In the Defense industry, Risk Management is paramount. Most Defense companies have a whole department dedicated to it. No bid or project can start without a Risk Management Review and no bid will be accepted by a potential customer without the inclusion of a Risk Management Plan.
Risk Management is an ongoing process – it's "cradle to grave", starting on receipt of an invitation to tender, covering the bid period, the life of the project up to delivery then on through unique support phases.
The process, following distribution of an invitation to tender, will be that the allocated Risk Manager calls a meeting of all the department heads or their representatives. Thus, the attendance in respect of a sizeable bid will be something like: Risk Manager (Chairman), Project Manager, Bid Manager, Marketing Manager, Technical Lead, Quality Assurance, Configuration Management, Integrated Logistics Support and Verification and Acceptance Representatives, Procurement Manager , Contract Manager and Finance Manager.
A full day will be associated to the review and a number of systems may be used but one favorite is brain storming. Each member of the team writes as many risks as they can think of on sticky notes. These risks may be anything from "insufficient resources in contracts department put delivery of bid on time at risk" to "lateness of supplier deliveries delay program". As with most brain storming, anything goes, no matter how stupid an idea may appear.
At the end of the designated brain storming period, everyone sticks their risks on the wall under pre-agreed headings, for example Bid Management, Technical, Procurement and so on and duplicates removed.
The risks are then graduated within their headings from the worst impact on the project and the highest likelihood of occurring down to the least effect and least likelihood of impacting. The top 20 (this could be 50 or more for a very large and complex project) worst risks are then discussed in detail in order to formulate mitigation and contingency plans and to assess the possible cost in terms of both time and money should the risk impact .
Each risk is given an owner within the team, even if the risk is seen to be one over which only the Customer has control and following this initial meeting, each risk owner is interviewed by the Risk Manager. The purpose of the interview is to obtain the agreement of the individual that the contingency and contingency plans are possible and workable and that they will accept responsibility for that particular risk.
The Risk Manager compiles all the risks and their associated data and produces a chart showing the risk, its possible impact, the percentage likelihood of its impacting together with associated plans and ownership. The chart, or Risk Management Plan, is circulated among the project team for approval and when that process is complete, is basically Baselined and issued as part of the bid or project plan.
The next article will detail the management of the risks as they threaten the project.