||RMG 6th Edition: Risk Management Guide for DoD Acquisition
2.4. Top-Level Guidelines for Effective Risk Management
Top-Level Guidelines for Effective Risk Management
- Assess the root causes of program risks and develop strategies to manage
these risks during each acquisition phase.
- Identify as early as possible, and intensively manage those design
parameters that critically affect capability, readiness, design cost, or
- Use technology demonstrations, modeling and simulation, and aggressive
prototyping to reduce risks.
- Include test and evaluation as part of the risk management
- Include industry participation in risk management. Offerors should
have a risk approach as part of their proposals as suggested in this guide
to identify root causes and develop plans to manage those risks and should
include a draft RMP. Additionally, the offerors should identify risks
as they perceive them as part of the proposal. This not only helps the
government identify risks early, but provides additional insight into the
offeror’s level of understanding of the program requirements.
- Use a proactive, structured risk assessment and analysis activity to
identify and analyze root causes.
- Use the results of prior event-based systems engineering technical
reviews to analyze risks potentially associated with the successful
completion of an upcoming review. Reviews should include the status
of identified risks.
- Utilize risk assessment checklists (available for all event-based
technical reviews) in preparation for and during the conduct of technical
reviews. The DAU Technical Reviews Continuous
Learning Module (key words: “technical reviews” and course number
CLE003) provides a systematic process and access to checklists for
continuously assessing the design maturity, technical risk, and
programmatic risk of acquisition programs, and provides links to these
- Establish risk mitigation plans and obtain resources against that
- Provide for periodic risk assessments throughout each program
- Establish a series of “risk assessment events,” where the effectiveness
of risk reduction conducted to date is reviewed. These “risk
assessment events” can be held as part of technical reviews, risk review
board meetings, or periodic program reviews. These events should
include the systems engineering technical reviews, be tied to the IMP at
each level, and have clearly defined entry and exit criteria reviewed during
- Include processes as part of risk assessment. This would include
the contractor’s managerial, development, and manufacturing processes as
well as repair processes for the sustainment phase.
- Review the contractor’s baseline plans as part of the IBR process which
includes joint government/contractor evaluation of the inherent risks in the
contractor’s integrated earned value baseline (work definition, schedule,
- Review the contractor’s Schedule Risk Assessment (SRA) when provided as
part of the IMS data item (DI-MGMT-81650). Review the realism of the
contractor’s estimate at completion. Assess the overall likelihood of
the contractor achieving the forecasted schedule or final costs against the
- Establish a realistic schedule and funding baseline for the program as
early as possible in the program, incorporating not only an acceptable level
of risk, but adequate schedule and funding margins.
- Clearly define a set of evaluation criteria for assigning risk ratings
(low, moderate, high) for identified root causes.
- Determine the program’s approach to risk prioritization, commonly
presented in the risk reporting matrix discussed in Section