Risk Management Process


Risk Identification is the activity that examines each element of the program to identify associated root causes that can cause failure, begin their documentation, and set the stage for their management. It begins as early as possible in successful programs and continues throughout the program. The Program Management Office (PMO) should develop and employ a formalized risk identification procedure, and all personnel should be responsible for using the procedure to identify risks. The intent of risk identification is to understand what can go wrong by [1]

  • Looking at current and proposed staffing, process, design, supplier, operational employment, resources, dependencies, etc.,
  • Monitoring test results especially test failures (readiness results and readiness problems for the sustainment phase),
  • Reviewing potential shortfalls against expectations, and
  • Analyzing negative trends.


Examination of risks to a program is accomplished through decomposition into relevant elements or areas. To identify risks and their root causes, Risk Integrated Product Teams (IPT) should break down program elements to a level where Subject Matter Experts (SME) can perform valid identification by Work Breakdown Structure (WBS) or Integrated Master Schedule (IMS) line item number. Risks are determined by examining each WBS element and process in terms of causes, sources, or areas of risk. During decomposition, risks can be identified based on prior experience, brainstorming, lessons learned from similar programs, and guidance contained in the program office Risk Management Plan (RMP). The examination of each element and process against each risk area is an exploratory exercise to identify the critical root causes. The investigation may show that risks are interrelated. [1]


See: Risk Identification Procedures


Root causes are identified by examining each WBS product and process element in terms of the sources or areas of risk. Root causes are those potential events that evaluators (after examining scenarios, WBS, or processes) determine would adversely affect the program at any time in its life cycle. [1]


An approach for identifying and compiling a list of root causes is to: [1]

  • List WBS product or process elements
  • Examine each in terms of risk sources or areas
  • Determine what could go wrong
  • Ask “why” multiple times until the source(s) is discovered

Typical Risk Sources include: [1]

  • Concurrency
  • Cost
  • Funding
  • Industry Capability
  • Logistics
  • Management
  • Manpower
  • Modeling and Simulation
  • Production/Facilities
  • Requirements
  • Schedule
  • Technical Baseline
  • Test and Evaluation
  • Threats



AcqLinks and References:

Updated: 6/19/2018

Print Friendly, PDF & Email