U.S.
transportation industry can use risk management
practices to better meet its strategic objectives,
improve performance, and manage assets. The
following scan team recommendations oer a path
forward for the transportation community and will
help develop a culture of risk awareness and man-
agement in the United States:
1. Develop executive support for risk
management.
2. Define risk management leadership and
organizational responsibilities.
3. Formalize enterprise risk management
approaches using a holistic approach to sup-
port decisionmaking and improve successful
achievement of strategic goals and objectives.
4. Use risk management to reexamine existing
policies, processes, and standards.
5. Embed risk management in existing business
processes so that when asset, performance,
and risk management are combined, success-
ful decisionmaking ensues.
6. Identify risk owners and manage risks at the
appropriate level.
7. Use the risk management process to support
risk allocation in agency, program, and project
delivery decisions.
8. Use risk management to make the business
case for transportation and build trust with
transportation stakeholders.
9. Employ sophisticated risk analysis tools, but
communicate results in a simple fashion.
Implementation
The risk management scan findings confirm that an
ecient and eective enterprise risk management
program is a powerful tool for the international
transportation agencies the team visited. The dem-
onstrated benefits for the agencies are both quanti-
tative, such as better controls over costs and
delivery schedules, and qualitative, such as less
likelihood of negative public relations issues. Risk
management provides information that allows
agencies to improve programs and projects by
making them more ecient. By identifying and
mitigating risks, agencies can avoid policies and
standards that are not practical for all cases. The
findings further confirm that risk management
programs can be a powerful tool and unifying
systems approach for State agencies. While today
each U.S. highway agency diers in its level of risk
management maturity, it seems reasonable that the
implementation activities associated with this scan
should advance enterprise risk management in State
agencies throughout the country. That is, agencies
need to do risk management at the agency, pro-
gram, and project levels to be fully successful.
The scan findings confirm the need for additional
implementation activities that fall into the categories
of research, training, governance, and communication
and marketing for knowledge transfer. The following
are some preliminary short- and long-term implemen-
tation suggestions to evolve and advance enterprise
risk management in U.S. highway agencies:
Conduct an executive-level risk management
workshop.
Host an international enterprise risk manage-
ment workshop.
Develop a guidebook on enterprise risk
management strategies, methods, and tools.
Develop and deploy risk management tools.
Develop risk management performance
measures.
Develop and implement risk management
assessment tools and a maturity model.
Introduce risk management case studies.
Activate an American Association of State
Highway and Transportation Ocials risk
management subcommittee (elevate from
a technical committee).
Update risk management training to incorpo-
rate lessons learned from the scan.
Transportation Risk Management: International Practices for Program Development and Project Delivery 5
Most agencies would agree that they already do
some form of risk management, but few agencies
have reached the level of maturity found in the host
countries visited on this scan. The implementation
strategies will serve as a means to transfer the
practices from Australia and Europe that could
significantly improve highways and highway trans-
portation services in the United States. This technol-
ogy transfer enables innovations to be adapted and
put into practice much more eciently without
spending scarce research funds to re-create
advances already developed by other countries.
Successful implementation in the United States of
the world’s best practices is the goal of the eort.
Reader’s Guide to the Report
The report combines a discussion of common
practices and illustrative case studies of risk man-
agement in Australia and Europe with critical analy-
sis of the applicability of these techniques to U.S.
agencies and culture. Whenever possible, parallel
U.S. examples are provided to amplify techniques
that are directly applicable. This report begins with a
discussion of risk management strategies and tools
that are common to the agencies on the scan. It then
discusses applications of risk management at the
agency, program, and project levels. The document
concludes with recommendations for developing
risk management practices in the U.S. transportation
sector.
The report is designed to provide information to
various users in a number of ways. Chapter 3 on
agency risk management focuses on providing
information to transportation executives and inspir-
ing them to lead change in their agencies. It is rich
with examples of how transportation agencies can
benefit from a holistic approach to risk manage-
ment. Chapter 4 on program risk management is
geared to program managers and leaders of disci-
pline groups. It provides more comprehensive
approaches to aligning various risk management
eorts across highway agencies. Chapter 5 on
project risk management provides project managers
with examples and tools to improve their project
performance. Chapter 6 provides a framework for
enterprise risk managers in highway agencies to
implement risk management in their organizations
and support growth of risk management in the U.S.
transportation community.
6
Transportation Risk Management: International Practices for Program Development and Project Delivery 7
CHAPTER 1:
Introduction
Background and Purpose
National Cooperative Highway Research Program
(NCHRP) studies have found that U.S. highway
agencies have only recently begun to develop
formal risk management policies and procedures at
the enterprise, program, and project levels.
4
Formal
enterprise risk management has the potential to
help highway agencies communicate uncertainty,
gain trust from the public, make the business case
for more public funding, provide a broader set of
viable solution options earlier in the process, and
apportion risks to the party best able to manage
them. The public highway sector trails public sector
counterparts such as the U.S. Department of Energy
and the Federal Transit Administration in risk man-
agement application at the project level. Adding
urgency is the current Federal highway reauthoriza-
tion plan, which is based on performance measures
that will necessitate an integrated risk management
approach to succeed.
Planners, engineers, and project and administrative
managers must coordinate a multitude of human,
organizational, technical, and natural resources.
Quite often, the engineering and construction
complexities are overshadowed by societal, eco-
nomic, and political challenges. Financial uncertain-
ties are pervasive and create cascading impacts
throughout transportation organizations because of
the length of the planning, design, and construction
process. Clearly, the tools of risk management
belong in the broad set management tools required
for successful delivery of national and State highway
facilities.
4
National Cooperative Highway Research Program (2011).
Executive Strategies for Risk Management by State Depart-
ments of Transportation. NCHRP Project 20-24(74), National
Cooperative Highway Research Program, Transportation
Research Board of the National Academies, Washington, DC,
May 2011.
National Cooperative Highway Research Program (2010).
Guidebook on Risk Analysis Tools and Management Practices
to Control Transportation Project Costs. NCHRP Report 658,
ISBN 978-0-309-15476-5, National Cooperative Highway
Research Program, Transportation Research Board of the
National Academies, Washington, DC, June 2010, 120 pp.
The purpose of this scan was to examine risk
management programs and practices in other
countries that actively assess transportation system
performance risks and manage them through a risk
management process. The scan objectives were to
document lessons learned from public agencies
that are administering mature risk management
programs under a variety of programmatic
strategies and project delivery methods. The
scan focused on risk identification, analysis, and
management techniques that result in successful
program delivery and enhanced stakeholder com-
munications. The scope of this scan was limited to
an exploration of risk management processes, tools,
documentation, and communication. Risk manage-
ment strategies, methods, and tools used by inter-
national agencies are the key information obtained
by this scan.
Methodology
The Federal Highway Administration (FHWA) and
the American Association of State and Highway
Transportation Ocials (AASHTO) jointly sponsored
this scan with the cooperation of NCHRP. The scan
topic was selected by the Transportation Research
Board’s (TRB) NCHRP Panel 20-36 from a number
of competing proposals for the 2011 funding cycle.
After the proposal was accepted, Daniel D’Angelo,
deputy chief engineer and director of design for
the New York State Department of Transportation
(DOT), and Joyce Curtis, associate administrator
of FHWA’s Oce of Federal Lands Highway, were
appointed scan cochairs. They joined representa-
tives from the public and private sectors to
represent a cross-section of the industry. The team
members are shown in figure 3 (see next page) and
their aliations are listed below. Contact information
and biographical sketches for the scan team
members are in Appendix A.
✓Formal risk management improves
decisionmaking and accountability
at all levels of the organization.
8 Chapter 1: Introduction
Joyce Curtis (FHWA cochair), associate admin-
istrator, FHWA Oce of Federal Lands Highway
Daniel D’Angelo, P.E. (AASHTO cochair),
deputy chief engineer and director of design,
New York State DOT
Keith R. Molenaar, Ph.D. (report facilitator),
professor and chair, University of Colorado
Boulder
Joseph S. Dailey, Wyoming Division
administrator, FHWA
Steven D. DeWitt, P.E., chief engineer,
North Carolina Turnpike Authority
Michael J. Graf, program management
improvement team leader, FHWA
Timothy A. Henkel, assistant commissioner,
Minnesota DOT
John B. Miller, Ph.D., president, Barchan
Foundation, Inc.
John C. Milton, Ph.D., P.E., director of
enterprise risk and safety management,
Washington State DOT
Darrell M. Richardson, P.E., assistant State
roadway design engineer, Georgia DOT
Robert E. Rocco, associate vice president
and risk manager, AECOM Transportation
The next step was to conduct a desk scan to select
the most appropriate countries for the scan team
to visit. The objective was to maximize the time the
panel spent reviewing its topics of interest. The desk
scan employed a two-tier methodology of literature
review and synthesis. The methodology provided for
data collection from government agencies, profes-
sional organizations, and experts who are most
advanced in the scan topics. Given the wide variety
of scan topics and the relatively short time in which
to collect information, the desk scan did not act
as an all-inclusive study of global activities, but it
provided concrete quantitative information to
select the most appropriate scanning partners.
The literature review focused on gathering docu-
ments that describe risk management organizational
structures, practices, and published guidance.
Document types, in order of importance, included
government reports, journal articles, conference
proceedings, periodical articles, and Web docu-
ments. Government reports are the most dicult
to locate. These documents were found through
previous scans and on governmental Web sites. The
main search engine for the journals and conference
proceedings is the Ei Compendex database.
Ei CompendexWeb is a comprehensive bibliographic
database of engineering research literature, contain-
ing references to more than 5,000 engineering
journals and conferences. Also useful was TRB’s
database of papers and conference proceedings.
World Wide Web searches yielded perhaps the most
useful results for this report. The scan employed
Google Scholar as the main Web search engine.
Three primary selection criteria were
analyzed for this desk scan: (1) risk
management organizational structure,
(2) transferability of practices to the
United States, and (3) adoption of ISO
31000 Risk Management standards.
Each agency’s organizational structure
was analyzed to see if it defined risk
management as a specific organizational
function. The applicability of an organi-
zation’s risk management practices to
the United States was also examined.
This was done by comparing the plan-
ning, design, and operations functions
to the United States. The government’s
political and economic structures were
also considered. The number of times
each agency was visited on past scans
Figure 3. U.S. scan team.
Transportation Risk Management: International Practices for Program Development and Project Delivery 9
was used as an indicator of transferability of
practices. Finally, countries were selected on the
basis of their adoption of the ISO 31000 standard.
This standard is important because it provides the
framework around which an international commu-
nity of risk managers can be established. A country
that has ocially adopted this standard would be
more accessible to an investigation.
The results of the desk scan were presented to the
U.S. scan team at a Washington, DC, meeting to
select the host countries. The team also used the
meeting to finalize a panel overview document,
which was sent to the host countries to prepare
them for the U.S. delegation. The panel overview
explained the background and scope of the scan,
sponsorship, team composition, topics of interest,
and tentative itinerary.
Before conducting the scan, the team prepared a
comprehensive list of amplifying questions to further
define the panel overview and sent it to the coun-
tries it planned to visit. Some of the host countries
responded to the questions in writing before the
scan, while others used them to organize their
presentations. The team attempted to craft ques-
tions that were precise enough to elicit the informa-
tion that it anticipated, yet open-ended enough
that the host countries could bring new ideas—not
envisioned by the U.S. scan team—to light. The team
was successful in its assembly of the questions, as
documented throughout this report. The amplifying
questions are in Appendix B.
The delegation traveled to Australia and Europe
from May 26 to June 12, 2011. The team visit con-
sisted of a combination of meetings with highway
agencies and practitioners and site visits. The scan
team met with representatives of the following
organizations:
Roads and Trac Authority, Sydney, Australia
VicRoads, Melbourne, Australia
Transport and Main Roads, Brisbane, Australia
Federal Highway Research Institute (BASt),
Cologne, Germany
Ministry of Transport, Public Works, and Water
Management, Rotterdam, Netherlands
Transport Scotland, Glasgow, Scotland
Highways Agency, London, England
The team met with these agencies in a series of
day-long interviews. The team followed the amplify-
ing questions to ensure consistency in data collec-
tion. The team also collected documentation of risk
management policies and procedures from the
agencies. The results of this report are based on the
desk scan, the interviews and documents collected
in the interviews, and the synthesis of the scan team
members during and after the visits.
10
Transportation Risk Management: International Practices for Program Development and Project Delivery 11
CHAPTER 2:
Common Definitions, Strategies,
and Tools for Risk Management
Table 1. Risk management definitions (from ISO 31000).
Term ISO 31000 Definition
Risk Effect of uncertainty on objectives
Risk
Management
Coordinated activities to direct and control an
organization with regard to risk
Risk
Management
Framework
Set of components that provide the foundations
and organizational arrangements for designing,
implementing, monitoring, reviewing, and
continually improving risk management throughout
the organization
Risk
Management
Policy
Statement of the overall intentions and direction of
an organization related to risk management
Risk
Management
Plan
Scheme within the risk management framework
specifying the approach, management components,
and resources to be applied to risk management
Risk Attitude Organization’s approach to assess and eventually
pursue, retain, take, or turn away from risk
Risk
Identification
Process of finding, recognizing, and describing risks
Risk
Assessment
Overall process of risk identification, risk analysis,
and risk evaluation
Risk Analysis Process to comprehend the nature of risk and
determine the level of risk
Risk
Evaluation
Process of comparing the results of risk analysis
with risk criteria to determine whether the risk and/
or its magnitude is acceptable or tolerable
Event Occurrence or change of a particular set of
circumstances
Likelihood Chance of something happening
Consequence Outcome of an event affecting objectives
Level of Risk Magnitude of a risk or combination of risks,
expressed in terms of the combination of
consequences and their likelihood
Risk Treatment Process to modify risk
Control Measure that is modifying risk
Residual Risk Risk remaining after risk treatment
Monitoring Continual checking, supervising, critically observing,
or determining the status to identify change from
the performance level required or expected
Introduction
Leading transportation agencies use
common strategies and tools for risk
management. These strategies and tools
were found to be consistent throughout
Australia and the European countries
the scan team visited. While risk analysis
techniques can be mathematically
complex and rigorous, the resulting
strategies and application tools are
simple. They communicate risk informa-
tion simply to decisionmakers. This
chapter presents risk management
definitions and the most common
strategies and tools. It provides a
foundation for the discussion of
agency, program, and project risks
in the chapters that follow.
Risk Management Definitions
While the vocabulary of risk manage-
ment terms varies slightly from agency
to agency, the fundamental definitions
are consistent throughout the globe.
Multiple industry organizations define
risk terms in an attempt to provide
standardization. The scan team found
that all the agencies in Australia and the
majority of agencies in Europe visited on
this scan refer to the definitions from the
ISO 31000 Risk Management—Principles
and Guidelines.
5
The most pertinent
definitions for this report are in table 1.
In addition to the ISO 31000 definitions,
a number of organizations have created
risk management definitions to clarify
5
International Organization for Standardiza-
tion (ISO) (2009). ISO 31000 Risk Manage-
ment—Principles and Guidelines. International
Organization for Standardization, Geneva,
Switzerland.
12 Chapter 2: Common Definitions, Strategies, and Tools for Risk Management
the process. Appendix D compares the primary
definitions and summarizes the terminology used
in this report. Appendix D cites some of the more
prominent national and international documents,
including the FHWA Guide to Risk Assessment and
Allocation for Highway Construction Management,
6
the NCHRP Guide for Managing NEPA-Related and
Other Risks in Project Delivery,
7
the NCHRP Guide-
book on Risk Analysis Tools and Management
Practices to Control Transportation Costs,
8
the
Project Management Institute’s Project Manage-
ment Body of Knowledge,
9
the Project Management
Institute’s Standard for Program Management,
10
and the Committee of Sponsoring Organizations
of the Treadway Commission’s Enterprise Risk
Management—Integrated Framework.
11
Risk Management Process
Several risk management steps (i.e., the risk man-
agement process) apply to all levels of transporta-
tion organizations. The guides from the Project
Management Institute, ISO, NCHRP, and FHWA
each have similar steps. Figure 4 outlines five steps
that have proven to be eective in managing risk:
(1) identification, (2) analysis, (3) evaluation,
(4) treatment, and (5) monitoring and review. Also,
as shown in figure 4, the risk management process
should be iterative. This means the steps must be
6
Federal Highway Administration (2006). Guide to Risk
Assessment for Highway Construction Management. Report
FHWA-PL-06-032, U.S. Department of Transportation,
Washington, D.C.
7
National Cooperative Highway Research Program (2011).
Guide for Managing NEPA-Related and Other Risks in Project
Delivery. NCHRP Web-Only Document 183, National Coopera-
tive Highway Research Program, Transportation Research
Board of the National Academies, Washington, DC.
8
National Cooperative Highway Research Program (2010).
Guidebook on Risk Analysis Tools and Management Practices
to Control Transportation Project Costs. NCHRP Report 658,
ISBN 978-0-309-15476-5, National Cooperative Highway
Research Program, Transportation Research Board of the
National Academies, Washington, DC.
9
Project Management Institute (2004). A Guide to Project
Management Body of Knowledge (PMBOK Guide). Project
Management Institute, Newton Square, PA.
10
Project Management Institute (2006). Standard for
Program Management. Project Management Institute,
Newton Square, PA.
11
Committee of Sponsoring Organizations of the Treadway
Commission (2004). Enterprise Risk Management—Integrated
Framework. Committee of Sponsoring Organizations of the
Treadway Commission, www.coso.org.
repeated over time. As risk treatment eorts
are implemented, some risks no longer apply,
some residual risk may remain, and some new
risks may be identified. The nature of transporta-
tion development, design, construction, and
operations requires an iterative and active risk
management process.
Brief descriptions of each step follow. More detailed
explanations with descriptions and examples of
these steps are provided throughout this report.
1. Risk identification is the process of determin-
ing which risks might aect objectives and
documenting their characteristics. Risk identi-
fication uses simple tools such as brainstorm-
ing and checklists. Risks can aect objectives
at the agency level (e.g., achievement of
strategic goals), the program level (e.g.,
management of critical assets), and the
project level (e.g., attainment of budget or
schedule commitments). Risk identification
should occur continuously throughout the
risk management process.
2. Risk analysis involves defining, quantitatively
or qualitatively, the consequence (i.e., impact)
and likelihood (i.e., probability) of a risk. Risk
analysis can use simple methods to describe
risks, such as probability and impact matrices,
or more sophisticated probabilistic methods,
such as three-point estimates or probability
functions and Monte Carlo simulations. More
qualitative methods typically apply when
analyzing strategic goals and related items.
Figure 4. Cyclical nature of the risk management process
(adapted from PMI and ISO 31000).
RISK
MANAGEMENT
PROCESS
Monitoring
and Review Identification
Analysis
Treatment
Evaluation
Transportation Risk Management: International Practices for Program Development and Project Delivery 13
More quantitative methods apply when analyz-
ing cost and schedule estimates or complex
design decisions.
3. Risk evaluation involves the process of
comparing the results of risk analyses with an
agency’s level of risk tolerance. If risks are too
great, action (i.e., risk treatment) will need to
be taken. Risk evaluation presupposes that an
agency has defined its risk tolerance and is
prepared to take action if a risk’s consequence
and likelihood are too great.
4. Risk treatment involves a risk response and
risk modification. Common options involve
avoidance, mitigation, or transference of the
risk. Risk avoidance is the best option if the
agency’s goals can still be achieved when the
risk is avoided. Mitigation typically involves
making an investment to reduce the conse-
quence or likelihood of a risk. Transference
involves allocating the consequence of the risk
to another party (e.g., a contractor), but there
is typically a price to transferring the risk
because the other party must mitigate the risk.
The fundamental tenets of risk transference
include allocating risks to the party best able
to manage them, allocating risks in alignment
with agency goals, and allocating risks to
promote team alignment with customer-
oriented performance goals.
5. Risk monitoring and review are the capture,
analysis, and reporting of risk status in relation
to performance. Risk monitoring and review
typically employ a risk management plan to
monitor risk status and identify changes from
the performance level required or expected.
Risk monitoring and review assist in contin-
gency tracking and resolution.
Structures for Successful Risk
Management
The scan team found structures for successful risk
management. Explicit structures can be shown with
organization charts and defined risk manager roles
and responsibilities, as described in Chapter 3. The
risk management policies described in Chapter 3 are
also a key to success. However, explicit structures
and policies are only part of a successful strategy.
The risk workshops and risk registers described in
this chapter are key tools found in each agency
visited on the scan. The outcome of these structures,
policies, and tools must be comprehensive risk
management plans and risk management communi-
cation. The most mature risk management organiza-
tions have structures that encompass the strategies
and tools described at the agency, program, and
project levels, explained in Chapters 2 through 5 of
this report.
Risk Workshops
Risk workshops are formal meetings at which
agency sta, subject matter experts, and risk analy-
sis facilitators work together to identify and analyze
risks. Stakeholders from outside the agency can also
participate, if appropriate. The workshops can focus
on qualitative or quantitative risk analysis tech-
niques. Qualitative analyses typically identify and
rank risks. Quantitative analyses typically identify
risks, quantify uncertainty in performance (e.g., for
generating ranges of total cost and schedule), and
quantify the significance of each risk (e.g., for
subsequent risk management cost-benefit analysis).
Figure 5 provides an example of a workshop
agenda and attendees. Risk workshops can vary in
length from a few hours to an entire week, depend-
ing on the outcomes desired. Workshops dealing
only with risk identification can typically be com-
pleted in a matter of hours. Workshops that result
in sophisticated financial or schedule simulation
models can last multiple days. A commonly cited
key to risk workshop success is finding the right
Figure 5. Generic risk workshop agenda and attendees.


1. Provide brief risk
identication training.
2. Dene scope and goals
of risk identication
workshop.
3. Discuss assumptions
and issues of risk.
4. Brainstorm risks.
5. Review historic check-
lists for any brainstorm-
ing oversights.
6. Summarize results.

• Risk Facilitator
• Project or Program
Manager
• Internal Subject Matter
Experts
• External Subject Matter
Experts
Appropriate Internal
and External
Stakeholders
14 Chapter 2: Common Definitions, Strategies, and Tools for Risk Management
people to attend. Risk identification needs to come
from a variety of sources to be comprehensive, and
risk assessment should have a consensus input to
be accurate.
The products of risk workshops vary depending on
the complexity of the issues and time available for
the workshop. Common products from the least to
most complex are as follows:
A list of risks with complete descriptions
A quantification of risk for both consequence
and likelihood
A range of project costs and schedules to
support contingency estimates
Initial risk mitigation plans
Preliminary risk register and risk management
plan
In addition to these products, risk workshops
generally help align team members’ understanding
of objectives and risks and focus resources on the
areas that are most aected.
All agencies visited on this scan used risk work-
shops. Transport and Main Roads in Queensland,
Australia, used half-day risk workshops with its
board of directors to manage strategic risks. The
Highways Agency in England used risk workshops to
identify risks and rely on the experience and knowl-
edge of team members (and internal and external
stakeholders where appropriate).
12
Transport Scotland used risk workshops to identify
and quantify risks (see figure 6). Its workshops,
which use a proprietary system called GroupSys-
tems, were the most structured of all the examples
found on the scan. All workshop participants are
provided with a laptop computer to identify and
quantify risks anonymously. The agency has found
that the benefits include better brainstorming
because participants can debate and vote anony-
mously. The voting draws on the experience and
expertise of all participants, and the system helps
achieve consensus more rapidly and captures all
information automatically.
12
Highways Agency (2010). Highways Agency Risk
Management Policy and Guidance. Highways Agency,
London, England.
Risk workshops are a key tool in the risk manage-
ment process. Whether it be at the agency, program,
or project level, the use of workshops to gain input is
essential to the risk management process.
Risk Registers
A risk register is a tool that agencies use to address
and document risks. They are often the product of
a risk workshop. The scan team found that the risk
register was the most common risk management
tool at all agencies. Figure 7 shows how Transport
and Main Roads in Queensland, Australia, applied
risk registers throughout the agency. The risk
register is a living document that describes risk
characteristics. For identified risks, the register
typically provides an assessment of the root
causes, the objectives aected (e.g., agency
goals, program performance measures, project
cost and/or schedule), an analysis of their likelihood
of occurring, their impact if they occurred, the
criteria used to make those assessments, and the
overall risk rating of each risk by objective. It can
include risk triggers, the response strategies for
high-priority risks, and the risk owner who will
monitor the risk. It is a comprehensive list of risks
and how they are being addressed as part of the
holistic risk management process. Although sophis-
ticated risk register software is commercially
available, the scan team found that risk registers
are generally kept on a spreadsheet that can be
easily categorized, updated, and maintained
throughout the agency.
A risk register is a living document. Transportation
executives update risk registers relating to their
strategic objectives in monthly or quarterly meet-
ings. Program managers update risk registers in
coordination with their asset management and
investment decisions. Project managers update their
risk registers as they progress through project
development and manage the cost, schedule, and
contingency budgets. There is no prescription for
how extensive a risk register should be. Based on
the scan team’s findings, the agency should deter-
mine the most beneficial use of the risk register, with
the objective of minimizing the impact of risks.
Figure 8 (see pages 16 and 17) provides an example
of a risk register template from VicRoads in Victoria,
Australia. The risk register covers the entire risk
management process. Risks are described in the first
column. The remaining columns describe important
Transportation Risk Management: International Practices for Program Development and Project Delivery 15
information about the risks relating to the manage-
ment process, including the following:
Key risk area
Reputation
Environment
Security of assets
Management eort
Legal and compliance
Health and safety of VicRoads
project activities
Business performance, scope, time,
and capability
Financial
Stakeholder management
Quality
Trac management
Risk reference
Potential cause (and assessment of
uncontrolled risk)
Existing risk controls, management actions,
and management tools
Risk assessment with existing controls
Consequence
Likelihood
Risk rating
Proposed further risk treatment actions
Action
Responsibility
Target completion
Risk assessment after treatment actions
Consequence
Likelihood
Risk rating
Progress report
Comment on progress
Responsible ocer
Revised forecast completion
The Highways Agency in England provided the scan
team with a copy of its risk register template (see
figure 9, page 18). The template contains fewer
details than the template from VicRoads, but it
provides similar information for each identified risk,
including the following:
Risk category
Risk reference
Gross risk status
Risk treatment
Controls in place
Control description
Lead for control action
Residual risk status
Planned further action
Lead for planned further action
Target risk level
Figure 6. Transport Scotland’s risk workshop.
Figure 7. Aligned risk management approach (Transport and
Main Roads, Australia).
16 Chapter 2: Common Definitions, Strategies, and Tools for Risk Management
Risk
Description
MPD Key
Risk Area
(Key Success
Factor)
Ref. Potential Cause
(and assessment of
Uncontrolled Risk)
Existing Risk Controls,
Management Actions
and Management Tools
Risk Assessment with
existing controls
Consequence Likelihood Risk
Rating
Identify and
describe
credible
events or
situations that
would impact
on the
achievement
of goals and
objectives.
Identify credible reasons
that the risk event might
occur. Consider credible
scenarios or potential
failures.
Make an informed
judgement of the likely
inherent risk without the
operation of existing
controls.
By considering the
inherent risk we are able
to prioritise and monitor
that the controls that
have been put in place
are working as intended.
Identify key policies,
management systems,
procedures, actions etc
that have been put in
place that will eliminate
or reduce the potential
consequences and/or
likelihood of the risk
event occurring.
Key controls should be
prioritised, monitored
and assessed to ensure
eectiveness in
reducing the uncon-
trolled risk level (e.g. by
audit or performance
monitoring)
Consider with
existing
controls in
place.
Consider
with
existing
controls in
place.
Assess risk
level with
existing
controls in
place.
Extreme
Division/Project—Consequences threaten the continuation of the
Business Area/Project and possibly major impact to the reputation of
VicRoads Major Projects Division requiring intervention from VicRoads
executive management—requires prompt action by Director Major
Projects to implement stringent new controls to treat the risk.
Key Risk Areas (Key Success Factors)
from MPD Project Risk Management
Assessment Guide
• Reputation
• Environment
• Security of Assets
• Management Eort
• Legal & Compliance
• Health & Safety of VicRoads Projects
activities*
• Business Performance, Scope, Time &
Capability
• Financial
• Stakeholder Management
• Quality
• Trac Management
High
Division/Project—Consequences threaten the eective completion of the
Business Area/Project—existing controls must be eective and requires
additional treatment action to be managed by Project Director level.
Medium
Project—Consequences threaten completion of a Business Area/Project
section or activity—existing controls must be eective and possibly
additional treatment action eectively implemented—action to be
managed at Project Delivery Manager level.
Low
Project—Risk is managed by current practices and procedures—conse-
quences are dealt with by routine operations at Team Leader level—moni-
tor routine practices and procedures for eectiveness.
Documentation is required to demonstrate that the typical
elements of risks in Attachment A have been considered. The
Corporate Risk Management Assessment Guide or MPD Project
Risk Management Assessment Guide should be used to deter-
mine the risk level and to determine if additional treatment action
is required.
MPD Risk Profile—Risk Register and Risk Management Plan
Figure 8. Risk register template from VicRoads Major Projects Division in Victoria, Australia.
Transportation Risk Management: International Practices for Program Development and Project Delivery 17
Proposed further Risk Treatment Actions Risk Assessment after Treatment Actions Progress Report
Comment
on
Progress
Responsible
Ocer
Revised
Forecast
Completion
Action Responsibility Target
Completion
Consequence Likelihood Risk Rating
Decide if the
existing risk
level is accept-
able or whether
it should be
reduced further.
Risk treatment
actions may be
developed to
further reduce
the potential
consequences
and/or the
likelihood of the
event occurring
to reduce the
level of risk.
Assign to
accountable
manager to
ensure that
the treatment
action is
implemented
eectively
(e.g. CMG for
corporate
risks and
relevant
manager for
BA or project
risks)
Determine
target
completion
date taking
into account
priorities
and
resourcing.
Consider with
existing
controls and
further risk
treatment
actions
completed.
Consider
with
existing
controls
and further
risk
treatment
actions
completed.
Assess Risk
level with
existing
controls and
further risk
treatment
actions
completed.
18 Chapter 2: Common Definitions, Strategies, and Tools for Risk Management
Figure 9. Risk register template from the Highways Agency in England.
Highways Agency Standard Format Risk Register: Format Version dated 26th August 2010
Organisation Name: Date of Risk Register
Transportation Risk Management: International Practices for Program Development and Project Delivery 19
Although each agency created unique risk registers
for dierent levels and dierent objectives, all
registers were similar in format to figure 8. Other
examples of risk registers at the agency, program,
and project levels are provided throughout this
document.
Risk Quantification
Risk quantification is a core task in the risk manage-
ment process. Because risk events, by nature, may
or may not occur, the concept of risk quantification
stems from probability theory. However, the use of
risk management tools does not require a compre-
hensive knowledge of probability theory. The most
common tool is the expected value method of risk
quantification, which all of the agencies the team
met with used:
Expected Value of Risk = Probability of Occurrence
X Magnitude of Impact
or
Risk Rating = Likelihood X Consequence
The expected value of risk can be used by decision-
makers to rank risks (see figures 12 and 13 in this
chapter and the risk tolerance discussion in Chapter
3). The application of this concept ranges from very
subjective judgments to quantitative definitions of
risk that are well grounded in statistical theory and
lead to rigorous estimates. However, all agencies
visited on this scan apply the expected value
method to quantifying risk, as seen in the examples
provided throughout this report.
Ideally, highway agencies would have historic data
available to quantify all risk. However, the use of
historic data is the exception rather than the norm
and agencies must rely on subjective assessments
from agency personnel. Risk quantification is funda-
mentally a management activity supported by
people familiar with risk management activities.
Managers and analysts approach risk using dierent
but complementary viewpoints. Managers tend
toward qualitative assessment of risks. They evaluate
risks on their worst-case eects and their likelihood
of occurrence. Managers also tend to focus on
strategies and tactics for avoiding risks or reducing
a risk’s negative impacts. Analysts, on the other
hand, tend toward quantitative assessment of risks.
They evaluate risk impacts in terms of a range of
tangible results, and they evaluate risk of occurrence
in terms of probabilities. The analyst’s focus is on the
combined tangible eect of all the risks on project
scope, cost, and schedule. A comprehensive risk
assessment combines both qualitative and quantita-
tive assessments.
Heat Maps
Heat maps are visual tools to communicate the
expected value of identified risks. Likelihood and
consequence are the two primary characteristics
used to screen risks and separate them into risks
that are minor (i.e., do not require further manage-
ment attention) and significant (i.e., require manage-
ment attention and possibly detailed quantitative
analysis). Various methods have been developed to
classify risks according to their seriousness. One
common method is to develop a two-dimensioned
matrix that classifies risks in three categories based
on the combined eect of their likelihood and
consequence—the heat map.
A heat map, or consequence X likelihood, is used for
qualitative analysis of risks on a project. It is formed
by combining each risk’s probability of occurrence
(likelihood) with its impact (consequence) on
objectives to rank risks or determine the level of
priority to assign to that risk (e.g., high, medium,
low). These assessments can be used to make risk
treatment decisions (see figures 12 and 13 later in
this chapter and the risk tolerance discussion in
Chapter 3) or as a first step in a more quantitative
probabilistic analysis.
A heat map displays each risk’s rating through its
likelihood and corresponding consequence. These
matrices can take many forms, but a simple illustra-
tion is shown in figure 10 (see next page).
The agencies the team met with on the scan used
heat maps at all levels of the agency. The heat map
in figure 10 is from a project-based risk management
process and measures impacts on cost and sched-
ule. However, heat maps can be used to show the
relationship of risks to any variety of objectives.
Figures 11 and 12 (see pages 20 and 21) provide the
Highways Agency’s policy guidance on risk quantifi-
cation and heat maps, respectively. This guidance is
intended more for project and program risk. The
principles described in the previous paragraphs
can all be seen in these examples.
20 Chapter 2: Common Definitions, Strategies, and Tools for Risk Management
Figure 11. Risk assessment guidance from the Highways Agency in England.
13
13
Highways Agency (2010). Highways Agency Risk
Management Policy and Guidance. Highways Agency,
London, England.
Figure 10. Heat map example.
Likelihood Assessment
This concerns the likelihood of a key risk event occurring over a given period. In view of the focus on
high-level risk events with substantial policy implications, it was agreed to adopt a 5-year time horizon
as per the Corporate Risk Register. The agreed likelihood scale is presented below.
Level Descriptor Likelihood Over 5 Years
1 Rare >0.02% (less than 1 in 5,000 chance)
2 Unlikely 0.02% to <2% (1 in 5,000 to 1 in 50 chance)
3 Possible 2% to <20% (1 in 50 to 1 in 5 chance)
4 Likely 20% to <75% (1 in 5 to 1 in 2 chance)
5 Almost Certain >75% (more than 7 in 10 chance)
Transportation Risk Management: International Practices for Program Development and Project Delivery 21
Figure 12. Risk management assessment guide from the Highways Agency in England.
14
14
Highways Agency (2010). Highways Agency Risk
Management Policy and Guidance. Highways Agency,
London, England.
(Figure 11 continued)
Impact Assessment
This concerns the impact of a key risk event, which can be broken down into the following categories.
Level Impact Description
1 Insignificant Almost no impact
2 Minor A noticeable impact, but not a significant one
3 Moderate Now the impact is noticeable and has a material eect on the relevant area
4 Major The impact threatens to seriously damage the aected area
5 Catastrophic The impact is almost all-encompassing
Impacts can be considered in a number of dierent ways:
Time impact—When is the risk likely to occur?
Cost impact—Consideration of the cost of the risk occurring against the cost of preventing its
occurrence.
Delivery impact—How badly would this risk disrupt what we’re trying to deliver?
Reputation impact—How much damage would this event do to the reputations of the Highways
Agency, Department for Transport, or government if it occurred?
Prioritization Matrix (Heat Map)
After likelihood and impact assessments have been made, a risk matrix allows the severity of the risk of
an event occurring to be determined, using a black-red-amber-green (BRAG) scoring system.
Likelihood Consequence
Insignificant Minor Moderate Major Catastrophic
Rare Low Low Low Low Low
Unlikely Low Low Low Medium Medium
Possible Low Low Medium High High
Likely Low Medium High High Critical
Almost Certain Medium Medium High Critical Critical
Green Low Overall Gross RiskGood; might need some refinement
Amber Medium Overall Gross Risk—Cause for concern; needs attention
Red High Overall Gross RiskHighly problematic; requires urgent and decisive action
Black (Critical) Critical Overall Gross RiskFocused senior management attention is required. HA Board
may need to be made aware.
22 Chapter 2: Common Definitions, Strategies, and Tools for Risk Management
Note that the heat map in figure 12 displays low risk
in the upper left quadrant and high risks in the lower
right. The examples from the Netherlands and
England display the low-risk factors on the upper
left and the high-risk factors on the bottom right.
The majority of heat maps in the United States show
the high-risk factors in the upper right, similar to
figure 10. While the visual presentation may be
slightly dierent, the calculation and meaning are
the same on all three heat maps.
Use of Risk Communication Strategies
to Improve Decisionmaking
One of the greatest benefits of the risk manage-
ment process is the ability to communicate infor-
mation simply to decisionmakers throughout the
organization and externally to stakeholders. While
the analysis may be supported by complex, rigor-
ous, and probabilistically sophisticated models, it is
of little value if its outputs are obscured in jargon or
overly complicated in their representation. A theme
throughout the agencies was to keep it simple.
Enterprise risk matrices are discussed at executive
or board meetings as a standard agenda item.
Risk communication improves alignment within
the organization to achieve its strategic goals
and objectives.
Figure 13 shows an output of the Performance Audit
Group at Transport Scotland. The Performance Audit
Group uses a rigorous risk-based analysis for its
performance reviews, but its output uses a simple
color-coding scheme. The use of the red, amber, and
green to show the status of risks was common
throughout the agencies visited.
This report shows numerous other examples of best
practices in risk communication. The following is a
summary of the examples:
Figure 10. Heat map example for a generic
project.
Figure 12. Risk management assessment guide
from the Highways Agency.
Figure 15. Risk management assessment guide
from VicRoads.
Figure 26. Geotechnical asset risk profile from
the Highways Agency.
Figure 27. Heat map example for a program of
investments.
Figure 29. Key risk sources bookmark from
Transport and Main Roads.
Figure 31. Project risk assessment bookmark
from Transport and Main Roads.
Risk Management Plan
A formal risk management plan is a detailed plan of
action for managing risk. Risk planning involves the
thoughtful development, implementation, and
monitoring of appropriate risk response strategies.
It is the process to develop and document an orga-
nized, comprehensive, and interactive risk manage-
ment strategy; determine the methods to use to
execute a risk management strategy; and plan for
adequate resources.
The formal risk management plan is a document
that summarizes the project and outlines the steps
Figure 13. Risk management output (Performance Audit
Group, Transport Scotland).
Transportation Risk Management: International Practices for Program Development and Project Delivery 23
of the risk management process and how the
agency is approaching them. The risk management
plan will vary based on the complexity of the
project, but most projects should include an
outline similar to the following:
1. Introduction
2. Summary
3. Definitions
4. Organization and roles
5. Risk management strategy and approach
6. Risk identification
7. Risk assessment and analysis
8. Risk evaluation
9. Risk treatment
10. Risk monitoring and control
A risk management plan is a formal document that
explains how an agency manages risk. It provides
guidance and requirements and serves as a commu-
nication tool on the risk management approach. The
plan formalizes the ideas presented during the risk
management process and may clarify some of the
team’s assumptions on the process. The Project
Management Institute provides a good framework
for a risk management plan in its Project Manage-
ment Body of Knowledge.
15
Risk management plans vary with the objectives of
the risk management application. Figure 14 provides
an example of a program risk management plan from
the Program Risk Management Practice Guide of
Transport and Main Roads in Queensland, Australia.
16
Conclusion
Strategies and tools for risk management are sur-
prisingly similar around the globe. Using the ISO
31000 definitions and risk management process as
a context, this chapter presented risk management
strategies and tools such as risk workshops, risk
registers, risk quantification, heat maps, and risk
management plans. These strategies and tools
provide the foundation for the discussion of risk
management applications at the agency, program,
and project levels in the chapters that follow.
15
Project Management Institute (2004). A Guide to Project
Management Body of Knowledge (PMBOK Guide). Project
Management Institute, Newton Square, PA.
16
Transport and Main Roads (2011). Transport and Main
Roads Guide to Risk Management: Section 4 Program Risk
Management Practice Guide. Transport and Main Roads,
Queensland, Australia.
Program Risk Management Process
Plan for program risk management
(including establishing the context)
Inputs—plan for program risk
Tools and techniques—plan for program
risk management
Outputs—plan for program risk
Risk identification—program risk management
Inputs—risk identification—program risk
Tools and techniques—risk identification—
program risk
Outputs—risk identification—program risk
Risk analysis and evaluation—program risk
Inputs—analyze and evaluate program risk
Tools and techniques—analyze and evaluate
program risk
Treatment of program risk
Inputs—treatment of program risk
Tools and techniques—treatment of
program risk
Outputs—program risk treatment
Monitor and review program risks
Inputs—monitor and review program risks
Tools and techniques—monitor and review
program risks
Outputs—monitor and review program risks
Closing program risk management
Inputs—closing program risk management
Tools and techniques—closing program risk
management
Outputs—closing program risk management
Figure 14. Program risk management plan example (Transport and Main Roads, Queensland, Australia).
24
Transportation Risk Management: International Practices for Program Development and Project Delivery 25
CHAPTER 3:
Agency Risk Management
Introduction
Agency risk management involves strategically
considering risks as a system and applying tech-
niques to manage the uncertainties surrounding the
achievement of an organization’s objectives. By
definition, enterprise risk management cannot be
viewed as a task to complete, but as a continuous
and iterative process within the organization. Several
factors have increased the need for enterprise risk
management over the past decades. The number,
diversity, and complexity of risks have grown
because of the acceleration of technological
advances and globalization, which has contributed
to the need for organizations to manage all risks
consistently. Transportation agencies face unique
pressures from external risks, such as those associ-
ated with public opinion, insucient financial and
sta resources, and closures of transportation
facilities because of infrastructure failure, crashes,
incidents, or weather-related events. Enterprise risk
management is a process that will help manage
these uncertainties.
In 2010, NCHRP conducted a survey of State DOTs
on enterprise risk management.
17,18
Respondents
from 35 of the 43 State DOTs that completed the
survey (81 percent) claimed that their DOT has
formal, published risk management policies and
procedures. However, none believed that their
agency was always successful in applying appropri-
ate risk management strategies at the various
levels of the enterprise. Twenty-six respondents
(62 percent) believed that they frequently applied
the appropriate strategies, nine (21 percent) believed
that they seldom applied the appropriate strategies,
and seven (17 percent) believed that they never
17
Note that the term “agency risk management” is used
synonymously with “enterprise risk management” in this
document.
18
National Cooperative Highway Research Program (2011).
Executive Strategies for Risk Management by State Depart-
ments of Transportation. NCHRP Project 20-24(74), National
Cooperative Highway Research Program, Transportation
Research Board of the National Academies, Washington, DC.
applied the appropriate strategies. When asked
how agencies developed their enterprise risk
management framework, five (14 percent) indicated
that they adopted an enterprise risk management
framework from outside the agency, 11 (31 percent)
developed their framework in-house, one (3 per-
cent) adopted a framework from another State
DOT, and one (3 percent) adopted a framework
from another industry.
The need for agency-level risk management is
apparent and guidance is needed. The results of this
scan provide examples of international agency risk
management that U.S. agencies can use to develop
their own frameworks. After a discussion of assign-
ing risk management roles, responsibilities, and
accountability, this chapter describes how risk
management relates to an agency’s strategic objec-
tives, how transportation agencies organize for risk
management, what policies are common to agen-
cies, how organizations define their risk tolerance,
how agencies measure risk management maturity,
and risk communication strategies.
Assigning Risk Management Roles,
Responsibilities, and Authority
Ultimately, executive leadership is accountable for
all risks that occur in an agency. Changes in leader-
ship are often a result of stakeholder outcry after a
catastrophic risk is realized. All agency employees
are responsible for identifying risks at their man-
agement level—even if they are not directly respon-
sible for managing the risk. Assigning roles,
responsibilities, and authorities for risk manage-
ment is a hierarchical task. Risks should always be
managed at the lowest level possible. Level of
authority for managing risk (e.g., spending on
mitigation strategies, ability to transfer risk) should
be clearly defined in projects and programs. Risk
that cannot be managed at a lower level must be
escalated to the next higher level of management.
Executive risk management is a combination of
managing the risks identified by the executive team
and the risks that have been escalated through the
risk management structure. Risk management roles,
26 Chapter 3: Agency Risk Management
responsibilities, and authority are threads that run
throughout this chapter.
Relationship of Risk Management to
Strategic Objectives
International organizations use risk management
to align the strategic objectives within their
organizations. The scan team found that organiza-
tions use consistent risk assessment rating scales at
the agency, program, and project levels. They also
align their risk registers to include agency business
objectives at the program and project levels.
Although program and project managers can assess
risks against their own program or project objec-
tives, they must also include an assessment against
the corporate risks.
Transportation agencies manage some of the
largest and highest valued public assets and
budgets in Federal, State, and local governments.
These agencies are spending the public’s money. It
is their corporate responsibility to set clear strate-
gic goals and objectives to manage these assets in
a manner that improves the economic growth and
livability of their regions and gives the public the
best value for their dollar. Risks can aect an
agency’s ability to meet its goals and objectives.
As network and delivery managers, it is incumbent
on agencies to identify risks, assess the possible
impacts, develop plans to manage the risks, and
monitor the eectiveness of their actions. The
following summarizes common strategic objectives
and related risks found on the scan:
Common Agency Strategic Objectives
Operating the system—Support reliable and
ecient movement of people and goods.
Maintaining and improving the system—
Provide a transportation system that promotes
economic growth and enhances livability.
Being responsible—Deliver sustainable projects
and network solutions.
Common Agency Risks
Agency reputation—A negative public opinion
could result in the loss of trust, revenues, and
the ultimate eciency of the transportation
network.
Data availability and integrityInsucient or
inaccurate data or the loss of agency data
creates a risk of the loss of eciency or the
ability to manage the network.
Insucient or unknown long-term funding—
An inability to fund the current and projected
system creates a risk of future safety or asset
failures.
These objectives and risks provide agency-level
examples. Similar objectives and risks were found
at the program and project levels. Mature agencies
align their objectives and risks at all three levels
and maintain a culture of risk management in
their decisionmaking.
The most common tool agencies use to align risks
to agency objectives is the risk register. Figure 15
provides an example of how VicRoads assesses
strategic risks to include in its corporate risk
register. The VicRoads Corporate Assessment
Guide provides for consistent measurement of
strategic risks at the agency level. Other agencies
used similar assessment guides, typically in
conjunction with their boards of directors or
executive management.
Development of an Explicit Risk
Management Structure
Although agencies have dierent risk management
organizational structures, mature risk management
organizations define their structures explicitly. In
Victoria, Australia; London, England; and Glasgow,
Scotland, risk management organizational structures
were tied to corporate audit functions. In Brisbane
and Sydney, Australia, there was an explicit risk
manager position (director, risk management) tied
to the highest levels of corporate governance.
Australian agencies participated in the development
of the ISO 31000 Risk Management standard and
apply it to their agency, program, and project risk
structures. England applied the ISO process to the
major programs. These agencies also follow the
processes defined by their government audit
functions where applicable.
Transport and Main Roads in Queensland, Australia,
provided the structure depicted in figure 16 (see
page 28). It clearly defines a corporate risk man-
agement organizational policy and the role of a
corporate risk manager who reports directly to the
Transportation Risk Management: International Practices for Program Development and Project Delivery 27
Macintosh HD:Users:sallyhoffmaster:Sally:ATI: RISK MANAGEMENT FULL REPORT:MPD Risk Mgmt Assessment Guide.xlsMPD Risk Mgmt Assessment Guide.xlsRisk Mgmt Assess Guide Feb 09, 9/13/12, 9:59 AM
MAJOR PROJECTS DIVISION PROJECT RISK MANAGEMENT ASSESSMENT GUIDE - FEBRUARY 2009
ATTACHMENT C
Note: - This guide illustrates the range of potential consequences and likelihood that may be associated with key project risk areas.
- Judgement is required to assess the consequences and likelihood of a risk event (both before and after effective risk treatment action).
Rare Unlikely PossibleLikelyAlmost Certain
Reputation
( Political & Community)
Environment
(Area Wide,
Permanent/Temporary,
Community Impact)
Security of
Assets
Management Effort Legal and Compliance
(Working within the law)
Health & Safety of Projects
activities
(Community or Staff)
OHS Regulations 2007
identified 'High Risk'
construction work
Business Performance,
Scope, Time & Capability
(Works Program, Scope,
Delay, Delay Notification &
Resources)
Financial
($ impact)
Stakeholder Management
(Communication &
Responsiveness)
Quality
(Immediate/Long Term
Performance, Reduced Life,
Appearance, Fit For Purpose)
Traffic Management
(Levels of Congestion)
Single events
Negligible likelihood
Likelihood low but
not negligible
Likelihood less
than 50/50
As likely as not to
happen (50/50)
More than likely to
happen
Catastrophic
(Worst case
scenarios)
* Significant adverse
community impact and
condemnation
* Consistent extreme negative
media attention (months)
* Irreconcilable community loss
of confidence in the Major
Projects Division's intentions
and capabilities and possibly in
the government
* Public Government
intervention
* Permanent damage over a
wide area affecting most of
Major Projects Division's
projects
* Permanent impact threatens
survival of flora or fauna
affecting most of Major Projects
Division's projects
* Threat to community health
* Significant or critical
community infrastructure assets
are destroyed
* Significant or critical
community infrastructure assets
are unusable for months
* Impact cannot be managed
within the organisation's
existing resources and
threatens survival of the
organisation
* Ministerial intervention
* Significant prosecution and
fines
* Major litigation involving class
actions
* Major non-compliance with
Legislation
* Fatalities or permanent
disabilities
* Section of the community or
workforce harmed
* Total failure to properly deliver
the Major Projects Divisional
works program and objectives
* All major projects expected to
miss completion date by > six
months
* Failure to provide notification
of timing issues causing
unacceptable impact on major
stakeholders/government
* Failure to achieve government
commitment
* Significant loss of capability
and expertise within Major
Projects Division for 6 months
* Significant adverse impact
(Greater than $100m financial
budget) on Major Projects
Division budget
* Divisional or Project
Stakeholder impacts requiring
Government intervention
* Stakeholder action will prevent
achievement of Divisional
objectives
* Major Infrastructure Failure.
* Extended closure (weeks or months)
of major section required
* Defect/failure significantly affecting
design life
* Repeated failure of infrastructure or
performance requirements affecting
most of Major Project's Division's
projects
* During construction continued
total failure in traffic management
resulting in prolonged congestion
on the immediate and extended
road network. Becomes a major
daily media item calling for
Government action the Premier
makes a statement.
* At openings of Major Project
Division's projects continued total
failure in traffic management
resulting in prolonged congestion.
* On Project opening, total failure
in traffic management resulting in
widespread congestion on the
immediate and extended road
network.
Medium Medium High Extreme Extreme
Major
* Considerable and prolonged
community impact and
dissatisfaction publicly
expressed
* Community loss of confidence
in the Major Projects Division or
Project's capabilities (weeks)
* Consistent negative media
attention (weeks)
* Ministerial intervention
* Pervasive and severe
temporary damage extending
over a large area requiring
extensive and lengthy
remediation and years of
recovery
* damage to flora or fauna
requires significant period of
recovery (years)
* Non-critical community
infrastructure assets are
destroyed
* Significant or critical assets
are unusable for weeks
* Impact requires long term
significant management and
organisational resources to
respond
* Major breach of regulations
* Major litigation
* Injuries requiring hospitalisation
* Increase in Major Projects
Division workforce absentee rate
* Major elements and objectives
of the Major Projects Divisional
works program will not be
achieved
* 50% of major projects
expected to miss completion
date by > six months
* Failure to achieve
commitment to a major
stakeholder
* Significant loss of capability
and expertise within Major
Projects Division for 2 months
* Significant loss of Business
Area/Project team capability
and expertise for 6 months
* $5m - $100m or greater than
10% adverse financial impact
on Major Projects Division
budget
* Greater than 10% adverse
financial impact to Project's
budget
* Divisional Stakeholder
impacts requiring Chief
Executive or Director Major
Projects intervention
* Stakeholder action will
prevent achievement of major
elements of the Project
* Serious defect requires closure for a
days at or after Project opening
* Defect/failure severely affecting
design life
* During construction, increased
levels of congestion resulting in
travel time increase through the
worksite by more than 20 minutes.
* Widespread congestion on
immediate road network.
* On Project opening, increased
levels of congestion.
Low Medium Medium High Extreme
Moderate
* Sectional community impacts
and concerns publicly
expressed (days)
* Negative media attention
(days)
* Loss of confidence by the
community in the Project's
processes
* Ministerial concern
* Severe temporary damage
over limited area requiring
extensive remediation
* Impact on flora or fauna is
recoverable
* A range of assets, including
some significant assets, are
unusable for weeks
* Impact requires management
and resources from a key area
of the organisation to respond
* Serious incident requires
investigation and legal
representation to determine
legal liability
* non-compliance with
regulation
* Injuries requiring medical
treatment
* Increase in projects workforce
absentee rate
* Lack of Project staff resulting in a
stressful working environment
* Major elements and objectives
of the Project's works program
will not be achieved
* Failure to achieve project
delivery impacting on
dependent works
* Project expected to miss
completion date by 1 to 3
months
* Significant loss of Business
Area/Project team capability
and expertise
* $1M - $5M or 5% to 10%
adverse financial impact and
financial performance to
Project's budget
* Project Stakeholder impacts
requiring Project Manager
intervention
* Stakeholder action will
significantly delay major
elements of the Project
* Serious defect (without closure) at
or soon after Project opening
* Design life threatened, some defects
issues causing inconvenience and
high financial loss
* During construction , slight
increase in levels of congestion
resulting in a travel time increase
through the worksite between 10
minutes to 20 minutes.
* Slight increase of congestion on
immediate road network.
* On Project opening, slight
increase in levels of congestion.
Low Medium Medium MediumHigh
Minor
* Local community impacts and
concerns
* Occasional once off negative
media attention.
* Temporary damage affecting
local area
* No threat to fauna or flora
* A number of assets unusable
but can be replaced within
acceptable timeframes
* Impact requires additional
local management effort or
redirection of resources to
respond
* Complex legal issue to be
addressed
* Injuries requiring first aid
treatment
* Increase in Project staff
absentee rate
* Lack of Project staff resulting in
overtime
* Requires rescheduling of
elements to achieve the works
program
* Project expected to miss
completion date by 1 to 3
weeks
* Short term loss of resource
capacity
* < 5% adverse financial impact
to Project's budget
* Project Stakeholder impacts
requiring Delivery Manager
intervention
* Stakeholder action will disrupt
planned project activities
* Extensive minor defects at opening
* Design life not threatened, minor
inconvenience, medium financial loss.
* During construction, marginal
increase in levels of congestion
resulting in travel time increase
through the worksite between 5
minutes to 10 minutes.
* Marginal increase of congestion
on immediate road network.
* On Project opening, marginal
increase in levels of congestion.
Low LowLow MediumMedium
Insignificant
* Isolated local community or
individual's issue-based
concerns.
* Minor temporary damage that
normal practice can rectify
* Assets receive minimal
damage or are only temporarily
unavailable
* Impact can be managed
through routine activities
* Legal issues managed by
routine procedures
* Incident with or without minor
injury
* Minor changes in scheduling
of works program
* Minor changes in milestones
* Temporary loss of resource
capacity
* Negligible impact on Project's
budget
* Stakeholder issues managed
by routine procedures and
consultation
* Localised minor defects at opening
* No noticeable impact on quality
objectives, low financial loss
* During construction, minor
increase in levels of congestion
resulting in travel time increase
through the worksite of less than 5
minutes.
* Minor delays/disruptions
affecting immediate road network.
* On Project opening, no increase
in levels of congestion.
Low LowLow LowMedium
RISK LEVEL CONTEXT AND TREATMENT ACTION REQUIRED
Extreme
High
Medium
Low
Several times a year
Recurring
events
Less than once in 5
years
About once in 5
years
Project - Risk is managed by current practices and procedures - consequences are dealt with by routine operations at Team Leader level - monitor routine practices and procedures for effectiveness.
Project - Consequences threaten completion of a Business Area/Project section or activity - existing controls must be effective and possibly additional treatment action effectively implemented - action to be managed at Project Delivery Manager level.
MAJORPROJECTSDIVISION
CORPORATE
Likelihood Ratings and Risk Levels
Consequence Ratings
Division/Project - Consequences threaten the continuation of the Business Area/Project and possibly major impact to the reputation of VicRoads Major Projects Division requiring intervention from VicRoads executive management - requires prompt action by Director Major Projects to implement stringent new controls to
treat the risk.
Division/Project - Consequences threaten the effective completion of the Business Area/Project - existing controls must be effective and requires additional treatment action to be managed by Project Director level.
MAJOR PROJECTS DIVISION
PROJECT
Key Risk Areas, Success Factors and Illustration of Potential Impacts
About once in 3
years
About once a year
STEP 1
STEP 2
STEP 3
KRA
Figure 15. VicRoads Corporate Risk Management Assessment Guide.
28 Chapter 3: Agency Risk Management
board. Its risk management guidelines include the
following key contents:
Transport and Main Roads Guide to Risk
Management
Strategic Risk Management Practice Guide
Program Risk Management Practice Guide
Project Risk Management Practice Guide
Risk Management Tools and Techniques
Risk Management Specialist Areas
Transport and Main Roads also provided the scan
team with its corporate risk manager’s job descrip-
tion, shown in figure 17. The role of the assistant
director for risk management is to provide the risk
management system, leading and supporting the
risk management framework. The assistant director
is charged with integrating risk management across
the enterprise. The individual reports to the direc-
tor of governance and planning and takes direction
from the general manager of corporate governance.
The role helps integrate risk management across
the agency.
The Highways Agency in England provided the scan
team with its Risk Management Policy and Guidance
document.
19
This document outlines the agency’s
risk management organizational structure at the
enterprise level. As seen in figure 18 (see page 30),
the Highways Agency’s risk management structure
involves the chief executive, board, Audit Commit-
tee, Corporate Performance Reporting Team,
Directorate Performance Management Teams,
and sta at every level in the agency.
As previously stated, each organization the scan
team met with had a unique risk management
structure. Structures at the program and project
levels supported the overall agency risk manage-
ment structure. However, most structures were
explicit and provided a clear communication of
risk management roles and responsibilities. Perhaps
the most explicit structures were those that were
tied to executive management and audit functions
at the agency level. Figure 19 (see page 31) shows
a high-level graphic for the VicRoads executive
risk management structure. The chief executive
was ultimately accountable for all risks. The Corpo-
rate Management Group developed policies and
19
Highways Agency (2010). Highways Agency Risk
Management Policy and Guidance. Highways Agency,
London, England.
strategies based on information from the executive
directors, directors, and business area managers,
which was typically communicated through the
risk management reporting cycle. The director of
risk management worked with all of these stake-
holders. The program had a strong audit function
to ensure that the processes were followed and the
proper risk responses were put in place. VicRoads
conducts audits of its departments and projects
to confirm that risk management activities are
being planned and enacted. It also monitors
the progress of corporate risk management
actions to completion.
Risk Management Policy
In addition to clear organizational structures, the
majority of agencies the scan team met with had
concise risk management policy statements. These
statements clarify the role of risk management in
the organization and communicate overall risk
management objectives. The following statements
from Transport and Main Roads and VicRoads in
Australia provide examples of agency-level risk
management policies. These policy statements
are clearly tied to the ISO 31000 risk management
approach, which was developed with significant
input from Australian organizations.
Figure 16. Risk management framework
(Transport and Main Roads, Queensland, Australia).
Transportation Risk Management: International Practices for Program Development and Project Delivery 29
Figure 17. Role description of the assistant director for risk management at Transport and Main Roads, Queensland, Australia.
Role Description for Assistant Director (Risk Management)
Branch: Governance and Planning Division: Corporate Governance
Your opportunity
In the role of
Assistant Director (Risk Management)
you will provide a risk management system, for identifying and managing strategic and operational risk within TMR.
You will lead and support a risk management framework which includes a model for managing strategic and operational level risk and encompasses an integrated and
enterprise wide approach to the management of the department’s strategic risk to ensure TMR’s long term success.
This role reports to the Director, Governance and Planning and also undertakes direction from the General Manager, Corporate Governance as required.
Accountabilities include:
• Provide expert strategic risk management advice to the Director-General, senior management and other senior members of the department, in the development
and implementation of strategies and policies to manage risk-related matters and enable the effective and safe delivery of departmental core business.
• Monitor and coordinate all departmental-wide risk related matters for the Audit and Risk Committee.
• Develop and maintain effective networks and relationships with key stakeholders.
• Establish and maintain effective liaison with the divisions and their communities of practice in the Department of Transport and Main Roads, other departments
and in the private sector to maintain consistency across the department’s risk management strategy and policies.
• Direct the preparation of strategic risk proles used to support risk assessment and strategic planning activities on behalf of the department.
• Direct the analysis of the department’s performance in regards to risk management and report issues and trends to the General Manager (Corporate Governance).
• Lead state-wise scanning and analysis of risks to identify changes in stakeholder sentiment.
• Monitor the external environment to identify relevant risk management trends and develop strategies to actively communicate the department’s priorities to the
organisation and stakeholders.
• Facilitate risk training to ensure selected key divisional and decentralised staff have required skills, competence and condence to deal with operational risk
matters.
• Liaise with the secretariat for senior management and present to the Audit and Risk Committee in the ratication of risk management policy.
• Manage the operations of the Risk Advisory Unit, including establishing work programs and planning and setting priorities.
• Provide high level reports to the General Manager (Corporate Governance) on strategies relating to risk management.
Transport and Main Roads, Queensland,
Australia
The Department of Transport and Main Roads
(TMR) is committed to the responsible manage-
ment of risk associated with its operations
throughout the department. The department
requires all employees to have a diligent and
conscientious involvement with risk management
in relation to their duties that impact on both
internal and external operations. Management
within the department strongly supports the active
pursuit of proactive risk management practices
that reasonably reduce the chance and impact of
adverse eects, along with making the most of a
broad range of opportunities as they arise.
The department is dedicated to establishing
an appropriate risk management culture whilst
contributing to good corporate governance
through a consistent risk management approach.
It also provides for the identification of factors
that might impact on the department’s ability to
deliver its services, along with promoting oppor-
tunities through a systems thinking process of risk
identification, analysis, and responses.
The practice of risk management in the depart-
ment will be governed by the approach outlined
in the Risk Management Framework. The Risk
Management Framework provides the compo-
nents and guidance to embed risk management
30 Chapter 3: Agency Risk Management
Highways Agency Risk Management
Roles and Responsibilities
Chief Executive
Assumes overall responsibility for the agency’s system of
internal control.
Ensures clarity of accountability for risk management.
Board
Denes overall risk appetite and denes the risk
management culture.
Board directors are responsible for overall implementation of
the agency’s risk management policy and risk management
strategy in their directorates.
Audit Committee
Reviews performance, progress, and compliance with risk
management process.
Supports the chief executive with assurance on a sound system
of internal control.
Corporate Performance Reporting Team
Serves as risk management policy and process owner.
Maintains the board’s risk register.
Directorate Performance Management Teams
Ensure that risk management policy and processes are
complied with.
Validate risk assessments.
Agree on assignment of risk responses to risk owners.
Coordinate the reporting of corporate risks.
May collectively or individually own directorate-wide risks.
Identify lessons learned; disseminate risk management
guidance and training.
Develop plans to improve risk management.
Oversee the collation of risk registers in their directorates.
Program Project and Process Managers
Coordinate the identication of risks from within their sphere
of control.
Ensure a thorough understanding of risk responsibilities in
their teams.
Act on risk responses delegated to them by risk owners.
Staff at Every Level of the Agency
Understand how and why risk is managed in the agency.
Have a clear responsibility for reporting the risks that they perceive
or identify promptly to their line manager or the appropriate risk
manager so that the risk can be recorded, further assessed, and
escalated if pertinent.
Figure 18. Risk management roles and responsibilities
(Highways Agency, England).
competency into departmental processes and
will be monitored and reviewed by the depart-
ment’s Audit and Risk Committee.
VicRoads, Victoria, Australia
1. Overview
Risk is inherent in all day-to-day operations. Risk
management is therefore not an “add-on.” We
need to manage risk to enable us to get on with
the job confidently and responsibly, knowing that
relevant risks have been identified and dealt with
appropriately. All sta need to identify, evaluate,
and manage risks during their normal business
activities. VicRoads has statutory obligations,
under the Financial Management Act 1994 and the
Victorian Managed Insurance Authority Act 1996,
to ensure that its risk profile is critically reviewed
at least annually and that its risk management
framework is implemented across the organization
at all levels and operates eectively to control risks
to a satisfactory level.
2. Policies
In accordance with the Department of Treasury
and Finance documented Victorian Government
Risk Management Framework VicRoads Chief
Executive will attest in VicRoads Annual Report to
the implementation of an eective risk manage-
ment system, consistent with the Risk Manage-
ment Standard AS/NZS 31000:2009, and the
achievement of satisfactory risk management
outcomes.
The application of a systematic approach to the
management of risk and the contingencies of
business continuity and disaster recovery planning
will continue to assist VicRoads achieve its organi-
zational objectives and ensure compliance with its
statutory obligations.
VicRoads will continue to improve its existing risk
management framework and will reinforce a
culture of risk management and ensure that risk
management principles are adopted in our busi-
ness procedures. To achieve this we will:
Ensure sta are familiar with the risk
management concepts and procedures
used by VicRoads;
Incorporate systematic approaches to risk
management in our management systems; and
Regularly monitor risk management
performance.
Transportation Risk Management: International Practices for Program Development and Project Delivery 31
The Risk Management Policy and Guidance
document of England’s Highways Agency also
provides good examples of agency-level policies.
The following statements are from this policy and
guidance document and address the Highway
Agency’s philosophical approach to risk taking
and risk tolerance.
Highways Agency, England
1. Risk appetite (or Target Risk), at the organiza-
tional level, is the amount of risk exposure,
or potential adverse impact from an event,
that the Agency is willing to accept/retain.
Once the risk appetite threshold has been
breached, risk mitigation plans and business
controls are implemented to bring the expo-
sure level back within the accepted range.
2. The Board welcomes and encourages
well-managed risk taking where the potential
rewards in terms of improved customer
service, savings of time or cost, or improve-
ments in quality make taking the risk worth-
while. No one need fear the consequences
for failure if the risks that caused the failure
were anticipated, appropriately managed
and, where required, escalated to senior
management.
3. The Highways Agency Board has no toleration
for risks that threaten:
Integrity, propriety, and regularity in the use
and stewardship of public funds and assets, or
Our ability to demonstrate that safety risks
have been reduced as low as reasonably
practicable.
Clearly written policies on risk tolerance allow for
consistent risk assessment. The level of risk tolerance
should be set at the executive level and supported
by the chief risk ocer (or similar position) so that
it remains consistent throughout the organization.
Risk assessment at the agency level requires that
the agency define its risk tolerance in relation to the
probability and impact of risks. Figure 20 (see next
page) is an example of how VicRoads in Australia has
translated its policies on risk tolerance to measures
for each individual risk (also see figure 15).
Alignment of Risk Management
Throughout the Organization
Gaining alignment of risk management activities
throughout an agency is a key to achieving agency
risk management success. Perhaps the best example
of risk management alignment throughout an
agency was seen at VicRoads in Victoria, Australia.
Figure 19. Risk management organizational structure (VicRoads, Victoria, Australia).

Provides policy and strategy
advice, support and coordination:
• Corporate Risk Management
• Business Continuity
• Insurance
• Internal Audit

Audit

Policy and
Strategy Business
Performance
Audit

Provides scrutiny and advice
on risk management and
audit matters



Ensure systematic approach to Risk Management

Risk Management planning and actions
32 Chapter 3: Agency Risk Management
To support its government insurance procedures,
which are managed by the Victorian Managed
Insurance Authority (VMIA), Victoria maintains
a risk register at the state level. Figure 21 provides
a graphic of the State Risk Register. It shows how
risks are escalated from various agencies into an
integrated risk register.
Figure 21 shows how VicRoads aligns risk up to the
State Risk Register. Figure 22, which depicts the risk
management approach for the M80 freeway expan-
sion project in Melbourne, shows how VicRoads
aligns risk throughout the agency. The project
delivery team organized project-specific risks in
categories that aligned with agency risks (financial,
health and safety, environment, security of assets,
management eort, reputation, and legal and
compliance) and added project-specific risk
categories (trac management, stakeholder
management, and quality) to complete the risk
register. The team developed risk management
actions and tracked these with a risk register. The
result was a project risk management plan that
aligned with the corporate risk management plan.
Policies on risk escalation help align risks throughout
the agency. Figure 23 shows the process the High-
ways Agency in England uses to escalate risks,
thereby aligning risk activities throughout the
agency. The Highways Agency provided the
following guidelines on risk escalation:
1. Escalation is required where there is a high
residual risk that you cannot manage within
your area of responsibility, perhaps because
the risk has a wider impact than the immediate
work area or requires treatment beyond your
level of authority.
2. Risks should be escalated via the Team/Group/
Divisional/Directorate Risk Register, advising
that the risk cannot be controlled locally or
where the residual risk remains red.

Consequences would threaten VicRoads viability and have serious implications for Government
by VicRoads executive management to implement stringent new controls to mitigate risk.

Consequences would threaten the effective operation of VicRoads, a key VicRoads area, function or service—
existing controls must be effective and to be managed by executive management.

Consequences would threaten a VicRoads activity—existing controls must be effective and  additional
mitigation action implemented—action may be be managed below executive management.
Low
Risk is managed by current practices and procedures—consequences are dealt with by routine operations—
monitor routine practices and procedures for effectiveness—maintain regime of continuous improvement.
Figure 20. VicRoads corporate risk management assessment scale.
Figure 21. Victorian Managed Insurance Authority State Risk Register approach.
Emergency
risks
Creeping
risks
Recurrent
risks
Event
risks
Risks of
state significance
Key systemic risks
for the VPS
Key inter-agency risks
Agency specific risks
Transportation Risk Management: International Practices for Program Development and Project Delivery 33
Use of Risk Analysis to Examine
Policies, Processes, and Standards
Highway agency policies, processes, and standards
can become conservative. The realization of many
low probability risks over a long time period can
cause planners, engineers, and project managers
to create documents that are too conservative.
The use of risk analysis techniques can help agen-
cies reexamine policies, processes, and standards.
A transparent understanding of risk likelihood and
consequence can reveal where policies, processes,
and standards have become outdated. An examina-
tion of risk treatment options can provide for
alternative methods to mitigate and manage risks.
The Transport Roads and Trac Authority in New
South Wales, Australia, provided numerous examples
in which it reviewed standards and guidelines to see
if they had become too conservative. The authority
formally reviews technical, safety, and environmental
standards to separate minimum standards that
support reasonable interventions and rights from
guidelines of good practice if resources are available.
It tries to separate minimum services for access rights
and safety from those that reflect customer service
needs or supplier desires. These are subjective
decisions that can be influenced by low-probability,
but high-impact, risk events. The use of risk assess-
ment methods has resulted in a more objective
analysis of the expected value of impacts and the risk
to agency objectives. Agency ocials believe that
their standards and guidelines are more appropriate
and cost-eective because of this risk analysis.
Figure 22. M80 risk management approach (VicRoads, Victoria, Australia).
Figure 23. Highways Agency, England, risk escalation process.






• Credible risks to VicRoads as a whole—strategic directions
• Program development and delivery and business operations
• Key risks to business-area objectives
• Proposed risk treatment actions
• Supports any new business initiatives
• Feed up to divisional and corporate risk management plans
• Project delivery
• Scope, cost, and time control
• Project risks and action plans









34 Chapter 3: Agency Risk Management
Achievement of a Risk Management
Culture
The scan team found that mature organizations
have achieved a clear culture of risk management.
A risk management culture is defined by shared
norms, values, and actions relating to risk manage-
ment from the leadership to all levels of agency
sta. Sta members talk about risk with a common
vocabulary and understanding. When a culture of
risk management has been achieved, risk is consid-
ered throughout decisionmaking and asset man-
agement activities as just part of the process, not
an additional level of management.
Both VicRoads in Victoria, Australia, and Transport
and Main Roads in Queensland, Australia, use a risk
management maturity model. The risk framework
maturity model used in Victoria was developed by
VMIA to help all government agencies improve their
risk management framework through assessment of
their current practices and comparison with a
best-practice model for risk management, as shown
in figure 24. In particular, the risk framework quality
review assesses the following areas:
Policy and plan
Governance and accountability
Risk management processes
Risk management culture
Resources and capability
Validation and assurance
Interorganizational risk management
VMIA conducts risk framework quality reviews of
government agencies, using this tool to assess their
maturity and identify areas where they may invest
and improve their risk management processes.
Agencies decide whether suggested enhancements
would add value and improve their risk manage-
ment outcomes.
VicRoads has been assessed favorably against the
criteria of the VMIA maturity model and uses the
model for internal benchmarking and continuous
improvement. In addition, VicRoads conducts
an annual program of internal audits of selected
departments to review their application of the
VicRoads corporate risk framework to ensure
compliance with corporate requirements.
Conclusion
The scan team found numerous examples of mature
risk management organizations. These organizations
align risk management with their strategic goals.
They have clear risk management organizational
structures and crisp risk management policies. They
clearly define their corporate risk tolerance. They
also measure their risk management performance
and even their maturity. Application of these
agency-level risk management strategies in
the United States has the potential to improve
transportation agency performance.
Figure 24. Risk framework maturity model (VicRoads, Victoria, Australia).
Transportation Risk Management: International Practices for Program Development and Project Delivery 35
CHAPTER 4:
Program Risk Management
Introduction
Program risk management involves risks that are
common to programs or entire business units
and clusters of projects. For example, operations
programs manage a broad array of risks, including
emergency and special event response. Safety
programs address strategies in response to safety
risks for design, construction, and operations. Asset
management programs can benefit greatly from
risk-based decisionmaking when maintaining assets.
State transportation improvement programs (STIP)
are an obvious application for program risk manage-
ment because common risks can occur across
projects in a STIP. Managing risks at the program
level provides a unique opportunity to address risks
across multiple projects or functional units. Program
risk management provides opportunities to leverage
risk mitigation strategies and optimize investments.
Program and Portfolio Risk
Many U.S. highway program managers rely on
project management techniques to manage their
program risks. These strategies may be eective
for small programs, but they are not sucient for
large-scale programs, especially considering the
broad array of highway agency program areas.
Highway agencies typically have hundreds of proj-
ects in their program. If they view these projects as a
portfolio, they will see opportunities for optimal risk
management strategies. If an agency has many small
resurfacing projects, it may choose to include an
asphalt price escalation clause in all contracts and
manage the risk of cost escalation itself rather than
ask each small contractor to take the risk for increas-
ing prices. The use of risk management at a program
level will allow for better project and enterprise risk
management.
The Project Management Institute recently
published The Standard for Program Management.
20
20
Project Management Institute (2006). Standard for
Program Management. Project Management Institute,
Newton Square, PA.
The recommendations in this document focus on
managing smaller programs consisting of similar
projects. The institute identified six activities
for managing program risk to consider higher
order issues:
1. Identify and analyze interproject risks.
2. Verify project risk response plans that could
aect other projects.
3. Determine root causes.
4. Propose specific solutions to risk escalated by
project managers.
5. Implement response mechanisms that benefit
more than one project.
6. Manage program contingency reserves
(in terms of cost and time).
These six activities were observed in the interna-
tional organizations the team met with on the
scan. Program risk management involves the same
iterative risk management process used at the
enterprise and project levels. The standard risk
management process of risk identification,
assessment, management, and monitoring is
used to make many risk-based decisions,
including the following:
Asset management
Bridge inspection
Cost and schedule control
Performance measures
Asset management
Reliability-centered maintenance
Tunnel safety and general safety planning
36 Chapter 4: Program Risk Management
Excellent examples of program risk management
were found in asset management, operations man-
agement, management functional units (e.g., design
functions, operations), and management of major
projects (which are essentially groups of smaller
projects bundled together).
Use of Risk Analysis for Asset
Management
International transportation agencies use risk analy-
ses to make programmatic investment decisions.
Examples were found in all agencies, but the most
explicit examples were observed in the Highways
Agency in England. The Highways Agency’s overall
approach is shown in figure 25. To make an invest-
ment decision, the agency must first conduct a risk
assessment. Risk assessment processes are devel-
oped for each distinct asset area (pavement,
bridges, etc.). The assessments are done by the
relevant asset specialists. The process depends on
quality data, inventory, and condition to assess risk
and identify the appropriate response. Risks are
identified in each asset silo and qualitatively evalu-
ated against each other to identify the most impor-
tant risk between asset areas. Highways Agency
assets related to risk are primarily managed by
specialists in pavements, structures, drainage,
geotechnical, and technology.
The Highways Agency provided a compelling
example on geotechnical assets. In 2010, the
agency developed A Risk-Based Framework for
Geotechnical Asset Management.
21
The objective of
the framework is to allow the allocation of limited
resources using a rational basis for prioritization.
Figure 26 shows the geotechnical asset risk profile
of a corridor. The color coding relates to the risk
level of the asset. These risk levels are defined in
guidance documents and standards. The report’s
executive summary provides an excellent overview
of the approach:
The general context for making risk-based
renewal and intervention decisions about
the Agency’s geotechnical assets relates to
the ongoing costs incurred repairing slope
instabilities of approximately £20 million per
annum. The presence of major defects is used
21
Highways Agency (2010). A Risk-Based Framework for
Geotechnical Asset Management. Arup and Partners for
Highways Agency, London, England.
as the basis for decisionmaking, based on the
premise that these defects are indicative of
the onset of loss of performance of the slope.
It is proposed that decisions be made in the
context of the performance requirements of the
geotechnical assets, which are influenced by a
number of dierent consequence components.
The first input to the framework is a definition
of general hazards and failure mechanisms for
dierent types of geotechnical assets, which
will inform the asset management strategy.
Figure 25. Asset management risk assessment
(Highways Agency, England).

Determination of affordable
work bank and level of risk

Frequency analysis
Consequence analysis

Risk acceptability
Mitigation options


Develop affordable plan to
reduce risk to acceptable levels

Renewals work bank
Scheme selection & design


Transportation Risk Management: International Practices for Program Development and Project Delivery 37
The main step of the framework is the
estimation of risk, based on an improved
model of the future performance of
geotechnical assets, from Task 651(666),
to inform likelihood, and a more detailed
breakdown of the dierent consequence
components that link in to the perfor-
mance requirements of the geotechnical
assets, other assets, and the network as a
system. A simple risk matrix is proposed,
based on qualitative assessments of
likelihood and consequence.
Consequence may be an aggregated
consequence rating based on all compo-
nents, or individual elements of conse-
quence can be considered if required.
Within the decisionmaking framework
there is scope to undertake more complex
quantitative risk assessments as the
decision requires.
Risk evaluation separates assets into
three main groups, essential, those that
MUST be repaired, high and moderate
priority, and low priority where no action
is required. For those geotechnical assets
in the middle category, which should or
could be repaired, the decision should
be optimized on the basis of a full
understanding and communication of
the risk. The output of the risk evalua-
tion stage is an unconstrained work
bank (in terms of budget) defined in
terms of an indicated risk rating and
a definition of the acceptability of
that risk.
The decisionmaking stage describes
an Optimized Decision Making (ODM)
process, based around decision rules
and defined intervention and mitigation
options. Where sucient data are
available and the decision to be made
warrants it, a Quantitative Risk Assess-
ment (QRA) tool can be implemented
within the optimization process.
The output from the framework is a
clear route to prioritizing decisions
about renewals and interventions, with
Figure 27. Program risk analysis for Dutch waterways
(Rijkswaterstaat, the Netherlands).
Figure 26. Geotechnical asset risk profile (Highways Agency,
England).
38 Chapter 4: Program Risk Management
a clear communication of the risks as the reason
for making the decisions, as well as the residual
risks where a decision not to intervene is made.
The European highway community sees risk man-
agement as a foundation for asset management.
PAS-55 Asset Management is a key standard in
Europe. PAS-55 explicitly addresses risk manage-
ment in its approach to asset management and
should be a reference for any asset management
program in the United States that wishes to include
risk management.
22
It should be noted that ISO
has now accepted PAS-55 as the basis for develop-
ment of the new ISO 55000 series of international
standards.
Use of Risk Analysis for Operations
Management
The Netherlands also provided excellent examples of
program risk analysis at the operations level. Figure
27 shows a heat map for a risk-based waterway
network management tool in the Netherlands. It
communicates the potential for the waterways to be
out of service. Risk analysts communicate the results
of analyses to decisionmakers. This analysis used
failure mode, eects, and criticality analyses to
identify failure mechanisms for the waterway net-
work. Operations management can also use Monte
Carlo simulations to calculate the expected value
of life-cycle cost. Examples were also provided for
risk-based bridge inspections and an analysis of
rail crossing investments to improve safety.
Risk Management at the Division,
Branch, or Functional Unit Levels
The scan team found multiple applications of risk
management at the division, branch, and functional
unit levels. In this section, functional unit is used to
describe all of these applications. The terminology
varied slightly from agency to agency, but the
application was similar. The use of risk registers at
the functional unit level was pervasive. Each unit
identifies risks unique to its function. Risk identifica-
tion at the functional level follows the same process
as risk identification at the agency and project
levels. However, functional units typically assess
their risks against both functional unit goals and
overall agency goals.
22
British Standards Institution (2008). PAS-55 Asset
Management. The Woodhouse Partnership Ltd, Kingsclere, UK.
The scan team observed examples of risk manage-
ment on a variety of programs. Some of the
interesting applications include the following:
The Highways Agency applies program risk
management to managing agent contracts
(MACs). MACs are term contracts (normally
5 years) for maintenance and capital upgrades
on sections of the Highways Agency networks.
The agency requires MAC operators to perform
risk management, paying particular attention
to agency-wide risks. It communicates the
agency’s risk tolerances to MAC operators
(see figure 9). The Highways Agency looks
collectively at individual MAC risk registers to
identify trends and closes the loop by provid-
ing MAC operators with risk information from
other operators to continuously improve
the process.
Risk management applied to a new license
plate program in Queensland, Australia. The
agency realized that the new system was one
of its most public programs and its failure
could have a negative impact on public confi-
dence. The license plate program unit con-
ducted periodic risk analyses and escalated
any significant risks to senior management
for quick action.
VicRoads is constructing the M80 corridor
through multiple contracts. It requires each
contractor to conduct a risk analysis and main-
tain risk registers. The agency examines these
risk registers for trends and seeks to mitigate
similar risks from the agency level.
Figure 28 provides an example of a functional unit
risk template from Transport and Main Roads in
Queensland, Australia. The branch conducts a risk
analysis of its own function, but the agency requires
the branch to map the risks against the agency’s
strategic objectives. This communicates the objec-
tives to the branch and allows the agency to collect
risks across multiple units so it can identify trends
or risks it should manage at the agency level.
Risk Management on Major Programs
Major programs consist of groups of small projects.
The scan team saw excellent examples of risk man-
agement on major programs in Australia, England,
and the Netherlands, and the application was refer-
Transportation Risk Management: International Practices for Program Development and Project Delivery 39
Figure 28. Branch risk analysis with relation to agency objectives (Transport and Main Roads, Queensland, Australia).
40 Chapter 4: Program Risk Management
enced in the other countries. Risk management on
major programs involves the use of cascading risk
registers that are mapped against the objectives of
the program (e.g., complete a corridor by a fixed
date; improve to a defined level of service).
Transport and Main Roads in Queensland, Australia,
provided the team with a unique communication
tool for major program risk management. Figure 29
is a bookmark that identifies the program’s nine top
risk sources. The program management team devel-
oped the list in a risk analysis workshop:
1. Current processes and systems are often
suboptimized, leading to waste, churn, and
reduced outcomes.
2. Stakeholder engagement is variable.
3. Management of project and business
knowledge is inconsistent.
4. There is a mismatch between needs and
workforce capability and capacity.
5. Adapting and changing processes and
rules is dicult.
6. Boundaries and silos limit decisionmaking.
7. Program is not as business disciplined as it
could be, especially in work considered to
be noncore.
8. Some leadership behaviors contribute to
(or even drive) risks.
9. Ineective communication can block
eectiveness.
Optimal management of risks on major projects
requires an awareness of risks across projects.
Program goals and objectives should cascade down
to the individual project risk analysis. Individual
project risks should inform the program risk register
and allow program managers to mitigate risks
across projects.
Conclusion
Program risk management involves risks common
to programs, entire business units, or clusters of
projects. The U.S. transportation community has
much to learn in this area from its international
partners. Applying risk analysis to asset manage-
ment will allow U.S. agencies to make more
informed decisions and have the greatest impact
with limited investments. Risk analysis across the
functional units in a transportation organization will
help agencies optimize their mitigation eorts and
escalate significant risks to the agency level when
they cannot be managed at the program level.
Using risk analysis at the major project level is not
too far o for U.S. transportation agencies because
the use of project risk management is growing,
as the next chapter discusses.
Figure 29. Major risk bookmark (Transport and Main Roads,
Queensland, Australia).
Key Sources of Risk
1. Sub-optimized Systems for
MIP needs
2. Variable Stakeholder
Engagement
3. Inconsistent Business/Project
Management
4. Mismatch of MIP needs vs
Workforce Capability
5. Difculty with Process/Rules
Changes
6. Decisions limited through
Boundaries/Silos
7. Professional Discipline
Inconsistencies
8. Leadership Behaviours
9. Ineffective Communications
9
MAJOR
INFRASTRUCTURE PROJECTS
ZONE
MANAGING UNCERTAINTIES
Transportation Risk Management: International Practices for Program Development and Project Delivery 41
CHAPTER 5:
Project Risk Management
Introduction
Project risk management is pervasive in the
countries visited on this scan. However, U.S. project
risk management practices appear to be on par
with international counterparts and perhaps ahead
of them on the use of Monte Carlo simulation of
costs and schedules. Project risk management,
therefore, was not the scan focus. However, project
risk management is important in the context of
overall agency and program risk management.
U.S. agencies do not appear to integrate project
risk management in their agencies at the level of
those in the countries the team visited—particularly
Australia and the United Kingdom. Figure 30, devel-
oped by the Highways Agency in England, provides
an excellent conceptual graphic of how risk manage-
ment should integrate at the project, program,
and agency levels. As described by the Highways
Agency, each level has its own risk register and
risk manager. Risks can be escalated to higher
levels. Conversely, risks can be cascaded down.
Risks can also be raised independently at any level,
and the process will ensure they are managed
appropriately.
Because project risk management is not the scan
focus, this chapter is concise. It provides a project
risk management overview and a discussion of cost
and schedule risk analysis. It ends with a discussion
of how project risk management is used to make
project delivery decisions. For more detail on project
risk management practices in the United States,
see Appendix C.
Risk Management in Project
Management
The Project Management Institute includes risk
management as part of project management.
This was found to be true in the countries visited on
the scan. Transport and Main Roads in Queensland,
Australia, provided multiple examples of risk man-
agement on projects. Figure 31 is a bookmark given
to project managers with risk assurance questions
they must be able to answer:
Figure 30. Cascading risk registers from project to program
to agency (Highways Agency, London, England).
Figure 31. Project risk bookmark (Transport and Main Roads,
Queensland, Australia).
42 Chapter 5: Project Risk Management
1. What we are trying to achieve?
2. What could go wrong? And how?
3. What opportunities exist and how they can
be realized?
4. What do we need to do to mitigate threats and
seize opportunities?
5. How were answers to the above questions
tested and validated?
6. Who needs to know or be involved?
7. How quickly do we need to respond?
8. What resources are required?
The questions are simple and straightforward,
but embedded in them is the risk management
process of providing the context of, identifying,
analyzing, evaluating, treating, and monitoring
the risks. Transport and Main Roads expects
project managers to manage risk on a daily basis.
It also provides resources to assist in the process
from the risk unit in the main project oce.
The Roads and Trac Authority in New South
Wales, Australia, provides its ProjectPack for
managing major projects. It is a guideline filled
with procedures, templates, forms, checklists,
verification records, and samples. The risk
management portion of the ProjectPack follows
the Australian and New Zealand Standard AS/
NZS ISO 31000 and contains the following:
Risk management procedure
Risk register (blank template)
Sample register (containing generic risks)
Instructions for the risk register
Samples of project risks
The Roads and Trac Authority stated that
project risk management is required government
and agency policy. Ocials believe that it results
in fewer surprises; better planning, performance,
and eectiveness; better estimates and cost
control; better stakeholder relationships; and
better safety and environmental outcomes.
Project Cost and Schedule Risk Analysis
A clear benefit of project risk management is better
cost and schedule analysis. Once risks are identified
and assessed, the need for contingencies can be
calculated. Contingency calculations can be
informed by simple expected value calculations
or more sophisticated Monte Carlo analyses of
cost and schedule models.
Figure 32 shows the output from a risk-based Monte
Carlo analysis for cost on a project in Queensland,
Australia. A risk-based Monte Carlo analysis uses
ranges of possible impacts for risks and simulates
estimates thousands of times over to generate a
range of possible outcomes. The graphic at the top
Figure 32. Range cost estimate from a risk-based Monte Carlo
analysis (Transport and Main Roads, Queensland, Australia).
Transportation Risk Management: International Practices for Program Development and Project Delivery 43
left of figure 32 shows probable project costs across
a range of values through a probability mass func-
tion. The graph at the center left shows the same
values on a cumulative probability function, making
quick identification of values at various levels of
confidence possible (e.g., P=50, P=80, or P=90). The
dierence between the P=50 and the P=80 is often
used to estimate a project contingency. The graph at
the bottom left of figure 32 is a sensitivity analysis,
or what is commonly referred to as a tornado
diagram. The risks at the top of the tornado diagram
correlate most highly with the range in estimate
values and deserve the most management attention
for risk mitigation eorts.
23
23
For a complete explanation of risk-based cost estimat-
ing, see NCHRP Report 8-60: Guidebook on Risk Analysis
Tools and Management Practices to Control Transportation
Project Costs.
Rigorous cost and schedule risk analyses provide
insights on how risks impact project outcomes.
These analyses allow for more sophisticated risk
registers that can be used to manage project
contingency. As risks are retired in the risk register,
contingency can be released based on an updated
cost model with the revised risk inputs. Figure 33
shows a more sophisticated project risk register.
Cumulative risk exposure is shown in the heat
maps and bar charts on the left. The top-ranked
risks are shown in the table on the right. The risks
have been removed in this example at the request
of the agency.
Selection of Appropriate Project Risk
Allocation Methods
Project risk identification and analysis provide
transparency in risk allocation. When risks are
Figure 33. Project risk dashboard (Transport and Main Roads, Queensland, Australia).
44 Chapter 5: Project Risk Management
managed within the project, allocation can be made
to an individual risk owner (e.g., a top-level project
executive). The risk can also be assigned to a risk
manager who takes action on the risk owners behalf
to manage the risk at a level in accordance with the
agency’s risk tolerance.
Project delivery methods and contracts are the
vehicle used to transfer risks from an agency to its
industry partners. Figure 34 shows how Transport
and Main Roads in Queensland, Australia, applies risk
assessment in selecting project delivery methods.
The agency has a variety of project delivery meth-
ods, as shown in figure 34. These delivery methods
include traditional design-bid-build, design-
construct (D&C, equivalent to U.S. design-build),
design-construct-maintain (DCM), early contractor
involvement (ECI, a form of design-build with a
target price as opposed to the lump sum price in
U.S. design-build), and two forms of alliancing (a
relational contracting method not yet used in U.S.
transportation construction).
Figure 34 shows traditional project delivery on the
left side of the horizontal access and relational
contracting on the right. Traditional delivery trans-
fers the majority of risk to the general contractor
after the agency completes an independent design.
Traditional delivery is used on routine projects on
which multiple lump-sum oers can be tendered on
a fixed scope. Relational delivery methods establish
a cooperative strategy for both design and construc-
tion in which the contractor is involved early in
delivery. As described in figure 34, relational delivery
embraces this cooperative strategy to manage risk.
It involves open-book contracting with pain-share
and gain-share clauses around a target price. It helps
deal with complex projects that have fast-track
design and construction, many unknowns, and
complex approval processes.
Fixed scope
Fully documented
Routine
Few Stakeholders–aligned
Multiple oerors
Politically routine
Project Approvals–straight forward
Fast-track
Many unknowns
Complex
Multiple stakeholders–not aligned
Few oerors
Politically very sensitive
Project Approval–complex and interdependent
Figure 34. Risk allocation and project delivery selection (Transport and Main Roads, Queensland, Australia).
Transportation Risk Management: International Practices for Program Development and Project Delivery 45
Conclusion
This chapter describes how project risk manage-
ment supports program and agency management.
Project risks cascade up and inform the agency
about project problems that can impact overall
agency goals. The use of standard risk templates
assists in this process. Project risk management can
also be used to make better project delivery deci-
sions and more equitable risk allocation. Project risk
management is a key element in a holistic agency
risk management approach.
46
Transportation Risk Management: International Practices for Program Development and Project Delivery 47
CHAPTER 6:
Recommendations and Implementation
Recommendations
The risk management scan team included Federal,
State, and private sector members with well over
100 years of combined experience in the operation,
design, and construction of U.S. transportation
systems. Through this focused research study, the
team has gained a fresh perspective on how the U.S.
transportation industry can use risk management
practices to better meet its strategic objectives,
improve performance, and manage its assets. The
following scan team recommendations oer a path
forward for the transportation community and
will help develop a culture of risk awareness and
management in the United States.
Develop Executive Support for Risk
Management
A mature risk management organization employs
risk management at the agency, program, and
project levels. A risk management culture must
include strong leadership. The lack of management
support is perhaps the most frequently cited
barrier by agencies embarking on risk management
implementation. Eorts of project and program
risk managers can be lost without strong executive-
level support of and participation in the risk
management process.
Define Risk Management Leadership and
Organization
Although everyone in a transportation agency
should have a role in risk management, agencies
should define clear risk management structures and
provide leadership with the authority to make risk
management decisions. No two agencies visited on
this scan had identical risk management organiza-
tional structures. However, the mature organizations
had clear structures and committed leadership.
Formalize Risk Management Approaches
Transportation agencies should strive to formalize
risk management approaches, using a holistic
approach to support decisionmaking and improve
successful achievement of strategic goals and
objectives. The most mature international organiza-
tions had clear policies that describe their risk
management approach and risk tolerance. These
agencies also had concisely published guidance on
their risk management process with templates for
risk identification, analysis, treatment, monitoring,
and updating.
Use Risk Management to Examine Policies,
Processes, and Standards
The use of risk analysis techniques can help agencies
reexamine policies, processes, and standards. A
transparent understanding of risk likelihood and
consequence can reveal policies, processes, and
standards that have become too conservative or
outdated. An examination of risk treatment options
can provide for alternative methods to mitigate and
manage risks.
✓Develop executive support for risk
management.
✓Define risk management leadership
and organization.
✓Formalize risk management
approaches.
✓Use risk management to examine
policies, processes, and standards.
✓Embed risk management in business
practices.
✓Identify risk owners and levels.
✓Allocate risks appropriately.
✓Use risk management to make the
business case for transportation.
✓Employ sophisticated risk tools, but
communicate results simply.
48 Chapter 6: Recommendations and Implementation
Embed Risk Management in Business Practices
The risk management process should enhance, not
supplant, existing business practices. Combining risk
management with asset management and perfor-
mance management will provide for successful
decisionmaking. An awareness of what can go
wrong and the likeliness of it happening causes
business managers to treat risks rather than ignore
them. The scan provided sound examples of how
business practices were made more ecient
through a lens of risk management.
Identify Risk Owners and Levels
Risk identification and treatment planning will
not make a dierence if treatment options are not
implemented. Agency personnel or agency partners
must become owners of risks. Most risk registers
viewed on this scan documented risk ownership
directly on the register. The owners are tasked with
implementing risk treatment and assisting with
monitoring and updating. If risk treatment is not
achievable with the assigned owner, risks should be
escalated to the level in the agency where they can
be managed. As the Highways Agency states in its
risk management policy document, “No one need
fear the consequences for failure if the risks that
caused the failure were anticipated, appropriately
managed and, where required, escalated to senior
management.
Allocate Risks Appropriately
The fundamental tenet of risk management is to
allocate risks to the party that can best manage
them. The international agencies on this scan had
a variety of tools to allocate risk, from insurance to
concessions, design-build project delivery, and lump-
sum contracting. Clarity of who is responsible for
managing which risks is essential. Open-book and
joint risk register arrangements can also ensure
transparency in judging financial risks.
Use Risk Management to Make the Business
Case for Transportation
Communication with stakeholders of risks to trans-
portation assets and performance can help make the
business case for transportation investment. Interna-
tional transportation organizations have found the
public to be good consumers of risk information.
Using risk analysis to convey possible disruption to
network performance can help make the business
case for investments that mitigate risk and improve
performance.
Employ Sophisticated Risk Tools but
Communicate Results Simply
Quantitative risk management is based on statistical
methods, and the models of cost and time impacts
can be quite complex. However, these analyses are
meaningless if decisionmakers and stakeholders
cannot understand the results. Agencies should use
sophisticated risk analysis tools to provide the most
accurate predictions, but they must communicate
results in a simple fashion to obtain the most value
from the process.
Implementation and Future Research
The scan findings confirm that an ecient and
eective enterprise risk management program is
a powerful tool for the international transportation
agencies visited. The demonstrated benefits of the
programs scanned are both quantitative, such as
better controls over costs and delivery schedules,
and qualitative, such as less likelihood of negative
public relations issues. Risk management provides
information that allows agencies to improve pro-
grams and projects by making them more ecient.
By identifying and mitigating risks, agencies can
avoid policies and standards that are not practical
for all cases. The findings further confirm that risk
management programs can be a powerful tool and
unifying systems approach for State agencies in the
United States. Although highway agencies dier in
their level of risk management maturity, it seems
reasonable that the implementation activities
associated with this scan be those that evolve and
advance enterprise risk management in State agen-
cies throughout the country. That is, agencies need
to do risk management at the agency, program,
and project level to be fully successful.
After reviewing a variety of options, the scan team
prioritized its activities to concentrate on informing
senior State transportation ocials about risk
management and how it can improve organizational
decisionmaking. Table 2 outlines the implementation
activities and priorities in the categories of commu-
nication and marketing, research, training, and
governance.
The following amplifies some of the implementation
activities in table 2:
Transportation Risk Management: International Practices for Program Development and Project Delivery 49
ACTIVITY PRIORITY
Communication and Marketing
Conduct Webinar—Conduct national Web conference on scan findings. Short Term
Conduct Outreach—Develop list of venues at which scan team members can present team findings, including
professional committees and trade groups.
Short Term
Brief SCOH—Brief AASHTO Standing Committee on Highways. Short Term
Brief TIG—Brief AASHTO Technology Implementation Group. Short Term
TRB Session—Seek a risk management session at the 2013 TRB Annual Meeting. Short Term
Private Sector Outreach—Share, communicate, and market the findings, recommendations, and best
practices assimilated from the scan. Priority private sector organizations include the American Consulting
Engineering Companies, Associated General Contractors, National Association of State Procurement
Ocials, National Institute of Governmental Purchasing, National Conference of State Legislatures,
American Legislative Exchange Council, and American Bar Association.
Midterm
Marketing Materials—Develop risk management communication and marketing materials to use at various
events.
Short Term
Disseminate—Inform appropriate AASHTO committees via e-mail, letter, and presentations about the scan
report and its recommendations for U.S. adoption and provide the marketing materials. Key committees
and subcommittees include Highways, Structures, Environment, Planning, Finance and Administration,
Construction, and various design subcommittees.
Midterm
CEO Workshop—Conduct chief executive-level workshop at the AASHTO Annual Meeting to brief executives
on risk management and how to apply it at the enterprise and program levels.
Midterm
Technical Workshop—Sponsor an International Enterprise Risk Management Technical Workshop
(in conjunction with TRB) in which representatives from the agencies the scan team met with share best
practices and technical advice on implementing risk management.
Midterm
Research
Guidebook—Propose an NCHRP project to develop a guidebook on enterprise risk management strategies,
methods, and tools.
Short Term
Tools—Propose research, if these activities are not addressed by the guidebook, for risk management
tool development and deployment. Key risk management tools include heat maps, risk identification,
risk categorization, risk assessment, and risk analysis.
Short Term
Maturity Model—Propose research on a risk management maturity model that will help agency executives
determine priorities for investing in their evolving risk management programs. This item is highly ranked,
but scheduling of projects caused the team to move it to a long-term activity.
Midterm
Case Studies—Propose research on risk management case studies to demonstrate the observed benefits of
enterprise risk management programs.
Short Term
Performance Measures—Propose research on the appropriate performance measures that integrate risk
management into the business practices and outcomes of transportation agencies.
Midterm
Table 2. Risk management scan implementation.
(continued)
50 Chapter 6: Recommendations and Implementation
Communication and Marketing
Distribute risk management communication and
marketing materials. Develop and distribute
executive summaries, marketing brochures, and
presentations that provide the business case for
risk management and a high-level overview of risk
management strategies, methods, and tools. This
is a short-term priority that will support other
implementation activities.
Disseminate the scan report to committees,
subcommittees, and transportation Interests.
Share, communicate, and market the findings,
recommendations, and best practices assimilated
from the scan. Priority should be given to AASHTO
and TRB committees. Communication venues
include a TRB risk management workshop or session
(January 2013) and the AASHTO fall meeting. The
scan report should be presented to chief executive
ocers and to breakout sessions. Dissemination
should not be limited to these AASHTO and TRB
committees. AASHTO and TRB subcommittees
and task forces should be informed as well. A risk
management scan Web conference should be
scheduled. These are short-term priorities.
Disseminate risk management scan information
to private sector interests. Share, communicate,
and market the findings, recommendations, and
best practices assimilated from the scan. Priority
private sector organizations include the American
Consulting Engineering Companies, Associated
General Contractors, National Association of State
Procurement Ocials, National Institute of Govern-
mental Purchasing, National Conference of State
Legislatures, American Legislative Exchange
Council, and American Bar Association. This
is a midterm priority.
Organize chief executive and risk management
practitioner workshop. Bring together chief execu-
tive ocers and risk managers responsible for
implementing or coordinating risk programs from
agencies to share risk management strategies,
methods, and tools to promote a culture of risk
management in the United States. The first confer-
ence could showcase the NCHRP risk management
report and the international scan findings. This is a
short-term priority.
Hold international enterprise risk management
technical workshop. Bring together risk managers
responsible for implementing or coordinating risk
programs from around the world to share risk
management strategies, methods, and tools to
promote a culture of risk management in the United
States. The first conference could showcase the
Roads and Trac Authority (Sydney, Australia)
model for enterprise risk management. This is a
short-term priority.
Research
Develop guidebook on enterprise risk management
strategies, methods, and tools. A comprehensive
guidebook on risk management strategies, methods,
and tools will have perhaps the greatest impact on
the propagation of consistent and eective enter-
prise risk management across the country. NCHRP
guidebooks are comprehensive and can speak to
multiple levels of agency personnel. A guidebook
ACTIVITY PRIORITY
Training
Update NHI Training—Update the National Highway Institute risk management course based on the
recommendations of the proposed NCHRP research and the scan findings.
Midterm
Provide Training—In addition to NHI training, provide the findings from the NCHRP research and scan via
FHWA workshops and train-the-trainer sessions.
Midterm
Governance
AASHTO Subcommittee—Elevate the AASHTO Task Force on Risk Management to a joint technical
committee at a minimum and empower it to promote the ongoing maturation of risk management.
Long Term
(Tab le 2 continued)
Transportation Risk Management: International Practices for Program Development and Project Delivery 51
on enterprise risk management should (1) provide
agency executives with an explanation of implemen-
tation strategies, (2) guide chief risk executives and
program managers on methods for developing
programs and measuring their eectiveness, and
(3) provide sta with tools to implement these
programs. This would be the most significant
research activity and could encompass some
of the following research topics.
Develop and deploy risk management tools.
The risk management international scan identified
a number of risk management tools in the literature
and in practice. One is the use of heat maps as a
decisionmaking tool. Common tool areas include risk
identification, categorization, assessment, analysis,
and communication. Highway agencies would
benefit from standard formats and training for these
and other common tools. If these tools cannot be
developed comprehensively through the previously
described guidebook, they could be developed
through individual research eorts. This is a short-
term priority.
Develop risk management maturity model. The
development of a risk management maturity model
will help agency executives determine priorities for
investing in their evolving risk management pro-
grams. A maturity model could also be tied to
performance measures and national standards to
help propagate consistency of programs across the
country. The research would likely need to consider
maturity models from other industries as a knowl-
edge source to support what exists in the highway
sector. This is a short-term priority.
Research risk management case studies. Case
studies may be the best research tool to demon-
strate the observed benefits of enterprise risk
management programs. Clear demonstration of
these benefits could entice more agencies to
formally adopt such programs. Detailed case stud-
ies of how enterprise risk management has helped
agencies deal with significant uncertainties such
as a decrease in available resources, changing
regulations or design standards, or failure of a
major artery would provide transportation execu-
tives with a demonstration of tangible benefits.
Investing in a research eort to develop risk
management case studies is a logical next step.
This is a short-term priority.
Identify risk management performance measures.
The mature risk management agencies consistently
advised that the practice of risk measurement is
best integrated into the business practice and
business outcomes of organizations. The identifica-
tion, development, and testing of performance
measures that help agencies understand their risk
management maturity level could be a task included
with the development of risk management maturity
models. Ideally, this research could identify perfor-
mance measures at the enterprise level that support
the evolution and integration of risk management
practices in agencies across the country. This is a
midterm priority.
Training
Provide training via the National Highway Institute
and other avenues. Provide training via FHWA
workshops and other methods. Request that FHWA
update the National Highway Institute risk manage-
ment course based on recommendations contained
in the NCHRP studies and the international scan
report. This is a midterm priority.
Governance
Create AASHTO Subcommittee on Risk Manage-
ment. The AASHTO Subcommittee on Organiza-
tional Management has a Task Force on Risk
Management. This group could potentially own the
implementation initiatives. Currently this group does
not have a high profile. This is an important subject
that requires elevation to a joint technical committee
at a minimum. Immediate eorts should focus on
ensuring proper committee status. It may have some
diculty in eectively pushing risk management on
a national basis. This is a long-term priority.
52
Transportation Risk Management: International Practices for Program Development and Project Delivery 53
Appendix A. Scan Team Members
Contact Information
Joyce A. Curtis (Cochair)
Associate Administrator for Federal Lands
Federal Highway Administration
HFL, E61-316
1200 New Jersey Ave. SE
Washington, DC 20590
Telephone: 202-366-9472
E-mail: joyc[email protected]v
Daniel (Dan) D’Angelo, P.E. (Cochair)
Director, Recovery Act
Deputy Chief Engineer & Director of Design
New York State Department of Transportation
50 Wolf Rd., 6th Floor
Albany, NY 12232
Telephone: 518-485-9288
E-mail: [email protected]e.ny.us
Keith R. Molenaar, Ph.D. (Report Facilitator)
Professor and Chair
University of Colorado
428 UCB
Boulder, CO 80309-0428
Telephone: 303-735-4276
E-mail: molenaar@colorado.edu
Joseph (Joe) S. Dailey
Division Administrator
Federal Highway Administration Wyoming Division
2617 East Lincolnway, Suite D
Cheyenne, WY 82001-5671
Telephone: 307-771-2940
E-mail: joseph.daile[email protected]v
Steven (Steve) D. DeWitt, P.E.
Chief Engineer
North Carolina Turnpike Authority
5400 Glenwood Ave., Suite 400
Raleigh, NC 27612
1578 Mail Service Center
Raleigh, NC 27699-1578
Telephone: 919-571-3030
E-mail: steve.dewitt@ncturnpike.org
Michael J. Graf, P.E.
Program Management Improvement Team Leader
Federal Highway Administration
61 Forsyth St., Suite 17T26
Atlanta, GA 30303
Telephone: 404-562-3578
E-mail: michael.gr[email protected]v
Timothy (Tim) A. Henkel
Assistant Commissioner
Minnesota Department of Transportation
395 John Ireland Blvd.
St. Paul, MN 55155-1899
Telephone: 651-366-4829
E-mail: tim.henkel@state.mn.us
John B. Miller, Ph.D.
President
Barchan Foundation, Inc.
PO Box 786
Winchester, MA 01890
Telephone: 339-221-0401
E-mail: jbmiller@barchanfoundation.com
John C. Milton, Ph.D., P.E.
Director of Enterprise Risk and Safety Management
Washington State Department of Transportation
310 Maple Park Ave. SE
Olympia, WA 98504-7418
Telephone: 360 704-6363
E-mail: miltonj@wsdot.wa.gov
Darrell M. Richardson, P.E.
Assistant State Roadway Design Engineer
Georgia Department of Transportation
600 West Peachtree St., 27th Floor
Atlanta, GA 30308
Telephone: 404-631-1705
E-mail: drichardson@dot.ga.gov
Robert E. Rocco
Associate Vice President, Risk Manager
AECOM Transportation
20 Exchange Place, 15th Floor
New York, NY 10005
Telephone: 212 607-4128
E-mail: robert.rocco@aecom.com
54 Appendix A: Scan Team Members
Team Biographies
Joyce A. Curtis (cochair) is the associate administra-
tor for the Federal Highway Administration’s
(FHWA) Oce of Federal Lands Highway. Curtis
oversees 18 State Division oces with more than
450 professional, technical, and administrative sta
members across the Nation. She is responsible for
establishing performance measures and accountabil-
ity for the divisions’ performance as well as FHWAs
corporate risk assessment and yearly strategic
implementation plan. She is a member of FHWA’s
leadership team, having a key role in determining
the future of the organization. In the past, Curtis
served as the FHWA Resource Center director,
overseeing technical experts who provided training
and technical assistance in many functional areas.
Curtis was the assistant division administrator for
FHWA’s Virginia Division and the director of engi-
neering and operations in the former FHWA
Regional Oce in Baltimore, MD. She graduated
from Villanova University with a bachelors degree in
civil engineering. Curtis is the past secretary of the
Transportation Research Board’s (TRB) Committee
on Urban Transportation Data and Information
Systems and a member of the American Society
of Civil Engineers (ASCE).
Daniel D’Angelo, P.E., (cochair) is the deputy
chief engineer, director of the Oce of Design,
and director, Recovery Act, for the New York State
Department of Transportation. He is responsible for
overseeing the statewide project design program
and all aspects of the highway, bridge, transit, ferry
boat, and rail programs of the Federal Recovery Act.
D’Angelo has served with the agency for more than
27 years and has experience in project delivery,
program delivery, resource management, strategic
planning, workforce development, and risk manage-
ment. He has a bachelor’s degree in civil engineering
from the University of Bualo, a master’s degree in
business administration with specialization in organi-
zational leadership from Norwich University, and a
graduate certificate in adult teaching and learning.
D’Angelo is a licensed professional engineer in New
York State. He teaches undergraduate courses on
critical and creative thinking. He serves on the
Technical Coordinating Committee for the Strategic
Highway Research Program and on committees of
the American Association of State Highway and
Transportation Ocials (AASHTO).
Dr. Keith R. Molenaar (report facilitator) is the
department chair and K. Stanton Lewis Professor
of Construction Engineering and Management
in the Department of Civil, Environmental, and
Architectural Engineering at the University of
Colorado Boulder. Molenaar’s research focuses
on risk management and alternative delivery strate-
gies for the construction of infrastructure and
facilities. His responsibilities include coordinating
a collaborative research eort aimed at exploring
the integration of risk management and project
delivery and disseminating research results to
owners, designers, constructors, and students.
He was previously a faculty member at the Georgia
Institute of Technology, where he was group leader
of the Construction Research Center’s Procurement
and Project Delivery research initiative. Molenaar
has a bachelor’s degree in architectural engineering
and master’s and Ph.D. degrees in civil engineering
from the University of Colorado Boulder. He is a
member of ASCE, the Design-Build Institute of
America, and the Construction Management
Association of America.
Joseph S. Dailey is the division administrator for
the FHWA Wyoming Division in Cheyenne, WY.
He is the principal representative of the U.S. Depart-
ment of Transportation (DOT) in Wyoming and is
responsible for administering the Federal-Aid
Highway Program in the State. Dailey provides
guidance and direction to State and local ocials
on identifying surface transportation needs and
related priorities that, when implemented, carry out
State and national transportation goals. In the past,
he served as director of financial management in
the Oce of the Chief Financial Ocer, overseeing
the development and execution of national financial
policy supporting the $40 billion-plus annual
Federal-Aid Highway Program. Also, Dailey was
responsible for internal control policies and integra-
tion of the agency’s risk management program into
the Fiscal Integrity Review and Evaluation program.
He has served with FHWA since 2006. His govern-
ment financial management career spans more
than 28 years and includes work in the areas of
budget, finance, accounting, programming, man-
power, and grant management. Dailey has a bach-
elor’s degree in education from the University of
Louisville and a master’s in business administration
from Syracuse University. He is a certified govern-
mental financial manager and a certified defense
financial manager. Dailey is a member of the Asso-
ciation of Government Accountants. He previously
Transportation Risk Management: International Practices for Program Development and Project Delivery 55
served as the U.S. DOT representative on the
AASHTO Standing Committee on Finance
and Administration.
Steven D. DeWitt, P.E., is chief engineer for the
North Carolina Turnpike Authority, responsible for
all engineering activities related to the planning,
design, and construction of toll projects. DeWitt’s
26-year career with the North Carolina Department
of Transportation (NCDOT) includes a variety of
statewide positions in construction management,
contract procurement including design-build and
public-private partnership approaches, and related
activities. He is a graduate of the University of North
Carolina at Charlotte with a bachelor’s degree in
civil engineering. DeWitt is a licensed professional
engineer in North Carolina. His professional activities
include leadership roles on various committees,
subcommittees, and task forces with TRB and
AASHTO related to project procurement and
delivery and general construction.
Michael J. Graf, P.E., is the team leader for FHWA’s
Program Management Improvement Team. He leads
a team of engineers and analysts responsible for
improving management of the Federal-Aid Highway
Program, implementing the agency risk manage-
ment program, conducting national program
reviews, improving customer and partner satisfac-
tion, and advancing organizational quality. In addi-
tion, Graf leads the National Review Teams, which
conduct reviews of Recovery Act projects around
the country to ensure accountability and consis-
tency. He graduated from the FHWA Highway
Engineer Program in 1990 and has held many
positions, including team leader for the Program
Improvement Team, assistant division administrator
in the Delaware Division, Technical Services Team
leader for the Central ArteryTunnel Project in the
Massachusetts Division, district engineer in the
Mississippi Division, and area engineer in the Georgia
and South Carolina Divisions. Graf has a master’s
degree in public administration from Wilmington
University and a bachelor’s degree in civil engineer-
ing from the University of Maine. He is the secretary
of AASHTO’s Subcommittee on Organizational
Management and a registered professional engineer
in South Carolina.
Timothy A. Henkel is an assistant commissioner
for the Minnesota Department of Transportation in
St. Paul, MN. Henkel directs the department’s Modal
Planning and Program Management Division and is
responsible for managing the State’s delivery of
passenger rail, highway capital programs, perfor-
mance measures, freight and commercial vehicle
operations, transit, aeronautics, modal innovation,
and transportation data and analysis. He has been
with the agency for more than 26 years. Henkel’s
overall transportation career spans more than
28 years, including work in the private sector in
planning, program management, and delivery for all
modes of transportation. He is a graduate of Bemidji
State University–Minnesota with a bachelor’s degree
and a certificate in civil engineering and land survey-
ing from Dunwoody College–Minneapolis in Minne-
sota. Henkel is a member of the AASHTO Standing
Committee on Planning and serves on technical
panels monitoring National Cooperative Highway
Research Program (NCHRP) projects conducted by
TRB, such as NCHRP Report 658–Guidebook on Risk
Analysis Tools and Management Practices to Control
Transportation Project Costs.
Dr. John B. Miller is president of the Barchan
Foundation, Inc., a 501(c)(3) public charity that
collects and transmits comparative information on
how public infrastructure projects are delivered and
financed across the world. Miller was an associate
professor at the Center for Construction Research
and Education at Massachusetts Institute of Tech-
nology’s (MIT) Civil and Environmental Engineering
Department from 1995 to 2003. He was one of two
reporters for the American Bar Association (ABA)
2000 Model Procurement Code Project and the
ABA 2007 Model Code for Public Infrastructure
Procurement. He earned a bachelors degree in
civil engineering, master’s degree in soil mechanics,
and doctor of philosophy degree in infrastructure
systems, all from MIT, and J.D. and L.L.M. in taxation
degrees from Boston University School of Law.
He is a member of ASCE, ABA, American Public
Works Association, Boston Society of Civil
Engineers, Construction Specification Institute,
Design-Build Institute of America, International Bar
Association, and International City/County Manage-
ment Association and a fellow of the American
College of Construction Lawyers.
Dr. John C. Milton, P.E., is the director of enterprise
risk and safety management for the Washington
State Department of Transportation (WSDOT) in
Olympia, WA. He is responsible for both program
and project risk management-related issues. Milton
also has oversight responsibility for the WSDOT
Highway Safety Program and serves as chair of the
56 Appendix A: Scan Team Members
Highway Safety Executive Committee. He has more
than 24 years’ experience in engineering and has
served in planning, trac, design, and construction
roles. Milton has a bachelor’s degree in civil engi-
neering and a master’s degree in engineering
management from St. Martin’s College. He also
has a master’s degree and Ph.D. in civil engineering
from the University of Washington. He has served
on numerous National Academy of Sciences
research panels on highway safety and data analy-
sis. Milton’s professional activities include leadership
roles on various committees, subcommittees, and
task forces for TRB and AASHTO. Milton chairs the
TRB Committee on Highway Safety Performance.
Darrell M. Richardson, P.E., is the assistant State
roadway design engineer for the Georgia Depart-
ment of Transportation (GDOT) in Atlanta, GA.
He oversees two design groups of 12 transportation
engineers who design multiple roadway projects
around the State. His oversight includes depart-
ment-wide and project-specific engineering
decisions and directives, resource allocation, man-
hour estimates, budget, training, and quality control
and assurance. Richardson’s previous GDOT experi-
ence involved managing as many as 180 projects
from the development process into construction.
He started with GDOT in 1986, working his way up
through the design and project management ranks
to his current position. Richardson graduated from
Southern Polytechnic State University with a bach-
elor’s degree in civil engineering and earned his
Georgia professional engineer’s license. He serves
on the AASHTO Technical Committee on Cost
Estimating.
Robert E. Rocco, P. E., is associate vice president
and risk manager for AECOM Transportation in
North America. He is responsible for enhancing
the value of AECOM’s risk management product as
part of the company’s Center of Excellence Group
in New York City. This entails developing new risk
management tools, processes, and training. Rocco
is assigned to the Second Avenue Subway Project
in New York City, where he is responsible for risk
management and for meeting Federal Transit
Administration guidelines on enhancing the proj-
ect’s management practice. He has developed
and implemented risk programs for several other
projects, most recently the Central Subway Project
in San Francisco. Rocco has performed risk assess-
ments for numerous projects, including the Dallas
Area Rapid Transit, Central Corridor Light Rail
Transit in Minneapolis-St. Paul, San Diego Airport
Terminal expansion, and Lincoln Center Develop-
ment Project in New York City. Before joining
AECOM, he was employed by Raytheon Engineers
& Constructors, managing the rm’s Advanced
Technology Oce in Princeton, NJ. Rocco has a
bachelor’s degree in civil engineering from the
University of Detroit and a master’s degree in
engineering management from the New Jersey
Institute of Technology. He is a licensed professional
engineer in New York, New Jersey, and Ohio.
He is a member of the Project Management Institute
and ASCE.
Transportation Risk Management: International Practices for Program Development and Project Delivery 57
Appendix B. Amplifying Questions
The amplifying questions provide detail on the
scan team’s topics of interest. They served as a
framework for the team’s discussions with ocials
of the organizations it visited. The team asked the
organizations to answer the questions directly or
provide examples of successes and failures. The
team requested documentation of policies and
procedures and examples of risk management
activities.
The amplifying questions are organized into the
following topics:
Organization—The context of your
organizational and risk management structure
General context
Risk management organization
Development of risk management program
Risk management factors
Application—The manner in which your
organization applies risk management
Definition of risk
Risk communication
Organizational risk management
Program risk management
Risk management information systems
Process—The systematic series of risk
management actions
Risk identification
Risk assessment and analysis
Risk response
Risk allocation
Risk monitoring
Improvement—The actions to continuously
improve your risk management process
Process measurement
Lessons learned
Organization
General Context
1. Generally describe the key aspects of trans-
portation program delivery within the political,
economic, and technological structure of your
country.
a. Please describe the owner structure, market
structure, market competition, and the roles
and responsibilities of the primary stake-
holders in the transportation program
delivery life cycle.
b. Please describe your organization’s mission,
goals, and objectives.
c. Please describe your agency’s organiza-
tional structure.
Risk Management Organization
2. Please describe the organizational structure
for risk management in your organization.
a. Who is responsible for ensuring that your
organization eectively manages risk as a
whole and at appropriate levels in the
organization?
b. Who in your organization is responsible for
developing risk management policy?
c. Does your agency adhere to, or apply, the
ISO 31000 Risk Management standard?
Development of Risk Management Program
3. Please describe how your risk management
program was developed and how you maintain
a culture of risk management.
a. How did your risk management program
evolve (e.g., creation through a top-down
executive directive or a bottom-up sta
initiative)?
b. What is the involvement of executive sta,
middle management, and sta?
c. If a specific risk management person or
group is charged with your overall program,
what are the competencies required to
ensure adequate background in this or
these roles?
d. What competencies are important to the
organization’s risk management process,
and what type of training does the
organization provide?
58 Appendix B: Amplifying Questions
Risk Management Factors
4. Please describe the areas that your organiza-
tion’s risk management program addresses.
a. Are costs, other than financial, considered
in risk management (e.g., impacts to the
environment, impacts to key stakeholders,
etc.)?
b. How are nonmonetary risks weighed against
financial or schedule risks?
Application
Definition of Risk
5. How does your organization define the
term “risk?”
a. How does the definition of risk dier at the
organizational, program, and project levels?
b. What motivates (or motivated) your organi-
zation to employ risk management eorts?
Risk Communication
6. Please describe how your organization com-
municates risk issues and/or considerations
with internal sta and external stakeholders?
a. How does your organization communicate
the results and benefits of risk management
to external stakeholders?
b. How do internal sta members know about
the specific risks associated with their
business area?
c. How does risk management promote
transparency of your decisions to the
public and other stakeholders?
d. What quantitative and visual risk manage-
ment tools are available to communicate
risk, complexity, and uncertainty to
stakeholders?
Organizational Risk Management
7. Please explain how your organization applies
risk management at the organizational level.
a. How does your organization incorporate
risk management in its overall strategic
planning, budgeting, performance measure-
ment, and implementation eorts?
b. How does your organization integrate risk
management results into its business
objectives and operations?
c. Has your organization’s “risk tolerance”
been identified? How was this done?
Program Risk Management
8. Please explain how your organization applies
risk management at the program level. This
includes major modal decisionmaking (i.e., rail,
transit, highways, etc.) and major project
decisionmaking (i.e., size of project, delivery
methods, etc.).
a. Discuss how your organization communi-
cates cross-functional risks across organiza-
tional boundaries between projects and
programs.
b. How do risk analysis and risk management
inform your organization’s decisionmaking
processes for long-range system planning,
major project description and cost estima-
tion, priority programming, and project
development?
c. Is your agency using risk analysis to support
programming and project delivery deci-
sions, such as public-private partnerships
and long-term maintenance agreements?
d. Does your organization have a full inventory
of assets and deterioration rates that help
forecast programmatic waves of risk?
e. Does your organization include risk
management processes in policy decisions,
such as implementation of a new specifica-
tion, design requirement, or other related
elements?
Risk Management Information Systems
9. Please describe your organization’s risk man-
agement information systems.
a. How does your organization collect and
manage the data from risk analysis and risk
management eorts?
b. What quantitative and visual tools do you
apply in your risk management?
Process
Note: This section of the amplifying questions
focuses on the process of risk management. When
answering these questions, please provide examples
of organizational, program, and project risk manage-
ment activities, as appropriate.
Transportation Risk Management: International Practices for Program Development and Project Delivery 59
Risk Identification
10. Please describe your organization’s process of
risk identification.
a. Who conducts your organization’s risk
identification?
b. What tools does your organization use to
identify risks?
c. Does your organization consider both
threats and opportunities equally?
d. Does your organization maintain risk
checklists or categories of risks
(e.g., a risk breakdown structure)?
Risk Assessment and Analysis
11. Please describe your organization’s process for
assessing and analyzing risks.
a. How does your organization prioritize key
risks?
b. Does your organization consider risk likeli-
hood and potential impacts in its prioritiza-
tion?
c. Does your organization use both quantita-
tive and qualitative risk assessments? Please
describe the benefits and challenges of the
dierent tools.
d. What is done to avoid optimism or bias in
risk assessments?
e. What level of certainty does your organiza-
tion assign to risks throughout the project
development process?
f. Is there a specific cost-benefit approach
that your organization uses?
Risk Response
12. Please describe your organization’s process for
risk response.
a. Does your organization have specific
response strategies to address common
risks?
b. How do your internal controls address
identified risks?
c. Are contingencies (time and/or financial)
set aside when program risks are identified?
d. If you use project risks to develop contin-
gencies for programs and projects, do you
budget for the worst-case scenario cost,
a mean cost, or something else?
Risk Allocation
13. Please describe how risk management output
informs the risk allocation process in your
organization.
a. How does your organization use informa-
tion from risk management to make
contract-related decisions with key
industry partners?
b. Does your organization use risk manage-
ment information to select project delivery
options (i.e., design-build, public-private
partnerships, and maintenance
contracting)?
Risk Monitoring
14. Please describe the processes that your
organization uses to monitor risk.
a. How does your organization monitor risks
and risk mitigation actions?
b. Is risk monitoring done at a global level or
at lower level in the organization?
c. How do your organization’s risk-monitoring
methods relate to contingency manage-
ment and resource allocation?
Improvement
Process Measurement
15. Please describe your organization’s strategies,
methods, and tools for measuring the results
of its risk management program.
a. Who evaluates your organization’s
eectiveness in managing risk and what
measures do they use?
b. How does the output of your organization’s
risk management eorts relate to its overall
strategic plan and performance measures?
c. How does your organization ensure that risk
management processes align among lead-
ership, program management, and sta?
d. How do you make improvements to your
risk management plans, policy, and
framework?
e. What type of risk management training
does your organization provide for the
various levels of management and sta?
What are the key competencies for success?
60 Appendix B: Amplifying Questions
Lessons Learned
16. Please provide any advice that you would give
to an agency that is embarking on a new risk
management program.
a. What are the key resources for a successful
risk management program?
b. How does an organization achieve and
maintain a risk management culture?
c. What are some key mistakes to avoid when
developing a risk management program?
Transportation Risk Management: International Practices for Program Development and Project Delivery 61
Appendix C. Bibliography and Recommended
Readings
The following readings relate to enterprise
(i.e., agency), program, and project risk manage-
ment. They come from a variety of sources, but the
principles apply to managing transportation risk.
The scan team members have found them useful
for broadening their understanding of the topic
and developing programs and policies on risk
management at all levels.
Committee of Sponsoring Organizations of the
Treadway Commission (2004). Enterprise Risk
Management—Integrated Framework. Committee
of Sponsoring Organizations of the Treadway
Commission, www.coso.org.
Federal Highway Administration (2006). Guide to
Risk Assessment for Highway Construction
Management. Report FHWA-PL-06-032, U.S.
Department of Transportation, Washington, DC.
Federal Highway Administration (2012). “Risk
Management.” National Highway Institute Training
Course FHWA-NHI-134065, National Highway
Institute, Arlington, VA.
Highways Agency (2010). Highways Agency Risk
Management Policy and Guidance. Highways
Agency, London, England.
International Organization for Standardization (ISO)
(2009). ISO 31000 Risk Management—Principles
and Guidelines. International Organization for
Standardization, Geneva, Switzerland.
National Cooperative Highway Research Program
(2010). Guidebook on Risk Analysis Tools and
Management Practices to Control Transportation
Project Costs. NCHRP Report 658, ISBN 978-0-
309-15476-5, National Cooperative Highway
Research Program, Transportation Research
Board of the National Academies, Washington, DC.
National Cooperative Highway Research Program
(2011). Executive Strategies for Risk Management
by State Departments of Transportation. NCHRP
Project 20-24(74), National Cooperative Highway
Research Program, Transportation Research
Board of the National Academies, Washington, DC.
National Cooperative Highway Research Program
(2011). Guide for Managing NEPA-Related and
Other Risks in Project Delivery. NCHRP Web-Only
Document 183, National Cooperative Highway
Research Program, Transportation Research
Board of the National Academies, Washington, DC.
National Cooperative Highway Research Program
(2011). Guide for the Process of Managing Risk on
Rapid Renewal Contracts. Report of Strategic
Highway Research Program Project R09, National
Cooperative Highway Research Program,
Transportation Research Board of the National
Academies, Washington, DC.
New York State Department of Transportation
(2009). Risk Management for Project Develop-
ment (Draft). New York State Department of
Transportation, Oce of Design, Albany, NY.
Project Management Institute (2004). A Guide to
Project Management Body of Knowledge
(PMBOK Guide). Project Management Institute,
Newton Square, PA.
Project Management Institute (2006). Standard for
Program Management. Project Management
Institute, Newton Square, PA.
Transport and Main Roads (2011). Transport and Main
Roads Guide to Risk Management. Transport and
Main Roads, Queensland, Australia.
Washington State Department of Transportation
(2010). Project Risk Management, Guidance for
WSDOT Projects. Washington State Department
of Transportation, Olympia, WA.
62 Appendix D: Risk Management Process Stages and Terminology Comparison
Appendix D. Risk Management Process Stages and
Terminology Comparison
Risk Management Process Stages and Terminology Comparison
Proces
Stage
Organization: Document
FHWA: Guide to
Risk Assessment
and Allocation
for Highway
Construction
Management
(October 2006)
NCHRP
20-24(71): Guide
for Managing
NEPA-Related
and Other Risks
in Project
Delivery (NCHRP
Web-Only 183)
NCHRP 08-60:
Guidebook on
Risk Analysis
Tools and
Management
Practices
to Control
Transportation
Costs (NCHRP
Report 658)
ISO 31000:2009,
Risk Management—
Principles and
Guidelines
Project Manage-
ment Institute:
Project Manage-
ment Body of
Knowledge
(PMBOK Guide,
ANSI/PMI
99-001-2008)
Project
Management
Institute: The
Standard for
Program
Management
(ANSI/PMI
08-002-2008)
Committee of
Sponsoring
Organizations of
the Treadway
Commission:
Enterprise Risk
Management—
Integrated
Framework
0
Communication
and Consultation
Internal
Environment
1 Structuring Establish Context
Plan Risk
Management
Plan Program
Risk
Management
Objective
Setting
2
Risk
Identification
Risk Identifica-
tion
Identify
Risk
Identification
Identify Risks
Identify
Program Risks
Event
Identification
3 Risk Assessment
Risk Assessment
(Qualitative)
Assess/Analyze
Risk Analysis
(Quantitative
or Qualitative)
Perform
Qualitative Risk
Analysis
Analyze
Program Risks
(Quantitative)
Risk Assessment
4 Risk Analysis
Risk Analysis
(Quantitative)
Risk
Evaluation
Perform
Quantitative
Risk Analysis
5
Risk Mitigation
and Planning
Risk Response
Planning
Mitigate
and Plan
Risk Treatment and
Allocation
Plan Risk
Responses
Plan Program
Risk
Responses
Risk Response
Risk Allocation Allocate
6
Risk Monitoring
(Tracking) and
Updating
Risk Monitoring
and Control
Monitor and
Control
Monitoring and
Review
Monitor and
Control Risks
Monitor and
Control
Program Risks
Control
Activities
Information and
Communication
Monitoring
Risk Assessment
Transportation Risk Management: International Practices for Program Development and Project Delivery 63
The following are the stages of risk management
and the terms used for each stage by various
organizations and their publications. The terms used
for each stage generally have the same meaning
and intent (bold indicates the most commonly
used term):
Plan = structuring = establish content =
objective setting
Identify = risk identification =
event identification
Assess = assessment =
perform qualitative analysis
Analyze = analysis =
perform quantitative analysis
Mitigate = risk response planning =
mitigate and plan = allocate =
treatment and allocate = plan response =
management planning = risk response
Monitor and control = monitoring and updating
= tracking = monitoring and review = manage-
ment implementation = control activities =
information and communication = monitoring
Other common risk management terms with
similar meanings and intent (bold indicates
the most commonly used terms):
Risk appetite = risk tolerance
Likelihood = frequency = probability
Consequence = eect = impact
References for the definitions include the following:
Federal Highway Administration (2006). Guide
to Risk Assessment for Highway Construction
Management. Report FHWA-PL-06-032, U.S.
Department of Transportation, Washington, D.C.
National Cooperative Highway Research
Program (2011). Guide for Managing NEPA-
Related and Other Risks in Project Delivery.
NCHRP Web-Only Document 183, National
Cooperative Highway Research Program,
Transportation Research Board of the
National Academies, Washington, DC.
National Cooperative Highway Research
Program (2010). Guidebook on Risk Analysis
Tools and Management Practices to Control
Transportation Project Costs. NCHRP Report
658, ISBN 978-0-309-15476-5, National Coop-
erative Highway Research Program, Transporta-
tion Research Board of the National Academies,
Washington, DC.
International Organization for Standardization
(ISO) (2009). ISO 31000 Risk Management—
Principles and Guidelines. International Organi-
zation for Standardization, Geneva, Switzerland.
Project Management Institute (2004). A Guide
to Project Management Body of Knowledge
(PMBOK Guide). Project Management Institute,
Newton Square, PA.
Project Management Institute (2006). Standard
for Program Management. Project Management
Institute, Newton Square, PA.
Committee of Sponsoring Organizations of
the Treadway Commission (2004). Enterprise
Risk Management—Integrated Framework.
Committee of Sponsoring Organizations of
the Treadway Commission, www.coso.org.
64 Appendix E: Host Country Representatives
Appendix E. Host Country Representatives
Links to Transportation Organization Web Sites
Country Links to Transportation Organizations
Australia Department of Transport and Main Roads, Queensland
www.tmr.qld.gov.au/
VicRoads, Victoria
www.vicroads.vic.gov.au/
Roads and Trac Authority, New South Wales
www.rta.nsw.gov.au/
England Highways Agency of the Department for Transport
www.highways.gov.uk and http://www.dft.gov.uk
Germany Federal Highway Research Institute (BASt)
www.bast.de/
The Netherlands Ministry of Transport, Public Works, and Water Management (Rijkswaterstaat)
www.rijkswaterstaat.nl/
www.government.nl/ministries/ienm
Scotland Transport Scotland
www.transportscotland.gov.uk/
Australia
Queensland Government
Julie Mark
Senior Trade Ocer, Transport and Logistics
Trade and Investment Queensland
Department of Employment, Economic
Development, and Innovation
Queensland Government
Level 21, 111 George St.
Brisbane, Queensland 4000 Australia
PO Box 12400 George St.
Queensland 4003 Australia
E-mail: julie.mark@trade.qld.gov.au
Hiram Ergetu
Trade Ocer, Transport and Logistics
Trade and Investment Queensland
Department of Employment, Economic
Development, and Innovation
Queensland Government
Level 21, 111 George St.
Brisbane, Queensland 4000 Australia
PO Box 12400 George St.
Queensland 4003 Australia
E-mail: hiram.eregetu@trade.qld.gov.au
Stephen Dueld, MPM CPPD
Assistant Director (Risk Management)
Governance & Planning Branch
Corporate Governance Branch
Department of Transport and Main Roads
Queensland Government
Level 5, Capital Hill Building
85 George St.
Brisbane, Queensland 4000 Australia
PO Box 1549
Brisbane, Queensland 4001 Australia
E-mail: stephen.z.dueld@tmr.qld.gov.au
Kieran Lynch, LL.B, M. Proj. Mgt
Program Director (Delivery Risks)
Infrastructure Risk Management and Insurance
Major Infrastructure Projects
Department of Transport and Main Roads
Queensland Government
Floor 3, 260 Queen St.
Brisbane, Queensland 4000 Australia
GPO Box 2439
Brisbane, Queensland 4001 Australia
E-mail: kieran.j.lynch@tmr.qld.gov.au
Transportation Risk Management: International Practices for Program Development and Project Delivery 65
Shaun Scanlan, B. Bus, Assoc. Dip. Bus
Manager, Risk Advisory Unit
Governance and Planning Branch
Corporate Governance Division
Department of Transport and Main Roads
Queensland Government
Floor 5, Capital Hill Building
85 George St.
Brisbane, Queensland 4000 Australia
GPO Box 1549
Brisbane, Queensland 4001 Australia
E-mail: shaun.j.scanlan@tmr.qld.gov.au
Derek Skinner, B.E, MIE (Aust), RPEQ
General Manager (Major Projects)
Major Projects Oce
Department of Main Roads
Queensland Government
Floor 2, 260 Queen St.
Brisbane, Queensland 4000 Australia
GPO Box 2439
Brisbane, Queensland 4001 Australia
E-mail: derek.g.skinner@tmr.qld.gov.au
VicRoads
Gerry George
Project Director
Major Projects M80 Upgrade
VicRoads
Telephone: 61 3 9094 4614
E-mail: gerry.george@roads.vic.gov.au
Mario Maldoni, BEng (Civil)
Core Functions Manager
Trac, Risk, Safety, & Programme
M80 Ring Road Upgrade
VicRoads
3 Bristol St., Essendon Airport
Victoria 3041 Australia
E-mail: mario.maldoni@roads.vic.gov.au
Charles Pashula
Manager–Programming & Risk Management
Monash-CityLink-West Gate Upgrade
VicRoads
Level 2, 3 Prospect Hill Rd.
Camberwell Victoria 3124 Australia
E-mail: charles.pashula@roads.vic.gov.au
William Tieppo
Director
Regional Services Support
VicRoads
60 Denmark St.
Kew, Victoria 3101 Australia
E-mail: william.tieppo@roads.vic.gov.au
Alison Lisle
Manager, Business Support
Major Projects Support
VicRoads
60 Denmark St.
Kew, Victoria 3101 Australia
E-mail: alison.lisle@roads.vic.gov.au
Dominic Ruggiero
Business Improvement Coordinator
VicRoads
60 Denmark St.
Kew, Victoria 3101 Australia
E-mail: dominic.ruggiero@roads.vic.gov.au
Peter Williams
Director, Commercial & Business Services
VicRoads
60 Denmark St.
Kew, Victoria 3101 Australia
E-mail: peter.williams@roads.vic.gov.au
Peter Mitchem
Executive Director
Technical & Information Services
VicRoads
60 Denmark St.
Kew, Victoria 3101 Australia
E-mail: peter.mitchem@roads.vic.gov.au
Tony Biancacci
Insurance & Risk Management Ocer
Corporate Services Division
VicRoads
60 Denmark St.
Kew, Victoria 3101 Australia
E-mail: tony.biancacci@roads.vic.gov.au
Julian Lyngcoln
Director, Safer Roads
Road Safety & Network Access
VicRoads
60 Denmark St.
Kew, Victoria 3101 Australia
E-mail: julian.lyngcoln@roads.vic.gov.au
66 Appendix E: Host Country Representatives
Wendy Goad
Project Operations Ocer
VicRoads
60 Denmark St.
Kew, Victoria 3101 Australia
E-mail: wendy.goad@roads.vic.gov.au
Vince Punaro
Acting Director Network Improvements
Network and Asset Planning
VicRoads
60 Denmark St.
Kew, Victoria 3101 Australia
E-mail: vince.punaro@roads.vic.gov.au
Philip D. Symons, MIE Aust., CPEng
Director–Risk Management
Corporate Services Division
VicRoads
60 Denmark St.
Kew, Victoria 3101 Australia
E-mail: phil.symons@roads.vic.gov.au
Aon Risk Solutions
Je Frohlo
State Manager
Aon Risk Solutions
Level 6, 175 Eagle St.
Brisbane, Queensland 4000 Australia
E-mail: je.frohlo@aon.com.au
Jardine Lloyd Thompson Australia Pty Ltd
Richard van Velzen
Executive Director
Jardine Lloyd Thompson Australia Pty Ltd
Level 17, 607 Bourke St.
Melbourne, Victoria 3000 Australia
E-mail: richard.vanvelz[email protected]
Victorian Managed Insurance Authority
Goran Mitrevski, FCPA, CIA
Manager, Risk Services
Victorian Managed Insurance Authority
Level 30, 35 Collins St.
Melbourne, Victoria 3000 Australia
E-mail: g.mitrevski@vmia.vic.gov.au
New South Wales Roads and Trac Authority
John Statton
General Manager
Infrastructure Asset Management
Network Management
Roads and Trac Authority
Level 16, 101 Miller St.
North Sydney, NSW 2060 Australia
Locked Bag 928
North Sydney, NSW 2059 Australia
E-mail: john_statt[email protected].gov.au
Lori St John
Senior Manager, Governance and Risk
Governance Branch
Chief Executive’s Oce
Roads and Trac Authority
101 Miller St.
North Sydney, NSW 2060 Australia
Locked Bag 928
North Sydney, NSW 2059 DX 10516 Australia
E-mail: [email protected]w.gov.au
Michael de Roos
General Manager, Safer Roads
Roads and Trac Authority
Level 18, 101 Miller St.
North Sydney, NSW 2060 Australia
Locked Bag 928
North Sydney, NSW 2059 Australia
E-mail: [email protected]w.gov.au
Paul Tansi, BE, MEngSc, Dip PM
Manager, Project Management Improvement Unit
Project Management Oce
Network Services
Roads and Trac Authority
Level 8, 27 Argyle St.
Parramatta, NSW 2150 Australia
PO Box 973
Parramatta CBD NSW 2124 Australia
E-mail: [email protected].gov.au
Fiona Court
General Manager
Infrastructure Communication
Roads and Trac Authority
Level 19, 101 Miller St.
North Sydney, NSW 2060 Australia
Locked Bag 928
North Sydney, NSW 2059 Australia
E-mail: fi[email protected]w.gov.au
Transportation Risk Management: International Practices for Program Development and Project Delivery 67
Tulla Sydney Alliance
Steve Cornish
Alliance Project Manager
Tulla Sydney Alliance
122 Melrose Dr.
Tullamarine, Victoria 3043 Australia
E-mail: sjcornish@tullasydney.com.au
Germany
BASt
Dr.-Ing. Peter Reichelt
President and Professor
BASt
Bruderstrabe 53
D-51427 Bergisch Gladbach, Germany
E-mail: reichelt@bast.de
Dr. Jurgen Krieger
Head of Division of Bridges and Structural
Technology
BASt
Bruderstrabe 53
D-51427 Bergisch Gladbach, Germany
E-mail: juergen.krieger@bast.de
Dr. Markus Auerbach
Environmental Protection
BASt
Bruderstrabe 53
D-51427 Bergisch Gladbach, Germany
E-mail: [email protected]
Ralph Holst
Maintenance and Engineering Structures
BASt
Bruderstrabe 53
D-51427 Bergisch Gladbach, Germany
E-mail: holst@bast.de
Petra H. Bauer
Presse und Oentlichkeitsarbeit
BASt
Bruderstrabe 53
D-51427 Bergisch Gladbach, Germany
E-mail: [email protected]
Dr.-Ing. Frank Heimbecher
Head of Section of Tunnel and Foundation
Engineering, Tunnel Operation, Civil Security
BASt
Bruderstrabe 53
D-51427 Bergisch Gladbach, Germany
E-mail: [email protected]
Dipl.-Ing. Rolf Rabe
Pavement Testing and Design
BASt
Bruderstrabe 53
D-51427 Bergisch Gladbach, Germany
E-mail: rabe@bast.de
Dr.-Ing. Volker Wassmuth
Transport Consulting
Director of Transport Planning & Trac Engineering
PTV
Planung Transport Verkehr AG
Stumpfstrasse 1
76131 Karlsruhe, Germany
E-mail: volker.wassmuth@ptv.de
United Kingdom
Highways Agency
Ruth Tilstone
International Inward Visit Coordinator
Network Services
Highways Agency
Piccadilly Gate
Store Street
Manchester, M1 2WD United Kingdom
E-mail: ruth.tilstone@highways.gsi.gov.uk
Nirmal Kotecha
Major Projects Director
Major Projects Directorate
Highways Agency
Woodlands
Manton Lane
Manton Lane Industrial Estate
Bedford, MK41 7LW United Kingdom
E-mail: nirmal.kotecha@highways.gsi.gov.uk
68 Appendix E: Host Country Representatives
Helen Jamieson, CEng, MICE
Contract Manager
Network Delivery & Development
Highways Agency
9th Floor, The Cube
199 Wharfside St.
Birmingham, B1 1RN United Kingdom
E-mail: helen.jamieson@highways.gsi.gov.uk
David Patterson, BSc MPhill CGeol FGS
Technical Lead for Integrated Asset Management
and S. England Team Leader, Geotechnics
Network Services
Highways Agency
Temple Quay
Bristol, BS1 6HA United Kingdom
Lisa M Scott, ACMA
Head of Corp Governance & Performance Reporting
Finance Directorate
Highways Agency
5th Floor
123 Buckingham Palace Rd.
London, SW1W 9HA United Kingdom
E-mail: lisa.scott@highways.gsi.gov.uk
Elizabeth Mathie
Safety Risk Modeling Manager
Network Services, Network Planning & Performance
Division
Highways Agency
Piccadilly Gate
Store Street
Manchester, M1 2WD United Kingdom
E-mail: elizabeth.mathie@highways.gsi.gov.uk
Gary Thomas
Team Leader: Risk & Inflation
Major Projects Commercial
Highways Agency
Woodlands
Manton Lane
Manton Lane Industrial Estate
Bedford, MK41 7LW United Kingdom
E-mail: gary.thomas@highways.gsi.gov.uk
Scotland
Transport Scotland
Graham J Edmond, BSc CEng MICE
National Network Manager
Transport Scotland
Trunk Roads: Network Management
E-mail: graham.edmond@transportscotland.
gsi.gov.uk
John Hutton
Transport Scotland
E-mail: john.hutton@transportscotland.gsi.gov.uk
PricewaterhouseCoopers LLP
David J Maclaren
Senior Manager
PricewaterhouseCoopers LLP
141 Bothwell St.
Glasgow, G2 7EQ United Kingdom
E-mail: david.j.maclar[email protected]c.com
Halcrow Group Limited
Bruce D Lunn, Beng, Ceng, MICE, MIHT
Associate Director
Halcrow Group Limited
City Park
368 Alexandra Parade
Glasgow, G31 3AU United Kingdom
James Watson
Business and Financial Manager
Halcrow Group Limited
E-mail: watsonja@halcrow.com
The Netherlands
Rijkswaterstaat
Onno Tool
Senior Advisor/U.S. Liaison
Rijkswaterstaat
Schoemakerstraat 97
2628 VK Delft, Netherlands
PO Box 5044
2600 GA Delft, Netherlands
E-mail: onno.tool@rws.nl
Transportation Risk Management: International Practices for Program Development and Project Delivery 69
Richard W. Van der Elburg
Senior Advisor
Rijkswaterstaat
Schoemakerstraat 97
2628 VK Delft, Netherlands
PO Box 5044
2600 GA Delft, Netherlands
E-mail: richard.vander.elbur[email protected]
Jenne van der Velde
Principal Advisor on Asset Management
Centre for Transport and Navigation
Rijkswaterstaat
E-mail: jenne.vander.velde@rws.nl
Jaap Bakker
Senior Specialist
Rijkswaterstaat
Schoemakerstraat 97
Grioenlaan 2
3526 LA Utrecht, Netherlands
PO Box 20000
3502 LA Utrecht, Netherlands
E-mail: jaap.bakk[email protected]
Ing. E.J. (Eric) Maaskant
Coordinator Planmatig Beheer en Onderhoud/Probo
Rijkswaterstaat
Ketensedijk 4
2902 La Capelle aan den Ijssel
Postbus 556
3000 AN Rotterdam, Netherlands
E-mail: eric.maaskant@rws.nl
Drs. Petra Paen
Senior-Adviseur
Rijkswaterstaat
Van der Burghweg 1
2628 cs Delft
Postbus 5044
2600 GA Delft, Netherlands
E-mail: petra.pa[email protected]
Ing. Tirza Zwanenbeek
Projectleider
WSM
Rijkswaterstaat
Zuiderwageneplein 2
Postbus 600
8200 AP Lelystad, Netherlands
E-mail: tirza.zw[email protected]
Mr.ing. A. Stoelinga
Senior Adviseur/Specialist Planning HWN
Netwerken Netwerkplanning
Rijkswaterstaat
Van der Burghweg 1
Postbus 5044
2600 GA Delft, Netherlands
E-mail: arjen.stoelinga@rws.nl
ProRail
Ir. Th. L.M. (Ted) Luiten
Internal Advisor, Asset Management
ProRail
De Inktpot
Moreelsepark 3
3411 EP Utrecht, Netherlands
Postbus 2038
3500 GA Utrecht, Netherlands
E-mail: ted.luiten@prorail.nl
OFFICE OF INTERNATIONAL PROGRAMS
FHWA/US DOT (HPIP)
1200 New Jersey Avenue, SE
Washington, DC 20590
Tel: (202) 366-9636
Fax: (202) 366-9626
international@fhwa.dot.gov
www.international.fhwa.dot.gov
Publication No. FHWA-PL-12-029
HPIP/8-12(3.5)EW