Risk Management Toolkit

Support Assets


Risk Areas:

Risk Management home

Risk Areas' page

Process Assets
Standard Process
  • Definitions
  • Steps of Process
  • Tailoring Guidelines


  • Self Assessment
  • Compliance Process
  • CMMI Risk Management Goals
  • Risk Review


  • AF Policy Directive 90-9: Operational Risk Management, 1 April 2000
  • AFI 90-901: Operational Risk Management, 1 April 2000
  • AFMC Instruction 90-902: Operational Risk Management, Dec 2007

    Support Assets

  • Affinity Diagrams
  • Brainstorming
  • Risk Plotting
  • Risk Statements


  • Individual
  • Consolidated
  • Risk Areas

  • Tools & Techniques

  • RiskNav
  • Risk Matrix
  • Risk Radar


  • Risk Process Orientation
  • Detailed Risk Process
  • Facilitator Training


  • Sample Risk Management Plan
  • Process Lessons Learned


    Commercial items that require no unique government modifications or maintenance to meet the needs of the procuring agency.


    • Has market research been conducted?

    • Does market research include new COTS products and technology?

    • Have alternative methods of acquiring COTS products been evaluated?

    • Do cost estimates consider on-going costs of acquiring a COTS-based system or product?

    • Do schedule estimates consider on-going costs of acquiring a COTS-based system or product?

    • Did the project know of the availability of COTS products that meet functional requirements before development?

    • Is custom code required to:
      • extend the functionality of the COTS product?
      • integrate the COTS product with other products?

    • Does upgrading the COTS product upgrade require more memory or file space?

    • Are hardware upgrades or replacements compatible with current COTS software products?

    • How committed is the vendor to:
      • achieving promised delivery dates for COTS product?
      • delivering advertised functionality and performance for COTS product?
      • granting access to source code?
      • to supporting the current version of the COTS product?
      • to supporting the COTS product line - future versions or companion products?
      • to supporting the COTS product interfaces?
      • to supporting the COTS product technical, distribution and sales support?

    • What is the financial stability of the COTS product supplier and developer?

    • Does the COTS product:
      • support multiple hardware and operating system platforms?
      • limit hardware or operating system platform options?
      • conform to DoD technical standards?
      • conform to industry technical standards?
      • fully support initial and evolving requirements?
      • fully support fixed/unchangeable operational requirements and procedures?
      • meet quality requirements (e.g., reliability, performance, usability)?

    • Does the contractor:
      • have the technical experience to deliver a COTS-based system?
      • have tasks in the Statement of Work supportive of acquiring a COTS-based system?
      • have a strong relationship with the COTS product vendor?
      • have the business skills to negotate appropriate component costs and licensing?

    Back to top