4.3.2 Risk Management Is a Formal
Formal risk management refers to a structured process whereby risks are systematically identified,
analyzed, handled, and monitored. (A recommended structure is described in Section 2 of this Guide.) A structured risk management process, which is applied early, continuously, and rigorously, provides a disciplined environment for decision making and for the efficient use of program resources. Through a disciplined process PMs can uncover obscure and lower-level risks that collectively could pose a major risk.
The need for a formal risk management process arises from the nature of risk and the complexity of acquisition programs. The numerous risks in an acquisition program are often interrelated and obscure and change in the course of the development process. A formal approach is the only effective method to sort through numerous risk events, to identify the risks and their interrelationships, to pinpoint the truly critical ones, and to identify cost-effective ways to reduce those risks, consistent with overall program objectives.
A structured process can reduce the complexity of an
acquisition program by defining an approach to assess, handle, monitor, and
communicate program risk. The systematic identification, analysis, and
mitigation of risks also offers a reliable way to ensure objectivity, that is,
minimize unwarranted optimism, prejudice, ignorance, or self-interest.
Further, structure reduces the impact of personnel turnover and provides a
basis for training and consistency among all the functional areas of a
program. A structured risk program may also promote teamwork and understanding
and improves the quality of the risk products.