ERM – Developing New Performance Metrics for Risk Management 

Once you are done editing, you may close this tab.


Larry Redd

Redd Engineering

[email protected]


Developing New Performance Metrics for Risk Management 



Research Period

24 months


“Risk” can simply be defined as an uncertainty that presents either an opportunity or a threat regarding an agency’s ability to carry out their mission. Thus, agency success in risk management rests on the ability to quantify the impacts of the full range of uncertainties that may apply to them. Typically, these impacts are assessed in terms of the agency’s existing performance measures, like asset condition or safety. However, there may be much more to the story in terms of the potential for value creation or cost-cutting related to uncertainty. This would mean not only identifying and quantifying all sources of value/cost related to uncertainty, but would also mean considering risk management as integral to asset management, and not just an afterthought or add-on to traditional condition-based asset management.

As part of this, an agency would need to quantify the benefits and costs of their risk management efforts overall. For example, “We have met X% of our risk mitigation goals in the fiscal year”. Hence, depending upon the nature of the goals and objectives of an agency’s risk management program, it is essential for the agency to have a “framework” that satisfies their management needs with appropriate measures, tools, methods, and processes. The term ”metrics” is a useful term for not only defining appropriate “measures” for quantifying risk-related entities, but also in articulating how these measures will be utilized in the overall risk management framework. This research is intended to explore the current practices and state-of-the-art for metrics, and identify potential options that would be suitable for transportation agencies in the future.

Literature Search Summary

Much progress has been made in recent years regarding transportation agency capabilities in risk management. There are good examples across agencies regarding these successes, including risk management plans documented in their 2019 TAMP submissions. Guidance and clear objectives provided at the time were instrumental in driving agencies in their approaches and processes for identifying and managing risks, and documenting their plans accordingly. It was clear in 2019 that good things were happening.

But there is still significant room for increasing these capabilities, especially given the diversity of agencies, the types of risks and uncertainties they face, and the breadth and depths of the frameworks, methods, tools and valid processes that are needed to meet increasing requirements for consistency and success in risk reduction across agencies. The term “new metrics” has been coined for a reason, in order to elevate risk management to a new level, where a comprehensive examination of cost cutting and value creation options is conducted in managing the range of uncertainties that agencies face. The following section explicitly illustrates why additional research is necessary for agencies to be able to meet evolving requirements in risk management.


The purpose of this research is to:
1) Document practitioners’ ideas and preferences for managing risks and assessing the value-add of risk management programs. Some of these may be based on their current practices, and some may be based on methods they have intended to try.
2) Gather best practices for managing risks, valuing risk management overall, and implementing process improvement across the public and private sectors, including the use of “metrics” as part of these sound practices.
3) Create the basis for a “roadmap” that defines a coherent evolution in the use of performance metrics for risk management which is sensitive to the differences in agency situations, maturities in risk management, and diversity of threats they face.
4) Develop practical, actionable guidance for developing and using risk management metrics in transportation agencies.

Urgency and Potential Benefits

Overall Requirements for Metrics: References for valid risk management processes and methods are helpful in getting organized to manage risk across an agency or enterprise. These include ISO 31000 and the AASHTO Enterprise Risk Management Guide. However, in order to fully cover the myriad types of threats that agencies may face, especially when these agencies are a diverse group in the first place, requires a robust approach to defining the metrics and the overarching framework they are used within. As a good example, the themes presented in 23 CFR 667 provide some help in understanding what a solid framework might consist of.

At first glance, a reasonable interpretation of key requirements from the “Evaluation” section of 23 CFR 667 might include the following:
• Consideration of a full spectrum of risks that may affect agencies, including threats on the transportation network, uncertainties in delivering projects as intended, risks associated with hitting performance targets (or not), and programmatic or organizational risks that could threaten success.
• Estimating future “risk costs” of each threat, across multiple criteria such as asset damage, safety impacts, traffic delays, environmental damage, and economic impact.
• Identifying and considering (“evaluating”) a full range of risk management strategies; some of which may present synergies and/or compromises to traditional, condition-based asset treatments and strategies that are also being proposed.
• Assuring that “risk management” is part of the discussion regarding resource allocation, and that risk reduction efforts are discussed “at the table” along with other asset management priorities
• Quantifying the risk reduction of each candidate solution in terms of annualized dollars.
• Estimating the cost and duration of each candidate solution, management strategy, etc.
• Managing implemented strategies over time by monitoring, continuously improving, etc.

Implementation Considerations

Challenges to Defining Metrics: Risk management methods vary across transportation agencies and if similar they are likely implemented inconsistently. Also important is not only “who” within an organization is responsible for managing a risk management program, but what the bounds of that program may be. As such, risk priorities can vary based on differences in geography, agency size, financial circumstances, politics, topography, climate, agency organization, and many other factors. Finally, the types of threats and uncertainties that affect any one agency may be wide-ranging, from flooding to workforce management issues to funding variability. As a result, the details of an effective risk management approach, including metrics, will need to be sensitive to these differences between agencies. These details include a robust set of applicable frameworks, processes, methods, tools, and sources of information.


Larry Redd

Redd Engineering

[email protected]


Others Supporting Problem Statement

Please add at least one supporting organization.

Potential Panel Members

Please add at least one potential panel member.

Person Submitting Statement

Larry Redd
Redd Engineering
[email protected]