Recognizing and Mitigating Risk in Acquisition Programs



Similar documents
RISK MANAGEMENT GUIDE FOR DOD ACQUISITION

RISK MANAGEMENT GUIDE FOR DOD ACQUISITION

AF Life Cycle Management Center

Risk Management approach for Cultural Heritage Projects Based on Project Management Body of Knowledge

DRAFT RESEARCH SUPPORT BUILDING AND INFRASTRUCTURE MODERNIZATION RISK MANAGEMENT PLAN. April 2009 SLAC I

Using the Advancement Degree of Difficulty (AD 2 ) as an input to Risk Management

How to achieve excellent enterprise risk management Why risk assessments fail

Software Safety Strategy for US Navy Gun System Acquisition Programs

DCMA EVMS COMPLIANCE REPORT I LOCKHEED MARTIN AERONAUTICS CO.

GAO MAJOR AUTOMATED INFORMATION SYSTEMS. Selected Defense Programs Need to Implement Key Acquisition Practices

Using Parametric Software Estimates During Program Support Reviews

Session 4. System Engineering Management. Session Speaker : Dr. Govind R. Kadambi. M S Ramaiah School of Advanced Studies 1

Summary of GAO Cost Estimate Development Best Practices and GAO Cost Estimate Audit Criteria

Risk Management. Software SIG. Alfred (Al) Florence. The MITRE. February 26, MITRE Corporation

Appendix 3: Project Management Substation Guidelines (General Process Flow Template)

FUNBIO PROJECT RISK MANAGEMENT GUIDELINES

A Cure for Unanticipated Cost and Schedule Growth

Risk Management Primer

Risk/Issue Management Plan

Risk Management: Pro-active Principles for Project Success. Liz Markewicz Don Restiano

Space project management

// Taming an Unruly Schedule Using the 14-Point Schedule Assessment

Project Risks. Risk Management. Characteristics of Risks. Why Software Development has Risks? Uncertainty Loss

National Defense Industrial Association Systems Engineering Division Task Group Report Top Five Systems Engineering Issues

Thinking About Agile in DoD

Appendix V Risk Management Plan Template

Achieving True Risk Reduction through Effective Risk Management

Headquarters U.S. Air Force. Building CERs & SERs for Enterprise Resource Planning (ERP)

OPERATIONAL REQUIREMENTS DOCUMENT

Total Ownership Cost (TOC) and Cost as an Independent Variable (CAIV)

Ogden Air Logistics Center

The Program Managers Guide to the Integrated Baseline Review Process

GFP and CAP Basics Webinar Script Amber Barber 30 April 2010

Reliability Growth Planning with PM2

F-35 JOINT STRIKE FIGHTER. Problems Completing Software Testing May Hinder Delivery of Expected Warfighting Capabilities

Risk Management in DoD Programs

Indirect Cost Rates The hidden contract cost driver? Professor Greg Martin Defense Acquisition University gregory.

Is the Cost of Reliability, Maintainability, and Availability Affordable for Software Intensive Systems?

CPM-500 Principles of Technical Management

Incorporating Risk Assessment into Project Forecasting

Scheduling Process Maturity Level Self Assessment Questionnaire

Department of Defense DIRECTIVE

Palisade Risk Conference, 2014

+ The Killer Question For Every Manager

INFORMATION TECHNOLOGY PROJECT REQUESTS

Technology Readiness Assessment (TRA)

Supplier Risk Management. Presented By Bill Gibson, DCMA HQ Date: May 2001

Introduction to the CMMI Acquisition Module (CMMI-AM)

Fundamentals of Measurements

PROJECT RISK ASSESSMENT QUESTIONNAIRE

Implementing Program Protection and Cybersecurity

SECTION I PROJECT SUMMARY (TRW)

DoD Software Assurance (SwA) Overview

CHARACTERISTICS OF SUCCESSFUL MEGAPROJECTS

Capability Maturity Model Integrated (CMMI)

Placing a Value on Enterprise Risk Management ADVISORY

WORKFORCE COMPOSITION CPR. Verification and Validation Summit 2010

Contracts, agreements and tendering

All of these circumstances indicate that the world of tomorrow is as different as today s water utility business is from that of yesteryear.

ORACLE S PRIMAVERA RISK ANALYSIS

Cybersecurity Throughout DoD Acquisition

Earned Value. Valerie Colber, MBA, PMP, SCPM. Not for duplication nor distribution 1

PROJECT MANAGEMENT METHODOLOGY SECTION 3 -- PLANNING PHASE

ODIG-AUD (ATTN: Audit Suggestions) Department of Defense Inspector General 400 Army Navy Drive (Room 801) Arlington, VA

Risk Workshop Overview. MOX Safety Fuels the Future

Project Selection Guidelines

Project Planning and Control. Main issues: How to plan a project? How to control it?

Implementation of the DoD Management Control Program for Navy Acquisition Category II and III Programs (D )

PROJECT MANAGEMENT AND THE ACQUISITION OF MAJOR SYSTEMS

AfDB New Procurement Policy: Training Program for the Bank s Procurement Staff. Risk-based design of Procurement Arrangements - Introduction

CYBERSECURITY CHALLENGES FOR DOD ACQUISITION PROGRAMS. Steve Mills Professor of Information Technology

Report No. DoDIG April 27, Navy Organic Airborne and Surface Influence Sweep Program Needs Defense Contract Management Agency Support

Defense Contract Management Agency

Using Earned Value Management Concepts to Improve Commercial Project Performance

SYSTEMS ENGINEERING FUNDAMENTALS

Basic Project Management & Planning

Systems Thinking in DoD Program Management

Flexible, Life-Cycle Support for Unique Mission Requirements

Service Availability Metrics

OPERATING AND SUPPORT COST-ESTIMATING GUIDE OFFICE OF THE SECRETARY OF DEFENSE COST ANALYSIS IMPROVEMENT GROUP

Construction Bond Audit Report. Office of Auditor General

RISK MANAGEMENT REPORTING GUIDELINES AND MANUAL 2013/14. For North Simcoe Muskoka LHIN Health Service Providers

Advanced Risk Analysis for High-Performing Organizations

Enterprise Resource Planning Systems Schedule Delays and Reengineering Weaknesses Increase Risks to DoD's Auditability Goals

PROJECT RISK MANAGEMENT

Process In Execution Review (PIER) and the SCAMPI B Method

Developing CMMI in IT Projects with Considering other Development Models

DCAA / DCMA: Progress or Status Quo? Presented By: Christine Williamson, CPA, Member Kristen Soles, CPA, Member

Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Industrial Cyber Security Risk

An Introduction to Risk Management. For Event Holders in Western Australia. May 2014

Transcription:

Professional Development Institute May 27 th to May 29 th 2015 Recognizing and Mitigating Risk in Acquisition Programs D e b r a E. H a h n D e b b i e. h a h n @ d a u. m i l 703-805- 2830 1

DoD Risk Management Policy DoDI 5000.02. Operations of the Defense Acquisition System, (1/21/15) Specifies the Technology Maturation and Risk Reduction Phase Risk Reduction Decision, called Milestone A by DoD, is an investment decision to pursue specific product or design concepts, and to commit resources required to mature technology and/or reduce any risks that must be mitigated prior to decisions committing the resources needed for development leading to production and fielding. The PM is responsible for implementing effective risk management activities DoD Risk Management Guide for Defense Acquisition Programs, (12/2014) This guide promotes the DoD process to identify, analyze, mitigate, and monitor risks, issues, and opportunities. Proactively addressing not only risks, but also issues and opportunities can help programs achieve cost, schedule, and performance objectives at every stage of the life cycle. The DoD risk management process is fundamental to acquisition program success 2

Exercise 1 In the context of the DoD acquisition environment; 1. Define risk 2. Explain the components of risk 3. Explain how risk is measured 4. Outline the relationship between risk and opportunity 3

What is Risk? The potential for a negative consequence due to a future undesirable event that may or may not occur. The measure of potential consequence or impact of a specific event on a program s/weapon system s ability to meet cost, schedule and/or technical objectives Risk has three primary components: Probability of the activity/event occurring or not occurring Consequence or effect resulting from the activity/event occurring or not occurring Root Cause the future event which if eliminated will prevent occurrence/non-occurrence 4

Identification of Root Causes List WBS product or process elements Examine each in terms of risk sources or areas Determine what could go wrong? Ask why until the source(s) is/are discovered Apply approach early & continuously 5

Increasing Number Dollar Value Risk and Issue Relationships Program Definition System Design Production Options to Handle Risk and Opportunity Management Issue Management Cost to Handle Highest Number of Risks Highest Risk Impact Note: Modified from Risk Management for Software by Tom Demarco and Tim Lister 6

Risks, Opportunities, and Issues Technical Events Programmatic Events Business Events Events What can go wrong? What has gone wrong? What can be improved? Risk Management Issue Management Opportunity Management Consequences: Cost, Schedule, and Performance Source: DoD Risk Management Guide for Defense Acquisition Programs, 7 th Edition (Interim Release, Dec 2014 7

Risk Identification Technical: Those risks that may prevent the end item from performing as intended or failing to meet performance expectations Programmatic: Those risks that are generally within the control or influence of the PM or PEO Business: Those risks that generally originate outside the program office or are not within the control or influence of the PM or PEO Source: DoD Risk Management Guide for Defense Acquisition Programs, 7 th Edition (Interim Release), Dec 2014 8

Risk Identification Technical Requirements Technology Engineering Integration Test Manufacturing Quality Logistics Training Programmatic Estimates Program Planning Program Execution Communication Contract Structure / Provisions Business Dependencies Resources Priorities Regulations / Laws Market Customer Weather Source: DoD Risk Management Guide for Defense Acquisition Programs, 7 th Edition (Interim Release), Dec 2014 9

Internal Sources of Risk Funding Instability -- Funding Execution Planned Contractor Performance (EVMS) PMO and Contractor Communications Acquisition Strategy Joint and International Program Design Instability Optimistic Technology Transition -- Technology Maturity Levels Aggressive Schedule -- Success Driven Planning Concurrency in Design & Test, Test & Production, and Long Lead Multiple Program Integration Logistics Planning Cost Estimating Methods and Confidence Modeling and Simulation Concurrent Development and Operational Test and Evaluation Software Development 10

External Sources of Risk Threat Changes Requirements Instability Funding Availability Affordability Issues Technology Maturity and Insertion Contractor Capability and Performance New Manufacturing Process Test Facility Availability Defense Industrial Base Unplanned Obsolescence Environmental Law Changes Labor, Material, or Overhead Rate Increases Interoperability Personnel Turnover and Staffing Poor Subcontractor/Vendor Management Political Support from Warfighter, Service, Congress 11

Interdependencies Schedule Technical Cost 12

Interdependencies Schedule Risk Technical Cost Program Management is Managing Risk 13

Interdependencies Schedule Risk Technical Cost Budget Risk Program Management is Managing Risk 14

Inter-relationships Program Management Risk 15

Risk Management Process Risk Identification What can go wrong? Risk Monitoring How has the risk changed? Communication and Feedback Risk Analysis What is the likelihood and consequence of the risk? Risk Mitigation Should the risk be accepted, avoided, transferred, or controlled? Avoid Transfer Control Accept 16

Systemic Areas of Risk (DASD (SE)) Program Schedule 42% are not realistic & 28% are not likely to achieve planned schedule Budget 38% are not sufficient for required efforts Acquisition Strategy 32% need restructuring Design Verification 26% have incomplete or inadequate testing Reliability Performance 26% have not established a reliability growth plan Risk Management -25% do not have sufficient tools or do not use appropriate methodologies Requirements Development 25% are vague, poorly stated, or not defined 17

Risk Identification Material Solution Analysis Technology Maturation & Risk Reduction Engineering and Manufacturing Development Production and Deployment Operations and Support Stable requirements Stable requirements Stable requirements Stable Funding Stable Funding Stable Funding Stable Funding Stable Funding Alternatives Technical maturity Technical maturity Technology Obsolescence Subcontractor/Partners Industrial Base Adequate skills/people Specifications adequate Meeting KPPs GFE / NDI & COS Technology Obsolescence Subcontractor/Partners Industrial Base Adequate skills/people Production capability Tooling and systems? GFE / NDI & COS Reliability Logistics Support Industrial Base 18

Risk Statements Purpose: to determine a concise description of risk A risk statement must capture the activity or event that is causing concern for a potential negative impact to the program, followed by a description of the expected consequence to the program. If Condition then Consequence will occur Timing Condition: a phrase briefly describing the root cause of the risk; the activity that is causing concern, doubt, or uncertainty Consequence: a phrase that describes the negative program impact Timing: a phrase that identifies when the consequence will occur 19

If, Then Statement - Examples IF my car runs out of gas, THEN I won t be able to drive home tonight. IF the widget doesn t pass IOT&E testing, THEN the program will not conduct Full Rate Production Decision Review on June 27 th. IF new the stealth technology doesn t reach Maturity Level 7, THEN the aircraft will have a visible radar signature at MS-C. 20

Exercise 2 You ve agreed to plan, organize and host a Surprise 50 th Birthday Party for your best friend. Write three IF - THEN statements for risks associated with the party being a success. 1. 2. 3. 21

Risk Dilemma Weapon System Acquisition and DoD program management is a dynamic environment where cost, schedule and technical performance frequently change based on internal and external factors resulting in known and unknown risks Program Team s Mission: To maintain an effective balance between risk and the cost, schedule and technical baselines/objectives to assure the program requirements are met. 22

Risk Reporting / Risk Matrix Level 5 4 3 2 1 Likelihood Near Certainty Highly Likely Likely Low Likelihood Not Likely Likelihood Probability ~ 90% ~ 70% ~ 50% ~ 30% ~ 10% High 5 4 3 2 Low 1 2 3 4 5 Source: Risk Management Guide for DoD Acquisition, 6 th Edition, August 2006 Low Low Impact Moderate High High 7 23

Program Impacts Level Technical Performance Schedule RDT&E Cost Procurement Operation& Maintenance 1 Minimal or no impact Minimal or no Impact Minimal or no Impact < $A or _% of Budget Minimal or no Impact < $A or _% of Budget Minimal or no Impact < $A or _% of Budget 2 Minor reduction in performance/supportability Tolerated with little or no impact on program Able to meet key dates Slip < months Budget or UPC increase $A<$B or _% of Budget Budget or UPC increase $A<$B or _% of Budget Budget or UPC increase $A<$B or _% of Budget 3 Moderate reduction in performance/supportability Limited impact on program objectives Minor slip, able to meet key milestones with no schedule float Slip < months Budget or UPC increase $B<$C or _% of Budget Budget or UPC increase $B<$C or _% of Budget Budget or UPC increase $B<$C or _% of Budget 4 Significant degradation in performance/supportability May jeopardize program success Program critical path affected Slip < months Budget or UPC increase $C<$D or _% of Budget Budget or UPC increase $C<$D or _% of Budget Budget or UPC increase $C<$D or _% of Budget 5 Severe degradation in performance/supportability Will jeopardize program success Cannot meet key program milestones Slip < months Exceeds APB threshold >$D or _% of Budget Exceeds APB threshold >$D or _% of Budget Exceeds APB threshold >$D or _% of Budget Source: DoD Risk Management Guide for Defense Acquisition Programs, 7 th Edition (Interim Release), Dec 2014 24

Risk Exposure Matrix Use this matrix as a template for categorizing risk in terms of it s probability of occurring and the associated consequences Probability Probability Near Certainty Minimal Highly Likely Minimal Likely Minimal Low Likelihood Probability Near Certainty Minor Highly Likely Minor Likely Minor Low Likelihood Probability Near Certainty Moderate Highly Likely Moderate Likely Moderate Low Likelihood Probability Near Certainty High Highly Likely High Likely High Low Likelihood Probability Near Certainty Extremely High Highly Likely Extremely High Likely Extremely High Low Likelihood Low Moderate High Minimal Not Likely Minimal Minor Not Likely Minor Moderate Not Likely Moderate Impact High Not Likely High Extremely High Not Likely Extremely High 25

Probability Risk Mitigation High Mitigation Actions 1. Reduce the Probability of Occurring 2. Reduce the Impact 3. Reduce the Probability of Occurring and the Impact Low Low Impact High Remember: There are three potential impact areas: Cost Schedule Performance Low Moderate High Note: The Risk Matrix Values are AFTER your mitigation actions 7 26

Exercise 3 You ve agreed to plan, organize and host a Surprise 50 th Birthday Party for your best friend. Identify two Risk Mitigation Actions for each IF THEN statement from Exercise 2: 1-1. 1-2. 2-1. 2-2. 3-1. 3-2. 27

Net Factored Risk Net Factored Risk is a method of identifying and quantifying the potential financial impact of programmatic risk. Probability Impact Risk 1 90% $1,000 Risk 2 75% $50,000 Risk 3 50% $50,000 Risk 4 25% $50,000 Risk 5 10% $100,000 Net Factored Risk $251,000 Factored $900 $37,500 $25,000 $12,500 $10,000 $85,900 $165,100 Factored Risk = Probability multiplied by Impact 28

Net Factored Risk and Opportunity Probability Impact Factored Difference Risk 1 90% $1,000 $900 Risk 2 75% $50,000 $37,500 Risk 3 50% $50,000 $25,000 Risk 4 25% $50,000 $12,500 Risk 5 10% $100,000 $10,000 Net Factored Risk $251,000 $85,900 $165,100 Opportunity 1 90% $1,500 $1,350 Opportunity 2 50% $25,000 $12,500 Opportunity 3 10% $50,000 $5,000 Net Factored Opportunity $76,500 $18,850 $57,650 Net Factored Risk and Opportunity $174,500 $67,050 $183,950 Net Factored Risk and Opportunity = Factored Risk Less Factored Opportunity 29

Risk and Earned Value Undocumented Contractor s Risk; cost and schedule Control Account Manager Management Reserve Not just a Risk Reserve Account for Risk in determining level Control Account share based on Risk (Net Factored Risk) Estimate to Complete Cost Performance Schedule Performance Risk Performance Fixed Price Contracts attempt to transfer cost risk to the contractor 30

Risk and Cost Estimating Sensitivity Analysis Cost Drivers Parametric Estimating Methods CER Confidence Levels Black-Box Models Age, number, and Similarity of data points Coincidence Correlation Risk Estimate Identify Risk within Work Breakdown Structure (WBS) Assign Risk Factor to WBS Elements Revise WBS elements cost based on Risk Factor Identify and consider Schedule Risk An estimate that doesn t account for risk is deficient 31

Funding or Budget Risk RDT&E O&S Cost Focus Will Cost Should Cost FY16???? Sequestration Better Buying Power Budget Cuts DODI 5000.2 Procurement In today s fiscal environment, a program can be executing perfectly; be on plan, on schedule and on cost and still lose funding there just isn t enough to go around 32

Back-up Slides 33

Professional Development Institute May 29 th to June 3 rd 2012