LE FastCounter
An introduction and discussion on Risk Management together with
recommendations for its implementation. Prepared by Chester Simmons.
1. Introduction
The management of risks is a central issue in the planning
and management of any venture, but it is also something of an
orphan within the acquisition establishment (at least in the U.S.).
Risk management has not historically been a "branch activity"
as noted in a bygone version of the Defense Systems Management
College's System Engineering Handbook. (Reference 1 is the latest
version of the guide.) "Branch" in this context refers,
of course, to an organizational element within the engineering-development
organizations common two or three decades or so ago that was probably
derived from "branch of service" designations. The connotation
being that there were not proponents per se for risk management
as there were for reliability, safety, systems, electrical, PP&C,
propulsion, human factors, guidance, C3I, etc. The situation is
still somewhat loosely defined.
The purpose here is to provide information for use in risk management
by any and all stakeholders. The objective is not to foster risk
management as an identifiable and separate specialty.
The prescriptive portions of the discussions are cast from the
perspective of a contractor performing an effort for some customer,
typically an agency of government. The emphasis is on cross-specialty,
cross-discipline, cross-functional and cross-technology development
programs since such programs maximize risk opportunities and occurrences.
In terms of program phases, the discussions are intended for a
program in the pre-proposal, proposal or start-up phases. The
reason for this timing is that risk management should be proactive,
and activities later than these phases is hardly proactive in
terms of avoiding risks.
The underlying themes for what follows are:
The discussions in this note are based on the assumption that
the programs under consideration involve significant development
activities. That is, the software, hardware, operational concepts,
etc. or combinations of these aspects do not exist at the start
of the program, and the development of these aspects is accomplished
to some specification in some allocated set of time and monetary
constraints.
1.1 Risk Definition
The simplest and possibly best definition of risk is:
The possibility of loss, injury, disadvantage or destruction.
Apply this definition to the issues of program management and
you have the starting point for successful risk management.
Please note that the "Apply...to the issues of program management..."
is meant to imply a concerned, experienced, energetic and capable
effort towards any and all issues of immediate and long-range
concern within the purview of program governance. The position
here is that no definition of risk, no matter how convoluted,
will reduce risk one iota. Management must know its job and must
do it.
It is possible, of course, to gain some insight by considering
the types of risks such as programmatic, technical, cost, schedule
and sometimes supportability. There is also the consideration
that acquisition risks are a part and often mingled with risks
such as encountered in other venues such as health, safety, insurance/underwriting
, finance, business, environment and politics. However, what happens
very often with elaborate definitions is that much time and energy
are wasted trying to characterize a risk as opposed to managing
it. Risks are so often interwoven as to type as to be Gordian
knots , and a "cut the knot" attitude is best.
The recommendation here is that if a customer (either a contracting
agency or a superior agency) requires some elaborate set of definitions
(e.g., through contract terms) then use them (i.e., apply the
Golden Rule), but otherwise avoid the trap of too much definition
to the detriment of content. If cataloging of risks is desired,
it is suggested that a matrix be used (Figure 1, Risk Identification Matrix).
The leftmost column of this risk definition matrix will be the
risks, and across the top will be the categories: programmatic,
technical, cost, schedule, supportability and others as appropriate.
Each risk has the applicable items of the categories checked.
This approach is easy to implement and it avoids needless discussions
that will not contribute in proportion to the time spent. Columns
for ownership, criticality, priority, and relative rankings can
be added as the understanding of the risks evolve, producing a
useful graphic for risk management briefing.
There are two definitions of risks that are currently fashionable
within some procurement circles: proposal risks versus performance
risks. The definitions tend to vary among sources. The preferred
definitions are:
Proposal Risks:
Those risks inherent in the venture, i.e., to design and build
a disposable external tank for a reusable spacecraft is inherently
risky. Thus, an RFP for such a tank has embedded risks no matter
who undertakes the development.
Performance Risks:
Those risks inherent in the proposed approach. A given contractor
can implement an approach that has risks above and beyond those
inherent in the venture. For example, a developer may elect to
base key design decisions on analytical data rather than empirical
data to reduce costs at some increase in risk.
These definitions must be addressed during a proposal if they
are included in the RFP, but after an award they are probably
not too useful to a performing organization. Some sources (e.g.,
Reference 2) define the proposal risk as being the risk associated
with the contractor's approach and the performance risk as being
related to the contractor's track record.
1.2 Risk Management Definition
Basically, risk management is the sum of all proactive management-directed
activities within a program that are intended to acceptably accommodate
the possibility of failures in elements of the program. "Acceptably"
is as judged by the customer in the final analysis, but from an
organization's perspective a failure is anything accomplished
in less than a professional manner and/or with a less-than-adequate
result.
The key words are:
It is possibilities that are being accommodated. It is management's
job to do the planning that will accommodate the possibilities.
The customer is the final judge, but internal goals should be
to a higher level than customer expectations.
Risk management as a shared or centralized activity must accomplish
the following tasks:
The highlighted activities are those that must be reserved for
management's attention and action in those cases for which a risk
management staff/secretariat are employed. This list exclusive
of the management functions is consistent with the list espoused
for years by the Defense Systems Management College (DSMC): risk
planning, risk assessment, risk analysis and risk handling. The
managerial functions are highlighted to once again emphasize that
management is responsible and accountable for risk management.
1.2.1 Identify Concerns & Identify Risks
A concern to be evaluated as a potential risk is literally any
issue about which a doubt exists in some context. Later a procedure
will be recommended for accomplishing the review of concerns and
identifying those that actually engender risks. Some differentiation
is needed because difficult things often get confused with risky
things. Also, some people use the risk tag to justify additional
funding when, in fact, no risk exists.
Since risks will not be arbitrarily dropped as key management
issues once they are identified, it is smart to spend the necessary
time to identify concerns and then to assess the existence of
the risks. Of course, risks identified by the customer in the
RFP or some other formal fashion are automatically risks for the
program.
There is also a need for differentiating between identifying concerns
and identifying risks to reflect the fact that in a contracting
organization the Program Manager is responsible for all risks
for the contract, and it is his exclusive right to formally declare
that an issue is or is not a risk. (Common sense indicates that
the PM had better listen to his subordinates, but the responsibility
is still his.)
Within the performing organization it is necessary for the PM
to allocate responsibility for resolving risks to the appropriate
function, specialty or discipline. Also, some individual needs
to be tagged as the organizational focus for actions for each
risk. The ownership of risks is essentially an allocation process
tailored to the organization doing the job. Some organizations
may elect to keep risk ownership and leadership at relatively
high levels (e.g., functional leads, department heads, etc.) whereas
in other cases it might be appropriate to allocate the ownership
as low as possible in the organization considering spans and scopes
of control for appropriate resources.
A point to be made at this time is that risks are seldom deeply
held secrets. Experience indicates that virtually all risks of
consequence are more or less common knowledge. This point will
be discussed again later, but it is worth noting that program-killing,
lawsuit-engendering risks have been common knowledge on more than
one doomed program!
1.2.2 Risk Manager
A risk manager is recommended if a program is large enough to
afford one. The role for this position will be to capture and
formalize risk management activities and results. This role includes
being spokesperson for the program for risks for major reviews
and reports. For example, at the SRR and SDR, it is invariably
necessary to describe the common elements of the risk management
program before specifics are discussed on a subsystem-by-subsystem
basis otherwise there is much repetition in formats. The risk
manager can lay out the whole approach, and later presentations
can focus on details of specific elements of the system.
The risk manager's domain is essentially a secretariat-type function.
It is not a shaker-mover position. The risk manager does not have
direct responsibility for any risks per se. This position is somewhat
analogous to that of program planning and control (those persons
responsible for C/SCSC-driven activities, performance management
reporting, etc.). The reality is less exalted that the title.
Specific duties are discussed below.
Experience indicates that programs of $100M/year will require
a risk staff of probably no more than 3 persons for early phases
(through SDR) and only one person later, possibly augmented by
one or two staffers at the time of major reviews. Smaller programs
can use proportionally smaller staffs to the point of having some
person designated as a part-time risk manager.
Experience also indicates that major programs also tend to be
segmented into major subcontracts (or teaming relationships).
For subcontracts appropriate to the scale of a $100M/year prime
program, a one-person risk staff for each subcontractor is probably
adequate with some help at major reviews. It is assumed that the
prime and lower-tier companies work in concert in risk management
if not in cooperation.
Note: It is a fashion in some circles to project a risk management
role that is considerably enhanced in scope relative to what is
recommended here. In effect, there is one risk owner, the risk
manager. In theory such a position sounds nice, but in fact it
is felt that such an approach will not be as effective as having
the risk owners also be the owners of the expertise, the resources
and the mission to do the job. A separate highly-empowered risk
manager will just be a nuisance in most cases, and a program manager
who abdicates his responsibilities for risk management to such
a position is truly at risk (and probably not too bright).
Another prejudice about this super role is that today's systems
are too complex for any one person to really understand at the
level of professional competence. Remember the following as a
hard and fast rule: Having an opinion is a far cry from understanding,
but an opinion is closer to understanding than understanding is
to professional competence, and professional competence is the
starting point for solving difficulty problems. From this perspective,
understanding is a relatively cheap commodity, but even understanding
is almost impossible across the full span of today's systems.
So, avoid the trap of an over-empowered risk management role if
the system is at all complex.
The risk management role as recommended here is not as attractive
as a direct design role, but it will have its moments.
1.2.3 Evaluate the Risks as to Consequences & Likelihoods
One of the more useful constructs of traditional risk management
is that a risk as a possibility actually consists of a likelihood
and of consequences. This definition is probably derived from
the elementary mathematical concept of expectation of an event.
Expectation for some event is defined as the product of its probability
of occurrence and its value (in a generalized sense) if it occurs.
Thus, a one-in-forty million lottery ticket for a prize of $20,000,000
has an expectation of fifty cents.
For risk management the situation is normally much more fuzzy
than the simple lottery example, and there is usually very little
precision in either the metric for the probability of occurrence
or the metric for the consequences. Therefore, the possibility
expressed as a combination of probability and consequences is
usually subject to debate even if some of the pseudo-mathematical
approaches are used (and some of these are recommended).
The recommendation here is to use whatever tools that are available
and meaningful in a given situation (and, as noted, some are recommended
below), but to not get hung up on mathematically appearing artifices
that do not really have any more precision than an informed judgment.
Again, avoid trying to untie a Gordian Knot, just cut the thing.
There may be situations in which effectiveness analyses, engineering
analyses, bean counting of interfaces, etc. may be necessary,
but these are sideline issues to the exercising of judgment about
the risks.
Note: It is somewhat surprising that the cost and schedule aspects
of risk consequences are not cast in terms of a C/SCSC perspective
that provides an effective if not scientific tie between cost
and schedule parameters.
1.2.4 Assess Options for Risk Management
Risk management options are usually cited as risk handling
options subdivided as avoidance, control, assumption, risk transfer,
and knowledge and research Generally, the assessment of management
options is a hip shot since the necessary decisions must occur
early in a program when things are still fuzzy. However, if experienced
personnel are given the facts, one can expect very good decisions
since there is seldom any real mystery about the practicality
of options available. (The practicality of any option is usually
just an issue of schedule and funding.)
Avoidance: Use an alternate approach that does
not have the risk. This mode is not always an option. There are
programs that deliberately involve high risks in the expectation
of high gains. However, this is the most effective risk management
technique if it can be applied.
Control: The DSMC Risk Management Guide (RMG)
defines this mode as: "Controlling risks involves the development
of a risk reduction plan and then tracking to the plan."
The key aspect is the planning by experienced persons. The plan
itself may involve parallel development programs, etc.
Assumption: Simply accepting the risk and proceeding.
A word of caution: There appears to be a tendency within organizations
to gradually let the assumption of a risk take on the aura of
a controlled risk. This mental evolution is the kind of wrongly
conditioned thinking that led to the Challenger failure.
Risk Transfer: An attempt to pass the risk to
another program element. Typically, used in the context of a government
agency passing the risks to a contractor.
There are some discussions in the DoD acquisition literature that
this mode trades government risk for profit to the contractor.
This belief is apparently founded on elementary economic theory
and the mistaken belief that an executive in a procuring agency
has avoided risks by passing the buck. What the executive will
have done is, at best, a CYA exercise.
Knowledge & Research: The DSMC RMG cites
this mode as not being "true" risk handling, but rather
a technique for strengthening other techniques. From a program
management perspective this approach can best be viewed as an
adaptation of the approach used by graduate students for their
theses: intensive study associated with specialized testing. In
effect, the student develops intellectual ownership of his problem
in all of its aspects: theoretical, empirical and practical.
Essentially, this mode is simply doing one's homework.
This mode is critical for testing. The DoD's Test, Analyze, and
Fix (TAAF) has a nice ring, but it is valid only in a vary narrow
context: testing of production and preproduction prototypes to
remove bugs. However, TAAF has been mistakenly applied to earlier
development phases. Failure to analyze prior to testing generally
poses a risk that trends in the test data will not be understood
or key test results will mistakenly be taken as inconsequential.
1.2.5 Prioritize the Risk Management Efforts
Once the risks have been evaluated in terms of likelihood of occurrence
and consequences, and when options for risk management have been
reviewed, it is then meaningful to rank the risks for the program
manager to assign priorities. The task of prioritizing the risks
is performed at the senior staff level to assure that all political,
business and programmatic factors are weighted in the priority
assessment. The purpose is to avoid the "successful operation,
but the patient died" syndrome. The risk manager earns some
of his pay at this point by sorting all of the mechanical aspects
of the risks (ranks and risk management options) and presenting
them to the senior management as a package.
Note: The recommended risk management options will generally be
of the "risk control" category above, and the risk management
will be just special emphases or possibly additions to existing
plans. For example, the risk management plan might be additional
development tests, a re-review of make-or-buy decisions, a shift
in schedule, etc.
Management must exercise its judgment to prioritize resources
for risk management purposes. The ranked risks are reviewed in
terms of combined likelihoods and consequences and in terms of
program level concerns with missions, functions, business objectives
and political aspects. Assuming that the senior management is
satisfied with the completeness of the risk management efforts
leading to the review (identification, evaluations, options, etc.),
the risks can be ranked or re-ranked in terms of program priorities
and the primary options selected for each for the planning of
risk management.
The risk owners should be present to support the ranking and to
assure that the priorities are reflected in their subsequent planning
efforts.
Note: The customer should not be a part of these reviews since
business interests beyond the customer's purview will be discussed.
Risks stipulated by the customer are, of course, included as required.
1.2.6 Develop Risk Management Plans
At this point a hiccup in the average RFP will be discussed so
that what is meant by risk management plan will be understood.
Most RFPs from beginning to end refer to a risk management plan
in the singular, and this plan in the singular refers to all of
the topics discussed here. However, allowance is typically not
made for multiple risk plans for risks that often have significantly
different characteristics. Therefore, the recommendation is that
the risk management program encompass a two-tier approach to risk
management plans: a risk management program plan (RMPP) and risk-specific
risk management plans (RMPs). The RMPP essentially captures all
aspects of risk management at the program level and those aspects
common to all risks.
Note: In some risk manuals, plans roughly equivalent to Risk Management
Plans are sometimes denoted as Risk Abatement Plans.
For example, the DSMC RMG provides a suggested outline for a risk
plan that is not attuned to the recommendations and suggestions
presented here. Four of five sections of that outline refer to
common elements, and specific risk planning is limited to portions
of the fifth and final section. With some slight modification
this outline can be used as a basis for the RMPP that, in turn,
defines the scope of risk specific plans.
Suggested contents for RMPPs and RMPs are given in Appendix A.
The RMPP should encompass an approach to risk management that
commits the program to significant emphases for all risks considered
to be of moderate to high. Such risks will have specific risk
management plans, and each risk will be referenced in C/SCSC-based
reporting, e.g., Variance Reports by CAMs will have a flag indicating
that a high or moderate risk is associated with the effort being
reported.
Risks considered to of a low ranking can be delegated to routine
management, and such risks do not require specific risk management
plans. Note: The relative treatment of high, moderate and low
risks corresponds closely to the treatments suggested by Blanchard
(Reference 3).
Note: The use of high, moderate and low categories does not preclude
finer numerically-based rankings, but the finer grained rankings
are not usually recommended.
For a large program (say hundred of millions of dollars) the RMPP
can be developed with a page count of no more than 35 pages (assuming
a large number of graphics). Individual RMPs can be on the order
of 75 pages for high risk and 25 pages for moderate risks. The
difference in the RMPs as a function of risk category is that
the RMP for a high risk should be a stand-alone document with
minimal references (directly including budgets, schedules, technical
data, etc.). The RMP for a moderate risk can be largely based
on references to appropriate sources.
1.2.7 Authorize the implementation of the risk management
plans
This step is usually accomplished by the simple act of the program
manager's signature on the signature pages of the RMPP and lower-tier
RMPs. The plans are under configuration control following this
step.
1.2.8 Track the risk management efforts and manage accordingly.
After the planning is accomplished and the RMPP is underway, the
risk manager should be responsible for presenting the status of
all risks at all reviews. Risk reviews should be a part of both
technical and programmatic reviews.
A part of this risk management effort will be the implementation
of a risk management board consisting of senior managers. These
persons do not have to be risk owners although they may be. This
board is convened routinely to provide high-level visibility to
the risk management process. The risk manager and owners of significant
risks present summaries of progress or non-progress in managing
the risks. Also, the program is routinely reviewed for the occurrence
of new risks.
The frequency at which the board meets will depend on the risks,
the organization's structure (e.g., primarily internal responsibility
versus significant subcontracting) and the overall schedule. As
a minimum, the board should be convened prior to all major program
reviews (SRR, SDR, etc.) to assure all parties have a mutual understanding
of these critical areas before going to the customer.
Monthly risk board sessions can be appended to normal internal
management reviews. These monthly risk reviews will normally be
intra-organizational affairs (intra-prime, intra-subcontract,
etc.). The risk managers of subordinate organizations can transmit
summaries to the risk manager for the prime for inclusion in the
prime's risk review. The special reviews should include all organizations.
These reviews are normally difficult to schedule since they will
occur in the hectic periods prior to major reviews, and they may
have to be via videoconference or teleconference. The video-based
conference is preferred, but either mode works relatively well
since the risk issues tend to be relatively static. (A program
with highly volatile risk management issues across the board would
be in a world of hurt.)
2. Background
The background for risk management involves two facets of interest
here: the fundamental causes of risks being realized in the acquisition
of large complex systems, and the formal imposition of risk management
as a bureaucratic and contract concern.
The Denver airport and some of the first of the rapid transit
systems in the U.S. of the modern era illustrate that not only
the DoD has trouble with the acquisition of large-scale systems.
However, large-scale systems do not have to be seemingly impossible.
Disney World, the other home of Mickey Mouse, is a testimonial
that complex systems can work so effectively as to be almost transparent
to the user. The discussions here will focus on known problems
of the DoD's process as discussed in References 4 and 5.
In terms of the formality of risk management the focus will again
be on the DoD process that begins with Reference 6.
2.1 Problems with DoD's Acquisition Process
The following is taken from the GAO's assessment of the DoD acquisition
process (Reference 4):
The Department of Defense (DoD) spends billions of dollars
each year developing and procuring major weapons systems. These
expenditures have produced many of the world's most technologically
advanced and capable weapon systems--as demonstrated during Operation
Desert Storm. Nevertheless, the process through which weapons
requirements are determined and systems acquired has often proved
costly and inefficient--if not wasteful. In addition, the "high
stakes" weapons acquisition process has proven vulnerable
to fraud, waste, and abuse. It was this high stakes process--and
the absence of adequate internal controls--that provided the breeding
ground for the investigation and charges of influence-peddling
known as "ill wind."
DOD has made some improvements in the weapons acquisition process
over the years. Major reforms recommended by the President's Blue
Ribbon Commission on Defense Management--the Packard Commission--in
1986 have been or are currently being implemented. In addition,
the diminished Soviet threat and corresponding budget reductions
are also prompting major changes in the way DOD acquires weapons
systems. Top management within the Office of the Secretary of
Defense has taken steps in an attempt to make the acquisition
process more disciplined and to redefine the basic strategy for
acquiring weapons. Moreover, key Members of Congress are calling
for the military services to reevaluate their roles and functions.
Despite many efforts to reform and improve DoD's weapons acquisition
process over the years, a number of fundamental problems persist.
For example, despite an increased emphasis on the sound development
and testing of weapons, we still see major commitments to programs,
such as the B-2 bomber and the Airborne Self-Protection Jammer,
without first seeing proof that these systems will meet critical
performance requirements. Despite improved cost-estimating policies
and procedures, we still see the unit costs of weapon systems,
such as the DDG-51 destroyer and the C-17 transport, double. Despite
the increased emphasis on developing systems that can be efficiently
produced and supported, we have weapons, such as the Advanced
Cruise Missile and the Apache helicopter, that still encounter
costly production and support problems. Clearly, problems are
to be expected in major weapons acquisitions, given the technical
risks and complexities involved, but too often we find
-- systems being acquired that may not be the most cost-effective
solution to the mission need,
-- overly optimistic cost and schedule estimates leading to program
instability and cost increases,
-- program acquisition strategies that are unreasonable or risky
at best,
-- too much being spent before a program is shown to be suitable
for production and fielding, and
-- individuals seeking to improperly influence the outcome of
the contracting process.
While there are many reasons for these types of problems,
the underlying cause of persistent and fundamental problems in
DoD's weapons acquisition process is a prevailing culture that
is dependent on generating and supporting new weapons acquisitions.
The culture is made up of powerful incentives and interests that
influence and motivate the behaviors of participants in the process.
Participants include the various components of the Department
of Defense, the Congress, and industry. Sometimes, these interests
transcend the need to satisfy the most critical weapons requirements
at minimal cost. Such interests may include protecting (1) service
roles and missions, (2) service budget levels and shares, (3)
service reputations, (4) organizational influence, (5) the industrial
base, (6) jobs, and (7) careers. Collectively, these interests
create an environment that encourages "selling "programs--a
process that may entail undue optimism, self-interest, and other
compromises of good judgment. In this environment, it may not
be reasonable to expect program sponsors to present objective
risk assessments, report realistic cost estimates, or perform
thorough tests of prototypes when such measures may expose programs
to disruption, deferral, or even cancellation. The "culture"
is not the cause of all the problems in weapons acquisitions.
Some problems can be attributed to basic errors in judgment or
other motivating forces. For example, the "high stakes"--that
is, the big money involved--in defense acquisitions can lead to
influence-peddling and contracting fraud and abuse--as found in
the "ill wind" investigation.
If changes in the acquisition of weapons are to be of a lasting
nature, they must be directed at the system of incentives that
has become self-sustaining and very difficult to dislodge. Incentives
and opportunities that produce undesirable behaviors must be eliminated
or minimized through effective internal controls and/or offset
by stronger--positive or negative--incentives. Moreover, officials
in top DOD management positions, as well as the acquisition work
force in general, must be held to the highest standards of integrity
and conduct. Specific suggestions for addressing several prevalent
undesirable behaviors or conditions are described below.
Controlling Inter-Service Competition
Several actions are needed to change incentives and conditions
leading to inter-service competition, self-interest, and the acquisition
of unnecessary, overlapping, or duplicative capabilities. These
actions could also reduce incentives for overselling programs.
First, a consensus must be reached between the Congress and the
administration on military strategy, the services' roles and missions,
and future funding levels. Uncertainty surrounding current roles
and missions encourages the services to acquire weapons that will
support and protect traditional or desired capabilities. The inability
of DOD to accurately predict outyear funding levels has resulted
in optimistic spending plans that cannot be executed under actual
funding levels. Secondly, determining needed capabilities and
the particular types of weapons to fill those needs should not
be left with individual branches and warfare communities within
the services. The duplicative outcomes of the acquisition process
are an outgrowth of the fact that system requirements mirror the
traditions and self-preservation instincts of their sponsoring
organizations. Making these decisions at the Office of the Secretary
of Defense level could enable competing demands, available resources,
and the needs of theater commanders to be more fairly assessed
before a specific program is given life.
Discouraging the Overselling of Programs
A combination of internal controls and other forms of incentives
and disincentives is needed to reduce the tendency to sell weapons
programs through optimistic cost and schedule estimates and accelerated--and
therefore, high risk--acquisition strategies. Under the existing
culture, the success of participants' careers is more dependent
on getting programs through the process than on achieving better
program outcomes. Accordingly, overselling "works" in
the sense that programs get started, funded, and eventually fielded.
The fact that a given program costs more than estimated, takes
longer to field, and does not perform as promised is secondary
to getting a "new and improved" system to the field.
Limiting Technology Risks
Research and technology efforts need to be freed from program
association until they mature to a specified level, such as the
demonstration and validation phase. This idea is already embodied
in DoD's new acquisition strategy, which calls for advanced technologies
to prove their feasibility and producibility before they are incorporated
into new or ongoing acquisition programs.
Limiting Opportunities for Fraud and Abuse
DOD must continuously review and ensure compliance
with controls designed to (1) ensure the free flow of current
and accurate information from the contractors and program offices
to top decision makers and those with oversight responsibility
and (2) prevent improper influencing of contract awards. Today,
the prospects for constructive change are quite encouraging. The
demise of the Soviet threat and declines in defense budgets have
created a unique opportunity to effect lasting changes in the
weapons acquisition process. Both the Department of Defense and
the Congress have acted upon this opportunity and have shown a
willingness to support the types of changes needed to improve
acquisition outcomes. DOD must ensure that effective internal
controls are in place to minimize cultural influences, incentives,
and behaviors that are not in the best interest of the taxpayers.
2.2 Formal Acquisition Policy and Procedures
The basic policy and procedures for risk management in the U.
S. DoD procurement processes flow from the "DoD 5000"
documents beginning with the policy, DoD Directive 5000.1, "Defense
Acquisition." These documents should be understood by contracting
organizations. In addition to defining the driving forces behind
risk management for procurement, these documents are good sources
of motherhood for proposals. There is a Web site that should be
consulted for copies and information for these documents,DoD Directives.
3. Risk Concepts
There are only a few key concepts in the management of risks,
and these concepts are easily mastered and applied.
3.1 First principles
There are no fundamental scientific laws in risk management akin
to the laws of motion, conservation and continuity from which
applied scientific results are obtained. Most of risk management
is qualitative and subject to judgment colored by experience,
prejudice and politics. However, there is one fundamental principle
that can be postulated and used.
Specifically, any element of a venture that entails a new aspect
for the performing organization is a source of risk. (Barring
malfeasance, incompetence including criminal neglect, and accident,
it can be argued that "newness" is the only real source
of risk.) The attitude here is that if all risks associated with
newness are accommodated then whatever remains will in all probability
be of small import and impact.
Risk management thus involves identifying the new aspects of the
venture in question, and then adopting strategies to avoid, mitigate
or otherwise accommodate the issues identified according to priorities
suitable for the program. There is a temptation to include to
the "customer's satisfaction" between "identified"
and" according" in the previous sentence, but customer
satisfaction is reflected in what is meant by suitable priorities.
In the present context, inexperience is a synonym for newness.
A caution: If inexperience is a primary source of risk then the
hiring of experienced personnel may appear to be an immediate
cure, but this approach must also be assessed for newness. If
a previously unused consultant is hired to plug a gap in experience
then the consultant poses a derived (and often very serious) risk.
A person new to an organization, no matter how knowledgeable,
is often more of a problem than a solution. Unless an organization
has a good track record for using consultants then a special plan
should be implemented to track the contribution of any consultants
to assure that what is desired is being accomplished. If people
are hired to plug gaps in experience then a similar risk prevails.
The secret to risk management is to be creative in applying tests
for newness to the activities, tools, people and products that
constitute the venture. The key issue can be a new product, a
higher or lower price, a tighter or looser specification, a higher
or lower production rate, a new customer, a different time of
year, a larger or smaller physical scale, a new paint, a new glue,
new computer programs, a new manager, a new production machine,
a new performance envelope, a new environment, new personnel,
new subcontractors, new terms for proven subcontractors, tight
schedules, new performance tolerances, unfamiliar parties to an
interface definition, new types and/or scopes of interfaces, new
corporate environment, etc.
In effect, any and all aspects of a venture should be tested for
newness in any conceivable nuance. In Section 5, Risk Management
Tools, the WBS and SOW will be recommended as the framework for
achieving closure in the search for newness.
The issue that is being begged at this point is that of the seriousness
of the risks so identified. (The seriousness is measured as noted
earlier as the combined consequences and likelihood.) No two ventures
will have the same risks and no two organizations will face the
same consequences for a given set of risks. Therefore, it is all
but impossible to generalize about seriousness as opposed to newness.
Some assessments of relative seriousness of consequences are given
in the discussions of ranking tools.
However, experience indicates that the seriousness aspects tend
to sort themselves once a given set of risks is postulated.
3.2 Ownership
Like risk itself, ownership of risk is a concept of many dimensions
and interpretations. The most important aspect of ownership is
a clear mutual understanding of the responsibilities among parties
to a contract and/or the responsibilities among parties to a cooperative
venture. The second most important aspect is for a similar understanding
on an intra-organizational basis.
It is common for government customers to weight risk in establishing
the reach and scopes of procurement contracts. Part of this weighting
is a consideration of risk retained by the government versus passing
risks to a contractor (for higher profits). Such issues need to
be fully understood by all parties to a contract. Failure to achieve
this understanding can result in wrongly conceived priorities
by the wrong organization and in the failure to assure that the
real risk owner gets all facts and impacts germane to the risk.
Every risk identified in a program should have an organization
tagged for ownership, and a position holder should be tagged as
managerial lead for its resolution.
3.3 Types of Risks
The earlier disclaimer re the relative unimportance of defining
risks by types is not being ignored here. Here the treatment loosely
parallels that of the Risk Management Guide of the DSMC in which
typing is accomplished through "risk facets" defined
as a way of classifying risks. These facets are postulated as
a means to understand and classify risks. One or more of the facets
are assigned to any given risk.
The facets are the names that have often previously been applied
as labels for the types of risk: technical, supportability, programmatic,
cost and schedule. In effect, the earlier typing criteria are
now considered as characteristics. These characteristics match
the matrix labels recommended earlier. The Risk Management Guide
has good discussions of these different facets. These discussions
are just paraphrased here:
3.3.1 Programmatic Risks
Those risks that flow from or impose an impact on program governance,
and those risks that impact program performance. The risks for
governance may be external (political, statutory, litigious, or
contractual) or internal (business priorities, staff limitations,
ROI constraints, and learning curves). Risks that impact on program
performance generally flow from issues of competence, experience,
organizational culture, and skills of the management team.
In this context, in contrast to present fashion re leadership
that denigrates managers versus leaders, it is most important
that the management team understand the nuts and bolts of management
of the design, development, integration, test and verification
processes. Basically, it is important that the management team
fully understand the System Engineering process and its implications
at each step in the overall process.
3.3.2 Schedule Risks
At the highest level of concern, schedule risks are simply that
not enough time exists to do the required job with the resources
allocated... people and/or money and/or material. Problems with
resources can be argued as being of a programmatic nature, i.e.,
an intrinsic flaw in the program. (Such arguments are, of course,
the basis for the risk classification scheme recommended in Section
1.1) At a managerial level, the concern is more focused. For example,
how does one incorporate flexibility in the tail end of the schedule
to permit some maneuvering room for coping with problems that
will inevitably occur as time and resources diminish.
3.3.3 Cost Risks
At the highest level, cost risk is simply that there is not enough
money to do the job required in the time allocated including reserves
for reasonable contingencies. Again, an intrinsic flaw in the
program. The causes of such risks can be estimating errors, low
ball bids, business decisions, lack of understanding of requirements
and political expediency. A management technique is to focus on
all elements of the program that are new and to insure that management
reserves are at least adequate compared to the costs of the new
elements.
Technical Note: It occasionally appears that the procuring agencies
do not understand what is reasonable in terms of accuracy of estimates.
Often, the implied levels of concern are at odds with any reasonable
assessment.
For example, the construction industry in the U. S. is a well-founded,
well-understood and well-experienced industry (as it is, in fact,
in any nation relative to local practices). In major construction
the uncertainty in costs to build are historically about 30% at
the stage of "door knob" estimates. As the design and
specification of a particular project evolves to the level of
detailed definitions, detailed drawings/specifications and detailed
schedules, the uncertainty drops to 5% or so.
In small-scale residential construction, it is common practice
for a general contractor/ builder to add 25% to the quoted cost
to construct any plan that the particular builder has not built
before. (Secondary factors influence this margin, but the main
factor is that of the uncertainties in the details. A significant
other factor is the such homes tend to be custom builds, and buyers
of custom homes tend to be picky.)
It would seem to be entirely unreasonable to expect smaller uncertainties
in endeavors involving significant scratch development of state-of-the-art
hardware and/or software.
3.3.5 Technical
The technical risks are performance risks associated with the
end items. From the perspective of the buying organization the
concern is that the system will not perform as required. From
the perspective of the performing organization the concern is
that the system will not meet it specifications (and hence not
be purchased and/or not meet customer satisfaction goals).
3.3.6 Supportability
The supportibility risk is that an otherwise acceptable system
will cost too much to operate and maintain over its life cycle
in terms of time, personnel and material resources. It is a fact
that most systems cost more to sustain than to develop, and this
fact is not new. It was a matter of comment in Goode and Machol
in 1957 (Reference 7).
3.4 Development Risks
A development effort always entails a measure of risk
because such an effort always involve aspects that are new to
the performing organization. The new aspects as a minimum are
limited to "reach" aspects of the end item. For example,
an experienced design-and-build team that is extending the performance
range for a single parameter of a system probably has a minimal
risk. However, a team formed as a result of winning a major proposal
for stretching all envelopes for all subsystems of a complex system
has many risks, some only remotely associated with the stretching
of the performance envelopes. Such multiple risks situations are
major challenges and are the most interesting from a management
perspective.
The management of risks associated with the development of the
objective products is the emphasis in the next section of this
note. Here, the focus is on some of those things that engender
risks, but that are not directly aimed at the specification or
SOW for the objective products. These are specific risks experienced
in start-up situations.
3.4.1 Communications
One of the first risk situations facing such a team is
that it invariably requires additional staffing. When new people
are hired some of the negative aspects are that the collective
awareness of the nuances of the program is diluted, and people
start making decisions with less than complete understanding of
the nuances of the program, the company or the customer. The one
and only and simple solution is communicate, communicate and communicate.
Regular staff meetings are a must. Also, the Program Plan, the
SEMP, the TEMP and other planning documents are of course elements
of effective start-up communications.
The purpose of such communications is to impart missions, functions,
goals, priorities and other guiding information to all team members
as soon as possible, particularly new team members. Every new
employee should be given a "catch up" kit that contains
all information about the program . (This approach ensures the
quality and accuracy of the understanding by each employee.) This
kit can include the RFP, the proposal and any planning that has
been accomplished in at least draft form (program, system engineering,
test, verification, staffing, training, logistics, etc.).
It is also recommended that each new employee get a through introduction
to the roles, personalities and functions of all support organizations:
contracts, tech pubs, quality, safety, computer services, manufacturing,
cleanroom, test lab, shipping and receiving, etc. Where the quality
lab is located and the fact it has an Arbor Press is not something
every newly hired stress analyst will know, but it is information
that can get a quick and dirty compressive strength test performed
if necessary.
Another recommendation is to instil the use of meeting and discussion
forms to reduce the risk of misunderstandings. These forms are
no more than one page summaries of all key meetings (including
telecons and videocons). The recommendation is that a form should
be prepared for the following situations:
Typically, the M&D forms are sent to function, specialty and
discipline managers who are responsible for distribution within
their areas of responsibility. On occasion, the forms are shared
with customers.
The forms should include participants (and e-mail address, phone
numbers), date, place, issues discussed and key results (decisions,
actions or closures).
The M&D can be implemented as e-mail, but an archive should
be established since these forms provide one of the best briefing
packages for newly hired personnel.
A special dividend of the M&D is that significantly less time
will be spent in staff meetings providing background materials.
The key aspects of almost every issue will have been previously
communicated.
3.4.2 Engineering Data Base
Start-up organizations created to perform major new programs always
suffer from the lack of a mature and pervasive engineering data
base. Individuals bring applicable materials to the effort, but
the organization as a whole does not have a common data base of
materials, suppliers, standards, reports, handbooks, etc. from
which to synthesize solutions to problems. This fact significantly
impacts the effectiveness of the organization as the necessary
assembly and dissemination of data and information is accomplished.
Typically, a major scratch start-up requires about six months
to a year before the useful data base exists and has become effectively
disseminated within the program.
An aggressive data management function can accelerate the necessary
diffusion of information and data (formal and informal).
3.4.3 Program Plan
The purpose and scope for a well-founded program plan is described
elsewhere on this site. The risk of concern here is that the Program
Plan is often confused with the Program Management Plan (PMP).
The Program Plan is an executive level document whereas the PMP
is at the level of configuration management, quality and system
engineering plans. Too often, Program Managers fail to formulate
and promulgate a succinct, but definitive plan for their programs.
The result is that lower tier plans often set goals and priorities
at odds with the overall mission.
A program plan needs to be produced to provide a summary with
respect to the following aspects of the program:
Typically, the Program Plan should be prepared within a month
or two of the start of the program (assuming a multi-year effort).
For short efforts (say two years), the plan should be a kickoff
document.
3.4.4 Concurrent Engineering Trick
There are simple ways to avoid some of the risks of concurrence.
Assuming that a program is organized with a PM, primary functional
managers, and key support managers within the parent organization,
one way to promote concurrence is to simply have all major documents
(formal and informal) approved by all functional and support manager.
This process is normally implemented as formal approval by the
manager(s) of the producing department(s) and other managers sign
in concurrence. In effect, every manager reviews all major documents.
(Of course, the reviews are normally delegated to subordinates,
but the managers are held accountable.) As a minimum, the following
managers must review all documents: design, system engineering,
software, program management (PMS), test, manufacturing, contracts,
subcontracts, etc.
A reciprocal process is to have all incoming materials routed
to the same managers for review for (initial) impact assessments.
"No impact" is an acceptable response, but the response
is required.
A recommended procedure is to have the data management function
be responsible for accomplishing the necessary grunt work to get
these procedures accomplished.
Risks that can be avoided include:
4. Risk Management Structure
The basic structure recommended for risk management consists of
a Risk Manager who is responsible for the definition, structure,
implementation and coordination of a risk management approach
consistent with the program, system engineering, test , manufacturing
and verification plans. The risk manager works on the staff of
the program manager. The risk management job is comparable to
that of Configuration Manager, Data Manager, Program Management
(PMS) and other staff level positions that do not have a direct
objective product development role.
It is the Risk Manager's job to coordinate the risk management
activities within the prime's organization and with all subcontractors.
The Risk Manager assists the Program Manager in the PM's role
of Risk Board Chairman.
The Risk Manager schedules and oversees the production of all
risk reviews, either as stand alone events or as part of management
reviews. This entails alerting risk owners and risk board members
of support requirements for such reviews. The Risk Manager is
responsible for preparing and distributing the minutes from risk
board meetings.
The risk manager is responsible for coordinating and presenting
at least the summary of risk management activities at all major
reviews.
4.1 Functions
The basic functions for risk management are:
Program Manager: Principal Risk Owner for Program
Risk Board: A Non-Voting Advisory Board for assisting PM in resolving
risk management issues.
Risk Manager: Performs the duties described above. The Risk Manager
also is responsible for:
Writing the Risk Management Program Plan.
Identifying requirements for risk management consultants.
Providing training in risk management.
Coordinate risk management inputs for ECPs.
Coordinate risk management activities for subcontractors.
Prepare briefing materials for risk management for program manager.
4.2 Phases
The recommended approach to risk management involves three phases:
Pre-Proposal/Proposal
Start-up
Post-SDR
The emphasis will be on the risk manager's role in the discussions
of these phases.
4.2.1 Pre-Proposal/Proposal
The primary functions for the risk management are:
Staging of a Proposal Manager's Risk Review for use as a proposal
focus. Develop a list of concerns, and then filter the list for
risks for inclusion in the risk list. A description of a typical
Proposal manager's risk review is given in Appendix C.
Compile and maintain the status of the risk list.
Provide any risk training required for the proposal.
Write the inputs to the proposal re risk management.
Develop work-arounds to overcome any shortcomings of the RFP with
respect to risk.
Provide whatever level of draft that is required by the RFP for
the Risk Management Program Plan. If no requirement is imposed
assure that at least an outline of the Risk Management Program
Plan is included in the proposal.
Assure that all proposal elements are kept a breast of risk issues
and status of key risks.
4.2..2 Start-Up
For the present purposes, the start-up phase is defined as that
period of the program prior to the completion of the SDR. Tasks
for Risk Management include:
Finalize the Risk Management Program Plan.
Develop a definition of training required, and develop a training
plan.
Coordinate the Risk Management Program Plans with the risk managers
for subcontractors (primary) and team members. Train these organizations
as required. (Usually just have the subcontractor Risk Managers
attend the training at the prime.)
Stage a Program Manager's Risk review to update the risk lists
for post-award impacts .
Present the risk management approach and available results at
program and technical reviews.
Coordinate the first and subsequent meetings of the Risk management
Board. Issue a roles and responsibilities write-up for Board members.
Coordinate Risk management activities and actions with all standing
committees and working groups (test, interface, etc.)
4.2.3 Post-SDR
The Risk Manager's primary job is to assist in the tracking of
the risk management activities, and to accomplish the routine
board and review functions. The Risk Manager provides a focus
for risk assessment (re-review) for all ECPs. Any new risks are
captured in the on-going process.
The Risk manager's job can be abolished as a special activity
at any time following the start-up provided there is confidence
that the risk plans are being accomplished without significant
problems. The risk assessment necessary for ECPs can be delegated
to the Program Management Office (or whatever function is responsible
for ECPs).
5. Risk Management Tools
The primary functions for the risk management tools are to assist
in the assessment of risks, to assure that risk assessments address
all pertinent aspects of the program and to provide specific means
of overcoming the underlying bases for the risks. The WBS, SOW
and Proposal are recommended as structures for assessing risks.
Make-or-buy decisions, development tests and engineering analyses
are, of course, means of mitigating the risks by overcoming inexperience
and/or a lack of knowledge of specific issues.
The key to assessing risks is to identify any and all aspects
of the program with some degree of newness. If this goal is accomplished
then virtually all risks have been identified. The recommended
review process is to have every functional element of the organization
and the primary support organizations review every WBS element,
every SOW paragraph and every proposal paragraph. Each reviewing
organization will provide an item-by-item summary identifying
items of on impact, items of concern and items that definitely
involve new aspects.
Normally, these reviews are performed by the appropriate organizations
as "homework" prior to the program manager's Risk Reviews.
5.1 WBS
The WBS encompasses the structure of everything that will be done
or delivered in a program. Therefore, assessing each and every
element of the WBS will, in most programs, assure overall closure
of the risk assessment. Each WBS element should be reviewed by
each organizational element as noted above. This approach is a
beginning of concurrent engineering and assures that inter-functional,
inter-discipline and inter-specialty concerns are accommodated.
Specific attributes of the WBS that make it a valid basis for
such reviews are:
The WBS identifies in a structured form all elements of the program
in each phase, and provides a comprehensive framework for assessing
each and every aspect of the program for potential risks.
The specification trees map directly to the WBS which provides
traceability between performance requirements and risks for hardware
and software items.
The WBS provides a direct exposition of the system hierarchy and
interfaces for purposes of identifying risk propagation.
The WBS can also provide a single point-of-contact for each risk
through the management structure, i.e., the individual responsible
for the CWBS work package.
One problem with the WBS as a review tool is that care must be
taken to assure that all external influences on any elements are
considered in the reviews. Such influences include interfaces
of any type (intra-program and external) and such issues as GFE,
special test equipment, etc. The specification and ICD "trees"
can provide a structure to assure interfaces are not neglected.
There is also the consideration that the WBS must be well formed
or it becomes a risk in itself and a shaky basis for reviewing
risks. Problems with the WBS should be reported on an element-by-element
basis as an issue for consideration as a risk. A typical problem
is the lack of interface hardware elements when such hardware
is clearly need. Awkward WBS constructs can also create risks.
For example, some WBS structures are very difficult for purposes
of subcontracting, manufacturing scheduling, ICO for the prototypes,
interface control, etc.
5.2 Statement of Work
The SOW should be examined in a fashion similar to the WBS review,
to the same extent and for the same purposes. This review should
follow that of the WBS with special emphases on the items of concern
from the earlier review.
5.3 Proposal
The proposal may or may not be an element of the contract. Some
agencies do not count it as a binding contract term (?), but,
in any event, it provides another structure against which risk
can be judged. It should be reviewed in the fashion of the review
for the WBS and SOW.
5.4 Make or Buy Decisions
The make or buy process usually weights risk as a factor
in the decision to use internal or external resources. An often-used
and reliable vendor for procurement of good and/or services that
the vendor routinely provides is a low risk. However, the use
of a new vendor who is working in an area new to that organization
is at least as risky as doing it internally. However, the risk
associated with using a subcontractor for a development effort
can often be cost effective if the vendor has specific analytical
skills and/or test capabilities that would be too costly to duplicate
internally.
5.5 Risk Ranking Tools
There are any number of ways to rank risks. If a program
or project is small enough (or the risks sufficiently well know)
then the risks can be ranked qualitatively in a skull session
among senior and knowledgeable staff members. For larger programs,
numerical models can be used, remembering that the results are
not absolutes. The numerical procedure presented here is derived
almost in total from techniques presented in recent and past publications
of the Defense Systems Management College.
Blanchard (Reference 3) includes the procedure with an extension
to accommodate weighting factors not used here. (The charts and
formulas are also better presented in Blanchard.)
Basically, the numerical ranking of a risk is calculated as:
Risk = Pf + Pc - Pf Pc
where Pf is the likelihood of occurrence determined from Table 1,
and Pc is the normalized consequences factor determined from Table 2.
Pf is calculated as the average of the values assigned for each
column. Pf is averaged only for applicable columns. Thus, if an
item under review did not include software, only three values
will be assigned and the divisor will be three.
Risk values are calculated for each risk and the results incorporated
into the risk matrix (Figure 1).
Figure 2 can also be used to display
relative rankings while maintaining the separate Pf and Pc values.
There is no derivation of the curves in the figure. The zones
are simply notional to reflect general levels of concern. The
curves can be adjusted to suit individual preferences.
5.6 Risk Software
To Be Supplied
5.7 Development Testing
Development testing is almost exclusively a risk mitigation
activity. Therefore, the design and implementation of the development
test program is a major element of risk management, and it should
be approached as such.
The scope of development testing is taken to be any test that
precedes acceptance testing in time and scope. Thus, the scope
includes everything from any initial feasibility testing through
acceptance of the first production articles or the flight article.
This scope includes all test by all agencies (e.g., pre-proposal
bench tests, customer IT&E, etc.).
Also, System Integration Laboratory type activities are lumped
into the overall development test program.
Such tests are performed in support of scratch development of
hardware, modifications to existing designs, and tests in support
of planned improvements, whatever is done to develop a design
basis and/or verify the design. The design basis includes the
front-end aspects such as feasibility, sizing, tuning, scaling,
and calibration data for analytical models. Verification is, of
course, the back-end concern with proof of performance.
Having made all of these assertions, it will now be noted that
then focus here is on the initial phases of development testing
by a contractor in an acquisition program. The reason is that
this phase of testing more than any other drives the cost and
prospects of the test program.
5.7.1 Test Goals
Obviously, the goals of a test program can address technical,
programmatic and political risks. Testing to support the meeting
of exit criteria when such criteria are imposed is an example
of all three types of goals rolled into one. In the following
it is assumed that the test goals are known. The implementation
of a test structure to achieve the goals is the focus here, and
it is seen that to a surprising degree the test structure is independent
of the goals!
In this context there is good news and bad news.
5.7.2 Good News & Bad News
The bad news: The design of a development test program
is an art. As an art, this design task is best done by an experienced
and gifted individual or individuals, people who have the knack
for getting the most data with the least resources. Smarter, more
experienced and more gifted people will do a better job than others.
The bad news is, of course, that such people may not (and statistically
will not) be available.
When faced with a budget problem for the development tests for
a 1500 C furnace for a Spacelab application, a bright young design
engineer suggested that only the hot section of the two-section
bore-type furnace be built and tested as an engineering model
since only the hot section was pushing the state-of-the-art. He
showed that this "bobtail" test article would provide
data for calibration of the analytical models for the hot and
the cold ends, provide the necessary materials testing, test the
control system, etc. Considerable cost was avoided, the manufacturing
schedule was compressed, and all of the original development test
goals satisfied. The fellow has a knack for seeing such possibilities.
The good news is that an adequate, if not brilliant test plan
can be developed by virtually anyone with the time and resources
to examine the program's structure and the willingness to iterate
the test planning through a couple of cycles.
5.7.3 Build-Test Matrix
The model recommended for the planning of tests is shown
in a summary form in Figure 3.. The
model consists of the generation breakdown (or WBS or drawing
tree or whatever is available), a build-test matrix for the test
program (constructed in support of development of the SEMP and
the RMPP), and the master schedule for the test program. These
elements are shown for a notional system with three major subsystems:
A, B and C with levels of risk identified for each (high or low
in this graphic).
In this notional example, A might be a fluid system, B includes
all electronics, and C might be the software. Assume that the
software is a first-time application by the developing organization.
Hence, it is high risk. This software risk is assumed to bleed
over to the hardware for element A1 (say motor-controlled valves
rather than manually controlled). Other elements are assumed to
be low risks. Note: Proof of principle testing is assumed to have
been previously accomplished or not needed here.
The tree and the schedule are, of course, usual elements of program
planning. The build-test matrix is a little less usual. This matrix
describes the (downward) flow of maturity of hardware as one goes
from initial bench-level breadboard tests to final tests of the
all-up system. Three key aspects of the matrix should be noted:
Elements of the system enter the matrix (come into existence)
at vertical locations that reflect the degree of risk. A system
element "moves" downward as it matures through the various
phases: breadboard, brassboard, engineering model and pre-production
prototype. Not all elements pass through all phases. Mature (less
risky) items can enter the flow at lower positions. Note that
A1 and C of the notional example enter at the highest level because
of their high risk.
Each "box" of the matrix indicates a test that implies:
specific purposes and data requirements, test articles, test fixtures,
special test equipment, facilities, personnel, documentation,
a planned test intervals, and test budgets. The overall structure
of the matrix and these specific aspects are readily captured
in a data base format and/or wall chart. The design of a test
program is really a matter of juggling these individual test requirements
to develop an overall flow that is effective. However, the concept
of the build-test matrix provides the framework for keeping the
details in order.
The build-test matrix loosely follows the generation breakdown,
but in an inverted form. This relationship is implied by the large
flow arrow of the chart. The mapping is not absolute in detail,
but it is always present to some degree in any development effort.
In fact, this mapping is one test of the quality of the design
of a generation breakdown. If the matrix does not follow to some
degree from the breakdown then the breakdown/matrix should be
seriously considered for revision. (Of course, the breakdown must
also pass muster against make-or-buy planning, the specification
tree, interface working group structure, etc.)
The build-test matrix should also reflect the master test schedule
that, in turn, must be tied to the program master schedule. In
particular the build-test matrix should support the schedule requirements.
Again, as with the breakdown, the matrix and the schedule have
(or should have) a common underlying structure. If this structure
is not obvious then something is wrong and the design of the schedule
and matrix should be iterated.
5.7.4 Comments to the Build-Test Matrix
The matrix is presented as a reflection of the breakdown
and the schedule. In many instances, the planning of this matrix
drives the other two items.
The matrix can be used to identify at what points test articles,
support equipment, documentation, personnel, facilities, etc.
are needed in terms of maturity, inclusion as procurable items
in the breakdown, and required timing from the schedule. Also,
the matrix can be used to identify dead-end hardware to avoid
and to identify possibilities of reuse and early use of specific
items.
As a visual aid, the generation breakdown can be highlighted in
color (red = high risk, blue = moderate risk, green = low risk).
It should be understood that for illustration purposes only tiers
of the build-test matrix to subsystem levels are shown. In reality,
some elements of the system may require tiers from the level of
components.
Such lower tier testing should be based on incrementally achieving
functionality (or actually confidence in functionality of designs)
in the items that make up each assembly before proceeding to the
next tier.
An example of a good approach is the real example of a company
performing a first-time (for it) development a high temperature,
automatically controlled furnace with sample handling mechanisms.
The company's expertise was in power supplies, thermal analyses,
structural design, and some competence in control software. The
development cycle for the mechanisms was first a kinematics prototype,
update of the kinematics prototype to powered operation (lab power
with manual control), update of the control to prototype software
control, incorporation of engineering models of the final power
supplies, and finally incorporation of the final control. The
result was an extended, but very low risk approach.
5.7.5 Tricks of the Trade
The best of test programs uses a minimum of resources
(people, time, money and hardware) and produces a maximum of data
to support the test goals. Some tricks of the trade are:
Finally, the interdependency of analysis and test is a key element
of what the tests must accomplish. This aspect is discussed in
the section on integration of analysis and testing.
5.7 Engineering Analysis
There is, of course, no need to justify analysis an a
key factor in the design and development process. However, there
is an apparent need to lobby for the development of analysis plans,
and the need for general rules in the SEMP and/or program plan
re the balance of test and analysis to be performed. The latter
point is discussed first.
5.7.1 Test Analysis Rule
It is recommended that some sort of rule be promulgated
re how specific features of the design will be verified as the
development process unfolds. In this sense, verification is the
process of establishing a confidence level in design decisions
at each point in the development process. An example of such a
rule might be that every WBS element with a functional and/or
interface requirement be twice tested and twice analyzed for each
function and/or interface prior to the beginning of the acceptance
activities. The rule can include the proviso that at least one
of the tests or analyses must be in an integrated configuration
of at least the subsystem level (for a system-subsystem configuration
for the end-item(s)). The functions of concern include: dynamics,
stress, thermal, power, control, mass properties, stability, etc.
Thus a tire for an all-terrain vehicle may be assessed for influence
on vehicle dynamics analytically with a spring mass, tested at
a suspension assembly level to, in part, verify the knowledge
from the simple analyses, and, of course, instrumented and tested
in cross-country ride tests of the system.
Every product manager, subsystem manager, Design Build Team, etc.
should have some such rule and verify that it is met or justify
omissions. This is a simple rule and it is not hard and fast,
but it will help integrate the test-analysis program.
5.7.2 System Functional Analysis Plans
The second aspect of the analysis recommendations is
that each analytical discipline be required to submit System Functional
Analysis Plans that detail what will be analyzed when, with what
model, and with what expected results. The SFAPs will span the
range of analyses from hand-calculations to final CDR-level models/simulations.
The purpose is to assure that there is closure between the scopes
of the test and analyses and to avoid omissions in the analytical
efforts.
The plans will describe the fidelity of the modeling for each
phase of the program: pre-SDR, pre-PDR, pre-CDR and pre-Test (development,
qualification and acceptance). These plans will describe the decisions
supported by the analyses. Analysis schedules will be included
to show the support to trade studies, development tests, monitoring
of subcontractors, development of specifications, assessments
of environments, etc.
The plans will define test data required to support model development
and/or calibrate the analytical tools.
Incremental analysis reports will be prepared for each major milestone:
Concept analyses at the DR, a preliminary report at the DR and
a final report at the DR. Each report has the data required for
the initial phases of the next phase.
5.7.3 Types of Analyses
There are few things that cannot be analyzed in support
of design at some level of utility with the tools and techniques
available today, but too often organizations opt for the more
expensive and riskier empirical basis for product development
(scratch and evolutionary). Programs that do not have a strong
analytical culture and that do not carefully integrate analysis
and test in a sort of leapfrogging to the final products are not
doing as professional a job as they should and could for their
customers.
Analyses tend to be divided as engineering and specialty. The
engineering analyses include such aspects as thermal, stress,
dynamics, kinematics, power distribution, and control. Such analyses
should be performed for all mechanical and human elements of any
system that must perform in anything other than benign environments
doing anything other than routine, non-critical and non-safety
functions. Any "stress" whatsoever should invoke analysis
at the level of engineering models. For example, analysis of the
human element should include such aspects as the physiothermal
response if the environment is outside the comfort zone. In assessing
the need for such engineering analysis, the rule should be that
omissions must be justified.
Specialty analyses include such aspects as signatures, radar cross
sections, C3I analyses and trades, vulnerability, survivability,
human factors, effectiveness studies (at various levels of engagement),
mobility, logistics, reliability, penetration analyses for armor,
terrain generation, fire control, and timing. Every program should
include an evaluation of the scope and fidelity of the possible
analyses, and then omit analyses only upon justification. (Lack
of time, money and priority is often sufficient justification.)
A list of possible analyses can be derived rather easily from
literature searches.
6. The Human Element
Considerations of and concerns for the human element
are at the core of management of any endeavor, but risk management
is not human-centered. It focuses on such things as the policies,
procedures, planning and results of a program without any real
regard for who does what.
However, from a risk management perspective it is common to ponder
how we ever get anything done considering our frailties and often
less-than-grand motives, and we do get things done. Therefore,
the following is offered as a statement of the positive as much
as it is a condemnation of the negative aspects of human nature
on the failure of programs.
All programs experience some degree of risk and associated failure
simply because of clumsy, dumb, indifferent, misdirected, naive,
gutless, intellectually lazy and intellectually dishonest behaviors
on the part of its principals. And, this is the short list for
this type of behavior. There is not too much that can be done
about the majority of such factors from the perspective of risk
management except marvel at our ability to be our own worst enemy.
Some generalized examples from experience include:
Clumsy: Shoddy equipment calibration for quality control with
the Hubble optics, in a situation screaming for caution.
Dumb: Designing a WBS in the development phase of a program to
preclude competition in later manufacture-to-print phases of the
program.
Indifferent: Providing shoddy or incomplete work simply because
there is little visibility to the effort and the user has little
clout.
Naive: The belief that because something sounds logical it will
"play out" as envisioned.
Misdirected: Product development teams for the sake of having
such teams, i.e., fashion for fashion's sake. (See virtually any
recent RFP from the U.S. military.)
Gutless: Management's acceptance of a customer's meaningless,
but disruptive inputs...simply to avoid conflict.
Intellectually Lazy: Management by buzz words rather than by sweat
equity.
Intellectually Dishonest: Any or all of the rationalizations to
defend a failing program from funding cuts, i.e., the program
manager's syndrome.
Note that criminal behaviors are not discussed, but are a factor
to consider in some environments and organizations.
All of these are behavioral problems on the part of individuals
or groups of individuals. While we are all subject to such behavior,
we should make an effort to be professional in our approach and
also to avoid situations and organizations in which such behavior
by others is tolerated. When you find that the inmates have taken
over the asylum...check out!
7. References & Background Information
1_"System Engineering Management Guide," Technical
Management Department, Defense Systems Management College, 1989
2_Best Value Contracting Workshop II (notebook & videos),
June 30-July 1, 1994, Orlando, Florida, National Training Systems
Association, Two Colonial Place, 2101 Wilson Boulevard, Suite
400, Arlington, Virginia 22201-3061
3_"System Engineering Management," B. J. Blanchard,
John Wiley & Sons, Inc., 1991
4_"Defense Weapons Systems Acquisition," Report No.:
GAO/HR-93-7, United States General Accounting Office, December
1992
5_"Critical Issues in The Defense Acquisition Culture, Government
and Industry Views from the Trenches," J. Ronald Fox, Project
Chairman, Defense System Management College-Executive Institute,
December 1994.
6_DoD Directive 5000.1, "Defense Acquisition," March
15, 1996 (and associated documents). DoD Directives
7_"System Engineering, An Introduction to the Design of Large-scale
Systems," H. H. Goode & R. E. Machol, McGraw-Hill, 1957
8_"Risk Management, Concepts and Guidance," Defense
Systems Management College, Ft. Belvior, VA 22060-5426
9_"Program Manager's Notebook" Defense Systems management
College, 1989
10_"Product Design and Development," K. T. Ulrich &
S. D. Eppinger, McGraw-Hill, 1995
11_"Design to Reduce Technical Risk," AT&T, McGraw-Hill,
1993
12_Testing to Verify Design and Manufacturing Readiness, AT&T,
McGraw-Hill, 1993
13_"System Engineering," EIA Interim Standard 632 (draft),
The Electronic Industries Association, 2001 Pennsylvania Avenue,
Washington, DC 20006-1813, 1994
14_Military Standard, Engineering Management, Mil-Std-499A, 1974
15._Military Standard, Engineering Management, Mil-Std-499B (pre-coordination
draft-not for official uses), 1991
16_"Program Manager's Workstation (Blue Book, Course Manual
BMP Course No. 101A)" Best Manufacturing Practices, Center
of Excellence, 4321 Hartwick Road, Suite 400, College Park, Maryland,
20740
17_"Best Practices-How to Avoid Surprises in the World's
Most Complicated Process, The Transition from Development to Production,"
Report NAVSOP-6071, Department of the Navy, March 1986
18_DoD Manual 4245.7, "Transition from Development to Production,
Solving the Risk Equation"
1. Introduction
1.1 Scope of RMPP
1.2 Program Overview & Description
1.2.1 End Items
1.2.2 Organization
1.2.3 Schedule, Milestones & Reviews
2. Risk Management Practices
3. Baseline Risks
3.1 Risks Defined by Contract
3.2 Customer Retention of Risks
3.3 Risk Reviews (accomplishments and/or plans)
3.4 Risks
4. Risk Management Tools
4.1 Development Test Approach
4.2 Analysis Plan
4.3 System Simulations Laboratory
4.4 Maturation Plan
4.5 Verification Plan
5. References
RMPP Appendix A
Risk ranking Tools
Risk Templates
Executive Summary
Describe the risk, its rank and (very briefly) how it
will be manage...three paragraphs at most.
1. Risk Background
Description (include identification numbers, "name",
description)
How Identified (Review, RFP, Problem, etc.)
Risk Indicators
2. Risk Assessment
Accomplishments
Consequences (summary of worksheet)
Probability (summary of worksheet)
Rank Calculation (show point on risk space)
Affected WBS Elements
Affected Interfaces
Affected SOW Elements
Make-or-Buy Considerations
Affected Schedules & Budgets
Risk Propagation
3. Risk Ownership
Organizations and Position Holders
4. Risk Management Approach
Goals & Description of Approach
Accomplishments
Detailed Description of Selected Method
Risk Specific Tasking (design, test, analysis, simulation, etc.)
Risk Specific Schedules
Risk Specific Budgets
Success Criteria & Decision Points
Brief Descriptions of Alternative Approaches
5. References
Appendices as Required
1. Purpose
The purpose of the proposal manager's review is to achieve a solid basis for the proposal for the following aspects:
- Effectiveness of communications in the boiler room environment of the proposal via a common nomenclature re the specific risks and risk management in general
- Baseline definitions of risks and integrated priorities as a basis for business decisions during the proposal
- Establish firm control by the proposal manager of all facets of all risks
- Capture into the proposal effort of customer risks explicitly cited in the bid package
- Capture into the proposal of the experience of the marketing and chase teams
- Capture into the proposal effort of all specific RFP requirements for risk management
- Provide a basis for transition from business orientation of proposal to performance orientation for successful award.
2. Participants
- Proposal Manager (not a deputy, not a surrogate... the PM)
- Risk Management Staff (usually RM and an assistant)
- Finance
- Subcontracts (as representatives for probable subcontractors)
- Contracts
- Engineering Discipline Chiefs (structural, mechanical, electrical, thermal, software, etc.)
- Functional Chiefs (system engineering, manufacturing, design, test, etc.)
- Proposal Production Staff Manager
3. Agenda
- Introduction (task at hand, personalities, schedule for session and schedule for post review activities): 5 -10 minutes
Corporate culture will indicate if meeting is rigid or if people can wander in and out, if refreshments are needed, etc. A free-for-atmosphere is generally good since, in part, the session is one of brainstorming.
- Proposal Manager's Commitment Statement: Extemporaneous (2-3 minutes)
- Program Description (Chase Leader or Proposal Manager): 5-10 minutes
- Risk Management Primer (Risk Manager): 15-45 minutes
- RFP Requirements: 5-15 minutes
- Issues & Risk Identification Round Robin(outlined in the Primer session): 20-40 minutes (programs at $1Ms) to 4 hours (programs to $100Ms).
The RM leads a person-by-person (first-cut) assessment of the issues of concern to each person in the meeting. No exceptions. Comments are captured onto overheads or whiteboards as handwritten notes (This is the assistant's job among other things.). Literally, up and down the rows, around the table or whatever. No real distinction is made between risks and concerns at this time.
It is helpful to have a checklist of WBS elements and other maps of the system to assure coverage. These are marked as issues are discussed.
Each issue is identified as a name (e.g., radar mounting natural frequency) and a one- or two-line description (e.g., gear has an annoying and possible dangerous tendency to bang against its stops on climb out).
While the "experts" are expected to initiate specific risks, allied areas (technical and non-technical) are encouraged to participate. When someone does not speak up as expected, assume they have a concern and ask them directly if their silence is ominous.
- Summary Review: 30 - 60 minutes
After the last person has contributed, the last is tallied ( "We have 24 items." ), and each item is discussed in terms of a sanity check, adequacy of the name, correction of the description, a leader for the item for the proposal and probably seriousness. The PM then gives his seal of approval for the item as something requiring at least special attention and probably risk management treatment for the proposal. Issues the PM deems too sensitive for team-level awareness are struck from the list and returned to his personal management. Note: The PM can get issues of a routine nature assigned to him for standard risk management.
- Closure: 3-5 minutes
The review closes with the PM noting that the RM will be visiting each individual over the course of the next several days to begin the process of implementing risk management for the proposal. These visits correspond to the interview process of the DSMC's procedures.
The Proposal Manager will note that a brief follow-up meeting may be necessary if the interviewing process significantly impacts the issues list to the point that it must be re-intriduced to the team at large. He also notes that risk management will be reported at all status meetings of the proposal team.
He finally notes that an official list of risks will be published for the team's use. This list will include the necessary identification of the risks, assessments of seriousness and consequences and assignments of responsibilities.
4. Comments
This review format works. It is an effective tool for identifying risks, creating a common understanding of risks by all responsible individuals and for the initiation of an integrated and complete risk management approach for the proposal.
The review promotes a disciplined approach to handling these sensitive issues.
There are a several factors that are felt to contribute to the effectiveness of the review:
- Early in any effort the enthusiasm is at a high point and parochial positions have not had too long to emerge and solidify.
- Risks are generally well know, and this format lends itself to the capture of common knowledge.
- The PM had direct and immediate control of sensitive issues so pointless activities are nipped in the bud. Such issues can be pet peeves of key principals, people confusing difficult tasks with risky tasks, and issues that must be very carefully managed from a business sensitivity basis.
5. Preparation
The risk manager must prepare for the review. Some things that must be accomplished are:
- Developing a production and meeting schedule around the PM's schedule. Schedule the resources for the review.
- Develop a list of persons required to attend and a mailing list.
- Review the RFP to identify risks and the risk management requirements explicitly required for the proposal.
- Identify customer risk management standards applicable to the phase of the program (development, preproduction, production, etc.). Obtain copies of the standards for the proposal room library. Send copies of key documents to all participants prior to the review.
- Develop a RM Primer tailored to the situation after assessing the scope of work and discussions with the PM and marketing/chase principals. Strive for a succinct presentation of the generic and specific aspects of risk management.
Develop either a checklist of the WBS or a surrogate list of applicable
disciplines, functions, deliverables and interfaces to serve to
steer the review process. Discuss with PM and other knowledgeable
individuals.
This information was supplied by C.W. Simmons see C.W. Simmons home page for
more details.
Back to Home page MANAGING STANDARDS Home page
Back to top of page Click here
Please send any beneficial comments or identification of errors
using the following form to: kenr@wysywig.airtime.co.uk
