An effective Risk Management Process requires a commitment on the part of the Program Manager (PM), the Program Management Office (PMO) and the contractor to be successful. A government risk management program should have a goal to share program risks with the development, production, or support contractor and not transfer all risks to a contractor.

Risk Mitigation requires that a contractor execute a robust risk management process and communicate all program risks with the government for mutual adjudication. A common risk database (Risk Register) available and open to the government and the contractor is an extremely valuable tool to accomplish this.

A contractor should conduct the following risk activities to include: [1]

  • Develop an internal risk management program and work jointly with the government program office to develop an overall risk management program.
  • Conduct Risk Identification and Analysis during all phases of the program, including proposal development. Develop appropriate risk mitigation strategies and plans.
  • Assess impacts of risk during proposal and baseline development. Use projected consequences of high probability risks to help establish the level of management reserve and schedule reserve.
  • Jointly conduct Integrated Baseline Review (IBR)s with the Government team to reach mutual understanding of risks inherent in the program baseline plans.
  • Conduct schedule Risk Analyses at key points during all phases of the program, including proposal development.
  • Incorporate risk mitigation activities into Integrated Master Schedule (IMS) and program budgets as appropriate.
  • Use IMS and Earn Value Management (EVM) information (trends and metrics) to monitor and track newly identified risks and monitor progress against risk plans. Identify new risk items, and report status against risk mitigation plans to company management and the Government program office.
  • Assess impact of identified performance, schedule and costs risks to estimate at completion, and include in the estimate as appropriate. Develop a range of estimates (best case, most likely, worst case).
  • Synthesize and correlate the status of new and ongoing risk elements in the IMS, Contractor Performance Report (CPR), Risk Mitigation Plans, technical status documentation, program status reviews, and other sources of program status.
  • Assign responsibility for risk mitigation activities, and monitor progress through a formal Risk Tracking system.

AcqLinks and References:

Updated: 7/29/2017

Print Friendly, PDF & Email