Page 77

Suggested Citation: "Appendix D: Industry Roundtable Summary." National Academies of Sciences, Engineering, and Medicine. 2025. Risk Management at State DOTs: Building Momentum and Sustaining the Practice. Washington, DC: The National Academies Press. doi: 10.17226/29144.

APPENDIX D

Industry Roundtable Summary

Contents

Key Content—Prioritization

Recap and Key Takeaways

Page 78

Suggested Citation: "Appendix D: Industry Roundtable Summary." National Academies of Sciences, Engineering, and Medicine. 2025. Risk Management at State DOTs: Building Momentum and Sustaining the Practice. Washington, DC: The National Academies Press. doi: 10.17226/29144.

Objective

The objective of this summary is to demonstrate that an industry roundtable was carried out on February 16, 2023; to describe the process and methods used to conduct the roundtable; and to document important findings.

Background

The NCHRP Project 08-151 research team conducted an interactive industry roundtable to obtain information on how participants built and sustained a risk management program within their agencies. Participants came from a range of U.S. regions as well as other nations and represented all modes of transportation and related sectors. The participants were industry professionals engaged in strategic-enterprise risk management, program-/project-level risk management, asset management, and communications to determine the barriers and constraints of incorporating formal risk management into decision-making at all levels of their organization. This roundtable provided an opportunity to ask the “hows” and to listen to see if there were specific tools, promotions, communication, or content that appeared to be similar or used the most in building and sustaining risk management. Findings from the roundtable were considered as the research team proceeded through the rest of the project tasks.

Initial findings regarding what agencies have done, lessons learned, and successes were identified in the practitioners survey (Task 2) and targeted literature review and gap assessment (Task 3). The industry roundtable aimed to reaffirm those findings as well as add to those findings by exploring additional areas and elements related to communication, value-add, promotion, culture shifts, resources, and integration. Discussion was focused on informing the development of high-impact, solution-oriented content for the AASHTO Transportation Management Hub. The objectives of the industry roundtable were to

Gain insights and examples of concrete, actionable products and content on how to build a risk management program within an agency.
Gain insights and examples of concrete, actionable products and content on how to sustain a risk management program within an agency.
Gain insights on what content could be developed and posted on the AASHTO Transportation Management Hub to help state agencies build and sustain risk management within their DOTs.

To provide the groundwork, the research team started the roundtable with introductions of the participants to learn more about their level of maturity in risk management before launching into detailed discussions about building and sustaining risk management.

Participants

A total of 29 attendees from across the world including 10 states and 5 countries participated in the industry roundtable. They are listed in Table 2.

The participants represented geographic diversity from North America and Europe, as demonstrated in Figures 7 and 8.

Technical Platform

The industry roundtable was conducted virtually, using Microsoft Teams and a Mural digital whiteboard for collaboration. Methods of interaction with participants included the following:

Full-group videoconference discussion in Teams.
Full-group or private chat threads in Teams.

Page 79

Suggested Citation: "Appendix D: Industry Roundtable Summary." National Academies of Sciences, Engineering, and Medicine. 2025. Risk Management at State DOTs: Building Momentum and Sustaining the Practice. Washington, DC: The National Academies Press. doi: 10.17226/29144.

Table 2. Participants in the industry roundtable.

Industry Roundtable Participants
TriMet	Port Authority of New York/New Jersey (PANYNJ)
Florida DOT	Maine DOT
Caltrans	Vanderbilt University
MTA-Metro North Railroad	UDOT
Dallas Area Rapid Transit (DART)	Argonne National Laboratory
BC Rapid Transit Company (BCRTC)	Texas DOT
Florida DOT	Vejdirektoratet (Danish Road Directorate)
Vlaanderen MOW (Mobility and Public Works, Government of Flanders)	FHWA Liaison
Attica Tollway Operations Authority S.A.	Panel Member
Vlaanderen MOW (Mobility and Public Works, Government of Flanders)	NCHRP Senior Program Officer
Port of Vancouver	AASHTO Liaison
Center for Research and Technology Hellas (CE.R.T.H.)	AASHTO Monitor
Soldier Canyon Water Treatment Authority, CO	Panel Member
Florida DOT	Panel Member
Swedish Transport Administration	—

Breakout rooms in Teams when smaller groups were required.
Virtual “sticky notes” in Mural where participants would double-click to create a note and type as desired. Sticky notes were also moved as needed on the page.
Polling in Mural as “votes” were recorded by clicking on sticky notes to indicate a preference or priority order of the content on the sticky note.

The research team developed the industry roundtable technique through discussion with the NCHRP Project 08-151 panel, including the date, time, participants, and platform. The research team created and developed leading questions to ensure a deep and broad understanding of the various practices and processes used by the participants.

Common Themes

The research team led a discussion about how the participants built and sustained risk management within their agency. Major themes and insights included the following:

Leadership support is paramount. Without leadership advocating for and supporting the adoption of risk management within the organization, it will likely fail.
A risk management policy is key and can provide the framework to start and keep the risk management conversation going. Policy requirements can add meaning to implementation methods.

Page 80

Suggested Citation: "Appendix D: Industry Roundtable Summary." National Academies of Sciences, Engineering, and Medicine. 2025. Risk Management at State DOTs: Building Momentum and Sustaining the Practice. Washington, DC: The National Academies Press. doi: 10.17226/29144.

The participant states and provinces are as follows: British Columbia, Oregon, Utah, Colorado, Texas, Illinois, Tennessee, Maine, New York, New Jersey, and Florida. The remaining states of the United States and provinces of Canada are marked as non-participants. — ***Figure 7. Location of industry roundtable participants: United States and Canada.***

There is no single methodology for building and sustaining risk management; decisions must be tailored to an organization’s culture and timeline.
Early and ongoing training is crucial to mitigate turnover and create institutionalized knowledge.
Organizations should be structured with top-down and bottom-up communication and support with a culture of risk that encourages discussions about risk.
Building risk management into recurring processes and tools allows agencies not to have to rely on leadership to sustain them.
Looking beyond what people/staff are comfortable with and starting to consider potential disruptions with outside insights from stakeholders and thought leaders.
Discussing lessons learned on small and large scales is important for managing crises or day-today events. This approach should be more than just postmortems of events, but more robust conversations around anticipating the right risks and what they would do differently in the future.
Risk should be incorporated into all aspects of an agency and job descriptions.
Sustaining risk management must be a coordinated effort that can take longer than some may expect. Risk management is a journey, not a destination.

Page 81

Suggested Citation: "Appendix D: Industry Roundtable Summary." National Academies of Sciences, Engineering, and Medicine. 2025. Risk Management at State DOTs: Building Momentum and Sustaining the Practice. Washington, DC: The National Academies Press. doi: 10.17226/29144.

The participant countries are as follows: Denmark, Sweden, Greece, and Belgium. The remaining European countries are marked as non-participants. — ***Figure 8. Location of industry roundtable participants: Europe.***

Having the same “ground truth” of what a risk assessment means and what is failure.
Using the common denominator of money when portraying and communicating risk to external audiences.

Advice for Building Risk Management Culture

The industry professionals participating in the roundtable discussion included DOT representatives within the United States, international representatives, and other transportation industry representatives. While all of them are considered experts in their respective fields, their agencies have different levels of risk management experience, as seen in Figure 9. Some are currently building a risk management practice, others have built the practice but are working on sustaining it, and the rest have successfully sustained the practice.

Based on the industry experts’ experiences, the research team asked them for one piece of advice they would give someone who wants to build a risk management culture within their agency or organization. Table 3 details a summary of responses from the industry participants when asked about advising on building a risk management culture.

Building Risk Management Discussion

For a 25-minute discussion, the industry professionals were split into four groups of five to seven participants each. The research team developed four topics to encourage deeper conversation about their strategies and tactics to build risk management within their agency. The topics

Page 82

Suggested Citation: "Appendix D: Industry Roundtable Summary." National Academies of Sciences, Engineering, and Medicine. 2025. Risk Management at State DOTs: Building Momentum and Sustaining the Practice. Washington, DC: The National Academies Press. doi: 10.17226/29144.

Figure 9. Industry roundtable participants’ risk management maturity level.

Page 83

Suggested Citation: "Appendix D: Industry Roundtable Summary." National Academies of Sciences, Engineering, and Medicine. 2025. Risk Management at State DOTs: Building Momentum and Sustaining the Practice. Washington, DC: The National Academies Press. doi: 10.17226/29144.

Table 3. Advice for building risk management culture from industry professionals.

Have consistency in a risk management process but keep it simple.

Build gradually and progressively.

Create buy-in, especially with the leadership team.

Break down silos within the agency.

Test and evaluate identified risks through use case (pilot) deployment.

Encourage continuous learning and adaptation by training personnel thoroughly and continuously.

Need to have honest conversations and reward honesty; people in authority must be willing to hear the truth.

Get buy-in from all levels of the organization; cultivate participation by subject matter experts.

Invest in an ERM tool (a.k.a. GRC).

Connect risk management to decision-making and key organizational objectives.

Use three lines of defense: (1) responsible business, (2) risk functions, (3) audit.

Mentally prepare to be as thorough as possible; leave no stone unturned.

Risk management is a continuous process and requires an enterprise perspective.

Communication is key.

were the same for each group but discussed in varying orders to ensure varied responses across the industry roundtable. Those topics included the following:

Culture of Risk/Organizational Change
Business Processes
Communication and Promotion/Value Proposition
Data and Tools/Quantification of Risk

Discussion about the culture of risk and organizational change can be found in Table 4. The following are examples of a few questions the participants were asked:

Has management made your organization’s risk tolerance clear?
How did risk management change the culture of your agency? Or did the culture of your agency change first, and risk management followed? Were there materials used or was it policy and leadership direction?

Discussions about business processes can be found in Table 5. The following are examples of questions participants were asked:

What business processes in your organization have incorporated elements of risk and uncertainty into decision-making?
What helped to integrate risk into the daily business processes within your agency?

Discussions about communication and promotion/value proposition can be found in Table 6. The following are examples of questions participants were asked:

How did you communicate risk management internally?
How did your organization annunciate a strong value proposition for risk management? How was it developed and communicated?

Discussions about data and tools/quantification of risk can be found in Table 7. The following are examples of questions participants were asked:

How do you quantify risk within your agency?
What tools for measuring risk has your agency used? In-house tables/spreadsheets? Purchased solutions?

Page 84

Suggested Citation: "Appendix D: Industry Roundtable Summary." National Academies of Sciences, Engineering, and Medicine. 2025. Risk Management at State DOTs: Building Momentum and Sustaining the Practice. Washington, DC: The National Academies Press. doi: 10.17226/29144.

Table 4. Participant discussion on building culture of risk/organizational change.

Establish a regular cycle for identification and discussion of enterprise risk.

Encourage shared responsibility of risk management and integrate it into agency culture. Encourage all employees to identify and raise concerns about risk at any time.

Develop a mindset that risk management is how to make decisions when there is no clear guidance.

Incorporate risk into decision-making throughout project development, business processes, and other existing processes (e.g., annual transit asset management meetings with maintenance staff).

Connect risk management to money and time so benefits of addressing risk are clear and palatable.

Develop information and training for all new employees early and keep it ongoing and for all levels.

Establish leadership champions and specific staff charged with advocating and leading activities. Remember important functions of support staff to maintain risk register and documents.

Develop steering committees, working groups, internal audit teams, and other teams to facilitate communication and collaboration.

Understand that building risk management takes perseverance; it takes time and iterations.

Allow the approach to evolve (e.g., from initial effort to a formal policy; from specific activities to a more integrated agencywide process; from simple to more advanced tools).

Build cultural and organizational approaches at the same time. One does not lead to the other; they interact.

Be transparent about risk identification and strategies; conduct frequent updates and reports to maintain visibility.

Understand that culture of risk starts from the top but engages from the bottom.

Established an innovative culture that allows for measured risks to be taken at all levels. Executive director and leaders encourage this culture. Have an Enterprise Risk Management (ERM) policy which makes communication with risk owners much more effective.

Understand that risk appetite is a performance threshold that allows improvement to procedures and tools. It’s important not just to send out memos [about improving risk management] but to communicate what that means and how it affects employees.

Established explicit policies and programs to encourage culture of risk and organizational change.

Table 5. Participant discussion on building business processes.

Integrate with project management and operations.

Ran Monte Carlo simulations in project environment to understand the impact on project cost, schedule, and contingencies—embed in project management and include it in health and safety at sites. Included representatives from risk as part of project team, policies, framework, and leadership that are dedicated resources and able to quantify exposure to risk. Having tone at the top and support from leadership helps investigate individual division processes and where risk management goes.

Being more focused on project management risk and safety which leadership chain can help support. Whether project risk or safety, include early in the process where it can provide the most benefit (avoid problems rather than react).

Page 85

Suggested Citation: "Appendix D: Industry Roundtable Summary." National Academies of Sciences, Engineering, and Medicine. 2025. Risk Management at State DOTs: Building Momentum and Sustaining the Practice. Washington, DC: The National Academies Press. doi: 10.17226/29144.

Incorporated ERM into all programs and have district-specific risk management for project implementation. Have planning process agility with emerging trends, changes in funding, and changing demographics awareness filters through other processes. Developed a handbook and identified risk registers for Transportation Asset Management Plan (TAMP). Broke down silos and had ongoing discussions.

Incorporated strategic and business planning, project management, and safety management.

Established guidance from the head office and then documented a procedure so there is consistency in identification and reporting; built a risk register and have coordinator that performs updates to help steer where improvements need to be made and make annual business plan focus areas.

Created a risk management committee that has the authority and responsibility for agency operationalization of risk practices with International Behavior Analysis Organization (IBAO) guidelines and Committee of Sponsoring Organizations (COSO) standards.

Identified and managed risks essentially at the source. Each business process will manage risk at its level (try to capture risks that may span disciplines and elevate as appropriate).

Have an Internal Control Officer for policy, metrics, and accountability.

Table 6. Participant discussion on building communication and promotion/value proposition.

Top-down leadership is not enough and communicating the value proposition through anticipated or example outcomes to bottom-up participants, especially subject matter experts (SME), is essential.

Establish in-person engagement, through one-on-one, focus group, or small group discussions to provide a forum for two-way discussion of the value proposition; have found one-way communication to be less successful.

Utilized ERM tools, reports/white papers, presentations, emails, and memos.

Elevated risk management to stakeholders by aligning new and emerging risks and hazards with existing performance metrics. For example, aligning new climate threats in the electric sector with system reliability is a key metric for them.

Communication is just as important internally as externally and each audience is different.

Learn from risks and push the learnings to project managers to share and help mitigate duplicating.

Communicated risk regime via a central risk management function to ensure consistency and learning.

Set up an internal control team with compliance officers for risk compliance.

Established communication from the leadership down to directors and managers about process and change management including risk assessment.

Established project management level training, manuals, and requirements.

Had project management policy reviewed and approved by board, then presented to department about what it means to them and how risk function would be involved at each level. Brainstorm sessions about key risks in each department, then build risk registers up from the ground level. Regular communication with leadership team to summarize progress.

Performed frequent updates and reporting to maintain visibility by many who might not think of risk management as part of their role.

Page 86

Suggested Citation: "Appendix D: Industry Roundtable Summary." National Academies of Sciences, Engineering, and Medicine. 2025. Risk Management at State DOTs: Building Momentum and Sustaining the Practice. Washington, DC: The National Academies Press. doi: 10.17226/29144.

Table 7. Participant discussion on building data and tools/quantification of risk.

Understand that quantification is different across disciplines and ask, “What is failure to YOU?” to establish for each area.

Used Primavera v6 to rank and prioritize risk done by an independent Risk Manager which helps create risk contingency on schedule and for cost.

Have a dashboard of compiled metrics to help quantify and showcase risk.

Accept risk and move forward; establish and train a culture that discusses risk openly.

Use regulatory requirements to bring commitment from top management but understand the need for an overall drive from top to bottom.

Quantify and display risk through Google Data Studios. Spreadsheets are a staple for creating risk lists.

Encourage training because it is necessary.

Enterprise risk assessment can be perceived as too costly and complex.

Enterprise risk should be assessed yearly.

Project management risk assessments useful to address schedule and cost risks.

Training necessary due to staff turnover.

Communication/discussion about risk is better than a report that may not be used. We do not have a risk management program—we found people were not invested—instead, we gave guidance to various groups as to how to discuss/consider risk.

Primavera 6 tool with Monte Carlo assessment capabilities has been used.

Better to have a risk manager be someone outside of the agency or project.

Use ERM software that has assurance reporting and tracking, integrated with Tableau, a primary tool to understand, visualize, and communicate both granular and enterprise-level information.

Incorporated dedicated people within operations, data, and IT specifically for quantification of risk processes (staff with backgrounds in data science, machine learning, etc.).

Advice for Sustaining Risk Management Practices and the Culture of Risk Management

Each of the industry professionals participating in the roundtable has their own unique experiences when it comes to building and sustaining risk management. The research team wanted to better understand what significant advice they could offer to sustain the practice and culture of risk management. Participants were asked to describe one lesson they have learned in how to sustain the practice and culture of risk management. Table 8 details a summary of participant responses when asked about advice and lessons learned to sustain risk management practice.

Sustaining Risk Management Discussion

For a 25-minute discussion, the industry professionals were split into four groups of five to seven participants. Like the building discussion, the research team centered their questions and discussion around the four core topics to encourage deeper conversation about their strategies and tactics to sustain risk management within their agency. Those topics included the following:

Culture of Risk/Organizational Change
Business Processes
Communication and Promotion/Value Proposition
Data and Tools/Quantification of Risk

Page 87

Suggested Citation: "Appendix D: Industry Roundtable Summary." National Academies of Sciences, Engineering, and Medicine. 2025. Risk Management at State DOTs: Building Momentum and Sustaining the Practice. Washington, DC: The National Academies Press. doi: 10.17226/29144.

Table 8. Lessons learned to sustain the practice and culture of risk management from industry professionals.

Integrating risk management into existing processes.

Update operational manuals as well as update and repeat personnel training.

Create a system that is not reliant on specific people or personalities. It needs to be independent of who is running the risk management efforts.

Ensuring risk management is part of the agency culture.

Foster an executive champion relationship, but make sure there is a process to develop institutional knowledge for eventual replacement. Manage “change in leadership” as a strategic risk of the organization to mitigate impacts to the organization (and ERM initiative).

Have dedicated teams/staff that see the value added and take ownership and responsibility.

Encourage identification of lessons learned organizationally to cultivate risk-based thinking at all levels to sustain the practice.

Perform annual updates to risk registers and incorporate risk into annual processes with staff across an organization to build the practice and expectation that risk is part of how everyone should think about their duties.

Automate practices and leverage technology to reduce the lift and always prioritize efforts with the largest impact/value to the organization (align with strategy).

Cultivate the culture of risk-based thinking at all levels of the organization and embed risk management into everyday activities and decisions.

Make risk management a central function (possibly a Chief Risk Officer) to ensure sustainable and documented framework and processes.

Discussions about the culture of risk and organizational change can be found in Table 9. The following are examples of questions participants were asked:

How have you sustained the culture of risk within your agency?
How to ensure the knowledge of and passion for risk management is being sustained (training, knowledge management)?

Discussions about business processes can be found in Table 10. The following are examples of questions participants were asked:

How have you ensured the business processes in your organization that incorporate risk and uncertainty are sustained, regardless of leadership?
How have you ensured there are adequate resources and/or staff to sustain a risk management program? What are those staffing levels?

Discussions about communication and promotion/value proposition can be found in Table 11. The following are examples of questions participants were asked:

How have you created “trust” with your stakeholders, the media, etc. so when you talk about risk management, they believe you? How have you sustained that trust?
How do you communicate about risk factors, hazards, and uncertainties in your organization?

Discussions about data and tools/quantification of risk can be found in Table 12. The following are examples of questions participants were asked:

Of the data and tools that your organization uses to quantify risk management,

How many are being refined and improved regularly or continuously?
Are there any being tolerated until management looks away or political winds change?

Page 88

Suggested Citation: "Appendix D: Industry Roundtable Summary." National Academies of Sciences, Engineering, and Medicine. 2025. Risk Management at State DOTs: Building Momentum and Sustaining the Practice. Washington, DC: The National Academies Press. doi: 10.17226/29144.

Table 9. Participant discussion on sustaining a culture of risk/organizational change.

Perform self-assessments and develop tools such as capability maturity models to document the effectiveness of an agency’s risk management process and how it evolves.

Establish a risk committee to discuss and assign emerging risk.

Identify new opportunities and the changing nature of risks and assess those more systematically and comprehensively until they, too, become part of normal processes. Acknowledge that risks are never static and may combine in new and different ways. Recognize that as we learn more, our risks change.

Monitor and have periodic updates with leadership on top risks.

Understand that resourcing is always limited. If risk management helps make better decisions, like key projects, ensure that the cost-benefit is analyzed. The cost of mitigation is often more than the cost of addressing issues up-front. Get risk management into organizational objectives.

Have the awareness and understanding of the value that risk management brings to an organization.

Incorporate risk into regular meetings to share understanding, tools, and methods for incorporation in all aspects of agency decisions.

Establish a recurring risk-identifying process (e.g., quarterly during risk committees and biennially across the enterprise).

Link risk assessment results into agency strategic plans.

Spotlight success and reward performers.

Express goals in a way people can relate to and share why you enjoy working on this. Actively listen and try to understand the motivators to people’s hearts in the process to get buy-in.

Continuously train and educate employees. Every employee is responsible for the risk at their level; however, not all employees understand that policy. Risk can be sustainable because it’s on the employees, managers, and leaders to do it, but that can also lead to inconsistency when uneducated.

Acknowledge change fatigue and understand the fine line of how much to adapt and change and talk about the value of it.

Have top management instill a risk management culture and practice across an organization that creates a safe space for staff to verbalize and discuss risk.

Identify existing risk management capabilities/competencies and perform gap analysis between the current versus desired state.

Continually discuss risk management and incorporate it into project leadership teams and executive leadership meetings.

Policy on risk helps provide transparency.

Table 10. Participant discussion on sustaining business processes.

Make risk management a part of the general practice and/or process.

Don’t overcover risks. Manage risk to the level desired/established (risk appetite and capacity) and closely monitor performance to determine allocation of resources needed as strategy and environment change. Grow as needed and where it’s needed, and leverage and engage those who are experts in the areas where the organization’s risks are being assessed.

Look at risk in light of the goals of an agency.

Incorporating risk into design standards—use of which is dependent on the magnitude of the project.

When pushing information from the top, ensure that the bottom is not fearful of implications as they are in the best position to identify the issues.

Page 89

Suggested Citation: "Appendix D: Industry Roundtable Summary." National Academies of Sciences, Engineering, and Medicine. 2025. Risk Management at State DOTs: Building Momentum and Sustaining the Practice. Washington, DC: The National Academies Press. doi: 10.17226/29144.

Stay informed about emerging trends and new topics and encourage integration of these into various processes. Be willing to hear fresh perspectives from new or nontraditional partners.

Ensure processes are solid so they can withstand leadership changes and gaps from new hires.

Link risk analysis and lessons learned into formal capital project decision-making processes.

Institutionalize processes by documenting them as part of business management system or standard operating procedures or other policy and protocol documents.

Expect risk accountability at all levels.

Continuously train and educate employees.

Establish a risk management team (experts) to facilitate workshops and make reporting comparable across the organization at all levels, as well as communicate employee responsibility to be aware of his/her risks.

Training happens in the area where the risk is captured and managed.

Table 11. Participant discussion on sustaining communication, and promotion/value proposition.

Build trust by using terms easy to understand (not risk jargon), aligning with top priorities, and being proactive and transparent. Most everyone understands uncertainty associated with their job duties. Start there and keep it clear and simple to build, scale, and formalize.

Ensure consistency in reporting and that the information, data, and status being reported are verified and validated.

Understanding that risk is simply uncertainty. Whether we arrive at our destination or not, it’s easily understood we are always navigating the changing environment. Risk is natural to how humans think, especially in a business environment.

Quantify risk to stakeholders ($), then discuss appetite to mitigate risk. This helps get more buy-in and paints a clear picture for leadership.

Know your audience and treat them as partners who can help with problem-solving in addition to being informed of what is going on.

Do not underestimate communication and/or assume that risk means the same thing to all people.

When the odd misstep comes up, own it and move forward.

Integrate scenario analysis and consequence modeling to show the impacts of various risks, which is easier to communicate to the broader public.

Encourage lessons learned to share risk assessments and risk management processes.

Understand the opportunity to learn about risk from each other and the bigger picture/perspective of how assets interact.

Having clear two-way communication is important internally and externally to have a common understanding of key terms, thresholds, and how risk management is working/performing.

Risk management should help and not make work more difficult.

Risk has a cascading impact, and infrastructure and communities should be observed as a whole. Understand the impacts of risks to the system not just as an individual asset—a bridge might be fine but the roadways leading to it may be underwater. We can’t protect our assets and flood neighborhoods.

Page 90

Suggested Citation: "Appendix D: Industry Roundtable Summary." National Academies of Sciences, Engineering, and Medicine. 2025. Risk Management at State DOTs: Building Momentum and Sustaining the Practice. Washington, DC: The National Academies Press. doi: 10.17226/29144.

Table 12. Participant discussion on sustaining data and tools/quantification of risk.

Have a leadership process to check assumptions and help make sure executive leadership is up to date and project management gets real-time feedback.

Define risk so everyone has a similar definition, it seems simple but can become an issue. One can’t assume everyone understands the same concepts.

Constantly refine spreadsheet forms and Google Data Studio so they aren’t regarded as set in stone.

Major Decisions Team includes project-level risk assessment for our agency. We find that this trickles down to staff when they see how risk is considered for big investments. We mostly focus on budget and schedule.

Documenting lessons learned every 2 years.

Climate has allowed for new ways of thinking versus being emergency responders. Our challenges are related to inland flooding, power outages/pump failures, we need to be moving to system or corridor assessment. Also, consider managed retreat.

Metrics on risk appetite—tolerance and thresholds useful. It could be useful to have an outside entity conduct assessments; however, cannot transfer risk management to others.

One participant utilized a web-based standard tool which was chosen for its simple approach and ability to quantify risk and has a workshop-friendly interface. Only very few (risk managers/facilitators) can access and input data—to minimize overlap and biased input.

Established clear roles and governance with expectations of the end goal. Ensured the ERM framework and processes are aligned with the tool as much as possible which adds functionality as ERM matures. Machine learning has its place. Understand which tool is used for which aspect of ERM (its limitations and capabilities).

Sustainable data processing means consistency.

Key Content—Prioritization

The research team walked the industry roundtable participants through a prioritization polling process. The team created a poll containing suggestions of key content an agency might need to build a risk management program within their organization. The research team asked if anything was missing, and the participants offered additional key content. Then, the research team asked the participants to prioritize what key content would be the most important. The top four (4) key items recommended by the risk management professionals to build a risk management program were as follows:

Begin to integrate risk management into existing processes and at all levels of the organization.
Create a spreadsheet-based risk assessment and mitigation tool that is easy for staff to use.
Develop a risk management roadmap.
Provide training, early and ongoing, regarding risk management definition and processes.

The research team followed the same methodology and asked the industry professionals to rank and prioritize the top four (4) key items to sustain a risk management program. Those top recommendations were as follows:

Identify new opportunities of risk and assess those more systematically/comprehensively until they become part of the business process.
Build and integrate risk management in all recurring processes and tools.
Create standard operating procedures to institutionalize risk management within the agency.
Engage leadership’s commitment to risk management but do not rely on them to sustain it, have it become the “normal practice” and part of the culture.

Page 91

Suggested Citation: "Appendix D: Industry Roundtable Summary." National Academies of Sciences, Engineering, and Medicine. 2025. Risk Management at State DOTs: Building Momentum and Sustaining the Practice. Washington, DC: The National Academies Press. doi: 10.17226/29144.

Recap and Key Takeaways

The research team recapped all the insights and information provided during the industry roundtable and thanked the risk management professionals for participating. The following week, the research team sent an email of appreciation to each risk management professional who gave their time to help inform this research effort.

After review and contemplation of the industry roundtable, the research team opined on these key takeaways:

Definitions and clarity are paramount—everyone within the agency must understand and “speak the same language” as it pertains to risk management.
Development of a policy is key as it gives the framework for critical conversations.
Training and consistent reminders of risk management help mitigate turnover and knowledge management.
Open communication about risk and risk management, so that it is not seen as a topic that is discussed only in a crisis.
Create a standard operating procedure to ensure business processes integrate risk but also leave enough agility to allow staff to be inventive.
Create templates, dashboards, and other tools to assist in postmortem analysis.

Page 92

Suggested Citation: "Appendix D: Industry Roundtable Summary." National Academies of Sciences, Engineering, and Medicine. 2025. Risk Management at State DOTs: Building Momentum and Sustaining the Practice. Washington, DC: The National Academies Press. doi: 10.17226/29144.

This page intentionally left blank.

Page 93

Suggested Citation: "Appendix D: Industry Roundtable Summary." National Academies of Sciences, Engineering, and Medicine. 2025. Risk Management at State DOTs: Building Momentum and Sustaining the Practice. Washington, DC: The National Academies Press. doi: 10.17226/29144.

Abbreviations and acronyms used without definitions in TRB publications:

A4A	Airlines for America
AAAE	American Association of Airport Executives
AASHO	American Association of State Highway Officials
AASHTO	American Association of State Highway and Transportation Officials
ACI–NA	Airports Council International–North America
ACRP	Airport Cooperative Research Program
ADA	Americans with Disabilities Act
APTA	American Public Transportation Association
ASCE	American Society of Civil Engineers
ASME	American Society of Mechanical Engineers
ASTM	American Society for Testing and Materials
ATA	American Trucking Associations
CTAA	Community Transportation Association of America
CTBSSP	Commercial Truck and Bus Safety Synthesis Program
DHS	Department of Homeland Security
DOE	Department of Energy
EPA	Environmental Protection Agency
FAA	Federal Aviation Administration
FAST	Fixing America’s Surface Transportation Act (2015)
FHWA	Federal Highway Administration
FMCSA	Federal Motor Carrier Safety Administration
FRA	Federal Railroad Administration
FTA	Federal Transit Administration
GHSA	Governors Highway Safety Association
HMCRP	Hazardous Materials Cooperative Research Program
IEEE	Institute of Electrical and Electronics Engineers
ISTEA	Intermodal Surface Transportation Efficiency Act of 1991
ITE	Institute of Transportation Engineers
MAP-21	Moving Ahead for Progress in the 21st Century Act (2012)
NASA	National Aeronautics and Space Administration
NASAO	National Association of State Aviation Officials
NCFRP	National Cooperative Freight Research Program
NCHRP	National Cooperative Highway Research Program
NHTSA	National Highway Traffic Safety Administration
NTSB	National Transportation Safety Board
PHMSA	Pipeline and Hazardous Materials Safety Administration
RITA	Research and Innovative Technology Administration
SAE	Society of Automotive Engineers
SAFETEA-LU	Safe, Accountable, Flexible, Efficient Transportation Equity Act: A Legacy for Users (2005)
TCRP	Transit Cooperative Research Program
TEA-21	Transportation Equity Act for the 21st Century (1998)
TRB	Transportation Research Board
TSA	Transportation Security Administration
U.S. DOT	United States Department of Transportation

Page 94

Suggested Citation: "Appendix D: Industry Roundtable Summary." National Academies of Sciences, Engineering, and Medicine. 2025. Risk Management at State DOTs: Building Momentum and Sustaining the Practice. Washington, DC: The National Academies Press. doi: 10.17226/29144.