Risk has always been a concern in the acquisition of Department of Defense (DoD) systems. The acquisition process itself is designed, to a large degree, to allow risks to be controlled from conception to delivery of a system. Unfortunately, in the past, some Program Managers (PMs) and decision makers have viewed risk as something to be avoided. Any program that had risk was subject to intense review and oversight. This attitude has changed. DoD managers recognize that risk is inherent in any program and that it is necessary to analyze future program events to identify potential risks and take measures to handle them.
Risk management is concerned with the outcome
of future events, whose exact outcome is unknown, and with how to deal with
these uncertainties, i.e., a range of possible outcomes. In general, outcomes are
categorized as favorable or unfavorable, and risk management is the art and
science of planning, assessing, and handling future events to ensure favorable
outcomes. The alternative to risk management is crisis management, a
resource-intensive process that is normally constrained by a restricted set of