||DSMC RMG 4th: Risk Management Guide 4th
3.5 RISK MANAGEMENT ACTIVITIES DURING ACQUISITION
Risk management activities should be applied continuously throughout all acquisition process phases. However, because of the difference in available information, the level of application and detail will vary for each phase. In Concept and Technology Development (CTD) Phase, management focuses on assessing the risks in the alternative concepts available to satisfy users needs and on planning a strategy to address those risks. For each of the subsequent phases, all four risk management activities may be applied with increasing focus on risk handling and monitoring.
The PM identifies objectives, alternatives, and constraints at the beginning of each phase of a program and then evaluates alternatives, identifies sources of project risk, and selects a strategy for resolving the risks. The PMO updates the acquisition strategy, risk assessments, and other aspects of program planning, based on analyses, for the phase of the acquisition.
Developers should become involved in the risk management process at the beginning, when users define performance requirements, and continue during the acquisition process until the system is delivered. The early identification and assessment of critical risks allow PMs to formulate handling approaches and to streamline the program definition and the RFP around critical product and process risks.
The following paragraphs address risk management in
the different phases in more detail.
3.5.1 Concept and Technology Development (CTD) Phase
DoDI 5000.2 describes the Concept and Technology Development (CTD) Phase as
normally consisting of studies that define and evaluate the feasibility of
alternative concepts and provide the basis for the assessment of these
alternatives in terms of their advantages, disadvantages, and risk levels at
the Milestone (MS) B decision point. In addition to providing input to the
Analysis of Alternatives, the PM develops a proposed acquisition program
baseline (APB) and exit criteria for the System Integration (SI) part of the
System Development and Demonstration (SDD) Phase.
The APB documents the most important performance, cost, and schedule
objectives and thresholds for the selected concepts. The parameters selected
are such that a re-evaluation of alternative concepts is appropriate if
thresholds are not met. Exit criteria are events or accomplishments that allow
managers to track progress in critical technical, cost, or schedule risk
areas. They must be demonstrated to show that a program is on track.
In defining alternative concepts, PMs should pay particular attention to
the threat and the user's requirements, which are normally stated in broad
terms at this time. Risks can be introduced if the requirements are not
stable, or if they are overly restrictive and contain specific technical
solutions. Requirements can also be significant cost and schedule risk drivers
if they require a level of performance that is difficult to achieve within the
program budget and time constraints. Such drivers need to be identified as
early in the program as possible.
The acquisition strategy should address the known risks for each
alternative concept, and the plans to handle them, including specific events
intended to control the risks. Similarly, the T&E strategy should reflect
how T&E, with the use of M&S, will be used to assess risk levels and
identify new or suspected risk areas.
A risk management strategy, derived in concert with the acquisition
strategy, should be developed during this phase and revised and updated
continually throughout the program. This strategy should include risk
management planning that clearly defines roles, responsibilities, authority,
and documentation for program reviews, risk assessments, and risk
3.5.2 Subsequent Phases
During subsequent phases, concepts, technological approaches, and/or design
approaches (selected at the previous milestone decisions) are pursued to
define the program and program risks. Selected alternative concepts continue
to be analyzed, and the acquisition strategy, and the various strategies and
plans derived from it, continue to be refined.
Risk management efforts in these phases focus on: understanding critical
technology, manufacturing, and support risks, along with cost, schedule, and
performance risks; and demonstrating that they are being controlled before
moving to the next milestone. Note that the accuracy of cost, schedule,
performance risk assessments should improve with each succeeding program phase
(e.g., more info, better design documentation, etc.). Thus, particular
attention should be placed on handling and monitoring activities. Planning and
assessment should continue as new information becomes available and new risk
events are identified.
During these phases, the risk management program should be carried out in
an integrated Government-contractor framework to the extent possible, that
allows the Government to manage program risks, with the contractor responsible
to the PM for product and process risks and for maintaining design
accountability. Both the Government and contractors need to understand the
risks clearly, and jointly plan management efforts. In any event, risk
management needs to be tailored to each program and contract