Risk Management Toolkit

Process Assets


Risk Management home

Process Assets
Standard Process
  • Definitions
  • Steps of Process
  • Tailoring Guidelines


  • Self Assessment
  • Compliance Process
  • CMMI Risk Management Goals
  • Risk Review

  • Policy

  • AF Policy Directive 90-9: Operational Risk Management, 1 April 2000
  • AFI 90-901: Operational Risk Management, 1 April 2000
  • AFMC Instruction 90-902: Operational Risk Management, Dec 2007

    Support Assets

  • Affinity Diagrams
  • Brainstorming
  • Risk Plotting
  • Risk Statements


  • Individual
  • Consolidated
  • Risk Areas

    Tools & Techniques

  • RiskNav
  • Risk Matrix
  • Risk Radar
  • Cost Risk and Uncertainty - Chapter 14, GAO Cost Estimating and Assessment Guide, Mar 09


  • Risk Process Orientation
  • Detailed Risk Process
  • Facilitator Training


  • Sample Risk Management Plan
  • Process Lessons Learned


    For additional information on risk management best practices and lessons learned, please see the Risk Management topic and articles in the online MITRE Systems Engineering Guide.

    Self Assessment

    Risk Management Process Self-Assessment
    If your organization or project has implemented a risk management process, this survey can help you decide how well the process meets the CMMI goals and specific practices. The first part of the survey deals with specific goals and their associated specific practices. Your process must meet all of these specific goals and practices. The second part of the survey deals with generic goals and their associated generic practices. The extent to which your process meets these generic goals and practices indicates your level of process capability.

    Download Word file.

    Compliance Process

    ESC/EN Engineering Process Compliance Procedures, August 2002.

    Download PowerPoint briefing.

    CMMI Risk Management Goals

    Specific Goals and Practices:

    • SG 1: Prepare for Risk Management
      • SP 1.1: Determine Risk Sources and Categories
      • SP 1.2: Define Risks Parameters
      • SP 1.3: Establish a Risk Management Strategy

    • SG 2: Identify and Analyze Risks
      • SP 2.1: Identify Risks
      • SP 2.2: Evaluate, Categorize, and Prioritize Risks

    • SG 3: Mitigate Risks
      • SP 3.1: Develop Risk Mitigation Plans
      • SP 3.2: Implement Risk Mitigation Plans

    Generic Goals and Practices:

    • GG 1: Achieve Specific Goals
      • GP 1.1: Perform Base Practices

    • GG 2: Institutionalize a Managed Process
      • GP 2.1: Establish an Organizational Policy
      • GP 2.2: Plan the Process
      • GP 2.3: Provide Resources
      • GP 2.4: Assign Responsibility
      • GP 2.5: Train People
      • GP 2.6: Manage Configurations
      • GP 2.7: Identify and Involve Relevant Stakeholders
      • GP 2.8: Monitor and Control the Process
      • GP 2.9: Objectively Evaluate Adherence
      • GP 2.10: Review Status with Higher Level Management

    • GG 3: Institutionalize a Defined Process
      • Establish a Defined Process
      • Collect Improvement Information

    • GG 4: Institutionalize a Quantitatively Managed Process
      • Establish Quantitative Objectives for the Process
      • Stabilize Subprocess Performance

    • GG 5: Institutionalize an Optimizing Process
      • Ensure Continuous Process Improvement
      • Correct Root Causes of Problems

    Risk Review

    Guidelines for Risk Management Process Review
    Risk Management identifies potential problems before they occur so that risk-handling activities may be planned and invoked as needed across the life of the product or project to mitigate adverse impacts on achieving objectives.

    Download Word file.

    Back to top