2.1. The Risk
Risk management is a continuous process that is accomplished throughout the
life cycle of a system. It is an organized methodology for continuously
identifying and measuring the unknowns; developing mitigation options;
selecting, planning, and implementing appropriate risk mitigations; and
tracking the implementation to ensure successful risk reduction.
Effective risk management depends on risk management planning; early
identification and analyses of risks; early implementation of corrective
actions; continuous monitoring and reassessment; and communication,
documentation, and coordination.
Acquisition program risk management is not a stand-alone program office
task. It is supported by a number of other program office tasks.
In turn, the results of risk management are used to finalize those
tasks. Important tasks, which must be integrated as part of the risk
management process, include requirements development, logical solution and
design solution (systems engineering), schedule development, performance
measurement, EVM (when implemented), and cost estimating. Planning a
good risk management program integral to the overall program management
process ensures risks are handled at the appropriate management level.
Emphasis on risk management coincides with overall DoD efforts to reduce
life-cycle costs (LCC) of system acquisitions. New processes, reforms,
and initiatives are being implemented with risk management as a key
component. It is essential that programs define, implement and document
an appropriate risk management and mitigation approach. Risk management
should be designed to enhance program management effectiveness and provide PMs
with a key tool to reduce LCC, increase program likelihood of success, and
assess areas of cost uncertainty.