This document provides guidance on identifying and managing risks for projects. It contains a collection of risk categories to help project managers consider risks and their potential impacts. The categories cover requirements, schedule, cost, contracting, funding, management, systems engineering, and facilities risks. For each category, it lists specific questions to assess risks in that area and ensure they are properly addressed throughout the project life cycle. The goal is to identify risks early, develop risk handling strategies, and continuously refine risk management as the project progresses.
1. 2009
NiwotRidge LLC
GlenB. Alleman
[RISK MANAGEMENT GUIDEANCE]
The managementof riskisa critical successfactorof any projector program.Thisdocumentisa
collectionof riskmanagementcategoriesthatare usedtoask the question“didyouthinkaboutthisrisk
and itsimpacton our probabilityof success?”
2. [RISK MANAGEMENT GUIDEANCE] October12, 2009
2 RequirementsRisks |NiwotRidge LLC
RiskManagementisan essential elementof everyproject.The riskmanagementapproachmust be
analytical,foreword looking,structured,informative,andcontinuous.Riskassessmentsstartasearlyin
the projectlife cycle aspossible andshouldidentifycritical technical,performance,schedule,andcost
risks.
Once risksare identified,soundriskhandlingstrategiesandactionsare developedanddocumented.As
a projectprogresses,newinformationimprovesadditionalinsightintoriskareasandallowsthe
continuous refinementof the riskhandlingstrategies.
A close relationshipbetweenthe IntegratedProjectteam(IPT) members
RE QU IR E ME NT S RIS K S
Can the current requirementsbaseline be identified?
● How isthisbaseline represented?
● Can all the requirementsbe tracedtothe needcapabilitiesandthe implementationefforts?
● Are the operational requirementsproperlyestablishedandclearlystated?
Is the requiredoperatingenvironmentdescribedaccuratelyandinsufficientdetail?
Are sufficientsubjectmatterexpertsavailabletoreview the requirements?
Have all requirementsbeencapturedfrom:
● Documents?
● Architectures,models,oruse cases?
● Customerexpectations?
● Operational usage?
● All relevantstakeholders?
● Organizational policiesorstandards?
● Militarypoliciesorstandards?
● Commercial standards?
Have the requirementsbeensuccessfullyimplementedonanyothersystemorproduct?
● If so, whatrisksand issuesemergedduringthe executionof the project?
Are non-developmental items(NDI) beingusedonthe program?
● If so, have theirinterfacesbeenidentified,capabilitiesverified,andsupplyreliability
assured?
Is requirementsanalysisbasedonrealisticdesignassumptions?
● Is there a designbasiswhichdrivesthe requirements?
● Is that designbasiscredible andverifiable?
Are requirementsforthe currentdevelopmentorspiral:
● Complete (no TBDs)?
● Clear,withMeasuresof Performance andMeasuresof Effectiveness?
● Feasible?
● Testable,withtestcoverage models?
● Measurable,withunitsof measure definedforeachdeliverable?
● Understoodbyall stakeholders?
● Time-sequenced?
● Prioritized?
● Designor solutionindependent?
3. [RISK MANAGEMENT GUIDEANCE] October12, 2009
3 RequirementsRisks |NiwotRidge LLC
Do the requirementsmeetthe customer'sintentforthe systemorproduct(i.e.,will itdowhat
it’ssupposedtodo)?
Are requirementsstable?
● What requirementschange rate isacceptable for thisproject?
● Is a requirementschange control processinplace?
● How quicklyare requirementschanging?
Can the requirementschange inresponse to:
● Newor changingmission?
● Fundingshiftorcut?
● Worldevent?
● Technologyopportunity?
● Schedule disruptions?
● Resource reduction?
Are requirementschangesanalyzedfor:
● Impact onlowerrequirements?
● Impact onachievingprogramobjectives?
● Conflictwithprogramobjectivesorrequirements?
● Interfaceswithotherprogramsorsystems?
Are the requirements underconfigurationcontrol?
Are dependentrequirementsidentified?
Doeseach requirementhave one ormore funded"parent"requirement(s)?
Are requirementsavailable tothe programfroma single repository?
Doesthe program have a Change Control Board (CCB):
● Establishedatthe programlevel?
● Establishedatappropriate sub-programlevels?
● Representative of all stakeholders?
● That meetsregularly?
● That is effective?
Are requirementsconsistentwith:
● Program fundingandschedule?
● Stakeholderinvolvement?
● Technologyavailable?
● Infrastructure architecture?
Are hardware,software andinterface constraintsidentified?
Do the requirementsaddressthe entire lifecycle (includinglogisticsandsuitability)?
4. [RISK MANAGEMENT GUIDEANCE] October12, 2009
4 Schedule Risks |NiwotRidge LLC
SCH E D U LE RIS KS
Is there sufficienttime todevelop,document,andgainapproval forprogramacquisition
strategy?
Is there sufficienttime tocontract,develop,andtestasupportable product?
Is schedule consideredintrade-offstudies?
Doesthe schedule reflectrealisticacquisitionplanning?
Are the AcquisitionPlanningBoard(APB) scheduleobjectivesrealisticandattainable?
Are the resourcesavailable tomeetschedule?
Doesthe schedule accommodate forrework?
Doesthe schedule accommodate forcontingencyplanning?
Are the schedule estimationmethodsaccurate andstandardizedwithinprogram?
How visibleisthe programschedule todecision-makersandhigher-levelmanagement?
CO S T AN D BAS IS O F ES T IMAT E RIS KS
Were realisticcostobjectivesestablishedearly?
Doesthe fundingprofile matchthe acquisitionstrategy?
Is the fundingprofilestable frombudgetcycle tobudgetcycle?
To Reduce Total OwnershipCost(RTOC):
● Was the systembaselinedbeforecontractaward?
● Was sustainmentplanningdone upfront?
● Are cost and manpowersavingsprojectionstrackedtoplan?
● Are cost and manpowersavingsprojectionsrealized?
Are cost-performance tradeoffsbeingdone,especiallyformarginal performance capability
improvements?
What are the redesigncostsof:
● EngineeringChange Proposals(ecps)?
● Modificationsonce systemisdeployed?
Are supportrequirementsbeingcostedearly?
Doesthe systemrelysignificantlyonsoftware?
CO N T R ACT ING AN D PR O CU REME NT RIS KS
Doesthe contract include requirementsfornecessaryengineeringandmanagementprocesses
and policies?
Are there multiple contractorsinvolvedinthe program?
● Didanalysisdeterminewhobesttodointegration - governmentorcontractor?
● Is the Governmentresponsible forintegration?
● Is a Prime Contractorresponsibleforintegration?
● Has an integrationcontractbeenauthorized,planned,andimplemented?
Is the contractor able to complete agreedtofunctionalitywithindefinedguidelines?
Are there sufficientincentives?
Is the Governmentaware of the workrequiredtocomplete the jobwithinbudgetandschedule?
Is the Governmentmonitoringthe workperformed?
5. [RISK MANAGEMENT GUIDEANCE] October12, 2009
5 Funding/Financial Risks |NiwotRidge LLC
Didanalysisdeterminethe workrequired?
Didpast experience determine the workrequired?
Can the GovernmentandContractor reachagreement on:
● Program requirements?
● Testresults?
● Warranty responsibility?
Is Governmentable todiscussthe workprogramwithpeople doingthe job?
● EvenwhensubcontractedbyPrime Contractor?
Is the subcontractmanagementevaluatedsufficiently?
Are specificitemsthatusedtobe undermilitarystandardsidentifiedandmanaged?
Do the Government-purchaseddatapackagesfollow contractor-uniquemanufacturing
processes?
Are the Government-purchaseddatapackagesreproducible?
Is reprocurementdataavailableintime forproduction?
Do the followinghave goodrelationships:
● GovernmentandContractor?
● Contractor andIntegrator?
● Contractor andSubcontractor?
Doesthe Contractor pro-actively:
● Identify DiminishingManufacturingSource (DMS) parts?
● Solve DiminishingManufacturingSource (DMS) issues?
Doesthe Contractor have a good processto manage changesinthe program?
Can the Contractor be downsizedorboughtout?
Is systemengineeringexpertise available atthe contractorfacility?
Are the keypersonnel citedbythe contractorin hisproposal actuallyperformingonthe
contract?
Do the contractor personnel availableunderthe contracthave the skillsnecessarytodevelopor
integrate the system?
Will the contractor be able to hire forthe productionrun?
Will skilledpersonnelbe re-allocatedif contractistoosmall?
Was the program baselinedpriortocontractaward?
FU N D IN G / FIN AN CIAL RIS KS
Is the fundingprofilestable?
Is the fundingprofileallocatedadequatelyforthe programschedule?
● Are RDT&E fundsearlyand/orinadequate?
● Are productionfundsearly,late,and/orinadequate?
● Doesfundingtimingconsiderlongleaditems?
Is the fundingunderthe control of the program manager?
Is the fundingforthe programin contentionwithotherprograms?
Are fundsreprogrammedperiodicallybyyears?
Are fundsreprogrammedperiodicallybyappropriations?
Doesthe fundingprofile allowforareasonable programplan?
6. [RISK MANAGEMENT GUIDEANCE] October12, 2009
6 ManagementandLeadershipRisks |NiwotRidge LLC
Is the fundingsufficientforrealizationof the requirements?
Doesfundingconsiderlicensingfees?
MAN AG E ME NT AN D LE ADE RS HIP RIS KS
Doesthe program have documentedmanagementprocessesorcontrols?
Doesthe program managerhave managementandleadershipexperience?
Doesthe program managerhave managementandleadershiptraining?
Is the program managerpositionchangingfrequently?
Are program budget,cost,and/orschedule fixedforreasonable durations?
Are program budget,cost,and/orschedule political issues?
Are parallel orevolutionarydevelopmentshandledeffectively?
Is the program managementcentralized(single locationforPMand PCO)?
Is the program planfeasible?
Is the program managerable tomeetwithseniordecision-makersforprogramdecisionswhen
needed?
Doesthe program managerunderstandthe prioritiesof the stakeholders?
Are the administrative reportingrequirementsreasonable?
Are the resourcesassignedtothe programoffice sufficienttohandle the programworkload?
Are the governmentandsupportcontractor resourcesassignedtothe programsufficientto
handle the programworkload?
Do requestsforadditional informationrequire additionalfunding?
Are all stakeholdersknown?
Are otherprograms evaluatingthisprogramforpossibledevelopmentopportunities?
Is the program prioritysufficienttogetnecessarypersonnel,equipment,andfacilities?
Is the propermix (experience,skills,stability) of people assignedtothe programor contractor
team?
Are effective riskassessmentsperformed?
● Are the resultsunderstood?
● Are the resultsactedupon?
Doesthe program managementteamhave acommitmenttodeliveringaqualityproduct?
7. [RISK MANAGEMENT GUIDEANCE] October12, 2009
7 SystemsEngineeringRisks |NiwotRidge LLC
SYS T E MS EN G INE ERIN G RIS KS
Are the designimplicationssufficientlyconsideredinconceptexploration?
Is conceptmature enoughfordevelopmenttobegin?
● If not, have trade studiesbeendone toclarifycritical components?
● Didtrade studiesincludeproductionrisk?
Will the systemsatisfyuserrequirements?
Is the designcosteffective?
Doesthe designrelyonnewor untriedtechnologyorexoticmaterialstoachieve performance
objectives?
Will still maturingorunproventechnologiesbe adequatelydevelopedbefore itsneeded
capabilities?
● Is a TechnologyReadinessLevel (TRL) usedtoassessthe maturityof technologies?
● Has the risk impactfor eachTRL level beencapturedinthe RiskManagementPlan(RMP)?
Is productionfundingavailable atthe needed time inthe developmenteffort?
Has the standard operatingenvironment (SOE) beenestablished?
What engineeringprocessesare beingusedonthe program?
Is the systemdesignfault-tolerantinawayneededforproperfunctioning?
What isthe growth/expandabilityrange of the systemindevelopment?
Doesthe developmentalignwiththe operational concept?
How closelydoesthe designenvironmentmatchthe actual operational environment?
Is the systembeingbenchmarkedatappropriate milestones?
Who has configurationcontrol?
Are interfacingsystemsbeingdevelopedinparallel?
Are reliability,maintainability,availabilityrequirementsbeingmet?
Are the technical,operational andprogrammatic requirementsstable?
Are stressand strength/stressanalysesperformedtoensure thatappliedvaluesinderatingand
safetyforcomponentpartsand materialsmeetcriteria?
Are “worst case”tolerance analysesperformedtoensure thatsystemperformance remains
withinspecifiedlimits?
Doesanalysisresultinappropriate designrevisionstoreduce risk?
Are parts and materialstestedearlyinthe designatintendedoperational stresslevels?
8. [RISK MANAGEMENT GUIDEANCE] October12, 2009
8 Facilities |NiwotRidge LLC
FACIL IT IE S
Were productionimplicationsconsideredduringconceptexploration?
Was productionconsideredsufficientlyindesign?
Do program plansinclude vendorsupport?
Do program plansinclude longleaditems?
Do program plansaddressthe knownvariability’sof costand schedule?
Are the productionprocessesproven?
Are sufficient,cost-effective facilitiesavailableforproduction?
Is the infrastructure provided(e.g.,office space,facilities,supplies,etc.) sufficientforprogram
needs?
What isthe impactto the program of changesin infrastructure availabilityorperformance?
Doesthe program needCapital Equipment?
Is the capital equipmentprovidedcorrectandsufficientforprogramneeds?
What isthe impactto the program of changesin capital equipmentavailabilityorperformance?
Doescontract offeranyincentive tomodernizefacilitiesorreduce cost?
Do buildingshave appropriate storage forhazardousmaterialsandappropriate ventingfortoxic
or asphyxiatinggases?
Doesmachineryandequipmenthave requiredsafetydevices?
Do noise levelsincreasethe probabilityof mishapoccurrence?
Whenpotential forinjuryfromchemicalsexists,are appropriate antidotesorfirstaidavailable?
Is the needforeye washand washdownfacilitiesassessed?
On occasion,whentemporaryfacilitiesorconstructionare necessaryforcertainoperations,do
these facilitiespresentsignificanthazards?
Are buildingshousinghazardousactivitydesignedtobe compatiblewiththe enclosed
operation?
Are buildingshousinglasersorotherelectromagneticradiatingdevicesdesignedtominimize
hazardsand provide controlledaccess?
Doesthe designminimize the effectsof anyhazardousactivitysuchasfire,explosion,toxicity,
radiation,andasphyxiation?
Can visual andaural warningsand alarmsbe readilyseenandheard?
Doesthe buildingdesignfurtherfacilitate the rapidevacuationof occupants?
Are fire extinguishingagentsreadilyaccessibleandeffective,butbythemselvesdonotpresenta
significanthazard topersonnel?