Risk Management Toolkit

Process Assets

Standard Process

Steps of Process

Risk Management home

Process Assets
Standard Process
  • Definitions
  • Steps of Process
  • Tailoring Guidelines

  • Compliance

  • Self Assessment
  • Compliance Process
  • CMMI Risk Management Goals
  • Risk Review


  • AF Policy Directive 90-9: Operational Risk Management, 1 April 2000
  • AFI 90-901: Operational Risk Management, 1 April 2000
  • AFMC Instruction 90-902: Operational Risk Management, Dec 2007

    Support Assets

  • Affinity Diagrams
  • Brainstorming
  • Risk Plotting
  • Risk Statements


  • Individual
  • Consolidated
  • Risk Areas

    Tools & Techniques

  • RiskNav
  • Risk Matrix
  • Risk Radar
  • Cost Risk and Uncertainty - Chapter 14, GAO Cost Estimating and Assessment Guide, Mar 09


  • Risk Process Orientation
  • Detailed Risk Process
  • Facilitator Training


  • Sample Risk Management Plan
  • Process Lessons Learned


    For additional information on risk management best practices and lessons learned, please see the Risk Management topic and articles in the online MITRE Systems Engineering Guide.

    Step 1: Prepare

    • 1a. Obtain Buy-In from Program Manager
    • 1b. Identify and Notify Stakeholders
    • 1c. Identify and Distribute Objectives and Requirements
    • 1d. Identify Risk/Hazard Taxonomies

    View Step 1 Actions.

    Step 2: Identify Risks and Hazards

    • 2a. Assemble Stakeholders for Risk Assessment
    • 2b. Review Objectives, Taxonomies, and Process
    • 2c. Conduct Risk Identification
    • 2d. Group-Related Risks
    • 2e. Consolidate Related Risks and Write

    View Step 2 Actions.

    Step 3: Assess and Prioritize Risks

    • 3a. Identify and Get Consensus on Impact/Severity
    • 3b. Identify and Get Consensus on Probability
    • 3c. Identify Time Window when Risk Could Occur
    • 3d. Reassess Any Existing Risks in Database
    • 3e. Prioritize Risks by Impact, Probability, and Time
    • 3f. Identify Handling Bands

    View Step 3 Actions.

    Step 4: Decide on Control Options

    • 4a. Identify Handling Options Within Each Risk Band
    • 4b. Identify Risks to be Assumed or Watched
    • 4c. Identify Risks to be Avoided, Transferred, or Mitigated
    • 4d. Assign Plan OPRs for Avoided, Transferred, or Mitigated
    • 4e. Establish or Update Risk Database

    View Step 4 Actions.

    Step 5: Establish Handling Plans

    • 5a. Develop Draft Handling Plans and Resources
    • 5b. Manager Review and Approval of Handling Plans
    • 5c. Handling Plan Funded, Directed, and Integrated

    View Step 5 Actions.

    Step 6: Implement Handling Plans

    • 6a. Finalize Risk Management Plan and Management Infrastructure
    • 6b. Mechanism to Monitor Triggers, Cues, and Handling
    • 6c. Implement Handling as Authorized, Funded, and Scheduled
    • 6d. Provide Reporting on Handling Results and Progress

    View Step 6 Actions.

    Step 7: Monitor Handling Plans

    • 7a. Periodically Review Handling Plan Results
    • 7b. Stop or Modify Handling Plans and Resources
    • 7c. Retire Risks When Handling Plans Completed
    • 7d. Update Risk Database for Handling Process and Retirement

    View Step 7 Actions.


    • New Phase or Stakeholder?
    • Key Milestone Approaching?
    • "N" Months Since Last Assessment?
    • Is the Risk Process Working?

    View Decision Process.

    Back to top