Call Us: US - +1 845 478 5244 | UK - +44 20 7193 7850 | AUS - +61 2 8005 4826

economic statistics and assumptions

Risk Matrix

Risk Matrix is a software application that can help identify, prioritize, and manage key risks on a program. MITRE created it to support a risk assessment process developed by a MITRE DoD sponsor. MITRE and the sponsor have expanded and improved the original process, creating the Baseline Risk Assessment Process. Although the process and application were developed for use by a specific sponsor, these principles can be applied to most government acquisition projects. (See Figure 3.)

Figure 3. Screenshot of Risk Matrix

Risk Matrix (as well as more information on RiskNav and Risk Radar) is available in the Systems Engineering Practice Office (SEPO) Risk Management Toolkit. Although Risk Matrix is available for public release, support is limited to downloadable online documentation.

Commercial Tools

Many commercial tools are available to support program risk management efforts. The government most commonly uses these risk management tools:

Both tools are web-based applications that support all steps in the risk management process.

Contractor Tools

Government programs sometimes implement a combined government/contractor risk management process that uses tools provided by the contractor. Multiple major government contractors have developed in-house risk management applications. Many applications are comparable to available MITRE and commercial tools and effectively support program risk management.

Customized Tools

Many smaller programs use Microsoft Excel or Access customized risk management tools. Some customized solutions meet the tool selection criteria outlined earlier. This is important when considering a customized solution that meets the needs of the program being supported.

Best Practices and Lessons Learned

Fit the tool to the process or assessment needed. Many types of risk analysis and management tools are available, including ones for financial analysis, cost-risk uncertainty, and traditional program management. Understand the need of the program, reporting, analysis (e.g., ability to modify risk impact scales to reflect the need), and accessibility (e.g., multiple user environment) before selecting a tool. Do not let the tool drive the process.

Change the tool if it does not support decision making and the process. As the risk process matures and reporting needs evolve, it is important to change the risk management tool used to support the changed environment. The following circumstances could warrant a change in the risk management tool:

  • New reporting requirements. It is best to use a tool that matches reporting requirements.
  • Increase in level of mitigation detail needed. Some tools capture only high-level mitigation plans, whereas others capture detailed plans with action steps and statuses.
  • Team capacity unable to support tool. If the tool is too burdensome, it is important to examine ways to streamline its use or change to another tool that better supports the program’s environment.

Maximize access to the tool. It is important that the widest cross-section of the team have access to the tool and is responsible for updates. This ensures distribution of workload and ownership and prevents bottlenecks in the process.