Defense Acquisition University Risk
Management Questions and Answers
Latest Updated 2023
What is Risk?
Risk: a measure of the potential inability to achieve overall program objectives within
defined cost, schedule, and technical constraints.
What is Risk Management?
A method for dealing with uncertainty.
- "Known-unknowns" - can be planned for, monitored and actively countered
- "Unknown-unknowns" - Identified/reduced through Risk Management process,
residuals are Risk Management failures; the program can only react to these
What are the five major phases in the Risk Management process?
1. Risk Management Planning
2. Risk Identification
3. Risk Analysis
4. Risk Response Planning
5. Risk Monitoring and Control
What are some activities of the Risk Management Planning phase?
-Deciding how to approach and conduct risk management for a specific project
-Analysis of the level, type, and visibility of risk management needed
-Produces the Risk Management Plan
What are some activities of the Risk Identification phase?
Answers the question "What can go wrong?" by:
-Looking at current and proposed staffing, process, design, supplier, operational
employment, resources, dependencies, etc.
-Monitoring test results, especially test failures
-Reviewing potential shortfalls against expectations
-Analyzing negative trends
What are some activities of the Risk Analysis phase?
Answers the question "How big is the risk?" by:
-Considering the likelihood of the root cause occurrence
-Identifying the possible consequences in terms of performance, schedule, and cost
-Identifying the risk level using the Risk Reporting Matrix
What are some activities of the Risk Response Planning phase?
Answers the question "What is the program approach for addressing this potential
unfavorable consequence?" by one or more of the following:
-Assuming the level of risk and continuing on the current program plan
-Avoiding risk by eliminating the root cause and/or the consequence
-Mitigating the cause or consequence
-Transferring the risk
What are some activities of the Risk Monitoring and Control phase?
, Answers the question "How can the planned risk response be implemented?"
It:
-Determines what planning, budget, and requirements and contractual changes are
needed
-Provides a coordination vehicle with management and other stakeholders
-Directs the teams to execute the defined and approved risk mitigation plans
-Outlines the risk reporting requirements for on-going monitoring
-Documents the change history
What is a Risk Rating Matrix?
A matrix comparing the "Likelihood" v.s. Consequence of an event (similar to the
Probability v.s. Severity matrix for the Navy)
Name the four Risk Response options?
-Assuming the level of risk and continuing on the current program plan
-Avoiding risk by eliminating the root cause and/or the consequence
-Mitigating the cause or consequence
-Transferring the risk
Describe three categories of program data and give an example of each.
Management Data:
-Earned Value reports and Data
-Work Breakdown Structure (WBS)
-Contractor's Software Development Plan (SDP)
System Support Data:
-Technical Data Package (TDP)
-Software/Automated System documentation
Operations & Support user and maintainer Data:
-Technical Manuals & Technical Orders
-Operator & User Manuals
Name four items that might be found in a TDP.
Engineering Drawings
Associated Lists
Software Documentation
Specifications (Functional, performance, physical, interface...)
Process Descriptions
Material Composition
Changes, deviations & waivers approved but not already incorporated.
Identify one method to contractually require the contractor to deliver data.
CDRL is the Contract Data Requirements List which communicates the data
requirements to the contractor
Describe three goals of Configuration Management (CM).
--Identify and Document the functional and physical characteristics
--Control changes to Configuration Items
--Record and report information needed to manage configuration items effectively,
including the status of proposed changes and implementation status of approved
changes
--Audit Configuration Items to verify conformance
Define Configuration Item (CI) and give two examples.
Management Questions and Answers
Latest Updated 2023
What is Risk?
Risk: a measure of the potential inability to achieve overall program objectives within
defined cost, schedule, and technical constraints.
What is Risk Management?
A method for dealing with uncertainty.
- "Known-unknowns" - can be planned for, monitored and actively countered
- "Unknown-unknowns" - Identified/reduced through Risk Management process,
residuals are Risk Management failures; the program can only react to these
What are the five major phases in the Risk Management process?
1. Risk Management Planning
2. Risk Identification
3. Risk Analysis
4. Risk Response Planning
5. Risk Monitoring and Control
What are some activities of the Risk Management Planning phase?
-Deciding how to approach and conduct risk management for a specific project
-Analysis of the level, type, and visibility of risk management needed
-Produces the Risk Management Plan
What are some activities of the Risk Identification phase?
Answers the question "What can go wrong?" by:
-Looking at current and proposed staffing, process, design, supplier, operational
employment, resources, dependencies, etc.
-Monitoring test results, especially test failures
-Reviewing potential shortfalls against expectations
-Analyzing negative trends
What are some activities of the Risk Analysis phase?
Answers the question "How big is the risk?" by:
-Considering the likelihood of the root cause occurrence
-Identifying the possible consequences in terms of performance, schedule, and cost
-Identifying the risk level using the Risk Reporting Matrix
What are some activities of the Risk Response Planning phase?
Answers the question "What is the program approach for addressing this potential
unfavorable consequence?" by one or more of the following:
-Assuming the level of risk and continuing on the current program plan
-Avoiding risk by eliminating the root cause and/or the consequence
-Mitigating the cause or consequence
-Transferring the risk
What are some activities of the Risk Monitoring and Control phase?
, Answers the question "How can the planned risk response be implemented?"
It:
-Determines what planning, budget, and requirements and contractual changes are
needed
-Provides a coordination vehicle with management and other stakeholders
-Directs the teams to execute the defined and approved risk mitigation plans
-Outlines the risk reporting requirements for on-going monitoring
-Documents the change history
What is a Risk Rating Matrix?
A matrix comparing the "Likelihood" v.s. Consequence of an event (similar to the
Probability v.s. Severity matrix for the Navy)
Name the four Risk Response options?
-Assuming the level of risk and continuing on the current program plan
-Avoiding risk by eliminating the root cause and/or the consequence
-Mitigating the cause or consequence
-Transferring the risk
Describe three categories of program data and give an example of each.
Management Data:
-Earned Value reports and Data
-Work Breakdown Structure (WBS)
-Contractor's Software Development Plan (SDP)
System Support Data:
-Technical Data Package (TDP)
-Software/Automated System documentation
Operations & Support user and maintainer Data:
-Technical Manuals & Technical Orders
-Operator & User Manuals
Name four items that might be found in a TDP.
Engineering Drawings
Associated Lists
Software Documentation
Specifications (Functional, performance, physical, interface...)
Process Descriptions
Material Composition
Changes, deviations & waivers approved but not already incorporated.
Identify one method to contractually require the contractor to deliver data.
CDRL is the Contract Data Requirements List which communicates the data
requirements to the contractor
Describe three goals of Configuration Management (CM).
--Identify and Document the functional and physical characteristics
--Control changes to Configuration Items
--Record and report information needed to manage configuration items effectively,
including the status of proposed changes and implementation status of approved
changes
--Audit Configuration Items to verify conformance
Define Configuration Item (CI) and give two examples.
