The choice of an approach for managing program technical risk should be made as soon as possible. DoDD 5000.1 mandates that the Program Manager (PM) develop a risk management approach "before decision authorities can authorize a program to proceed into the next phase of the acquisition process." All aspects of a risk management program are, in turn, determined by the approach selected.
Delaying selection of a specific approach for managing technical risk will cause a program to flounder, especially if the contractor and the Government are following two different approaches. Further, the Integrated Product Team (IPT) cannot function successfully unless all members of the team – contractor and Government alike – are using a common approach.
Although the Defense Acquisition Deskbook offers the PM several approaches to risk management covering a broad spectrum of program risks, only three approaches have been selected for inclusion in this publication. Why? Results of a 1997 survey of risk management in 41 Department of the Navy (DoN) programs revealed that the following three approaches to managing program technical risk represent those used almost exclusively by DoN PMs.
3 Primary Approaches To Technical Risk
- Critical Process: Technical risk management conducted primarily by assessing contractor critical design, test, and production processes against industry best practices and metrics, with the degree of variance determining the level of risk. These critical processes are generally not tailored for individual Work Breakdown Structure (WBS) elements.
- Product (Work Breakdown Structure):
Technical risk management based on individual product or WBS elements, with risk assessments based on deviations from a cost and schedule baseline. Risk is expressed as a "probability estimate" rather than as a degree of process variance from a best practice.
- Integrated Process/Product (WBS): Technical risk
management based on specific critical processes affecting individual WBS
elements. These critical design, test, and production processes are assessed
against industry best practices and metrics, with the degree of variance
determining the level of risk. These approaches are described in the
remainder of this chapter.