Skip Ribbon Commands
Skip to main content

Risk Reporting Matrix

The primary goal of risk reporting is to provide the PM and other decision makers with a consistent method for managing and communicating risk to make data-driven decisions. The risk matrix is an effective tool to relay risk estimates in a visual display. This characterization also aids in prioritizing risks for risk mitigation.

Once the analysis of likelihood and consequence is complete, program teams should then use the risk matrix shown above. This matrix converts the combination of likelihood and the maximum of the cost, schedule, and performance consequence scores to form a risk level for each risk: low (green); moderate (yellow); or high (red). Programs can then use this rating level to communicate a top-level risk analysis. 

While these values are used to define the risk level (e.g., low, moderate, high), additional factors should be considered to prioritize risks. The cost-effectiveness of perceived risk mitigation options is a primary consideration in establishing priorities for the allocation of a program’s scarce resources among competing risks. Other considerations include the frequency of occurrence, time frame, and interrelationship with other risks. 

Programs should compare cost-burdened risk and mitigation strategies to inform decisions. For example, programs could use the expected monetary value (EMV) method as one factor in prioritizing risks based on anticipated returns from applying limited resources. The cost exposure or risk-weighted consequence of a risk can be expressed as its EMV, which is the likelihood of the risk multiplied by the cost consequence of the risk if realized. The cost of the risk mitigation effort is then subtracted from the risk-weighted consequence to determine the likely return on investment (ROI), including life cycle ROI. 

If resources are available, taking into account all other considerations, the program may choose to invest as much as practical (considering the risk-weighted consequence) to mitigate high-consequence risks. With limited resources, the program must compare the weighted expected returns when deciding where to invest.

The expected return is but one factor to consider among the entirety of cost, schedule, and performance considerations. And while EMV may work well for cost and schedule risks, performance risks may require additional engineering or operationally based evaluations. For example, a risk that affects the ability to meet a KPP or other identified critical criteria should normally be prioritized over other risks even if it has a lower ROI. Expected effectiveness of the mitigation strategy might be another consideration. 

In summary, the prioritization approach should consider the following:

  1. The likelihood and maximum of the cost, schedule, and performance consequence
  2. The cost and expected ROI of risk mitigation strategies
  3. Actual or expected impact on military utility
  4. Time frame, frequency of occurrence, and interrelationship with other risks
  5. Weighted expected return

Programs can then plot prioritized risks in the risk matrix.

Since safety and system hazard risks typically have cost, schedule, and performance impacts for the program, they should be addressed in the context of overall risk management. As a best practice, programs should include current high system hazard/ESOH risks together with other program risks on the prioritized risk matrix presented at key program decision points. Programs should use a Service-developed method to map these risks to the risk matrix and register, as appropriate.

There are no items to show in this view of the "DAU Sponsored Documents" document library.