Risk Tracking (sometimes referred to as Risk Monitoring) is an activity of systematically tracking and evaluating the performance of risk mitigation actions against established metrics throughout the acquisition process and develops further risk mitigation options or executes risk mitigation plans, as appropriate. Its intent is to ensure successful Risk Mitigation and should be done as part of technical reviews, risk review board meetings, or periodic program reviews. It feeds information back into the other risk management activities of identification, analysis, mitigation planning, and mitigation plan implementation. [1]

Risk Tracking Activities Include: [1]

• Communicating risks to all affected Stakeholders,
• Monitoring risk mitigation plans,
• Reviewing regular status updates,
• Displaying risk management dynamics
• Tracking risk status within the Risk Reporting Matrix, and
• Alerting management as to when Risk Mitigation Plans (RMP) should be implemented or adjusted

The key to the tracking activity is to establish a management indicator system over the entire program. The Program Manager (PM) uses this indicator system to evaluate the status of the program throughout its life-cycle. It should be designed to provide early warning when the likelihood of occurrence or the severity of consequence exceeds pre-established thresholds/limits or is trending toward exceeding pre-set thresholds/limits so timely management actions to mitigate these problems can be taken. [1]

The Program Management Office (PMO) should re-examine risk assessments and Risk Mitigation approaches concurrently. As the system design matures, more information becomes available to assess the degree of risk inherent in the effort. The program office should also look for new risk mitigation options. Alternative technologies may mature, new products may become available in the marketplace or maybe information found in unexpected places. [1]

Risk Tracking Results

Risk tracking results should be documented and reported and present standard likelihood and consequence screening criteria, as well as the Risk Reporting Matrix. Documentation includes all plans and reports for the PM and decision authorities and reporting forms that may be internal to the program office. The purpose is to ensure management receives all necessary information to make timely and effective decisions. This allows for coordination of actions by the risk team, allocation of resources, and a consistent, disciplined approach. [1]

AcqTips:

• For more detailed explanation on risk, visit the DoD Risk Issue and Opportunity Management Guidance for Defense Acquisition Programs – June 2015.
• Throughout a program, a PMO should reevaluate known risks on a periodic basis and examine the program for new root causes.

AcqLinks and References:

• DoD Risk Issue and Opportunity Management Guidance for Defense Acquisition Programs – June 2015
• [1] DoD Risk Management Guidebook – Section 7.0 – Aug 06 (Outdated)

Updated: 7/15/2021

Rank: G1