Risk Management Toolkit

Process Assets


Risk Management home

Process Assets
Standard Process
  • Definitions
  • Steps of Process
  • Tailoring Guidelines


  • Self Assessment
  • Compliance Process
  • CMMI Risk Management Goals
  • Risk Review


  • AF Policy Directive 90-9: Operational Risk Management, 1 April 2000
  • AFI 90-901: Operational Risk Management, 1 April 2000
  • AFMC Instruction 90-902: Operational Risk Management, Dec 2007

    Support Assets

  • Affinity Diagrams
  • Brainstorming
  • Risk Plotting
  • Risk Statements


  • Individual
  • Consolidated
  • Risk Areas

    Tools & Techniques

  • RiskNav
  • Risk Matrix
  • Risk Radar
  • Cost Risk and Uncertainty - Chapter 14, GAO Cost Estimating and Assessment Guide, Mar 09


  • Risk Process Orientation
  • Detailed Risk Process
  • Facilitator Training


  • Sample Risk Management Plan
  • Process Lessons Learned



    DSMC Risk Management Guide for DoD Acquisition, February 2001
    This DSMC guidebook provides acquisition professionals and program managers with a reference for dealing with system acquisition risks. The guide takes the reader from an introduction to basic risk management concepts through implementation and techniques that address the aspects of risk management.

    Download PDF file.

    AFMC Pamphlet 63-101: Acquisition Risk Management (ARM), 9 July 1997
    This document describes the process and methods AFMC uses for managing program risk, proposal risk and performance risk. The guide also describes processes for establishing the impact of cost and schedule risk. The AFMC risk management processes can be used and adapted to meet the needs of any program.

    Download PDF file.

    DoD 5000.2-R: Recommended Procedures for Major Defense Acquisition Programs (MDAPS) and Major Automated Information System (MAIS) Acquisition Programs, 10 June 2001
    This Regulation is issued under the authority of Department of Defense (DoD) Instruction 5000.2, "Operation of the Defense Acquisition System," October 23, 2000 and is effective immediately. This Regulation sets forth mandatory procedures for MDAPs and MAIS acquisition programs; serves as a general model for other acquisition programs; implements DoD Instruction 5000.2, the guidelines of Office of Management and Budget (OMB) Circular A-11, and current statutes; and contains formats to be used to prepare various milestone documentation, periodic in-phase status reports, and statutory certifications.

    Download PDF file.

    AF Instruction 90-901: Operational Risk Management, 1 April 2000
    This instruction establishes the requirement to integrate and sustain operational risk management (ORM) throughout the Air Force. It assigns responsibilities for program elements and contains program management information. HQ Air Force staffs, major commands (MAJCOMs), direct reporting units (DRUs) and field operating agencies (FOAs) are responsible for establishing and sustaining their respective programs according to the program elements described in this instruction. It applies to all Air Force personnel and functional areas, including the Air Force Reserve and Air National Guard. Do not supplement this instruction without prior review by the Air Force Chief of Safety (AF/SE).

    Download Word document.

    AF Policy Direction 90-9, 1 April 2000
    This directive establishes the Air Force Operational Risk Management (ORM) Program. The management of risk, all dimensions of risk, is key to maximizing mission effectiveness and sustainment of readiness. ORM principles, techniques, and tools will be used to increase mission success, strengthen job performance, and identify opportunities to expand mission capabilities in all areas and at all levels, thereby strengthening the Air Force's warfighting posture.

    Download Word document.

    Implementing a Risk Management Process for Large Scale Information System Upgrade - A Case Study, presented at INCOSE by Paul R. Garvey
    This paper presents a risk management process implemented by the government on a large-scale, multi-billion dollar, information system upgrade. The major features of this process are described. This includes how risks are identified, how the potential impacts of risks are assessed as a function of multiple evaluation criteria, and how identified risks are scored to produce a most-to-least critical risk ranking. In addition, methods are described for evaluating risk mitigation progress and visually displaying risk status to decision-makers. The paper concludes with a summary of best practice considerations and recommendations.

    Download Word document.

    Back to top


    Back to top