390 likes | 842 Views
DoD Risk Management Policies and Procedures. Risk Assessment and Management (DoD 5000.1).
E N D
Risk Assessment and Management (DoD 5000.1) “Program Managers and other acquisition managers shall continually assess program risks. Risks must be well understood, and risk management approaches developed, before decision authorities can authorize a program to proceed into the next phase of the acquisition process. To assess and manage risk Program Managers and other acquisition managers shall use a variety of techniques, including technology demonstrations, prototyping, and test and evaluation. Risk management encompasses identification, mitigation, and continuous tracking, and control procedures that feed back through the program assessment process to decision authorities. To ensure an equitable and sensible allocation of risk between government and industry, Program Managers and other acquisition managers shall develop a contracting approach appropriate to the type of system being acquired.”
Cost, Schedule, and Performance Risk Management (DoD 5000.2-R) “The Program Manager shall establish a risk management program for each acquisition program to identify and control performance, cost, and schedule risks. The risk management program shall identify and track risk drivers, define risk abatement plans, and perform periodic assessments to determine how risks have changed. Risk reduction measures shall be included in cost-performance tradeoffs, where applicable. The risk management program shall plan for back-ups in risk areas and identify design requirements where performance increase is small relative to cost, schedule, and performance risk. The acquisition strategy shall include identification of the risk areas of the program and a discussion of how the Program Manager intends to manage those risks.”
Risk Management Structure(DoD Risk Management Study) Risk Management Risk Handling Risk Monitoring Risk Planning Risk Assessment Risk Documentation & Communications Risk Identification Risk Analysis
Definitions • Risk • - A measure of likelihood to achieve objectives • - Two components (probability and consequences) • Risk Management • - Act or practice of controlling risk • + Identifying and tracking risk drivers • + Defining risk mitigation plans • + Performing periodic risk assessments
Risk Planning • Process has two segments • Implementing a comprehensive and active strategy to continuously identify, mitigate and track program risks • Who does it • What do they do • When do they do it • How risk is shared • Documenting risk elements of program activities How do I get there from here?
Risk Assessment • Process of identifying and analyzing program risks to increase the chances of meeting performance, schedule, and cost objectives • Two segments • Risk Identification • Risk Analysis
Risk Identification • Process of specifying, describing and documenting program risks and their sensitivities to other risks • Internal • External
Risk Analysis • Process of evaluating program risks for their impacts to performance, cost, and schedule objectives • Process includes assessing each risk’s: • Probability of occurrence, and • Consequences of failure to mitigate the risk
Risk Handling • Process that identifies, evaluates, selects, and implements risk handling options • to set risk at acceptable levels • give program constraints • Typical risk handling strategies can include: • replan to eliminate the identified risk • avoid risk by changing requirements • transfer the risk • control the risk through active steps • assume the risk without special efforts
Risk Monitoring • Process that systematically tracks and evaluates the performance of risk mitigation actions - against established metrics throughout the acquisition* process, and - develops further risk handling options as appropriate* Acquisition includes any procurement from government or contractor sources within all phases from early research through logistics, operations, support, and disposal
Program Requirements Evaluate Risk Handling Options Analyze Impacts • Performance • Cost • Schedule • Avoid • Information Gathering • Transfer • Assume • Control Assess Risk • Identify • Analyze • Quantify Risk Evaluate Subcontractor Risks Risk Management Process Manage Risk • Review Indicators • Abatement Actions
Assess Risks Evaluate Risk Handling Options Establish Cost, Schedule, & Performance Impacts Program Requirements Assess Risks Manage Risks Evaluate Subcontractor Risks Identify Risk Areas Create Risk Management Tools Establish Approach Develop Team Analyze Risk
Risk Identification The WBS is normally used to organize and ensure completeness of the risk identification effort. Identification is generally performed at the 3rd or 4th level of the WBS.
Risk Categories and Consequences • Risk Categories • Requirements - Are the Necessary Requirements ( Operational or Design) Fully Defined? Is the Basis for the Requirements Stable (e.g. No Expected Threat Change) • Technology - Is the Technology Available Proven in Previous Use? • Engineering - How Much New Design is Needed to Achieve Requirements? • Manufacturing - Are the Required Manufacturing Processes, Facilities, and Sources of Materials Known and Available? • Support - Are the Required Support Resources Defined and Available? • Management - Are the Processes, Resources, and Experience Available to Successfully Perform this Program? • Risk Consequences • Performance - Can the Item Meet Its Requirements (Operational, Support and Manufacturing)? • Cost - Can the Item Be Developed and Operated within the Funding Allocated to It? • Schedule - Can the Item Be Developed and Deployed with the Time Allocated to It?
Sample Risk Identification WBS 113 - Guidance System Issues: New Design – Uses new chipset from CHIPLEAP program. Some concern exists on producibility and thermal characteristics. Assumptions: Megalith Corporation will design guidance system. They were a participant in the CHIPLEAP effort.
Organization of Risk Assessment Additional risk categories such as customer satisfaction or customer expectation can be developed for identification purposes. Risk assessment templates (shown on later charts) for subcategories can be developed and maintained by organizations.
Traditional Risk Analysis 1 Probability (Likelihood) Probability is Assigned x 0 Consequences are Estimated Potential Degradation Sys Reqt not Achieved x Performance Element Increase < 10% Element Increase > 50% x Consequences Cost Element Increase System Increase > 40% x Schedule
Traditional Risk Analysis 1 High Risk – Severe disruption expected to performance, cost, and / or schedule even with risk mitigation plans in place. Probability (Likelihood) Moderate Risk –Expected disruption to performance, cost, and / or schedule can be overcome by implementing risk mitigation plans. x x 0 Consequence Potential Degradation Sys Reqt not Achieved x Performance Low Risk – Little disruption expected to performance, cost, and / or schedule. Element Increase > 50% Element Increase > 50% x Cost Element Increase System Increase > 40% x Schedule
Weaknesses of Traditional Risk Analysis Process • Roll-up of risks characterized as high, moderate, or low at the 3rd or 4th WBS level are difficult. Example – Are 10 low risks and 1 high risk at WBS Level 4 elements expressed as low, moderate, or high at the parent WBS at Level 3? • Characterizing a risk as high, moderate, or low alerts the customer to the severity of the outcomes without giving insight into the likely capability of the delivered product.
Concurrency* Risk Management DT&E Completion Concurrency Degree of Concurrency > 67% 33 to 67 < 33 % 0 Low Moderate High Very High • Risk Handling Imperatives for Concurrent Programs • Insure Adequate Test Resources Are Available • Have Rapid Corrective Action Process Established • Have Effective Transition to Production Process • Phase Production to Allow for Early Testing • Use Modular Designs When Retrofits Are Expected * Overlap between Development Test & Evaluation and Production
Past Problems with DoD Weapons Systems Due to Requirements Development Practices Characterization of Past Practices 1. Vertical Flowdown Has Often Failed to Address All Products and Processes. This Has Resulted in Premature Selection of Design Features That Provided Little Additional Benefits for the Costs Incurred 2. Weapon System Requirements Have Not Been Developed in an Integrated Fashion (i.e., the Definition and Balancing of All Related Items at All Levels) Future Need • All Requirements Should Be Addressed and Subsequent Design Solutions Should Be Integrated and Verified Both Vertically and Horizontally
Objectives of Requirements Analysis • Articulate Customer Needs • Missions • Environments • Identify and Allocate Constraints • Design • Cost • Schedule • Develop and Define Measures of Effectiveness • Functional • Performance
Requirements Analysis Process Supplier “Hows” Design Features/ Performance Measures “Customer Wants” Needs Identification 1. Close Air Support 2. Deck Launched Intercept Prioritization of Customer “Wants” 1. Cost 2. Supportability 3. Mission Effectiveness Utility/Relationship Matrix Measures How Well “Wants” are Met. Key Tasks: 1. Identify Operational and Environmental Needs 2. Identify Customer Preferences 3. Prioritize Importance of Design Features Sensitivity to Design Features Prioritization of Relative Importance of Changes in Design Features
Requirements Analysis Timeflow Customer Requirements Systems & Operational Analysis Analysis Needs & Objectives • Requirement Categories • Defined • - Affordability • - Sortie Generation • - Target Kills • Technologies Identified • by Category • Preliminary Ranking of Technologies by Category • Preliminary RankingAcross Categories Preliminary Assessments - Effectiveness - Force Structure - Cost/Risk Customer Reaction
Preliminary Ranking of Technologies/Configurations Sort Systems in Each Category by Cost Sort Systems in Each Category by Effectiveness Increment Budget Determine Affordable Systems With Given Budget Estimate Configuration Effectiveness Based on Mission Effectiveness Results Cost Effective Technology/Configuration (for given budget) Determine Optimum Configuration at This Budget Level Approach Explores All Combinations of Options and Determines the Most Effective Technology or Configuration at Each Budget Level
Quantifying A/C Requirements Impact on Force Structure Reasonable Requirements Region ATS Unit Eff. Unit Eff Too Small #s Purchased Too Small ATS Radar Detection Range Air Wing Effectiveness ATS Proc. Quan ATS Radar Detection Range Detection Range