NCHRP20-24(105)

Launching Enterprise Risk Management in

Your Agency

ARecordofWorkshopProceedings

Sept.2015TheStarIsis,Corp.

GordonProctor&AssociatesSpyPondPartners

TableofContentsSummaryofProceedingsandRecommendations.......................................................................................1

TheObjectiveofProject20-24(105).......................................................................................................2

DefinitionsofRiskManagement..............................................................................................................2

LessonsfromthePrivateSector...............................................................................................................5

HowERMBenefitsExecutives..................................................................................................................7

ManagingRiskstoExtremeEventsandThreatstoResilience.................................................................9

ManagingFinancialRisks........................................................................................................................12

CommunicatingRiskstoLegislatorsandKeyStakeholders....................................................................12

RiskManagementtoSupportKeyAgencyPriorities..............................................................................14

HowRiskManagementSupportsPerformance.....................................................................................17

LaunchinganERMProgram...................................................................................................................19

Risk-BasedAssetManagementasaCatalystforERM...........................................................................21

ResearchNeedsandRiskRoadmap.......................................................................................................23

ClosingComments..................................................................................................................................26

Appendices.............................................................................................................................................27

Purpose Thisbriefingpapersummarizestheproceedingsofatwo-dayworkshopheldaspartofNationalCooper-ativeHighwayResearchProgramproject20-24(105)entitledLaunchingEnterpriseRiskManagementinYourAgency. It summarizes thekeyactivitiesand recommendations resulting fromtheworkshop forchief executive officers and other senior agency leaders held August 24 – 25, 2015, inMinneapolis,Minn.

EnterpriseRiskManagementBriefingPaper

1

Summary of Proceedings and Recommendations Twenty–sixStatedepartmentof transportation (DOT)officialsmet for twodays inMinneapolis,Minn., over July 24 and 25, 2015, to explore the advantages of enterprise risk management(ERM). Presentations from DOT officials fromWashington, California,Minnesota, New Jersey,Vermont,Nevadaandelsewheresummarizedhowriskmanagementpreparesagencyofficialstomanageuncertainty,betterprotect thepublicandenhanceagencyperformance.Thepresenta-tionsalsoemphasizedhowriskmanagementhelpssatisfyrequirementsoftheMovingAheadforProgressinthe21stCenturyAct(MAP-21).

ParticipantsalsooutlinedkeystepstosupportStates’ riskmanagementevolutionthatcouldbepursuedbytheAmericanAssociationofStateHighwayandTransportationOfficials(AASHTO),theTransportation Research Board (TRB), and the Federal Highway Administration (FHWA). ThesestepsformaninitialriskmanagementroadmapthatAASHTO,TRB,andFHWAcouldpursue.Theworkshopparticipantsnotedthefollowingconclusionsandrecommendations:

• The workshop was a success that documented the benefits experienced by DOTs thatpracticeriskmanagement.ItalsoexposedDOTsthatarenotpracticingriskmanagementtoasummaryofthepracticalapplicationsofriskmanagement.

• TheworkshopconvincedparticipantsthatStatescouldbenefitfromriskmanagementanditisdeservingofAASHTOsupport.

• Specificrecommendationsincluded:- ReporttotheAASHTOBoardofDirectorsthattheworkshopwasasuccess,doc-

umentitsbenefits,andrecommendtheirsupportofriskmanagement,giventheirearlier position that they neededmore information before endorsing riskman-agement;

- AsktheBoardofDirectorstopassaresolutionsupportingriskmanagementasaworthwhilepracticeforDOTs;

- IncludeasummaryofriskmanagementinthenewChiefExecutiveOfficer(CEO)trainingAASHTOprovides;

- IntroduceAASHTOcommitteestothemanybenefitsofriskmanagementandex-plainhowitcanapplytotheirdisciplines;

- AssistDOTswithadoptingenterpriseriskmanagementbestpractices;- Update theNational Highway Institute (NHI) riskmanagement training from its

currentfocusonprojectsandFHWA-definedrisks.Itmaybeadvisabletodevelopmorethanonecourse.Onecouldfocusonprojectriskmanagementwhileanoth-erfocusonprogramandenterpriseriskmanagement.

- Createariskmanagementcommunityof interesttosupportthosewhopracticeriskmanagementandtoprovideasupportnetworkforthosewhowanttostart;

- Provideawebportalorotherone-stop-shopforthosewhowantinformationon

EnterpriseRiskManagementWorkshopProceedings

2

riskmanagement;- Sharebestpracticesontheapplicationofriskmanagement;- ProduceamanualforhowtomanageaDOTincludingasectiononriskmanage-

ment;- Identifytheskillsetsneededtopracticeenterpriseriskmanagementandprovide

trainingforStatestodevelopthoseskills;- Publishbestpracticesfromtheprivatesectorto informagenciesofthebenefits

ofERM;- Develop an executive summary of risk management to introduce it to staff

chargedwithdevelopmentofstrategicplansandotherdocuments;- Buildasuiteoftrainingmaterial;- Gatherandsharebestpractices;- Provide a synopsis of the ERMprograms in theDOTs inWashington, California

andMinnesota;- HelpStatesdevelopatooltotrackriskssotheycanbereportedtodecisionmak-

ers;- Provide a national forum to bring States together and look for risks that cross

Stateboundaries;- Offertrainingoramechanismtoframequestionstobetterunderstandtheidenti-

fication,assessment,andmitigationofrisks.

The Objective of Project 20-24 (105)

Thisresearchprojecthadtwoobjectives:

1. Conductaworkshop for seniorU.S. transportationagency leaders tohelp themlaunchagencyERMprogramsconsistentwithMAP-21requirements

2. Developa“roadmap”tomakeavailabletoDOTsthetraining,tools,andguidancematerialsagenciesneedtodevelopandmaintaineffectiveERMprograms.

TheroadmapwillassistAASHTO,FHWAandTRBtoprovideongoingassistancetoStatestoimprovetheirERMprograms.

Approximately26StateDOTrepresentativesparticipatedasdidStephenGajfromFHWA,MatthewHardy fromAASHTO,NCHRPprogramofficerAndrew Lemer and a consultantteam.Appendix1includesthefulllistofattendees.ThesessionwasheldattheUniversi-tyofMinnesotaWalterLibrary.

Definitions of Risk Management

Appendix2includesabriefingpaperpreparedforparticipants.Itincludesmoreextensivedefini-tionsofriskmanagementandexplainsitsusesandbenefits.Tosummarizeforthisproceedings,

EnterpriseRiskManagementBriefingPaper

3

riskisdefinedasthepositiveornegativeeffectsofuncertaintyorvariabilityonagencyobjectives.Riskmanagement isdefinedas thecultures,processes,andstructures thataredirected towardtheeffectivemanagementofpotentialopportunitiesandthreats.

These definitions hold several implications for understanding riskmanagement. First, risks arenotalwaysnegative. Inmodernmanagementframeworks,managingrisk isaboutmanagingun-certainty, variability, threats, hazards, and even opportunities. All of these can affect organiza-tional objectives. A negative risk could be a flood. A positive one a new technology. Secondly,managingriskisaboutmanagingperformance.Third,managingriskinvolveslookingforopportu-nitiesamidtherisks.

Enterpriseriskmanagementistheformalandsystematicefforttocontroluncertaintyandvaria-bilityonanorganization’sstrategicobjectivesbymanagingrisksatall levelsoftheorganization.Otherlevelsofriskmanagementcouldbeattheprogram,projectoractivitylevel.

Figure1depictsthefivestepriskprocesscontained inthe InternationalOrganizationforStand-ardization(ISO)31000process.Ascanbeseen,itisaplan,do,check,implementtypeofprocess

that methodically leadsthepractitionerthrougha logical sequence ofsteps. It begins withestablishing the con-text, or identifying theorganization’s objec-tives and environment.It proceeds throughidentification, analysis,evaluation and manag-ingof risks. Throughoutthe process, the riskpractitioners are moni-toring the risks andcommunicating to ap-propriate stakeholders.Theworkshop structurefollowed the ISO pro-cess. After describingERM, three exercises

allowedparticipants toidentify, analyze, evalu-

ateandprioritizerisks, thensuggest treatments.Theworkshopalso includedpresentationsanddiscussionsonhowtomonitorandreviewrisks,andcommunicateandconsultwithstakeholders.

Figure1-ISORiskFramework

EnterpriseRiskManagementWorkshopProceedings

4

Recent History of ERM Development

PanelchairTimHenkel,assistantcommissioneroftheMinnesotaDepartmentofTransportation,explainedhow theworkshopcapped several yearsof effort thatoriginatedwith theTRB20-24committeethatproducesresearchforchiefexecutives.ThefirstproductwasNCHRP20-24Execu-tiveStrategiesforRiskManagementbyStateDepartmentsofTransportationreportin2011.

Whilethatwasbeingdeveloped,FHWA,AASHTOandTRBwereorganizingfor2010anFHWAIn-ternational Technology Scanning Program tour. He and other U.S. transportation officials re-viewedtheriskmanagementprogramsinEngland,Scotland,theNetherlands,GermanyandAus-tralia.Thatscanresultedintheusualscanningreportbutalsoledtoanextensiveimplementationeffortbythescanningteam.Thoseeffortsincluded:

• Producinganexecutivesummaryreportandotherabbreviatedmaterialspromotingthebenefitsofriskmanagement.TheyweredistributedatanAASHTOannualmeetingandinotherforums;

• ThechiefriskofficerfortheVicRoadsstatetransportationagencyintheStateofVictoria,Australia,wasbroughttotheU.S.tovisitwithriskmanagementprogramstaff inWash-ingtonandMinnesota;

• TheVicRoadsriskmanageralsoparticipatedinaU.S.webinarandpresentedataCEOriskmanagementforumatthe2012AASHTOannualmeeting,andbriefedseniorFHWAstaff;

• ThescanteamsponsoredthreeNCHRPresearchefforts:- NCHRP 08-36 Task 121 Successful Implementation of Enterprise Risk Manage-

mentinStateTransportationAgenciesthatexaminedcurrentU.S.transportationagencyERMpublishedin2015;

- NCHRP 08-93 Managing Risk Across the Enterprise, A Guide for State Depart-ments of Transportation and an accompanying Enterprise Risk ManagementQuickGuidewhichisabouttobepublished;and

- The20-24CEOworkshop.

HereportedthatthescanningtourconfirmedthereisapplicabilityofriskmanagementintheU.S.andmoreworkneedstobedone.Helistedthebenefitsincludingthatitsupportsdecisionmak-ing, helps communicate, demonstrates understanding of risks, avoids managing by crisis, andsupportsobjectives.Thebottom line is riskmanagementpermeatesmany transportationagen-ciesaroundtheworld.ThedifferenceintheU.S.versuswhatwasfoundonthescanisthatma-tureenterpriseriskmanagementwasformalizedabroad.Themature, internationalagenciesdidnotpracticeriskmanagementinformally,asisthecaseamongU.S.agencies.Thematureagenciesdocumentedandreportedtheriskstheymanaged.

Mr.HenkelsaidallDOTexecutivesareriskmanagersbuthowthey formallyapply itvariesdra-maticallyfromStatetoState.Understandingwhatothersaredoingwillbeoneoftheworkshoptakeaways.Beyondthat,itwasanopportunitytoshareanditisanopportunitytoinfluencethe

EnterpriseRiskManagementBriefingPaper

5

AASHTOandnationalriskmanagementagenda.

Lessons from the Private Sector

ThekeynotespeakerwasKristenRebertus,thechiefriskofficerforthelargeagriculturalcoopera-tiveCHS.Itisadiversifiedagriculturalcooperativethatgeneratesover$42.7billioninannualin-comefrom65countries,Itinrecentyearsgrewfrom5,000to11,000employees.Thecoopera-tiveservesfarmersandotherproducers.Ms.Rebertussaidtheboardiscomprisedof17farmerswhoareself-made,successful,common-sensebusinesspeople.Shesaidtheboard’srecognitionofthesuccessofriskmanagementdemonstratesitspracticalapplication.KeyrisksfacingCHSin-clude fluctuating commodityprices that canhurt farmers’ income, critical food-safety concernsrelatedto foodproduction, theoperatingofa large fleet thathaulsethanolandothersensitivechemicals,andmostcritically,thesafetyofemployeesworkinginagriculturalandindustrialset-tings.

CHS started an enterprise riskmanagement program in 2010 because of a requirement by theU.S. Securities and Exchange Commission for full reporting disclosures. The cooperative had toreporttoitsmemberstheextenttowhichitsboardmanagesitsrisks,whichwouldbesharedbythememberowners. Now,thecooperativehascomprehensive, iterativeriskmanagementpro-cessbasedupontheISO31000framework.

ShesaidthefoundationofERMisriskawarenessandunderstanding.CHSwantsallemployeestounderstandtheCHSriskframework,toidentifytheirrisksandtoclarifywhoownseachriskandhowtheyaretomanagethem.CHStriestoidentifynotonlythreatsbutalsoopportunities.Un-derstanding risks and opportunities allows for better decisionmaking and communication. Shesaid throughmostlyacquisitions, thecooperativenowoperates14differentbusinessunits thatcouldfunctionassilos.However,byidentifyingkeyrisksandcommunicatingthemacrosstheor-ganization,CHScommunicatesacrossitssilosandbettercoordinatesbothitsmanagementofriskanditsachievementofobjectives.

Ms.Rebertusdescribedriskmanagementasa journey,notadestination.Shesaidsherefers to“stealthERM”bywhichshemeansriskmanagementisanotaseparatefunctionbutdeeplyem-beddedintotheorganization’sculture.CHSwantsacultureofriskawarenesswhereemployeesuseriskterminologyandriskcontrolsintheirdailywork.Sherecommendedkeepingthelanguageofriskmanagementsimplesothatallmembersofanorganizationcouldunderstandandpartici-pateinthediscussion.

Sheadvocatedforhigh-levelERMsponsorship.IntheCHScase,thereisaboardofdirectorsriskmanagementcommittee.Evenwithhigh-levelsupport,anorganizationcannotflipaswitchandexpecttohaveafullyfunctioningenterpriseriskmanagementeffort.Theprocessmustproceedmethodicallywithtraining,supportandincrementalprogress.CHSstartedslowlybytrainingstaffandhelpingthemconductrisk-identificationandrisk-managementworkshops.

EnterpriseRiskManagementWorkshopProceedings

6

AtCHS,riskmanagementservesasasortofleadingindicatorofsuccessorconcern.Theriskman-agementfunction looksaheadatwhatcouldbetherisksandopportunitiesfacing itskeyobjec-tivessuchasprofitability,foodsafety,andworkersafety.Atfirst,theriskmanagementfunctionlookedprimarily at negative threats but over timedevelopeda stronger focusuponmeasuringopportunities.Shesaidthepointisnotaboutavoidingallrisks,butrathertomanagethreatsandtotakewell-reasonedrisksiftheyleadtogreaterrewards.

CHSalsousesrisk-based“stresstesting”toplanforcontingencies.Thestresstestsarescenariosofeventspresentedtostaffwhoanalyzehowtheorganizationcouldrespond.Someofthesce-nariosmay involve falling farm prices, or threats to health or safety. Based upon the scenarioplanning,thecooperativecanidentifypotentialrisksandbetterplantoaddressthem.

One particularly useful exercisewas to have the board of directors identify various “risk appe-tites”orthresholdsofrisktolerance.Shefocusedtheboardupontheseriskthresholdsbyhavingthemreviewkeypolicies,suchasthoserelatedtosafetyandhealth.Fromthosepolicies,theor-ganizationcouldbetterdefinewhereitwaswillingtotakerisks,andwhereitwasnot.Whenriskthresholdsarelow,thestaffbetterunderstandtheymustexertmoreactiveriskcontrols.Whereriskappetitesarehigh,thestaffcantakemorerisksinpursuitofanopportunity,suchasachievinghigherprofitability.ShesaidCHS is riskaverse issomeareas,suchassafety. It is riskseeking inotherssuchastradingcommodities.

Risks are categorized into eight areas: strategic, financial, human resource, market risk, infor-mationtechnology,health,safetyandenvironment,legalandcomplianceandoperational.Somerisks,suchashealthandsafety,arenotassignedtoonegroup,butareuniversallyshared.

Examiningrisksleadstobetterunderstandingofrootcauses.Foodadulterationisakeyriskinthefood-processingindustry.Byidentifyingriskstofood-safetyprocesses,CHSbetterappreciatedthekeyroleofemployeetraining.Bettertrainedemployeesunderstandtheconsequencesoffailingtofollowpracticesthatpreventcontaminationandadulterationoffoodstuffs.Followingtheprac-ticesdiligently,resultsinlessadulterationandlowerrisks.

Shestressedthelinkageofriskmanagementwithperformance.Risksshouldbeviewedthroughanoperationallens.Iftheriskdoesnotpreventtheorganizationfromachievingakeyobjective,itisnotworthaddressing.Thoserisksthatcreatethegreatestuncertaintyaboutobjectivesaretheonesdeservingoffocus.

Despite theagency-wide focuson risk, the largeorganizationonlyhas twopeoplededicated toenterprise riskmanagement. She and an assistant help support the riskmanagement structurethrough training, conduct of workshops, production of risk-measurement tools, spreading riskmanagementpractices,creationofarisk library,andencouragingstaff to incorporateriskman-agement intodailyduties.Therisk libraryallowsemployeestosee,reportandmonitorrisks,aswellasfindriskmanagementresources.

EnterpriseRiskManagementBriefingPaper

7

DOT Risk Management State of the Practice

Anopeningexercise introducedbyconsultant teammemberHyun-AParkofSpyPondPartnersaskedparticipants to assess their current stateof thepractice. Participants discussedwhetherand how the workshop participants’ agencies practice risk management. Several themes werereiterated:

• U.S.agenciespractice riskmanagementdaily, and inmanyoperationalareas.However,riskmanagementispracticedinformallyandtheformalidentificationandmanagementofriskisseldomdocumented.

• Chief executive officers are the de facto risk officers,whether or not theyare officiallydesignatedassuch.“Thebuckstops”with themandtheirdecisionsmadeunderuncer-taintyconstitutestheagency’sriskmanagementprocess,however,informalitmaybe.

• ThereisabroadspectrumofformalityinU.S.agencyriskmanagement.• Agenciesinterestedinriskmanagementwantmoreresourcestolearnhowtoimplement

it,traintheirstaffandingrainitintheirorganization.• Riskmanagementpractitionerswanttounderstandhowtosustainthemomentumofrisk

managementparticularlyduringchangesofadministration.• Agencieswanttobetterunderstandhowtofund,hireandtrainemployeestosupportrisk

management.• Intimesofchange,itisevenmoreimportanttomanagerisks.• Managingrisksimprovesanagency’sreputation,andastrongreputationisimportantin

securingadequateresources.• Keyrisksfacingthetypicalagencyincludeanagingworkforce,decliningrevenues,andfor

manyagencies,bridgeconditions.• Transportationagenciesoftendon’tconsidermodalrisks,butfocusonlyonhighwayrisks.• Ifa“magicwand”existedtocreateasuccessfulriskmanagementprogram,leaderswould

createariskteamwithafocusonkeypartnerssuchastransitprovidersandcontractors.• Whileallagenciesinformallypracticeriskmanagement,itisimportanttoalignriskman-

agementpracticeswithformalandrecognizedframeworkssuchastheISO31000frame-workortheEuropeanCommitteeonSponsoringOrganizations(COSO)framework.

• Thereisvaluefortransportationagenciestoconductriskscenarioplanning.• Financesremainamajorrisk,andthetradeoffsagenciesmakerepresentasignificantrisk-

managementissue.

How ERM Benefits Executives

Threetransportationagencyrepresentativesdescribedhowenterpriseriskmanagementisassist-ing theirdecisionmakers. MichelleTuckerof theCaliforniaDepartmentofTransportation (Cal-trans)saidCaltranshasreliedonenterpriseriskmanagementforseveralyears.Asthechiefrisk

EnterpriseRiskManagementWorkshopProceedings

8

officer,sheattemptstodemonstratewithconcreteexamplesthebenefitsofERM,suchashowfunding andpurchasing decisions canbe shapedby risk. Caltrans’ audit programalso helps toidentifythetopoperationalrisks,whichcanbetrackedbytheagencyboardandleadership.Theagencyuses“heatmaps”orcolor-codedmatricestoshowwhichrisksarethe“hottest”orneedthegreatestattentionfromdecisionmakers.

RichardTetreaultoftheVermontAgencyofTransportationsaidhisagencyrecentlyhireditsfirstriskmanager.Itintendstouseriskmanagementtoimproveitsassetmanagementprocess,andoverallagencydecisionmaking.Mr.Tetreaultsaidexecutivesupport is important to influseriskmanagementinanorganization.

ThecentralpresentationforthesessiononhowERMbenefitsexecutiveswasmadebyMinnesotaDOTChiefofStaffEricDavis,whohadbeentheMnDOTchiefriskofficer.HesaidMnDOTstarteditsriskmanagementprogramshortlyafterthe2007collapseoftheI-35WbridgeinMinneapolis.Then-directorTomSorelwasbroughtinfromFHWAtoleadtheagency.HebroughtwithhimtheFHWAexperienceofenterpriseriskmanagementandheinstituteditatMnDOT.

ThetwoobjectivesforMnDOT’sriskmanagementprogramweretorestorepublictrustandtobeaworldleaderintransportationinnovation.Mr.Davisspokecandidlyofthebenefitsofriskman-agement but also said that in retrospect MnDOT had a false start that other agencies shouldavoid.TheMnDOTgoalwastobearecognizedinternationalleader,whichwasadifficultgoaltomeasure.Theagencytriedtodefinewithoutsuccesswhatitmeanttobeagloballeader.Head-vised participants to set practical, achievable goals for their risk management programs. Riskmanagementcanhelpaddressmeasurablerisksbutwaslesseffectivewithsuchasweepinggoal.

After TimHenkelparticipated in the international scan,MnDOTbeganbenchmarkingwithAus-tralian transportation agency practice and focused risk management more closely on narrow,practicalissues.Hesaidhewasskeptical,whichservedtokeeptheriskmanagementeffortsreal-istic.Riskmanagementisnotasolutiontoallproblemsbutitdoeshelpimprovedecisionmakingandraisestheagency’scredibility.

Fromhisriskmanagertenureheismostproudofariskassessmentmatrixthatprovidesagencyemployeesacommonframeworkformeasuringrisks.ItborrowedheavilyfromAustraliandocu-mentsandbuiltupontheirsuccess.Itprovidessevencategoriesofrisk,whicharenotdefinitivebutservetopromptthinkingaboutthetypesofriskstheagencyfaces. Itscategoriesofrisk in-cludereputation,businessandperformancecapability,financial,securityofassets,managementeffort,environment,andlegalandcompliance.Foreacharea,itdescribeswhatismeantbyacat-astrophicrisk,amajorrisk,amoderaterisk,aminorrisk,andaninsignificantrisk.Italsodefineslikelihoodfrombeingrareeventsthatoccurlessthanoncein10yearstoalmostcertain,thatoc-curseveraltimesayear.

AmongthetypesofriskstheynowfocusonareriskssuchasderailmentfromthehugeoiltrainsthattravelfromNorthDakotathroughMinnesota.Theypassthroughmanypopulousareasanda

EnterpriseRiskManagementBriefingPaper

9

derailmentcouldbecatastrophic.

Headvisedagencyofficialswhoarenewtoriskmanagementtofocusuponpracticalsolutionstoeveryday risks. Focusing on the risks in operational plans are realistic, as opposed to trying tomanagebroad,overarchingrisksinalongrangeplan.Athreetofouryearhorizonisareasonabletimeframeformanagingrisksbecausebeyondthatriskmitigationeffortsarelessmeaningful.Healso advised to build a staff to support riskmanagement, although inMinnesota the staffwasnevermorethanacoupleofpeople.Hesuggestedinterfacingwithall levelsoftheorganizationandtobuildinternalsupportforthebenefitsofassistingworkunitswithmanagingtheirrisks.

Managing Risks to Extreme Events and Threats to Resilience

Consultant teammembers ShobnaVarmaof the StarIsis Corp. introduced the concept of usingriskmanagementtoprepareforextremeweatherandtransportationnetworkdisruptions.Erraticclimateandextremeweatherarethenewnormalbutthetypeandnatureofdisruptiveeventcanvarywidely.Shesaidalthoughitisdifficulttopredictaspecifictypeofevent,therearebroadriskmanagementstrategiesagenciescanadoptthatbetterpreparethemtoaddressavarietyofdis-asters.

Preparingthetransportationnetworksothatitisrobust,resilientandredundantisrecommendedbyclimatechangeorganizations suchas the IntergovernmentalPanelonClimateChange (IPCC)andtheFederalEmergencyManagementAgency(FEMA).The“ThreeRs”won’tpreventextremeweatherbuttheyreducetheimpacts,whichmitigatestherisksofdisruption.Alsorecommendedare “NoRegrets” strategies thathavebenefitsbothduringextremeweathereventsandduringnormalconditions.Thesearestrategiesthathaveindependentbenefitbutalsohelpmitigateex-tremeweathereffects.Examplescouldincludereducinglandusedevelopmentinfloodpronear-eas, or having sound asset inventories that can be used to identify high-risk assets. They arecalled“noregrets”strategiesbecausetheyhavebenefitevenifsevereeventsdon’toccur.

John Milton of the Washington State DOT (WSDOT) described the agency resiliency planningbasedupontheFHWAClimateChangeandExtremeWeatherVulnerabilityFramework.1Hecom-paredresiliencetobuyinginsuranceforfutureperformance.Thequestionishowmuchdoestheagencywanttospendoninsuringfuturenetworkperformancewithoutsacrificingresourcesthatcouldimprovesafetyorachieveotherimportantobjectives?

TheWashingtongovernorinstructedtheagencytoexaminethetransportationsystem’sresiliencestatewide.Eventssuchasalandslidethatkilled43peopleandextremedroughtthathascausedarainforesttoburnincreasesappreciationforthelikelihoodofextremeevents.TheWSDOTeffortconducted scenario analysis to analyzewhat couldhappenwith increased climate extremes in-cludingprolongeddrought,more intenseheat,more severe stormevents and rising sea levels.Although the scenarios involved complexmeteorologicalmodeling, theanalysisof roadway im-pactswasconductedwithfieldstaffandagencysubjectmatterexperts.Theirmethodologywassimple and straightforward.Basedupon their experienceofhow their assets and roadway sec-

EnterpriseRiskManagementWorkshopProceedings

10

tionsperformedinpastevents,thestafftheorizedhowtheymayperforminthefuturebasedup-ondifferentscenarios.

Staffwereprovidedcommondefinitionsandratingscalessothattheanalysiswouldbecompara-blebetweendistrictsandregionsofthestate.Thecriticalityofassetswasratedona1-10scaleafter they considered basic questions such as, “What keeps you up at night?” “What if it getsworse(giventhescenario)?”“Howresilientisourexistingsystem?”

Staff discussed possible impacts such as higher temperatures affecting bridge expansion joints,pavements,railtracks,constructionperiods,habitatprojectsandelectricalequipment.Increasedprecipitationwasconsideredfromitseffectonfloodingroadsandtunnels,roadwashouts,pumpcapacityanddrainage.

Hydrologic shiftswere considered as possibly affecting soil stability,water supplies, and bridgeandroadsupportstructures.

Sea level rise and storm surgeswere reviewed for impacts on coastal erosion, flooding, bridgefootings,drainage,roadsidestabilityandsaltcorrosion.

Definitionsandscalesforhowtomeasuredifferentimpacts,fromminorimpactstocompletecat-astrophicfailure,wereprovidedtothestaff.Theproductoftheanalysiswasalistofassetsmostlikelytobeaffectedandstrategiesforimprovingnetworkresilience.Affectedassetswererankedandmapped.Theriskanalysisidentifiedhowknownthreatswillbeintensifiedbymoresevereweather,anditreinforcedthevalueofcurrentmaintenanceandretrofitprograms.Theprocessofusingfieldandofficestafftoidentifyandratehazardsprovidedameanstocapturetheinsightsofstaffinapracticalway.

TheWSDOTanalysisdemonstratedhowrelativelysimpleriskmanagementtoolscanbecombinedwithstaffexperiencetoproduceameaningfulanalysisofassetsmostatrisk.Ameasureofsuc-cesswillbeifin50years,peoplesay,“I’msogladtheythoughtofthis.”

DavidKuhnoftheNewJerseyDOTalsodescribedhisagency’suseoftheFHWAclimatechangeimpactframeworktoidentifytheState’sclimaticriskstoitstransportationsystem.Ithadthreegoalswhichweretoidentifykeytransportationassets,developclimaticscenariosfor2050and2100,andoverlaythefindingstoassesspotentialfutureimpacts.Itmodeledtworegions,acoastalstudyareaandaninlandcorridor.Baseduponexpectedsealevelriseandincreasedstormseverity,themodelingindicatedthatin2100inthe“medium”climatechangescenariotherewouldbea1metersealevelrisewithstormsurge,that48.5milesofroadwaywouldbeimpactedpotentially,2.9milesoftransitlinesaffectedand31milesoftotalraillinesinundated.Intheinlandstudyarea,the“medium”2100impactswere81milesofroadwaypotentiallyim-pacted,includingmajorroutessuchasInterstate295,Interstate276andU.S.130.Aswell,138milesofrailincluding11.7milesofAMTRKwouldbeaffected.

Risk-mitigatingadaptationstrategiesidentifiedincluded:

EnterpriseRiskManagementBriefingPaper

11

• Sitefutureinfrastructureoutoforaboveestimatedfloodimpactzones;• Identifyorcreateredundantroutes;• Abandonorrelocateinfrastructureinchronicallyfloodedareas;• Assistwithlandusepoliciesthatdiscouragedevelopmentinhigh-riskareas;• Enhanceshorelineinfrastructuresuchaswithseawalls;• Elevateinfrastructure;• Enhancedrainage;• Prepareforclosureswhennecessary;• Establishandupdatedetoursandevacuationroutes;• Improvetravelernotificationofclosures;• Increaseinspectionsandmaintenance;• Maintainwetlands;• “Nourish”oraugmentbeaches.

Recommendationsincludedassessingdecisionmakers’acceptanceofthevalidityoftheforecasts.Aquestion ishowmuchare theywilling tomakedecisionsbasedupon theclimateand impactmodels?Theanalysisalsoidentifieddatagapsonelevationsforbridgesandculverts.Italsoiden-tifiedgapsinunderstandingtheimpactsofincidents,suchasinfrequent,localizedfloodclosures.Finally,thestudyrecommendedahigh-levelvulnerabilityassessmentfortheentirestate.

Followingthepresentation,theparticipantsbrokeintogroupsforexercisesonextremeweathereventrisks.Theychosefromdifferentscenariosandthenidentifiedtherisksthatcouldbegener-ated.Therisksidentifiedfromthescenariosincluded:

Extreme Heat Events –Would generate health risks to theworkforce and increase equipmentfailures.Mitigationstrategiescouldincludenight-timeworkandavoidingoutsideworkduringthehottestperiods.

IncreasedStormIntensity–Thehighestriskswereincreasedfloodingandtheimpactonalterna-tiveroutesnotdesignedtoaccommodatethetrafficvolumes.Otherrisksincludedharmtoeco-nomicactivityandgoodsmovement.Treatmentsincludedpreparingtosandbagroutes,planningfordetoursandmoreoutreachtounderstandtheimpacts.High-riskareassuchastheNorthCaro-linaOuterBanksweresingledout.Resiliencyandredundancycouldbeimprovedthroughemer-gencyplanning,andincrementally improvingevacuationroutestowithstandmoreseverestormevents.

IncreasedSnowfall–Risksfromincreasedsnowfallwouldbeinfrastructuredeteriorationcausedby increased chemicaluseandplowing.Also lessmoneywouldbeavailable for investmentbe-causeofhighertreatmentcosts.

IncreasedPrecipitation–This scenario led to the identificationofmany risksbutonlyonehighprobability/highimpactriskwhichwasmoistureimpactsinthepavementsaffectingperformance.

EnterpriseRiskManagementWorkshopProceedings

12

Ms.Varmanotedthelessonsoftheexercisewhicharethatriskidentificationcanbedonequickly,anddetaileddataarenotneededtoidentifythehighestrisks.Veteranstaffexperiencecanbethemostvaluabletoolforidentifyingwhichassetscanbeaffectedbysevereevents.

Managing Financial Risks

Riskmanagementsupportslong-termfinancialplanningbyenablingdecisionmakerstoevaluatetheuncertaintythatsurroundskeyfinancialissues,suchasrevenueforecasts,inflationestimatesorlegislativebudgetingdecision.Theworkshopparticipantsdiscussedfinancialrisksandhowriskmanagementcanhelptoidentifyandprepareforthem.

ScottRichrathofSpyPondPartnersintroducedtheconceptoffinancialrisks.Henotedthatagen-ciestrytomanagetherisksoffutureincomevariabilityandfluctuatingprices.Anexamplecouldbeconsideringhedgingfuturefuelpricesbylockinginpriceswithlong-termcontracts,whichcansavemoneyifpricesrisebutlosemoneyifpricesfall.

Ms.Varmaintroducedtheconceptofrisktreatmentbyexplainingthefive“Ts”. Whenfinancialandotherrisksareidentified,decisionmakerscandecidetotreat,tolerate,terminate,transferortakeadvantageofthem.

The participants broke into groups and discussed risks posed by financial issues including: Therisksandrewardsoftheone-timerevenueinfluxfromtheAmericanRecoveryandRe-InvestmentAct, the riskofCongressional fundingactionor inaction, risks surrounding revenueprojections,theriskof inflationprojectionsandrisks inagencies’abilitytomanageexpensesandaddressfi-nancialneeds.

Amongthethreatsandopportunitiestheyidentifiedwere:

• ARRA presented opportunity but also a threat by giving a false impression of the re-sourcesagencieshad;

• ThecontinuedlackofFederalfundingcreatesanopportunitytoemphasizetheneedforadditionalStateinvestment;

• IncreasingState investmentwouldbea formof risk treatmentwhileagencieswill likelyhavetotoleratealackofadditionalFederalinvestment;

• Onegroupsuggestedsomefundingriskscouldbetransferredtopublic,privatepartner-ships,orPPPs.

Communicating Risks to Legislators and Key Stakeholders

Riskmanagement improvescommunication. It allowsanorganization tocommunicate to its in-ternal and external stakeholders the uncertainties surrounding its objectives. It also communi-cates that the organization was responsible by anticipating what could go wrong, what couldthreatenitsobjectives,andwhatcouldthreatenthesafetyof itsstakeholders.Finally, italsoal-

EnterpriseRiskManagementBriefingPaper

13

lowsorganizationstodocumenttheyhaveconsideredtherisksbeforeattemptingtocapitalizeonanewopportunity.

TimHenkel presented on howMnDOT integrates risk into its performance, planning and assetmanagement functions.Theagency’s long-range,50yearvisiondrives its investmentplans.Theinvestmentplansintegrateperformanceplanningandriskassessmenttoestablishfundingpriori-ties.Theconsiderationoffundinglevelsconsiderstheimpactofdifferentinvestmentlevelsupontheagency’sperformancetargets.Then,theagency’sperformance-reportingandmonitoringpro-cessesevaluateprogressandreportperformancetothepublic.

Theagency’s20-yearinvestmentplaniscalledtheMinnesotaStateHighwayInvestmentPlan,orMnSHIP.Itincludesobjectivesinmajorprogramareassuchassafety,assetcondition,andmobili-ty.WithintheMnSHIPplan,differentperformance-leveloptionsweredescribed,eachwithadif-ferentcostandadifferentoutcomeonsystemconditionandperformance.Therisksforeachin-vestmentscenarioweredescribed.Therisk for investingmore into infrastructureconditionwasthatcongestioncouldincrease.Investingmoreinmobilityleadstodecliningassetconditions.Theplan illustrates the current investment program that balances both asset condition levels withfunding only themost importantmobility projects.MnSHIP communicates that the agency hasconsideredrisksbothtoassetconditionsandtomobility.Itattemptstokeeptherisksofpooras-setconditionandpoorassetperformancereducedtoacceptablelevels.

Mr.Henkelshowedagraphicwiththreeperformancelevels.ThelesstheStatespendsoninfra-structuremaintenance themore risk to asset condition and performance it experiences. It canreduce the riskof crashes, congestionandpoorconditionsbutonlybyspendingmore.MnSHIPillustrateshowtheagencyattemptsto integraterisk,performance,assetmanagementandpru-dentspendingtoachievethebestoverallreturnandthelowestriskswiththeresourcesithas.

As inthe ISOframeworkseen inFigure1,theMinnesotaDOT’scontinuousreviewof itsperfor-manceservestomonitornotonlyitsperformancebutalsoitsmanagementofitsrisks.Ifitdeliv-ersthebalancedprogramidentifiedbytheMnSHIPanalysisitwillcontinuetoreducetheriskstoits asset conditions and to the State’smobility.MnSHIP sets 20-year investment priorities.Dis-tricts’ 10-year programsmanifest theMnSHIP objectives through specific projects. Annual per-formancereviewensurestheprojectsaredelivered,andtheMnSHIPobjectivesareadvancingasplanned.

JohnMiltondescribedhowriskandperformancereportingallowanagencytobettertellitsstoryonconditionsandneeds.Itcanhelptoinformthemedia,electedofficials,decisionmakers,man-agers,andemployees.Italsosupportsincreasedproductivity,theunderstandingoftheeffective-nessofdifferentstrategiesandinvestments,anditreducesliabilityandrisk.

HeillustratedhowWSDOTusedriskanalysistocommunicateinvestmentneedsinitsferrytermi-nalsandfleet.Thesinkingofaferryobviouslywouldbeacatastrophe,andtherefore,thesafetyofthefleet isparamount.BecausethemobilityofasignificantportionoftheState’spopulation

EnterpriseRiskManagementWorkshopProceedings

14

dependson thereliabilityof the ferrysystem, itsperformancealso iscritical.Thedepartment’sperformancereport,knownastheGreyNotebook,describestheferryconditionsandinvestmentneedsintermsofbothperformanceandrisk.Lowpreservationinvestmentsinvesselsresultedin33.4percentofthevalueofthevesselsrequiringpreservation,comparedtoatargetof24.7per-cent.In2007,fourvesselshadtobepulledfromserviceandemergencyreplacementfundswererequired.

Arisk-prioritizationmatrixhelpstoprioritizeferryvesselpreservation.Basedonthelikelihoodofthesystemfailingandtheconsequencesofthefailure,vesselconditionswereratedasa1,2or3.Condition3indicatedthehigherpossibilityofcatastrophicfailureorthelong-termdisruptionofservice.Alevel1assessmentindicatedthattheassetorsystemdoesnotcurrentlyneedreplace-ment. Thedocumentationof the fleet conditionby risk level helped communicateboth the in-vestment need and the agency’s logic for identifying the needed investments. The risk-basedanalysisalsoallowsWSDOTtoreport,thatbyvalue,8.3percentoftheferrysystemassetsareintheConditionRating3andrequirereplacement.

Healsodemonstratedaninternalriskreportingsystemthatallowsemployeestoaccessdepart-ment-wide-riskinformation.Thereportingsystemkeepsinternalstakeholdersinformedwhiletheperformancereportingcommunicatestoexternalstakeholders.

Risk Management to Support Key Agency Priorities

ShobnaVarmadescribedhowriskmanagementhelpsexecutivesachievetheirstrategicgoalsandmanagerisktohighpriorityobjectives.Shenotedthatthe“buckstops”withtheCEOwhowillbeheldaccountableifobjectivesarenotachievedormajorprocessesbreakdown.Shecitedseveralareaswhereriskmanagementcanaidexecutivesinmanagingriskstokeyperformance.

Ms.VarmanotedthebiennialreporttoCongressfromtheU.S.DepartmentofTransportationin-spector general. Although agency executivesmaynot be awareof the risk causedby fraudormalfeasance, the inspector general’s report documents monthly indictments and convictionsamongStateemployeesandcontractorsforabusingFederal-aidfunds.Arobustriskmanagementprogram would evaluate risks to major programs, and risks caused by fraud and malfeasanceshouldbeamongtherisksconsidered.

Projectrisksareanothercommonareaforfocusingariskmanagementprogram.Riskstothecost,scope, schedule and quality of construction projects are among themostmature areas of riskmanagement. She said thatexecutiveswho consider creatinganERMprogramshould considerincludingtheregularmanagementofprojectrisks.

Criticalriskstoprivacyaredemonstratedeverytimethereisanothernewsreportonacorpora-tionorgovernmentagencybeinghacked.BecauseDOTpersonnelandinsurancefilesmayincludesensitiveprivacydata,theagencyfacessignificantinformationandhackingrisksifitdoesnotin-clude proper firewalls and controls. Again, a robust riskmanagement programwould include

EnterpriseRiskManagementBriefingPaper

15

evaluationoftheagency’sdataandprivacyrisks.

Managingriskstoemployeehealthandsafetyisoneoftheoldestformsofriskmanagement.IfanagencyinstitutesanERMprogram,itwillwanttoincludearobustrisk-managementprogramtoidentifyandmitigateriskstoemployees’safety.

Workshopparticipantscontributedtheirobservationsonhowriskmanagementhelpstheiragen-ciesachieveitsmostcriticalobjectives. CEORudyMalfabonsaidtheNevadaDOT(NDOT)isde-velopinganenterpriseriskmanagementprogram. Amongthefactorscontributingtotheeffortweretherisksidentifiedfora$500millionmajorpublic-private-partnershipproject. Amongtheriskstheagencyrecognizedwereriskstotheright-of-wayacquisitionandrelocationscheduleandbudget, the cash flow risks, how the risks may change if the project were pursued as a de-sign/build versus a P3, andwhat deliverymethodmost reducedNDOT risks. Other riskswerewhetherbondingfortheprojectwouldaffectthetotalprojectcostandtheagency’scashflow.

Theagencyanalyzedtheproject’srisks,includingriskthatexpensiverights-of-waywouldincreasefurther in cost. The risk facedby thehigher project costs caused the agency to becomemorecognizantofprojectcostrisk.Itisnowevaluatingright-of-wayparcelsbasedontheirriskofcostescalationandusing the information to redesign,or reconsider,projects.Hesaid theriskeffortbegansmallwhenoneprojectmanagerwhowasknowledgeablewithoneriskmanagementsoft-waresteppedupandtooktheleadonmanagingrisks.Now,thatprojectmanagerisservingasatemporaryriskmanager.

Theagencyplanstopursueriskmanagementacrosstheenterprise.Ithasidentifiedrisklevelsatthecorporatelevel,atthefunctional/departmentlevel,andattheproject/operationslevel.Itwillbeevaluatingriskstoitscapitalplan,willconductaglobalriskassessmentandwillreviewriskstoitsfinancialplans.Hesaidtheagencyplanstoprovidetrainingonriskpolicies,rolesandrespon-sibilities,andavailablereferencematerials.

MichelleTuckerofCaltranssaidofficialstrytomaketheriskprocessapproachableso itcalls itsstandardpresentation,“RiskyBusiness.”ItwasimportanttothenewCaltransboardtohaveariskmanagement process and so her officewas created in 2013. Caltrans adopted the ISO 31000model.Atthetime,therewasn’talotofinformationavailableonhowtostartanERMprogram.BecauseMinnesotaandWashingtonDOTsreliedontheISOframework,Californiafollowedsuit.

An importantconsiderationforCaltrans is thatERMshouldnotbenarrowlyfocusedbutshouldlookatasmanyrisksaspossible,andunderstandhowdifferentrisksinteract.

Theirtoprisksaresummarizedina50pagereport,andtherisksbreakdowntotheCentralOfficeandtothe12districts.Herofficeproducesaprimaryenterpriseriskmanagementprofileandtwodivisionalriskprofiles.She ispartofatwo-personstaffwhotraveledtoeachdistrictoverthreemonths.Theymetwithseniordistrictleadershipandspentahalfdayidentifyingtheirrisks.Theyusedapostitnotetechniquesimilartothatusedintheworkshop.Theyhavestaffidentifyrisks,writethemonnotesandpostthenotesonlarge,map-sizeriskmatrices.Theemployeesviewthe

EnterpriseRiskManagementWorkshopProceedings

16

risksidentifiedbytheircolleaguesanddevelopconsensusonthetopones.Morethan1,000riskswereidentifiedandthenprioritizedtothetop15riskcategories.Those15categorieswerepre-sentedtotheCaltransexecutiveboardforhigh-levelfocus.

The15highestcorporateriskcategorieswere:

• DevelopOurWorkforce• DevelopShelfReadyProjects&ProjectInitiationDocuments• EnhanceCommunicationtoImproveReputation• EngageandSupportEmployees• EthicalEmployees&StrongPerformanceManagement• FinancialRisksfromExternalMandates• FlexibilityinEnvironmentalStewardship• FosterPartnerships• IncreaseEquipment&VehicleAvailability• InnovativeInformationTechnology• ReinventCaltransCulture• StrategicCellPhoneDeployment• StreamlinetheDeliveryProcess• StrengthenContract&ProcurementProcess• SupportSkilledandEthicalSupervisors

Ms. Tucker said because the agency’s top five goals run the gamut it’s not surprising that theidentifiedrisksalsoarediverse.

The top risks formed the agency’s Enterprise Risk Profile. Treatment plans were identified formostof the top risks, andperformancemeasureswereestablished for the2015-2020StrategicManagement Plan. Additional audit planswere developed to evaluate the controls associatedwith the risks identified in the department’s discipline process, financial systems, and projectidentificationprocess.

Ms.Tuckersaidtheriskworkshopskeptemployeesfocusedontheagency’skeyobjectives.Dur-ingtheworkshops,theypostedtheagency’sobjectivesonthewall.Ms.Tuckersaidherstaffde-velopeduseful forms allowingworkshopparticipants to stay focusedon key agencyobjectives,andtoquickly identifyriskstothem.Theforms listtheagency’stopobjectivesand leadpartici-pantstoconsiderriskstothoseobjectivesfromtheareasof:

• safetyandhealth• stewardship,efficiency,sustainability• livabilityandtheeconomy• systemperformance• organizationalexcellence.

EnterpriseRiskManagementBriefingPaper

17

Ms. Tucker said they emphasize that risks are threats and opportunities. Based on the partici-pants’perspective, theywerepredisposed to identifyeither risksoropportunities.Shesaid theauditofficeidentifiedonlythreatswhilethepublicaffairsofficeidentifiedonlyopportunities.

Shesaidwhilethefirstroundsofrisk-identificationworkshopstookthreemonths,itmaytakelesstime in subsequent rounds.She found thatvisitingalldistrictswas important togeneratecom-mitmenttoERM.Theystarted inMayandbyOctober theyhad identifiedtheir risks,andspentanothermonthdevelopingreports.

Tobecomeamorerisk-consciousorganization,shesaidCaltranswantstocompareitselfagainstamaturity model. The agency has a five year strategic plan to reach the optimized risk level.Amongthematurityobjectivesaretodeployriskmanagementdowntothefrontlines.Shesaidtheylearnedittakesbetweenthreeandfiveyearstodeployriskacrosstheorganization.

JohnMilton illustrated the concept of using riskmanagement to support agency objectives byfocusinguponhowWSDOTusesriskmanagementtoachieveitsprojectandprogramobjectives.Theagency’srisk foron-time,on-budgetprojectdelivery increasedovertheyearsastheWash-ingtonLegislaturemovedtoidentifymoremajorprojectsthroughlineitemsintheagencybudget.Years inadvanceoftheprojectbeingreadyforbid,theLegislature identifiestheprojectand itsconstructionbudget.Mr.Miltonusedacharttoillustratethemanyinterconnectedactivitiesthatall must be coordinated in order for a project to be delivered on time, on budget and withinscope.Eachcomponentofthecomplexchartrepresentsafunctionthatcouldcreateriskfortheproject.Whenalltheriskstoallprojectsareconsidered,theyrepresentmanyriskstotheoverallconstructionprogramtheLegislaturewantstheagencytodeliver.

Theagencybeganemphasizingriskmanagementwhenbetween2001and2011itexperienceda48percenterosioninpurchasingpower,whichdisruptedplanstodeliverasetofprojectstobefundedwitha5centfueltaxincrease.Atthesametime,theState’sferrysystemstruggledtopayforfuelincreases.TheagencywasachievingitsbridgeandpavementconditiontargetsbutaskingtheLegislatureformoremoneytosustainthem.

WiththeLegislatureunwillingto lowertargetsandobjectives, theagencyhadtouserisk-baseddecisionstoachievethesameobjectives for lesscost. It shiftedthe focusof itspavementpro-gramfromhotmixoverlaystomorerelianceonchipseals.Theagencybalancedtheriskoflowerpavementperformancewith theopportunityof thecost savings. He said theagency still facesrisks,suchashundredsofmilesofagingconcretepavementsthateventuallymustbereplaced.However,todateitsfocusonmanagingriskhasallowedittoachievehigherpavementconditionswith less cost. It also canmore accurately predict the risks to achieving itsmajor constructionprogramwithintheLegislativelimits.

How Risk Management Supports Performance

Earlyintheworkshoptheconnectionbetweenriskmanagementandperformancemanagement

EnterpriseRiskManagementWorkshopProceedings

18

was emphasized. As the ambition and complexity of an organization’s performance objectivesincrease, sodotherisks to them. Anorganizationcan’tachieve itsgoals if it can’tmanagetherisksthatsurroundthem.Asobjectivesbecomemorecomplex,sodotheirrisks.

JohnMiltondiscussedhowriskmanagementsupportsperformancemanagementatWSDOT,em-phasizingthesafetyprogramasanexample.Washingtonisalitigiousstateandtheagencyhasnosovereignimmunity,andtheStatehasjointandseveralliability.ThatmeanstheDOTismorelike-lytobefoundliableforcrashes,evenifroadwayconditionswereaminorfactorinthecrash.

Usingrisk-basedanalysis,theagencyispursuingsmall, less-expensiveprojectsbutonesthataremoreeffective.Designing to theGreenBookstandardscan leadto“overdesign.”Designing foroptimal roadwayconditions isexpensiveand it addresses crashes that canbepossible,butnotnecessarilyprobable.WSDOTshifteditssafetyprogramfocustoisolatefactorsthatareprobablecontributing factors. Instead of designing for a 20 year horizon, it focuses safety funds on ad-dressingthenarrow,immediatefactors.Moneysavedcanbeusedonotherlocations,ratherthandesigningtoastandardthatmaynotproducesafetyresults.

Heillustratedhowtheagencyusedstatistical,risk-basedanalysisofthecontributionofhighwaylightingtosafety.Thetraditionalassumptionisthatlightingreducescrashes.However,analysisofcrashdatashowedthatlightingmadelittledifferenceintwilightconditionsofdawnanddusk.Inheavily urbanized areas, the density of traffic created adequate lighting from themany vehicleheadlights.Intheearlymorninghours,trafficwasthinandlightingseemedtohavelittleeffectoncrashes.Theagencywasabletoreducethehoursoflightingwithoutnoticeablesafetyeffectbutwithsubstantialcostsavings. Ithasreceivednocomplaints,andreceivedsomepraisefromthe“darksky”advocates.

The“riskthreshold”theagencysetswillbedeterminedbytheresourcesithas.AlthoughWSDOTis a “target zero” State (aligningwith the FHWA vision “Toward Zero Deaths”), it lacks the re-sourcestoeliminateallriskfactors.Alsoexecutivesknowthatcrashesoftenarecausedbydriverbehavior independentof the roadwayconditions. Howmuchcrash riskanagencymustacceptwill be driven by the resources it can direct. If it has substantial resources, it can have a lowthresholdandmitigatemoreroadwayconditions.Iflikemostagencies,ithaslimitedresources,ithastotolerateahigherthresholdofcrashriskandfocusitsresourcesonthehighestcontributingfactors.ForWSDOT, its toppriority safety riskswere identifiedas impaireddrivers, run-off-the-road crashes, intersection related, speeding, young drivers, distracted drivers and traffic safetydatasystems.

WSDOTlikemanystatesfounditincreasinglydifficulttofindtraditional,high-crashlocations.In-stead,itmovedtoamoresustainable,systematichighwaysafetypolicy.WSDOTviewssafetynotasanabsoluteblackandwhitelinebutratherfromariskperspective.Fromariskmanagementbasis they think they can strengthen their legal position by changing the debate tomore fact-basedanalysisonthecausativefactors.

EnterpriseRiskManagementBriefingPaper

19

Launching an ERM Program

Gordon Proctor described the sections from the upcoming risk management guide on how tolaunchariskprogram.TheguidesaysthatthreecomponentsarenecessaryforasuccessfulERMlaunch:ariskpolicy,risktools,andprocessestointegrateriskconsiderationintonormalbusinessoperations. Presentations fromMichelle Tucker and JohnMiltonprovided case studiesofhowriskmanagementwaslaunchedinthetwoagencies.

InCaltrans,theinterestinriskmanagementwasspurredbyseveralissues.Episodesofemployeemisconduct ledboth theagencyandthe legislature to recognize theneedtocontrol suchrisks.Employee surveys ofmanagers and supervisors recognized the need to helpmanage risk withemployeesthroughouttheorganization.Finally,theMAP-21emphasisonriskmanagementcon-vincedtheorganization’sboardtoimplementanenterpriseriskmanagementprogramin2013.

Initially,executivesmaythinkitisanother“businessspeak”,“flavorofthemonth”fad.However,Caltransexecutivesbetterunderstoodtheneedfor itafterbenchmarkingagainstcorporateriskmanagementprograms,whichareessential in thecorporateworld.Also, legislationsuchas theSarbanes-Oxley Act that requires riskmanagement for corporations further convinced Caltransofficialsthatriskmanagementisabestpractice.

After reviewing the ISO framework and examining practices in the corporate world, Caltransadoptedenterpriseriskmanagementwiththefollowingattributes:

• Enterpriseriskmanagementshouldencompasstheentireagency.• Itshouldidentifyrisksfromvarioussourcesandrecognizehowtheyrelate.• Riskmanagementshouldbeembeddedintheagency’sculture.

ShesaideveryonealreadypracticedriskmanagementfromthemailroomtotheboardroombutitwasaninformalprocessuntilCaltransadoptedtheISO31000framework.Caltranshadlongbeena leaderonproject riskmanagement.With theadoptionofERM itexpanded itspracticeat theagencylevel,theprogramlevelandattheproject/activitylevelforafullenterpriseriskmanage-mentprogram.

Thedevelopmentofthebiennialriskassessmentsacrossalldistrictsanddivisions,andtheactivemanagementoftheidentifiedrisks,helptocascaderiskmanagementthroughouttheagency.Theeffortrequiredstrongexecutivereport,whichcamefromtheExecutiveBoard.In2013,itcreatedtheOfficeof EnterpriseRiskManagement. Since then, the scopeand formalityof riskmanage-mentexpandedsignificantly.

She compared the traditional riskmanagement approach to a sailing trip by ancientmariners.Sailors could survive storms in unchartedwaters by being adventurous, through heroic efforts,andthroughcontinuallyreactingtopanicanduncertainty.Anagencythatpracticesenterpriseriskmanagementresemblesamodernsuper-cargoshippingcorporation.Itscargoisinsured,courses

EnterpriseRiskManagementWorkshopProceedings

20

arechartedandcontingencyplansinplace.ByadoptingtheISOframeworkandbyidentifyingitstopcorporaterisks,anorganizationcanactmore like thecargoshipcaptainwhohasmitigateduncertaintiesandidentifiedcontingencies.

TheagencycontinuestodevelopnewtoolstoassistwithitsERMprogram.Ithasdevelopedheatmaps and consequence tables so its employees can have a common understanding of how tomeasurethelikelihoodandimpactofrisks.Italsodevelopedaninnovativeheatmapthatallowsthemappingofboththreatsandopportunities.Thetwoaremappedinmirrorimagewithpromis-ingopportunitiesshownononesideoftheheatmapandthreatsshownontheother.

ItisdraftingtrainingtodevelopdistrictanddivisionERMchampions.Also,trainingforallemploy-eesisbeingdevelopedtoexplaintheroleandusesofriskmanagementinCaltrans.

JohnMiltondescribed theevolutionofERMat theWashingtonDOT. WSDOT first startedwithrisk-based asset management, then focused on project cost and schedule risk estimation, andmorerecentlyisincreasingthematurityoftheentireenterpriseriskmanagementprogram.

Getting staff to consistentlymeasure riskhasbeena focus forWSDOT. Its success in achievingstrategicgoalsandobjectivesrequires thatperformance,asset,andriskmanagementprogramsworkacrossboundaries.Thisteameffortincreasesefficiencyandeffectiveness.

A firststep inERMis tounderstandwhatconstitutesarisk;howprobablethat risk is;andhowseveretheimpactmightbeiftheriskweretooccur.WSDOThascreatedamatrixthatcontainsthedefinitionandcategoriesofriskssothatemployeeshaveatoolforcommonmeasurement

Thenext stepatWSDOTwas thedevelopmentofausable tool fordefining, linking tostrategicobjectives, measuring, mapping and mitigating risks. With risk management for projects, pro-grams, assets and the enterprise, theDepartment has developed a strong culture of riskman-agementandinter-officedialogue.Asaresult,understandinghasincreasedforallareasandper-spectives.

Thequestionof“whyenterpriseriskmanagement?”canbeansweredinseveralways,basedontheWashingtonexperience.ERMhelpstooptimizedecisionmaking.The“riskportfolio”needstobalancerisksandopportunitiesacrosstheenterprise.Hesaidthekeyistolookacrosstheenter-prisesothatthestrategiestodealwithrisksoccuracrossfunctionalboundaries.

Anumberof riskmanagement tools canbepurchasedbutWSDOTdeveloped itsown in-housetools.SomeofitstoolswereadaptedfromtheNewSouthWales,Australia,transportationagen-cy’sriskmanagementprocess.ItsCostEstimationValuation/CostRiskAssessmentandERMtoolscanbefoundonitswebsite.Italsohason-lineanumberoftoolssuchasalikelihoodandimpactdescriptionmatrix that staff canuse toensurea commonmeasurementof risks across thede-partment.Onetoolusessliderbarsfortheprobability,exposureandconsequenceofarisk.Theusersetsthesliderbarsonascaleforeachofthethreemeasuresandthetoolgeneratesariskrating.Mapsofhigh-riskassetsareusedtocommunicateriskssuchasunstableslopesandflood-

EnterpriseRiskManagementBriefingPaper

21

inghazards.Mapsalsoareusefulforidentifyinghigh-riskcrashlocations.Theclimatechangeriskanalysisresultsthatwerementionedearlierarekeptavailabletoassistwithplanningforrepairofslopes, culvertsandotherassets thatmaybeat risk fromclimaticevents.Theuseof riskman-agementtoexpandtheapplicationofchipsealsprovidescommunicationtoolsforhowtheagen-cyisdealingwithitsfundingcrisis.

Theexpandeduseofriskmanagementcoincideswithitstighteningfiscalsituation.Asitlooksforefficiencies,itcanuseriskmanagementtofinetuneexpenditures.Itcanacceptmoreriskinsomeareasinordertofreeresourcesforothers.Thereductioninhighwaylightingisjustoneexample.Anotherisarisk-basedanalysisof“hardshoulderrunning”wheretrafficisallowedonshouldersduringpeakhours.Thisalternativecancreatesavingsand improvedmobilitybut italsocreatesrisksifshoulderscan’taccommodatetheloads,orvehiclescrashintoadjacentbarriersandrails.

A legalrisksummitwasheldwiththeattorney’sgeneralofficeandWSDOTofficialstoviewkeylegalrisksandtodiscusskeyagencyprogramstomitigatethem.Traditionalriskmitigationstrate-giesare inplacesuchasself-insuring theagency for tort liability,andrequiringcontractorsandvendorstohaveliability insurance.WSDOTalsoinsuressomeof itsbridgesandferryboats.Theassets are insured for property and business interruptions including earthquakes, flooding andterrorism.

Risk-Based Asset Management as a Catalyst for ERM

Thefinalsetofpresentationsoccurredontheafternoonofthesecondday.ThesepresentationswerepartofanintentionaloverlapbetweentheNCHRPCEOriskmanagementworkshopandanFHWA asset management peer exchange. Because of the interest generated by MAP-21’s re-quirements for risk-based assetmanagement plans, the topic of risk-based assetmanagementwasheldattheendoftheCEOworkshopandthebeginningoftheassetmanagementpeerex-change.Membersof theFHWApeerexchange joined the last sessionsof theCEOworkshop tojointlydiscusstheuseofriskmanagementinassetmanagementprograms.

ShobnaVarmaandGordonProctorpreparedapresentationthatexplainedhowriskmanagementis the complement to and enabler for asset and performancemanagement. Riskmanagementhelpsagenciesmanagetheuncertaintiessurroundingtheirassetandperformanceprograms.Un-certainty surrounds assetmanagement plans because of their long horizons, and their need toachievespecificconditiontargets.Uncertaintyaccompaniesestimatesof long-termrevenue,as-setperformance,trafficloadingsandassetinvestmentlevels.

MAP-21 requires assetmanagement plans to include long-term financial plans. Such plans areinfluencedbymanyoutsidefactorssuchasinflation,stakeholderneeds,policymakers,legislators,theclimate,theeconomy,andbytheprojectsselectedbyagenciesandMPOs.Themanystake-holders and issues influencing assetmanagement financial plans create risks thatmust be ad-dressedintheassetmanagementplan.

EnterpriseRiskManagementWorkshopProceedings

22

Additional risks include appropriation uncertainty. A 10-year financial planwill span 2.5 StateTransportationImprovementProgram(STIP)cyclesand5biennialstatebudgets.DecisionsinthebudgetsandSTIPscancreateuncertaintyaboutdeliveringtheassetmanagementplanasintend-ed.

Rich Tetreault of VTrans presented a case study of how asset management is reinforcing riskmanagement inhisagency.VTrans’commitment toassetmanagement ischanging theway theagencyconductsbusiness.Ithasformedanassetmanagementunit,hiredanassetmanagerandrecentlyhired its first riskmanager. The intent is tomaximizethevalueof theagency’s invest-mentswhilemeeting theexpected levelsof service.Doing sowill result in fiscal accountability,customersatisfactionandtransparency.

Theriskmanagementtrainingtheagencysoughttoassistwithitsassetmanagementgeneratedagency-wideinterestinriskmanagement.Somepersonnelwhoattendedthetrainingalreadyareapplyingriskmanagementtoprojectsand initiatives.Thenewriskmanagerwillworkwitheachbusiness unit to help identify andmanage the risks to each unit’s strategic objectives. The ap-proachshouldleadtoafocusonriskfromthecustomer’sperspective.

Kirby Becker of theMinnesota DOT discussed how riskmanagement considerationswere inte-gratedintotheagency’sassetmanagementprocess.Theagency’sdraftassetmanagementplanincludes risk analysis as a key component along with lifecycle cost analysis, performancemeasures,investmentstrategiesandassessmentofperformancegaps.

MnDOT’s enterprise risk management framework encompasses its asset management efforts.Risk is integrated into theagency’s 20-year investment strategy, knownasMnSHIP.Risk also isconsidered in the 4-yearHighway SystemsOperations Plan, and into the bridge and pavementmanagementprocesses. Theagencyalsoidentifiesandmanagesits largerglobalrisks. It identi-fiedthroughtheassetmanagementplananalysiswhatitcalled“undermanagedrisks.”Thosearerisksthattodatehadnotbethoroughlyrecognizedormanaged.

Undermanaged risks identified through theassetmanagementplanningprocessare consideredonespresentingopportunitiestobettermanageassetsandtoreduceglobalrisks.Amongtheun-dermanagedrisks thatnowwill receive increasedattentionaredeepstormwater tunnels for I-35Wsouth,manymilesof access roads, ramps, frontage roadsandauxiliary lanes that arenotcurrentlybeingmonitored.MnDOTuncoveredrisksassociatedwithundermanagedassetsbyfo-cusingonriskstoachievingtheperformanceoutcomesthathadnotpreviouslybeeninthefore-front.

The20-yearMnSHIP investmentplanusedriskasa lens thatbuildsupona2010assessmentoftheagency’sriskprofileswithin10investmentcategories.Riskprofilesweredevelopedforeachdistrict and formanyprograms. Thepavementandbridgemanagement systemswereused toidentify,evaluateandplanforrisks,andthoserisksarerecordedintheagency’sriskregister.TheassetmanagementplanprocessfurtherelaboratedontherisksidentifiedintheMnSHIPplanand

EnterpriseRiskManagementBriefingPaper

23

furtheridentifiedrisksthatwouldimpacttheassets,thepublicortheagency.Theprocessbeganwithafocusonglobalrisksandtransitionedtoanemphasisupontheundermanagedriskstoas-sets. Risks were prioritized and mitigation strategies identified. A focus was upon risks to theagencyachievingitsassetperformancetargets.

Severallessonsresultedfromthedevelopmentofarisk-basedassetmanagementplan.Onewasto justify the already-underway improvements to the bridge management system to improvecondition forecasting. Anotherwas to formalize the inspectionofoverheadsignstructuresandhigh-mastlighttowerstoreducefailurerisk.

AnotherlessonwasthattherelianceonexistingdatatodeveloptheTAMPprovidedinsightintothecompletenessandreliabilityofdata,andtherisksassociatedwithundermanagedassets.Theidentificationofdatagapsandundermanagedassetsledtotheidentificationoftheneedtobet-termanagethestormwatertunnels,ramps,andauxiliarylanes.

AlsopresentingwasStephenGajoftheFHWAOfficeofAssetManagement,PavementsandCon-struction.HesummarizedtheMAP-21requirementsforStatestodeveloprisk-basedassetman-agementplans.ThosewillanswerthebasicquestionssuchaswhatassetsdoStatesown,whatistheircondition,whicharecritical,whatarethebest investmentstrategies,andwhat ismybestlong-termfunding?Eachofthosequestionsraisethefurtherquestionofwhataretheriskstotheassets,andtotheirpreservation?

Thetypesofrisksagenciescouldexpecttoidentifyinclude:

• Funding• Reputation• Dataaccessibilityandquality• Politicalchanges• Globalconditions• Leadershipchanges• Extremeweatherandstormevents• Climaticchange,and• Manyothers.

FHWAprovidesmanyresourcesforStatestobettermanageriskstoassets.Theseincludeaseriesofreportsonrisk-basedassetmanagement,webinarsonriskmanagement,NHItraining,andtheAASHTOassetmanagementguide.TheAASHTOAssetManagementSubcommitteeandtheTRBAssetManagementCommitteealsoprovideresourcesandexpertise.

Research Needs and Risk Roadmap

Aproductoftheworkshopwasapreliminarylistofresearchandsupportactivitiestomakeavail-abletoDOTsthetraining,tools,andguidancematerialsagenciesneedtodevelopandmaintain

EnterpriseRiskManagementWorkshopProceedings

24

effectiveERMprograms.

Afacilitatedgroupdiscussionresultedinthefollowingsuggestions:

• Assistance with geographical information system (GIS) applications that use asset datathatcouldbelike“encyclopedias”ofrisk.ThepresentationbytheNevadaDOTonright-of-wayparcelsthatpresenthighcostriskspromptedthesuggestionthatGIStoolsmaybeabletoassistwithriskmanagementefforts.

• TimHenkelremindedtheparticipantsthattherewillbeariskmanagementguide,aswellasa risk register toolwhichalso isunderdevelopment. Inaddition, theexistingNCHRPreportandtheinternationalscanreportareavailabletoassiststates.

• Aone-stopwebportalforriskmanagementresourceswassuggested.• AnothersuggestionwasupdatingtheNationalHighwayInstituteriskmanagementcourse

toreflectMAP-21issues.Multipleversionsofthecoursemaybeneeded,suchasoneonprojectriskmanagementaswellasversionsonenterpriseandprogramriskmanagement.

• AnAASHTOboardresolutioninsupportofriskmanagementwassuggested.Theexactna-tureoftheresolutionwasdiscussedwithoutclearconsensus.

• Anothersuggestionwastoreporttotheboardofdirectorsthattheworkshopwasasuc-cessandthatthefiveCEOsinattendancebelieveriskmanagementholdspotentialtohelpexecutives. The board also could be told there is support for providing additional riskmanagementresourcestotheStates.

• Further AASHTO action could be to introduce the concept of risk management to theAASHTOcommittees.Committeescouldberequestedtoconsiderhowriskmanagementcouldbeintegratedintothetransportationagencyprocessestheyaddress.

• AnothersuggestionwastoprovideamanualfornewCEOsonhowtomanageacomplextransportationagency,andincludeinformationonriskmanagement.

• TheAASHTO“newCEO101”sessionscouldincludeexplanationsofriskmanagementandhowtouseit.Thesessioncouldexplainthatriskmanagementisabestpractice.

• Followupworkcouldemphasizethatriskmanagementisessentialtoagencies’strategicplans. Theworkshop illustratedhow riskmanagement isnot tangentialbutessential toagencies’performance.

• Anothersuggestionwastoillustrateandemphasizetheneedforenterpriseriskmanage-ment,andnot just riskmanagementataprojectorprogram level.Thereneedstobeamodularlinkageshownbetweenthemanagementofrisksatalllevelsofanorganization.Now,riskmanagementisratherdisjointed,anditneedstobelinkedacrossallorganiza-tionallevels.

• Thesuccessesofriskmanagementcouldbedocumentedandshared.• ItwouldbehelpfultootherStatestohaveasummaryofhowthethreeadvancedagen-

ciesinMinnesota,WashingtonandCaliforniaconductriskmanagement.• ModeltrackingtoolswouldbeusefultoStates.Thesecouldtrackprogramlevelsrisksby

identifying the analysis of the risks and tracking themanagement of them. These tools

EnterpriseRiskManagementBriefingPaper

25

coulddocumenttheriskissuesraisedbystaff.Thoseriskissuescouldinfluencetradeoffslater.Anexamplecouldbetwootherwiseequalcandidateprojectscouldbeprioritizedifoneofthemreducesanagencyrisk.

• Explanations forhowriskhelpscommunicateacrosssiloswouldbeuseful.TheCHSriskmanagershowedhowriskdiscussionsfosteredcommunicationacross14businessunits.Similarly, state agencies have difficulty communicating across multiple silos. Providingcommondefinitionsandmeasurescouldimprovecommunication.

• Helpful toStatepersonnelwouldbea riskmanagement communityof interest.Agencypersonnel can tap into a large, national network of assetmanagement practitioners. Asimilarcommunityofinterestforriskmanagementalsowouldbeuseful.

• SimilartothecommunityofinterestistheneedforanationalriskmanagementforumtobringStatestogether.ThereisaneedforanationalnetworkofStatepractitionerstoad-vancethestateofthepractice. FHWApracticesriskmanagementbutonlyfromacom-pliance standpoint. The Statesmay findmajor opportunities if they collaborate on riskmanagement,andseekopportunitiesaswellasthreats.

• Another suggestion was assistance with how to frame risk questions. The answers re-ceivedoftendependuponhowquestionsareframed.Assistancewouldbeusefulonhowtoframeriskquestionstobestidentifyafullrangeofrisks.

• Advicewouldbeusefulonhow to identify theproper skill sets for a riskmanager. Therightcandidateneedstonotonlyunderstandriskmanagementbutalsobeagoodcom-municatorandadvocate.

Theworkshopparticipantsnextdiscussedwhatelementsshouldbe inaroadmapforStatesthatwanttodevelopenterpriseriskmanagementprograms.Amongthesuggestionswere:

• Someofthegoalsinlongrangeplansareaspirational,andnotrealistic.Thegoalsandob-jectivesforStateagenciesneedtobegroundedinwhatisachievable.Fromthoseachiev-ableand realisticgoals, theenterprise riskmanagementprocess shouldevolve. Inaddi-tionto justsetting targets forassetconditions, theagencyneedstounderstand itmustidentifyarealisticsetofobjectivesforthenextdecade,thenmanagetheriskstothem.

• Agencies that are setting objectives should document the assumptions and risks sur-roundingthem.Theyshoulddocumentwhattheyexpectandareplanningforimportantfactorssuchasinflationrates,Federal-aidamounts,andotherkeyassumptions.Thoseas-sumptionsincluderisksthatareimportanttoagencyobjectives.

• Statesareatdifferentlevelsofriskmanagementmaturity.AkeyquestionwillbehowtogetmoreStatesinvolved.

• Statesfacedifficulttradeoffs,suchaswhethertheyshouldletsomeroadsreturntograv-el.Itwouldbehelpfultounderstandhowtouserisktomakesuchdecisions.

• Statesthatpursueriskmanagementneedhelpunderstandinghowto lookacrossassetswhenconsidering risks.Risks tooneassetcouldbe reducedonly to increase the risk toanother.AroadmapneedstohelpStatesunderstandtheinterconnectionsbetweenrisks,

EnterpriseRiskManagementWorkshopProceedings

26

andunderstandhowtocompareriskstodissimilarobjectives.Opportunitycostsshouldbeconsidered.• ThereisasignificantneedforStatestounderstandhowtosetatarget.Sometargets

are“pulledfromtheair”suchasnomorethan10percentofassetsshouldbedefi-cient.Thatmayornotbeagoodtargetdependinguponwhatotherprioritiesarecrit-ical, such as retrofitting bridges for seismic events. Itwould be helpful to States tohave more meaningful ways to set targets. Then, risks to those targets could bemeasured.

• Participantsofferedhelpindocumentinghowtheysettargets.Methodsincludedbas-ingtargetsonrisk,basingthemuponreturn-on-investment,andsettingtargetsthatindicatethelong-termsustainabilityoftheasset.

• State guidance is needed for how to reduce to ameaningful few a lengthy lists ofrisks. Riskmanagementworkshops identifymany risks but it is difficult toprioritizethemdowntothetopagencyrisks.Guidanceisneededonhowtodothiseffectively.

• Atemplateforhowtostartandsustainariskmanagementprogramisneeded.

Closing Comments

TimHenkelwrappedupthesessionwithclosingcomments. HeprefacedhishighlightswiththehistoryofhowAASHTO,FHWAandTRBgottothispoint intheriskmanagementevolution.TheearlierNCHRPreports,theinternationalscanandtheadvocacyofpractitionersledtowhatisnowacrossroads.Theeffortstodatehaveexposedstatestotheconceptofriskmanagement.Now,thedecisionbeforeAASHTO,FHWAandTRB iswhether to,orhowto,advance itspractice fur-ther.

Mr.Henkelsaidtheparticipantsagreetheworkshopachieveditsgoalofexplainingtoexecutiveshowtolaunchanenterpriseriskmanagementprogram.TheremainingobjectiveistodeveloparoadmapforhowStates,AASHTO,FHWAandTRBcanassistagenciesthatwanttoimplementorimproveERMpracticesintheiragency.

EnterpriseRiskManagementBriefingPaper

27

Appendix 1

StateAgencyAttendeesArkansas ScottBennett scott.bennett@ahtd.ar.govCalifornia CrisRojas cris.rojas@dot.ca.govCalifornia MichelleTucker michelle.tucker@dot.ca.govConnecticut JimFallon James.Fallon@ct.govGeorgia GenethaRice-Singleton grice-singleton@dot.ga.govIndiana DanBrassard DBrassard@indot.in.govIowa MattHaubrich matt.haubrich@dot.iowa.govKentucky MikeHancock michael.hancock@ky.govMichigan DaveWresenski wresinskid@michigan.govMinnesota DeannaBelden deanna.belden@state.mn.usMinnesota ErickDavis eric.davis@state.mn.usMinnesota TracyHatch tracy.hatch@state.mn.usMinnesota TimHenkel tim.henkel@state.mn.usMinnesota JeanWallace jean.wallace@state.mn.usMissouri MachelleWatkins Machelle.watkins@modot.mo.govNevada RudyMalfabon rmalfabon@dot.state.nv.usNewJersey DaveKuhn david.kuhn@dot.state.nj.usNewMexico TammyHaas tamarap.haas@state.nm.usNorthDakota RonHenke rhenke@nd.govNorthDakota ScottZainhofsky szainhofsky@nd.govOklahoma MikePatterson mpatterson@odot.orgOregon LeaAnnHart-Chambers Lea.Ann.HART-

CHAMBERS@odot.state.or.usUtah RandyPark rpark@utah.govVermont RichTetreault richard.tetreault@state.vt.usWashington JohnMilton miltonj@wsdot.wa.govWyoming MartinKidner Martin.kidner@dot.state.wy.us

OtherAttendeesFHWA SteveGaj Stephen.Gaj@dot.govAASHTO MattHardy mhardy@aashto.orgTRB AndyLemer alemer@nas.eduCHS KristinRebertus Kristin.Rebertus@chsinc.comSpyPondPartners,LLC Hyun-APark hpark@spypondpartners.comSpyPondPartners,LLC ScottRichrath sricrath@spypondpartners.com

EnterpriseRiskManagementWorkshopProceedings

28

SpyPondPartners,LLC SarahSpicer sspicer@spypondpartners.comGordon Proctor andAssociates

GordonProctor gordon@proctorassociates.com

StarisisCorporation ShobnaVarma svarma@starisis.com

EnterpriseRiskManagementBriefingPaper

29

Appendix 2

(insertlatestbackgroundpaper)

1http://www.fhwa.dot.gov/environment/climate_change/adaptation/publications_and_tools/vulnerability_assessment_framework/