PREFACE

In 1996, the USD (AT&L) established a Risk Management Working Group composed of members of the Office of the Secretary of Defense (OSD) staff, representatives of the Military Services, and members of other DoD agencies involved in systems acquisition. This group reviewed pertinent DoD directives (DoDD) and regulations, examined how the Services managed risk, studied various examples of risk management by industry, and looked at DoD training and education activity in risk management. Other sources of information were the Software Engineering Institute Risk Initiative, the Open Systems Initiative, and the safety and cost estimating communities. The findings and results of the Working Group investigation were presented to the USD (AT&L) and are summarized below:

Working Group members then wrote the risk management portions of the Defense Acquisition Deskbook. The Defense Acquisition Deskbook (sometimes referred to as the “Legacy” Deskbook) is accessible from the AT&L Knowledge Sharing System (AKSS) Website (http://deskbook.dau.mil/jsp/default.jsp).

Industries

Focus of efforts is to get a product to market at a competitive price. Industry has have either a structured or informal Risk Management process. Evolutionary approaches help avoid or minimize risk. Most approaches employ risk avoidance, early planning, continuous assessment, and problemsolving techniques. Structured approaches, when they exist, are similar to DoD’s approach to Risk Management. The Working Group concluded that industry has no magic formula for Risk Management.

The Military Services

The Services differ in their approaches to Risk Management. Each approach has its strengths but no one approach is comprehensive. Consolidation of the strengths of each approach could foster better Risk Management in DoD. The Working Group recommended that the Defense Acquisition Deskbook contain a set of guidelines for sound risk management practices, and further, that it contain a set of risk management definitions that are comprehensive and useful by all the Components.

DoD Policy*

The risk management policy contained in DoDD 5000.1 is not comprehensive. The Working Group recommended that DoDD 5000.1 be amended to include a more comprehensive set of risk management policies that focuses on: The relationship between the Cost As an Independent Variable (CAIV) concept and Risk Management. Requirement that risk management be prospective (forward looking). Establishment of risk management as a primary management technique to be used by Program Managers (PMs).

DoD Procedures

Risk Management procedures in DoD 5000.2-R (Note: Later changed to Interim Defense Acquisition Guidebook) are inadequate to fully implement the risk management policy contained in DoDD 5000.1. Procedures are lacking regarding: –   Scope of Risk Management –   Purpose of Risk Management –   Role of Milestone Decision Authorities –   Risk Management's support of CAIV –   Risk assessment during early acquisition phases. Some key procedures may have been lost in transition the DoD 5000.2-R, and need to be expanded upon in the Defense Acquisition Deskbook.

DoD Risk Management Training

Risk management training for the DoD Acquisition Corps needs to be updated and expanded, and Integrated Product Team (IPT) and Overarching IPT (OIPT) personnel need to be educated on the new and expanding role of risk management in DoD systems acquisition. Risk Management knowledge level needs improvement. Education is a key to obtaining the support of OIPTs and PMs. The Defense Acquisition University (DAU) needs to include Risk Management training in all functional courses and develop a dedicated risk management course for acquisition corps personnel.

*Note:

The DoD 5000 policy documents referred to in the 1996 Report have since been superseded by a new set of DoD 5000 policy and guidance documents issued in 2002–2003 time frame.

 

The recommendations of the Risk Management Working Group have been fully implemented over the period 1996-2003. The Risk Management part of the Defense Acquisition Deskbook and material in the Risk Focus Area of the Program Management Community of Practice (PMCoP) (http://www.pmcop.dau.mil) form the basis for this Guide. The goal of the Risk Management Guide is to provide acquisition professionals and program management offices with a practical reference for dealing with system acquisition risks. It has also been designed to be used as an aid in DAU course offerings.

This Guide reflects the efforts of many people. Mr. Mark Schaeffer, former Deputy Director, Systems Engineering, who chaired the initial Risk Management Working Group, and Mr. Mike Zsak and Mr. Tom Parry, formerly from the AT&L Systems Engineering Support Office, were the original driving forces behind the risk management initiative. LtCol John Driessnack, USAF, from the DAU/DSMC faculty; Mr. Greg Caruth, Ms. Debbie Gonzalez, and Ms. Frances Battle from the DAU Press; and Ms. Patricia Bartlett from Bartlett Communications guided the composition of the Guide. Assistance was also provided by Mr. Jeff Turner of the DAU Publications Distribution Center. Special recognition goes to the Institute for Defense Analyses team composed of Mr. Louis Simpleman, Mr. Ken Evans, Mr. Jim Lloyd, Mr. Gerald Pike, and Mr. Richard Roemer, who compiled the data and wrote major portions of the text. Also special thanks to Ms. Margaret Adcock for her detailed comments and support, and to Dr. Edmund Conrow for his suggestions and recommendations that have vastly improved the Guide.

Charles B. Cochrane Director DAU Center for Program Management

William W. Bahnmaier Editor