Evaluation of organizational approaches to risk
- Date : 2019
- Author(s) : Comité technique / Technical Committee / Comité Técnico A.3 Gestion des risques / Risk Management / Gestión de riesgos
- Domain(s) : Risk Management
- PIARC Ref. : 2019R16EN
- ISBN : 978-2-84060-535-5
- Number of pages : 61
Organizational or Enterprise Risk Management (ERM) is the formal and systematic effort to control uncertainty and variability to an organization's strategic objectives by managing risks at all organizational levels (enterprise, program, project, and activity).
Enterprise risk management is an approach to address risks at all levels of the organization. It should not be limited to the application of risk management at the enterprise level. Since organizational success depends on achieving goals at all levels of the organization, enterprise risk management should also be applied at the program, project, and activity levels. Therefore, risk management can be utilized to address risks to not only achieving organizational strategic objectives but also to those related to core and other program level objectives (i.e. financial planning and integrity, transportation system performance, asset management, infrastructure safety and security, social and environmental justice, climate change, information technology security, acquisition, workforce capacity and modernization, program and project delivery, and innovations).
This document provides an overview of organizational risk management in transportation organizations based mostly on the AASHTO Guide for Enterprise Risk Management (aka The AASHTO ERM Guide) published in 2016. The AASHTO ERM Guide is the result of an international scan, thorough literature review, and subsequent research to develop a document for use by transportation organizations. This report will also provide examples of organizational risk management from other organizations that can be helpful for agencies that are working to increase their organizational risk management maturity.
Enterprise or Organizational Risk Management Maturity can be thought of as a matrix that benchmarks five levels of maturity (awareness, initiating, emerging, competence, and excellence) along with specific activities to help an organization assess where they may be in their ERM journey. An example maturity matrix from the AASHTO ERM Guide is included in this document.
In the summer of 2017, the Technical Committee sent out a survey that was distributed through different channels (TC members from this and previous cycles, CEDR, and AASHTO). The survey provided background information on organizational or Enterprise Risk Management, along with the aforementioned maturity matrix, and asked transportation organizations to rate their maturity and provide examples of ERM usage within their organizations. The TC A.3.1 committee received 23 filled-in surveys from 16 different countries. Of which, three came from private companies, 18 from public road authorities, one from a consulting company, and one from a highway engineers body.
This report summarizes the responses received and provides examples of ERM maturity that may be applied to all transportation organizations.