U.S. Department of Transportation
Federal Highway Administration
1200 New Jersey Avenue, SE
Washington, DC 20590
Figure 3. This chart shows the levels of enterprise risk management. At the agency level at the top, executives have responsibility. The type of risks are those that impact achievement of agency goals and objectives and involve multiple functions. The strategy is to manage risks in a way that optimizes the success of the organization rather than a single business unit or project.
At the program level at the next level down, program managers have responsibility. Type of risks are those that are common to clusters of projects, programs, or entire business units. Strategies include setting program contingency funds and allocating resources to projects consistently to optimize the outcomes of the program rather than solely projects.
At the project level on the bottom level, project managers have responsibility. The type of risks are those that are specific to individual projects. Strategies include advanced analysis techniques, contingency planning, and consistent risk mitigation strategies with the perspective that risks are managed in projects.
Figure 4. This illustration shows the risk management approach for the M80 expansion used by VicRoads in Melbourne, Australia. At the top is the corporate risk register and risk management plan, which includes credible risks to VicRoads as a whole and program development and delivery and business operations.
In the middle are the business area risk register and risk management plans, which cover key risks to business-area objectives, proposed risk treatment actions, support of any new business initiatives, and feed up to divisional and corporate risk management plans.
At the bottom are project risk register and risk management plans, including project delivery; scope, cost, and time control; and project risks and action plans.