1.1 Risk Definition

The possibility of loss, injury, disadvantage or destruction.

Apply this definition to the issues of program management and you have the starting point for successful risk management.

Please note that the "Apply...to the issues of program management..." is meant to imply a concerned, experienced, energetic and capable effort towards any and all issues of immediate and long-range concern within the purview of program governance. The position here is that no definition of risk, no matter how convoluted, will reduce risk one iota. Management must know its job and must do it.

It is possible, of course, to gain some insight by considering the types of risks such as programmatic, technical, cost, schedule and sometimes supportability. There is also the consideration that acquisition risks are a part and often mingled with risks such as encountered in other venues such as health, safety, insurance/underwriting , finance, business, environment and politics. However, what happens very often with elaborate definitions is that much time and energy are wasted trying to characterize a risk as opposed to managing it. Risks are so often interwoven as to type as to be Gordian knots , and a "cut the knot" attitude is best.

The recommendation here is that if a customer (either a contracting agency or a superior agency) requires some elaborate set of definitions (e.g., through contract terms) then use them (i.e., apply the Golden Rule), but otherwise avoid the trap of too much definition to the detriment of content. If cataloging of risks is desired, it is suggested that a matrix be used (Figure 1, Risk Identification Matrix).

The leftmost column of this risk definition matrix will be the risks, and across the top will be the categories: programmatic, technical, cost, schedule, supportability and others as appropriate. Each risk has the applicable items of the categories checked. This approach is easy to implement and it avoids needless discussions that will not contribute in proportion to the time spent. Columns for ownership, criticality, priority, and relative rankings can be added as the understanding of the risks evolve, producing a useful graphic for risk management briefing.

There are two definitions of risks that are currently fashionable within some procurement circles: proposal risks versus performance risks. The definitions tend to vary among sources. The preferred definitions are:

Proposal Risks:
Those risks inherent in the venture, i.e., to design and build a disposable external tank for a reusable spacecraft is inherently risky. Thus, an RFP for such a tank has embedded risks no matter who undertakes the development.

Performance Risks:
Those risks inherent in the proposed approach. A given contractor can implement an approach that has risks above and beyond those inherent in the venture. For example, a developer may elect to base key design decisions on analytical data rather than empirical data to reduce costs at some increase in risk.

These definitions must be addressed during a proposal if they are included in the RFP, but after an award they are probably not too useful to a performing organization. Some sources (e.g., Reference 2) define the proposal risk as being the risk associated with the contractor's approach and the performance risk as being related to the contractor's track record.