Risk & Safety Management

Risk Management Overview

Risk Management ProcessRisk is a measure of future uncertainties in achieving program performance goals, requirements, and objectives within defined cost, schedule, and performance constraints. Risk can be associated with all aspects of a program (e.g., threat, System Safety, technology maturity, supplier capability, design maturation, performance against plan) as these aspects relate across the Work Breakdown Structure (WBS), Integrated Master Schedule (IMS) and Integrated Master Plan (IMP). Risk addresses the potential variation in the planned approach and its expected outcome. [1]

Risks Management Components

  1. A future root cause (yet to happen), which, if eliminated or corrected, would prevent a potential consequence from occurring,
  2. A probability (or likelihood) assessed at the present time of that future root cause occurring, and
  3. The consequence (or effect) of that future occurrence.

Risk Management

Risk management is a continuous process that is accomplished throughout the life cycle of a system and should begin at the earliest stages of program planning. It is an organized methodology for continuously identifying and measuring the unknowns; developing mitigation options; selecting, planning, and implementing appropriate risk mitigations; and tracking the implementation to ensure successful risk reduction. Effective risk management depends on risk management planning; early identification and analyses of risks; early implementation of corrective actions; continuous monitoring and reassessment; and communication, documentation, and coordination. It’s most effective if it is fully integrated with the program’s Systems Engineering, Program Management, and Test & Evaluation processes.

Risk Management Process

The risk management process includes the following continuous key activities as shown above:

Risk Management Objectives

The Risk Management Objectives of a well-managed risk management program is to provide a repeatable process for balancing cost, schedule, and performance goals within program funding.  This is especially true on programs with designs that approach or exceed the state-of-the-art or have tightly constrained or optimistic cost, schedule, and performance goals. Without effective risk management, the Program Management Office (PMO) may find itself doing crisis management, a resource-intensive process that is typically constrained by a restricted set of available options. Successful risk management depends on the knowledge gleaned from assessments of all aspects of the program coupled with appropriate mitigations applied to the specific root causes and consequences. [1]

Risk Management Framework (RMF)

The DoD Risk Management Framework (RMF) describes the DoD process for identifying, implementing, assessing, and managing cybersecurity capabilities and services, expressed as security controls, and authorizing the operation of Information Systems (IS) and Platform Information Technology (PIT) systems. RMF brings a risk-based approach to the implementation of cybersecurity, supports cybersecurity integration early and throughout the system lifecycle, promotes reciprocity to the maximum extent possible, and stresses continuous monitoring. RMF replaces the DoD Information Assurance Certification and Accreditation Process (DIACAP).

Risk Management Plan

A Risk Management Plan (RMP) is prepared by a project manager to address risks, their potential impact on a program and consists of ways to reduce these risks. The RMP tells the government and contractor team how they plan on reducing risks to a certain level by a certain time.

Risk Management Topics

As a Program Manager (PM), systems engineer, risk manager, or safety manager there are many areas of risk and safety management that need to be understood in order to successfully execute a program. A few of these areas include:

System Safety

System Safety is the application of engineering and management principles, criteria, and techniques to achieve acceptable risk within the constraints of operational effectiveness and suitability, schedule, and cost throughout the system’s lifecycle. System safety covers the entire spectrum of environment, safety, and occupational health (ESOH) considerations. It is an integral part of the Systems Engineering (SE) process and specific activities are required throughout the different phases of the acquisition lifecycle. [2]

AcqTips:

AcqLinks and References:

Updated: 7/22/2021

Rank: G

Leave a Reply