||NAVSO P-3686: Top Eleven Ways to Manage Technical Risk
Risk Consequence is evaluated by answering the following question: "Given the identified risk is realized, what is the magnitude of the impact of that risk?" Levels of Consequence are labeled 1 through 5 and correspond to the x-axis on the Assessment Guide.
"Consequence" is a multifaceted issue. Applicable consequences have been
narrowed down to four key areas (again referring to Chapter 1, Figure 1-2 ): Technical Performance, Schedule, Cost, and Impact
on Other Teams. At least one (maybe more) of the four consequence metrics
needs to apply for there to be the potential for risk. However, if there is no
adverse Consequence, there is no risk irrespective of the assessed level of
Critical Process Variance. These four metrics are further discussed as
- Technical Performance: The wording of each level is oriented toward design
processes, but it should be applied as well to test processes, production
processes, life cycle support, and equipment disposal. For example, the word
"margin" could apply to weight margin during design, safety margin during
testing, or machine performance margins during construction/manufacture and
subsequent life cycle operation.
- Schedule: The words used in the Schedule column, as in all
columns of the Consequence Table, are meant to be generic. Avoid excluding a
consequence level from consideration just because it doesnít match a teamís
- Cost: Cost is considered an independent variable in Defense
programs. Since the magnitude of the dollars varies from component to
component and process to process, percentage of dollars is used. This is
also in step with Acquisition Program Baseline objectives and threshold
values, which are based on percentage of dollars. The levels listed here
represent costs at the program level. However, Integrated Product Teams
(IPTs) may choose to align these definitions with standard cost reporting
requirements consistent with cost consequences faced at the lower levels. At
the program level, the definitions are as follows: Level 1 is Minimal or No
Impact, Level 2 is <5%, Level 3 is 5 to 7%, Level 4 is >7 to 10%, and
Level 5 is >10%.
- Impact on Other Teams: Both the consequence of a risk and the mitigation actions
associated with reducing risk may impact another IPT. When this impact
results in increased complexity, levels of risk also increase. This may
involve additional coordination or management attention (resources) and may
therefore increase the level of risk.
Even after the Process Variance and Consequence levels have been determined, classification of the level of risk can be somewhat subjective, e.g., it could depend on the type of data being assessed. However, all assessments should be based on experienced judgment from your best technical people. Figures 1-1 and 1-2 of Chapter 1 , discussed previously, provide a risk management and assessment tool based upon a process oriented approach, and Critical Process Variances from known best practice standards are plotted against Consequences to derive a level of risk
Another approach used by some programs is provided for information in Figure 8-1, in which values of Probability (or Likelihood) of Occurrence and Consequence are assigned
to each risk element, with probability or likelihood plotted against
consequence to derive a risk assessment level.
In applying this figure, many programs use colors, such as Green = Low Risk,
Yellow = Moderate Risk, and Red =
High Risk. The derived risk assessment level should correlate with the
assessment made by experienced program office personnel; if not, the levels of
process variance/likelihood and consequence should be reevaluated and the risk
In practice, likelihood of occurrence is usually a
judgment call whereas process variance may be somewhat easier to measure
although sound judgment will still be required. Knowing this underscores the
importance of experienced and/or expert judgment to truly assess program risk.
"Practice Engineering Fundamentals" should be consulted to gain insight
into technical baseline Best Practices and "Watch Out Fors," related to
critical processes in design, test, and production and the principal areas of
risk associated with each of those processes.