Avoiding all risk is a near impossibility given the complex business environments many of our largest Federal agencies operate in. This is especially true in the acquisition space where both internal and external demands can destabilize pre-planned processes. Rather than aiming to avoid risk, organizations should implement flexible risk mitigation strategies that enable personnel to manage risk before they negatively impact acquisition efforts.
Risk, defined as the potential variation between a planned approach and the expected outcome, has three main components: the future cause, a probability assessed on that cause happening, and the consequence of its occurrence. Risk mitigation is the process of planning, developing, and deploying methods and procedures aimed at reducing, or avoiding, identified threats. Risk mitigation is a dynamic process that, to be effective, requires active engagement at every step of an acquisition’s life cycle beginning during the requirement development phase.
Risk Mitigation Process:
- Risk Identification: This action examines each constituent element of the acquisition to identify associated root causes of risk embedded in the acquisition, begin the documentation of these risks, and set the stage for their successful mitigation.
- Risk Analysis: There are two main intentions of this activity. The first is to evaluate the probability, or likelihood, of the occurrence of identified root causes. The second is to assess the consequences to the acquisition if a root cause risk does occur. A risk level can then be calculated using a risk matrix that evaluates root causes on their likelihood of occurrence compared to their estimated impact.
- Mitigation Planning: This step in the process develops, assesses, and selects options to set risk at acceptable levels given a program’s constraints and an acquisition’s objectives. Risk mitigation planning is not intended to prohibit an acquisition, rather it is designed to encourage the success of that acquisition. The mitigation plan includes the specifics of what should be done, when it should be accomplished, who is responsible, and the resources that are required for successful implementation.
- Mitigation Plan Implementation: This phase is the execution of the plan that was formulated in the previous step. The primary focus should be the collaboration of all individuals involved in an acquisition to ensure everyone is aware of the mitigation plan and identified root causes.
- Risk Tracking: The final step involves the documentation and consistent monitoring of the mitigation’s plan success and identified root causes. Depending on the complexity of the acquisition, this step could also include alerting stakeholders of new potential root causes that will require action to mitigate their risk.
By identifying and analyzing root causes of risk early in the acquisition planning process, an acquisition can be tailored to specifically reduce, or in some cases avoid, root causes of risk that have a high likelihood of occurring, will have a high impact, or both. Furthermore, an acquisition strategy should include a detailed risk mitigation plan and implementation strategy that can help guide a program to best accomplish the objectives they are setting out to achieve with a specific acquisition.
WBD prides itself in providing full life cycle acquisition support. Our experts are well-practiced at developing and deploying well-defined risk mitigation strategies that ensure acquisitions smoothly move for one phase to another. This cradle-to-grave approach helps our clients make better decisions at every point in their acquisition process.
Author: Ben Foley, Senior Associate at WBD, is a procurement and project management professional engaged with the firm’s and an international development professional engaged with the firm’s Office of Personnel Management, Kansas City, and MCC awards.