5-1 DoD Risk Management Policies and Procedures

5-2 Risk Assessment and Management (DoD ) “Program Managers and other acquisition managers shall continually assess program risks. Risks must be well understood, and risk management approaches developed, before decision authorities can authorize a program to proceed into the next phase of the acquisition process. To assess and manage risk Program Managers and other acquisition managers shall use a variety of techniques, including technology demonstrations, prototyping, and test and evaluation. Risk management encompasses identification, mitigation, and continuous tracking, and control procedures that feed back through the program assessment process to decision authorities. To ensure an equitable and sensible allocation of risk between government and industry, Program Managers and other acquisition managers shall develop a contracting approach appropriate to the type of system being acquired.”

5-3 Cost, Schedule, and Performance Risk Management (DoD R) “The Program Manager shall establish a risk management program for each acquisition program to identify and control performance, cost, and schedule risks. The risk management program shall identify and track risk drivers, define risk abatement plans, and perform periodic assessments to determine how risks have changed. Risk reduction measures shall be included in cost-performance tradeoffs, where applicable. The risk management program shall plan for back- ups in risk areas and identify design requirements where performance increase is small relative to cost, schedule, and performance risk. The acquisition strategy shall include identification of the risk areas of the program and a discussion of how the Program Manager intends to manage those risks.”

5-4 Risk Management Structure (DoD Risk Management Study) Risk Management Risk PlanningRisk Assessment Risk Handling Risk Monitoring Risk Documentation & Communications Risk Identification Risk Analysis

5-5 Definitions Risk - A measure of likelihood to achieve objectives - Two components (probability and consequences) Risk Management - Act or practice of controlling risk + Identifying and tracking risk drivers + Defining risk mitigation plans + Performing periodic risk assessments

5-6 Risk Planning Process has two segments –Implementing a comprehensive and active strategy to continuously identify, mitigate and track program risks Who does it What do they do When do they do it How risk is shared –Documenting risk elements of program activities How do I get there from here?

5-7 Risk Assessment Process of identifying and analyzing program risks to increase the chances of meeting performance, schedule, and cost objectives Two segments –Risk Identification –Risk Analysis

5-8 Risk Identification Process of specifying, describing and documenting program risks and their sensitivities to other risks –Internal –External

5-9 Risk Analysis Process of evaluating program risks for their impacts to performance, cost, and schedule objectives Process includes assessing each risk’s: –Probability of occurrence, and –Consequences of failure to mitigate the risk

5-10 Risk Handling Process that identifies, evaluates, selects, and implements risk handling options –to set risk at acceptable levels –give program constraints Typical risk handling strategies can include: –replan to eliminate the identified risk –avoid risk by changing requirements –transfer the risk –control the risk through active steps –assume the risk without special efforts

5-11 Risk Monitoring Process that systematically tracks and evaluates the performance of risk mitigation actions - against established metrics throughout the acquisition* process, and - develops further risk handling options as appropriate * Acquisition includes any procurement from government or contractor sources within all phases from early research through logistics, operations, support, and disposal

5-12 Risk Management Process Evaluate Risk Handling Options Avoid Information Gathering Transfer Assume Control Program Requirements Assess Risk Identify Analyze Quantify Risk Evaluate Subcontractor Risks Analyze Impacts Performance Cost Schedule Manage Risk Review Indicators Abatement Actions

5-13 Assess Risks Program Requirements Assess Risks Evaluate Risk Handling Options Evaluate Subcontractor Risks Establish Cost, Schedule, & Performance Impacts Manage Risks Establish Approach Develop Team Identify Risk Areas Analyze Risk Create Risk Management Tools

5-14 Risk Identification The WBS is normally used to organize and ensure completeness of the risk identification effort. Identification is generally performed at the 3 rd or 4 th level of the WBS.

5-15

5-16

5-17 Risk Categories and Consequences Risk Categories –Requirements - Are the Necessary Requirements ( Operational or Design) Fully Defined? Is the Basis for the Requirements Stable (e.g. No Expected Threat Change) –Technology - Is the Technology Available Proven in Previous Use? –Engineering - How Much New Design is Needed to Achieve Requirements? –Manufacturing - Are the Required Manufacturing Processes, Facilities, and Sources of Materials Known and Available? –Support - Are the Required Support Resources Defined and Available? –Management - Are the Processes, Resources, and Experience Available to Successfully Perform this Program? Risk Consequences –Performance - Can the Item Meet Its Requirements (Operational, Support and Manufacturing)? –Cost - Can the Item Be Developed and Operated within the Funding Allocated to It? –Schedule - Can the Item Be Developed and Deployed with the Time Allocated to It?

5-18 Sample Risk Identification WBS Guidance System Issues: New Design – Uses new chipset from CHIPLEAP program. Some concern exists on producibility and thermal characteristics. Assumptions: Megalith Corporation will design guidance system. They were a participant in the CHIPLEAP effort.

5-19 Additional risk categories such as customer satisfaction or customer expectation can be developed for identification purposes. Risk assessment templates (shown on later charts) for subcategories can be developed and maintained by organizations. Organization of Risk Assessment

5-20

5-21 Ref. – Best Practices

5-22 Ref. – Best Practices

5-23 Ref. – Best Practices

5-24 Ref. – AFMC

5-25

5-26 See Table 2.3 on pg 18 of RMG for DOD Acquisition

5-27 Probability (Likelihood) 1 0 Consequences Traditional Risk Analysis Performance Cost Schedule Potential Degradation Sys Reqt not Achieved Element Increase > 50% System Increase > 40% Element Increase Element Increase < 10% x x x Probability is Assigned Consequences are Estimated x

5-28 Probability (Likelihood) 1 0 Consequence Traditional Risk Analysis Performance Cost Schedule Potential Degradation Sys Reqt not Achieved Element Increase > 50% System Increase > 40% Element Increase Element Increase > 50% x x x x x High Risk – Severe disruption expected to performance, cost, and / or schedule even with risk mitigation plans in place. Moderate Risk –Expected disruption to performance, cost, and / or schedule can be overcome by implementing risk mitigation plans. Low Risk – Little disruption expected to performance, cost, and / or schedule.

5-29 Weaknesses of Traditional Risk Analysis Process 1.Roll-up of risks characterized as high, moderate, or low at the 3 rd or 4 th WBS level are difficult. Example – Are 10 low risks and 1 high risk at WBS Level 4 elements expressed as low, moderate, or high at the parent WBS at Level 3? 2.Characterizing a risk as high, moderate, or low alerts the customer to the severity of the outcomes without giving insight into the likely capability of the delivered product.

5-30 Insert Melbourne Paper Here

5-31 Miscellaneous Risk Topic

5-32 Concurrency* Risk Management DT&E CompletionConcurrency Degree of Concurrency > 67% 33 to 67 < 33 % 0 Low Moderate High Very High Risk Handling Imperatives for Concurrent Programs Insure Adequate Test Resources Are Available Have Rapid Corrective Action Process Established Have Effective Transition to Production Process Phase Production to Allow for Early Testing Use Modular Designs When Retrofits Are Expected * Overlap between Development Test & Evaluation and Production

5-33

5-34 Past Problems with DoD Weapons Systems Due to Requirements Development Practices Characterization of Past Practices 1. Vertical Flowdown Has Often Failed to Address All Products and Processes. This Has Resulted in Premature Selection of Design Features That Provided Little Additional Benefits for the Costs Incurred 2. Weapon System Requirements Have Not Been Developed in an Integrated Fashion (i.e., the Definition and Balancing of All Related Items at All Levels) Future Need All Requirements Should Be Addressed and Subsequent Design Solutions Should Be Integrated and Verified Both Vertically and Horizontally

5-35 Objectives of Requirements Analysis Articulate Customer Needs –Missions –Environments Identify and Allocate Constraints –Design –Cost –Schedule Develop and Define Measures of Effectiveness –Functional –Performance

5-36 Requirements Analysis Process Supplier “Hows” Design Features/ Performance Measures Utility/Relationship Matrix Measures How Well “Wants” are Met. “Customer Wants” Needs Identification 1. Close Air Support 2. Deck Launched Intercept Prioritization of Customer “Wants” 1. Cost 2. Supportability 3. Mission Effectiveness Sensitivity to Design Features Prioritization of Relative Importance of Changes in Design Features Key Tasks: 1. Identify Operational and Environmental Needs 2. Identify Customer Preferences 3. Prioritize Importance of Design Features

5-37 Requirements Analysis Timeflow CustomerRequirements Systems & Operational Analysis Analysis Needs & Objectives Requirement Categories Defined - Affordability - Sortie Generation - Target Kills Technologies Identified by Category Preliminary Ranking of Technologies by Category Preliminary Ranking Across Categories Customer Reaction Preliminary Assessments - Effectiveness - Force Structure - Cost/Risk

5-38 Preliminary Ranking of Technologies/Configurations Sort Systems in Each Category by Cost Sort Systems in Each Category by Effectiveness Determine Affordable Systems With Given Budget Estimate Configuration Effectiveness Based on Mission Effectiveness Results Determine Optimum Configuration at This Budget Level Increment Budget Cost Effective Technology/Configuration (for given budget) Approach Explores All Combinations of Options and Determines the Most Effective Technology or Configuration at Each Budget Level

5-39 Quantifying A/C Requirements Impact on Force Structure ATS Radar Detection Range ATS Unit Eff. ATS Proc. Quan Air Wing Effectiveness Detection Range Reasonable Requirements Region Unit Eff Too Small #s Purchased Too Small