PREFACE

In 1996, the USD (AT&L) established a Risk Management Working Group composed of members of the Office of the Secretary of Defense (OSD) staff, representatives of the Services, and members of other DoD agencies involved in systems acquisition. This group reviewed pertinent DoD directives (DoDD) and regulations, examined how the Services managed risk, studied various examples of risk management by companies in commercial industry, and looked at DoD training and education activity in risk management. The Working Group also coordinated with other related efforts in DoD. Membership of the Working Group included a representative from USD (AT&L) who kept members informed on the status of current DoD acquisition reform initiatives. Other sources of information were the Software Engineering Institute Risk Initiative, the Open Systems Initiative, and Safety and Cost Estimating communities. The findings and results of the Working Group investigation were presented to the USD (AT&L) in July 1996 and are summarized below:

Commercial Industries

Focus of efforts is on getting a product to market at a competitive cost. Companies have either a structured or informal Risk Management process. Evolutionary approaches help avoid or minimize risk. Most approaches employ risk avoidance, early planning, continuous assessment, and problem-solving techniques. Structured approaches, when they exist, are similar to DoD's approach to Risk Management. The Working Group concluded that industry has no magic formula for Risk Management.

The Services

The Services differ in their approaches to Risk Management. Each approach has its strengths but no one approach is comprehensive. Consolidation of the strengths of each approach could foster better Risk Management in DoD. The Working Group recommended that the Defense Acquisition Deskbook contain a set of guidelines for sound risk management practices, and further, that it contain a set of risk management definitions that are comprehensive and useful by all the Components.

DoD Policy*

The risk management policy contained in DoDD 5000.1 is not comprehensive. The Working Group recommended that DoDD 5000.1 be amended to include a more comprehensive set of risk management policies that focuses on: The relationship between the Cost As an Independent Variable (CAIV) concept and Risk Management. Requirement that risk management be prospective (forward looking). Establishment of risk management as a primary management technique to be used by Program Managers (PMs).

DoD Procedures

Risk Management procedures in DoD 5000.2-R are inadequate to fully implement the risk management policy contained in DoDD 5000.1. Procedures are lacking regarding the: - Scope of Risk Management - Purpose of Risk Management - Role of Milestone Decision Authorities - Risk Management's support of CAIV - Risk assessment during Phase 0. Some key procedures may have been lost in transition from DoD 5000.2M to DoD 5000.2-R. The Working Group recommended that procedures in DoD 5000.2-R be expanded, using the Defense Acquisition Deskbook as the expansion means, in order to provide comprehensive guidance for the implementation of risk management policy.

DoD Risk Management Training

Risk management training for the DoD Acquisition Corps needs to be updated and expanded, and Integrated Product Team (IPT) and Overarching IPT (OIPT) personnel need to be educated on the new and expanding role of risk management in DoD systems acquisition. Risk Management knowledge level needs improvement. Education is a key to getting the support of OIPTs and PMs. The Working Group recommended that the Defense Acquisition University (DAU) include training for Risk Management in all functional courses and develop a dedicated risk management course for acquisition corps personnel.

*Note: The DoD 5000 policy documents referred to in the 1996 Report have since been superseded by a new set of DoD 5000 policy documents issued in late 2000 and early 2001.

Following that guidance, Working Group members wrote the risk management portions of the Deskbook. In 2000, the Deskbook was included as part of the Acquisition Support Center (http://center.dau.mil).

The Risk Management part of the Deskbook forms the basis for this Guide. The goal of the Risk Management Guide is to provide acquisition professionals and program management offices with a reference for dealing with system acquisition risks. It has been designed as an aid in classroom instruction and as a reference for practical applications.

This Guide reflects the efforts of many people. Mr. Mark Schaeffer, former Deputy Director, Systems Engineering, who chaired the Risk Management Working Group, and Mr. Mike Zsak and Mr. Tom Parry, formerly from the AT&L Systems Engineering Support Office, were the original driving force behind the risk management initiative. Mr. Paul McMahon and Mr. Bill Bahnmaier from the DAU/DSMC faculty and Mr. Greg Caruth, Ms. Debbie Gonzalez, Ms. Frances Battle, SSgt. Gerald Gilchrist, Sr., USAF, and Ms. Patricia Bartlett from the DAU Press, guided the composition of the Guide. Assistance was also provided by Mr. Jeff Turner of the DAU Publications Distribution Center. Special recognition goes to the Institute for Defense Analyses team composed of Mr. Louis Simpleman, Mr. Ken Evans, Mr. Jim Lloyd, Mr. Gerald Pike, and Mr. Richard Roemer, who compiled the data and wrote major portions of the text.