Enterprise Risk Management in Infrastructure – Part 3

By:  Dr. John Brown Miller

[Originally published by civil + structural Engineer on August 1 2018.]

This is Part 3 in a three-part series on the emergence of Enterprise Risk Management (ERM) in Infrastructure.  Part 3 describes a prototype application of the ERM methodology built by the author in Microsoft Excel™.

To recap, ERM has emerged as a $22 Billion market segment, with a more descriptive name – “the eGRC Market.”  The “Enterprise Governance Risk Compliance” market (“ERM” for simplicity) is expected to grow to $44 Billion by 2022 (at a compound annual growth rate of nearly 15%).  ERM has also been adopted and deployed as an organizational principle for public infrastructure networks in Australia, Canada, England, Scotland, and Holland.  ERM systems have been shown to generate substantial reductions in Avoidable Costs – 30-40% of total life-cycle infrastructure expenditures.  These savings are immediately available to preserve (or upgrade) levels of service (LOS) – the most important opportunity to achieve real value for money (VforM).

Part 1 introduced International Standard 31000:2009(En), used across the world for ERM.  Transport & Main Roads (TMR), Queensland, Australia created the Risk Assessment and Ratings Matrix in Figure 1, using ISO 31000.  The right side of Figure 1 – called a “heat map” – was the focus of Part 1.

Figure 1 – Queensland (Australia) Transport and Main Roads Risk Assessment and Ratings Matrix

Part 2 focused on the left side of this matrix, the place where the context for using the Heat Map is represented.  This is a context-specific summary of an organization’s risk-management mission, to be used with the heat map to analyze each risk against mission and consequence.

Figure 2 shows the full (hypothetical) State of Madison Risk Management and Rating Matrix, with six (6) Mission Targets across the top and six (6) Consequence Levels along the side of the matrix.  Madison’s Highway Department chose to focus on three service commitments:  (i) pavement condition, (ii) bridge condition, and (iii) protection structures (barriers, guard rails, and crash cushions).

Figure 2 – Risk Management and Rating Matrix for Madison’s Highway Department”

The Microsoft Excel™ prototype continues the hypothetical application of ERM methodology to the Madison Highway Department.  Forty (40) pavement, bridge, and protection structure conditions have been identified for treatment in Madison’s network.  These conditions (“risks”) are being tracked because they must be addressed over the next five (5) years for Madison to meet the Mission Targets in the Matrix (Figure 2).

Each of the forty risks is placed into the Heat Map by converting the map to a simple X Y quadrant, with 0-0 as the coordinates at the lower left corner.  Each box in the Heat Map is a square of 100 units.  Figure 3 shows the first six (6) risks, uniquely identified by Hwy District, Asset Category, and tracking number.  In the two right columns of the Risk Identification Table, Highway Dept staff has assigned X-Y coordinates to put each risk into the Heat Map.  This is done using the Likelihood Ratings along the top and the Consequence Levels along the side, along with the specific descriptions of Consequence Levels under each Mission Target.

Figure 3 – Risk Identification Table – Current Spot in the Heat Map

Figure 4 – Current Risks in the Heat Map

Figure 4 shows all forty (40) risks, placed in the Excel version of the Heat Map, with the Very Big/Very Frequently portion highlighted in red, and Very Low/Very Unlikely in green.

The diagonal red line, and the arrows pointing toward the upper right, indicate those risks of higher consequence/higher likelihood that should receive heightened attention when building the Hwy Dept’s five year rolling capital and operating program.  The goals of that program are straightforward:  meet Mission Targets, on time, within budget, with an open discussion and understanding of known remaining risks.

The extraordinary benefits of scenario analysis in capital and operations programming immediately come into focus.  With risks identified by Likelihood of Occurrence and Consequence Level, Highway Department staff can focus on specific activities (“treatments” under ISO 31000) that move those risks from above the diagonal line downward and left – i.e., to the other side of the line.  Typically, there are seven types of action (treatments) to be explored, listed in Figure 5.  These treatments include:  maintenance or repair activities performed by (0) in-house personnel or by (1) outside vendors; new design and construction, using the (2) design-bid-build or (3) design-build process; or, one of the three commonly used approaches (4), (5), and (6) through long-term contracts in which the vendor is responsible to meet a specific level of service and performs those design, construction, maintenance, and repairs activities needed to deliver that service.  In the prototype, each action is assigned a code from 0 to 6.

Figure 5 – Type (of Action)

Building out the rest of the Excel based scenario tool is straightforward.  For each of the forty (40) risks in the Heat Map, five (5) different options were proposed, analyzed, and entered, with (assumed) staff estimates of cost and placement in the heat map for the Base Year (2018) and for each of the next five years.  Costs are estimated on a common 30-year life cycle cost basis.

Figure 6 – Options (Used in Excel Prototype)

These five options are shown in Figure 6, beginning with Option 0 –Do Nothing.   Options 1 and 2 focus on two different Operations and Maintenance approaches (one which moves risks to the LEFT, and the other which moves risks DOWN).  Option 3 is a new construction option, relying on Design-Bid-Build or Design-Build as the delivery mechanism.  Option 4 relies upon a 30-year contracting approach for each item using one of the three DBOM Type of Actions listed in Figure 5.  Figure 6 shows that more variations of each of Options 1 through 4 could be included whenever such options exist and make sense to include.

Figure 7 illustrates how easy it is to explore different combinations of these Options and Actions using scenario analysis in Excel.  To the right of the spreadsheet in Figure 7 (not shown), each of the Options available to treat the risks identified in the Heat Map are stored.  Each stored option specifies the Type of Action proposed, with staff’s (i) estimate of cost and (ii) the resulting location of the item in the heat map (iii) for the Base Year and (iv) for each of the next five years.  All costs entered are estimated on a rolling, 30-year life cycle cost basis.

 Figure 7 – Preferred Scenario (Excerpt)

Scenarios are built to treat the entire collection of risks by simply entering the Option selected in the Option column (fourth from the left).  Making that selection copies the referenced cost and revised heat map locations from the Option list into the Scenario list.  Five (5) scenarios were built in the Excel prototype.

  • Scenario 1 – Do Nothing, the option selected to treat each of the forty risks was Option 0 –do nothing.
  • Scenario 2 – In House + Contract O&M – all risks treated with a maintenance activity.
  • Scenario 3 – Heavy Replace – all risks treated with new construction.
  • Scenario 4 – Heavy DB(F)OM – all risks treated with one of the three forms of DBOM.
  • Scenario 5 – Preferred (by Staff) –a preferred combination from Options 1 through 4.

Figure 8 shows how the prototype uses the charting function in Excel to compare the five Scenarios, in graphical and tabular form, with total and year-to-year costs for each.

Figure 8 – Scenario Cost Comparison

Figure 9 compares the Heat Maps between Scenario 1 and Scenario 5 over the next five years.  Any scenario can be compared in this way, using the prototype’s Excel charting function.

 Figure 9 – Scenario 1 – Do Nothing versus Scenario 5 – Preferred (by Staff)

Figure 10 shows how the prototype uses the Excel charting function to compare Heat Maps between the Base Year (2018) and 2023 for Scenario 5 – Preferred (by Staff).

Figure 10 – 2018 versus 2023 in Scenario 5 – Preferred (by Staff)

The prototype illustrates how ERM logic is used to build a straightforward Excel spreadsheet to apply modern asset management principles to public infrastructure networks.  This logic applies to the local, regional, or state levels.

The advantages of moving to a 21st century ERM platform are enormous.

ERM offers an outcomes-based approach to jointly manage capital and maintenance risks.

ERM is linear, from bottom to top.  Each piece stacks on top of the piece below it, unifying decision-making from the smallest activity to the network level.  One set of Mission Targets, Likelihood, and Consequence goals are applied from the bottom to the top of the network.  Yet, the flexibility of scenario analysis allows each element to be adjusted, at any level, at any time.

Applying ERM logic will capture and properly redirect 30-40% in Avoidable Costs.

Yet, scenario-based ERM also produces actual accountability – against time, budget, and mission specific outcomes.  That is a game changer between legislators (who appropriate funds) and infrastructure managers.  An objective, reliable ERM platform can show legislators and taxpayers how risks that affect cost and level of service will be handled, when, and at what cost.  Adjustments can be made, if additional funding becomes available or to address unique situations.  Legislatures should learn to rely upon a solid ERM platform to make long-term, stable infrastructure appropriations.  That is another game changer.

With predictable appropriation levels, infrastructure managers (in DPW’s and Hwy Depts across the country) will regain the flexibility they so desperately need to focus on what actually matters – finding, proposing, and implementing the most cost-effective activities to meet levels of service commitments across their infrastructure networks.

It’s time to move on to 21st century asset management.


Miller was professor of civil engineering at MIT, chair of the ABA Section of Public Contract Law, and is an expert on infrastructure procurement.  Find him on Twitter @JohnBrownMiller and at JohnBrownMiller.com.