Policy statement 437 - Risk management

Approved by the Energy, Environment, and Water Policy Committee on January 16, 2025 
Approved by the Public Policy and Practice Committee on March 28, 2025 
Adopted by the Board of Direction on July 10, 2025

Policy

The American Society of Civil Engineers (ASCE) urges government agencies and private entities at all levels to incorporate risk management in all decision-making processes that affect the public's safety, health, welfare, and investments in infrastructure. Further, potential risks and risk management practices must be clearly communicated to the public. This can be accomplished by:

• Developing and implementing up-to-date risk management guidelines, including- but not limited to- the need to assess and manage emerging risks such as cybersecurity threats to infrastructure, pandemics affecting construction and maintenance, and the socio-economic impacts of infrastructure decisions.
• Identifying and implementing strategies to reduce risk to public safety from natural and man-made hazards, including- but not limited to- the adoption of modern risk assessment tools like machine learning, AI-driven predictive models, and real-time data analysis for more accurate risk profiling.
• Establishing core risk assessment research programs to ensure that risk management is based on adequate scientific data and appropriate processes.
• Using existing and developing new tools to effectively communicate risks from natural and man-made hazards to the public and encourage public participation in key decision making.
• Advocating for incentives for projects that demonstrate exemplary risk reduction strategies or resilience enhancements.
• Revisiting risk assessments on a periodic basis and as conditions change or additional information becomes available.

Issue

Risk management, as defined by the Department of Homeland Security, is “the process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring or controlling it to an acceptable level.”  Many Government agencies, such as the U.S. Environmental Protection Agency and U.S. Army Corps of Engineers have recently developed tools to conduct risk assessments and prioritize the allocation of limited resources. However, effectively communicating risks with the public remains a significant challenge. Currently, public awareness of risks and the impact of infrastructure failures due to government and private decision making is low. Prior disaster events demonstrate the consequences of risks that failure were not completely identified, understood, or managed. 

With effective risk management, public participation in the decision-making process, and improved public communication techniques, government agencies and private entities can make informed decisions on critical topics ranging from land use, infrastructure development, mitigation of natural or man-made hazards, and establishment of environmental standards.

Rationale

When risk management is effectively managed and approached collaboratively with the general public, it can help government agencies and private entities allocate limited resources to protect human safety, health, infrastructure, and the environment. Risk management can be used to establish tolerable risk guidelines that form the basis of decision making. Risk assessment combined with public awareness should guide and direct proper planning, design, construction, operation, and maintenance practices.  While it is important to plan and design against possible failures, it is equally important to develop and maintain mitigation strategies and to generate awareness of potential downstream effects. It is essential that ASCE promotes the implementation of risk management strategies and that the general public remains engaged and involved in the decision-making process. 

This policy has worldwide application 
ASCE Policy Statement 437 
First Approved in 1995