Saudi Arabia Railways Enterprise Risk Management

Challenge

In early 2021, Ricardo was appointed to design and implement an Enterprise Risk Management (ERM) Framework for Saudi Arabia Railways (SAR). 

The requirement was to develop an approach aligned with ISO 31000:2018, the recognised international standard for risk management, that could be implemented on various networks operated by SAR, including the North-South Railway, the Haramain High Speed Railway and the Mecca Metro.

Approach

Between February and June 2021, more than 190 consultation workshops were held with 57 functional departments. For each department, a risk register was updated setting out risks across ten core categories – including safety, reputation, legal – with each risk scored for impact/likelihood, and for current mitigation measures.

By cross-analysing the risk registers, the Ricardo experts could map the connections and compile a full list of priority risks, as determined by SAR's own teams.

Results

ERM is about developing an internal capability to identify hazards across an entire organisation and ensure coherent, joined up responses can be prepared.

For the first time, SAR has gained the ability to link maintenance and infrastructure concerns alongside those of recruitment and revenue collection. 

In doing so, SAR can move from a typical 'silo' approach to assessments - where individual departments run their own risk exercises in isolation - to a model able to identify risks that transcend functions.