2.2.3 Risk Management


Risk Management

Managing transportation assets entails managing risk. This includes day-to-day concerns, such as addressing the risk that assets will deteriorate faster than expected or projects will cost more than budgeted. However, managing risk also involves enterprise-level risks with widespread impacts.

FHWA defines risk and risk management, in the context of transportation asset management, as follows:

  • Risk: The positive or negative effects of uncertainty or variability upon agency objectives. (23 CFR 515.5)
  • Risk Management: The processes and framework for managing potential risks, including identifying, analyzing, evaluating, and addressing the risks to assets and system performance. (23 CFR 515.5)

Considering risk is important in developing TAM strategies, because transportation agencies often must spend significant resources responding to and/or mitigating risks. Reacting to the uncertainty presented by risks can be more expensive than proactive management. Risk management strengthens asset management by explicitly recognizing that any objective faces uncertainty, and by identifying strategies to reduce uncertainty and its effects. Being proactive, rather than reactive, in managing risk and avoiding “management by crisis,” helps agencies best use available resources to minimize and respond to risk as well as further build public trust.

Given the importance of risk management for supporting asset management, agencies should formally identify and manage risks at all organizational levels. Figure 2.6 shows four levels at which risks can be identified within an agency, and the individuals who may be responsible for the risks at each level.

Typically agencies manage risk every day. They are well-equipped to hand risks at the project and activity levels, and regularly consider risks on a larger scale. Formally considering and documenting potential risks at all levels can help bring greater attention to them and improve risk management.

Risk management workshops or discussions should involve as many people in as many different parts of the agency as possible. This ensures that a broader range of risks and categories of risks are included.

Figure 2.6 Levels of Risk within an Organization

TRB. 2016. NCHRP Project 08-93 Final Report. http://onlinepubs.trb.org/onlinepubs/nchrp/docs/NCHRP08-93_FullGuide.pdf

Risk Management Process

Figure 2.7 depicts a risk management process. While it may not be necessary to walk through each discrete step in this process for every risk an agency faces, this process is helpful for understanding how to incorporate risk into TAM.

  • The process starts with establishing the context for risk management. In the case of risk management for a TAMP, the context is largely defined through other TAMP development steps.
  • The second step involves identifying the risks that affect the assets in the TAMP. Ideally, in this step the agency considers the full set of asset-related risks, even those that may appear insignificant.
  • The third step, risk analysis, involves identifying the cause of the risk, the outcomes or consequences (impact), and the likelihood of the risk occurring.
  • The fourth step, risk evaluation, entails prioritizing and ranking risks.
  • Fifth, the address risks step is the response the agency takes to the risk. DOTs can choose to tolerate the risk or treat the risk in some manner.
  • The left side of the figure shows a continuous communication and consultation activity. Agencies need to communicate the risks to both internal and external stakeholders, as well as monitor and review the risks.
  • The right side of the figure shows an iterative monitoring and review process. Once the risks are identified, analyzed, and a mitigation plan is in place agencies need to monitor the risks and update the risk management documentation accordingly.
  • More on risk monitoring and management is discussed in Chapter 6 Monitoring and Adjustment.
  • This process is generally consistent with ISO Standard 31000, as well as FHWA’s requirements for state DOTs to assess risks to NHS assets in developing a TAMP.

Figure 2.7 The Relative Timeframes Between Plans

Source: Adapted from FHWA. 2017. Incorporating Risk Management into Transportation Asset Management
Plans: Final Document.

Risk Register

It is common practice to develop a register identifying major risks and assess each based on expert judgment. In this fashion, the process is valuable for identifying “non-programmatic” risks, or risks not previously addressed in any one program. The How-To Guide in this section describes the steps in developing a risk register to identify such risks. Once a risk has been identified and assessed, formal processes may be required to perform a more detailed assessment and manage the risk programmatically, as illustrated in the Arkansas practice example.

Arkansas DOT

As part of the process of developing its 2018 TAMP, ARDOT developed a risk register and mitigation plan compliant with FHWA TAMP requirements. As part of this effort, ARDOT first reviewed and documented its existing controls for asset-related risks incorporated in its design specifications, and approaches for addressing specific risks to bridges (e.g., scour). The agency then developed an initial register through a risk workshop. In the workshop, ARDOT staff identified specific risks not otherwise addressed programmatically, classifying risks by type:

  • Asset Performance
  • External Threats
  • Business Operations
  • Highway Safety
  • Finances
  • Project and Program Management
  • Information and Decision Making

For each risk ARDOT used expert judgment to classify the risk in terms of its likelihood and impact. An initial priority was determined based on this classification. Next, ARDOT defined potential mitigation strategies for each of the 14 high-priority asset management risks in the register. A total of 12 strategies were identified, with each helping to mitigate one or more different risks. ARDOT next prioritized the mitigation strategies, and developed mitigation and monitoring plans detailing actions to be undertaken, and the approach for monitoring the risks and updating the register moving forward.

Arkansas DOT. 2018. ArDOT Risk-Based Transportation Asset Management Plan. http://www.tamptemplate.org/wp-content/uploads/tamps/037_arkansasdot.pdf