Analysis of the DoD’s Risk Management Process

Published by on October 20, 2015 at 3:01 pm.

This article uses the Department of Defense Risk, Issue, and Opportunity Management Guide to analyze Innoslate’s capabilities and implementation of the DoD Risk Management Process.

You will find answers to the questions:

  1. What are Innoslate’s risk management capabilities?
  2. What are plans to close the gap between Innoslate’s capabilities and this DoD guide?

What is Risk Management and how does the DoD implement it?

According to The DoD Risk, Issue, and Opportunity Management Guide for Defense Acquisition Programs, Risk Management is “the process of identifying, analyzing, and attempting to handle the consequences of known risks, issues, and opportunities.” This definition has been updated in the DoD’s guide to not only manage program risks, but also to handle issues and opportunities. The DoD’s goal is to “both mitigate risks and create opportunities for technology development outcomes that could have a positive impact on meeting performance objectives as well as thresholds.”

What are RIO?

Risks, issues, and opportunities are the terms that the DoD uses to categorize events in their Risk handling Process.

The DoD guide defines Risks as future events or conditions that may have a negative effect on achieving program objectives for cost, schedule, and performance.

Issues are “events or conditions that have already occurred, are occurring, or are certain to occur in the future and have a potential negative impact on the program.”  The guide outlines the process of Issue Management to deal with known errors and faults.

The inclusion of Opportunity Management to Risk Management conveys a proactive methodology that seeks to, not only minimize the negative effects of dealing with chance, but also grasp that there is a positive outcome in obtaining the means and methods to deal with that risk. These means and methods are represented as Opportunities in the DoD guide.

The consequences of the three risk management terms are understood as impactful to a project’s cost, schedule, and performance. The DoD uses an approach to handle Risks that uses an iterative model. Planning, identification, analysis, handling, and monitoring make up the iterative DoD risk management approach.

Risk Management Tool Requirements

The DoD explicitly defines the need for a capable Risk Management Tool that a Project Manager should choose based on their requirements. Although the Project Managers requirements may be subjective, the guide outlines certain parameters that a good Risk Management tool should follow. Recurrence, helpfulness, accessibility, and supporting objectives are points that the guide defines as key capabilities of a good risk management tool.

Tracking and defining risks is an important part of the DoD risk management model. It is important to keep a consistent format to make searching and abstraction easy. The Risk Register chart includes different fields that the DoD model deems important.

Risk Register

Visualizing risks in terms of probability and consequence, helps with analysis and prioritization of resources. A risk-reporting matrix shows the relative positioning and categorization of identified risks. This matrix is capable of expressing risk levels and trends in a way that is easy to understand.

Risk Monitory and Trend Matrix

Issues are risks that have a 100% probability of occurring. A probability score is not necessary but consequence analysis and plans of action are still important fields to implement into an issue management. Issue tracking can be expressed with an Issue Tracking Register and Issue prioritization can be visualized with an Issue Reporting Matrix.

Issue Reporting Matrix

Opportunities can be thought of as risks with positive consequences. Therefore, they can be represented with the same kinds of registers and matrices that risks are expressed with. The differences being that the term consequence becomes benefit and a higher score is then preferable.

Opportunity Matrix and Criteria

How Can Innoslate Integrate with DoD Risk Management?

Innoslate currently has the ability to track and manage risks, define them using probability and consequence, and express them with a Risk matrix. Combining Innoslate’s Model Based Systems Engineering approach and its risk management capabilities will give a more integrated and correct portrayal of a given project.

Innoslate Risk Matrix

Is Innoslate Adapting to the DoD’s Expansive Methodologies of Risk Management?

Innoslate development is currently in the process of integrating the DoD’s RIO model into the tool. Reports that represent the DoD’s register can be generated with the tool and an auto-report function for RIO analysis is being worked into its reports suite. Different expressions of the Risk matrix to fulfill risk management roles are in the planning phase for Innoslate. Issue and opportunity handling integrations are being researched as to achieve the total DoD risk handling approach.

Learn more about DoDAF in Innoslate.


Office of the Deputy Assistant Secretary of Defense for Systems Engineering (2015) The DoD Risk, Issue, and Opportunity Management Guide for Defense Acquisition Programs.


Topics: ,