Document ID: 4470466097

Issued: 2/6/2020
Revision: A
Revised: 3/17/2020

RISK AND OPPORTUNITY MANAGEMENT PLAN

FOR
SPEED RACER
Prepared By:

___________________________
A.Groenke
SPEED RACER Systems Engineering Lead

Approved By:

___________________________
J.Pokora
SPEED RACER Program Manager

___________________________
J.Scheinost
SPEED RACER Chief Engineer

___________________________
S.Hood
SPEED RACER Vehicle Lead
 DOCUMENT CHANGE HISTORY

The table below illustrates the version of each document and the reasons for the
changes. Comparing two versions of the same document helps one identify
differences

Revision Change Description Date POC

NC Initial Release 1/5/2020 S.Rashed
NC [In Review] 2/6/2020 A.Groenke
A Integrate CCRMB comments [Working] 3/11/2020 S.Rashed

Table of Contents
1.0 INTRODUCTION............................................................................................................ 1
1.1 Overview............................................................................................................................ 1
1.2 Applicable Documents..................................................................................................... 1
1.3 Risk and Opportunity Management Plan (ROMP)..........................................................2
1.3.1 Risk Matrix.................................................................................................................. 2

2.0 SCOPE............................................................................................................................... 3
2.1 Strategy.............................................................................................................................. 3

3.0 PROGRAM OVERVIEW................................................................................................ 3

3.1 Program Management Plan (PMP)...................................................................................4
3.2 Configuration Management Plan (CMP)..........................................................................4

4.0 RISK & OPPORTUNITY MANAGEMENT BOARD..................................................4

4.1 Overview and Activities.................................................................................................... 4
4.2 ROMB Members................................................................................................................ 5
4.3 ROMB Roles and Responsibilities ..................................................................................5

5.0 R/O MANAGEMENT PROCESSES.............................................................................. 7

5.1 Risk Identification............................................................................................................. 8
5.1.2 Risk Analysis............................................................................................................. 10
5.1.3 R/O Mitigation Planning............................................................................................12
5.1.4 R/O Handling Strategies............................................................................................ 13

6.0 R/O TOOLS AND PROCEDURES............................................................................. 14

6.1 R/O Life Cycle Actions.................................................................................................... 15
6.2 Issue Management.......................................................................................................... 15
6.3 Opportunity Management............................................................................................... 16
6.4 Planning........................................................................................................................... 16
6.5 Identification.................................................................................................................... 17
6.5.1 Risk Assessment....................................................................................................... 19
6.5.2 Opportunity Assessment........................................................................................... 21
6.5.3 Qualitative Assessment............................................................................................. 22
6.5.4 Quantitative Assessment...........................................................................................22
6.5.5 Risk Mitigation........................................................................................................... 23
6.6 R/O Escalation................................................................................................................. 23
6.7 R/O Metrics & Reports.................................................................................................... 24

List of Tables
Table 1 – R/O Management Roles and Responsibilities
Table 2 – Risk Definitions......................................................................................9
Table 3 – Sample Mitigation Plan............................................................................
Table 4 – Probability of Occurrence........................................................................

List of Figures
Figure 1 - Continuous Lifecycle Process 1
Figure 2 - Risk Process Flow...................................................................................
Figure 3 – Identification Flowchart...........................................................................
Figure 4 – Risk Factor Guidelines...........................................................................
Figure 5 - R/O Life Cycle Actions........................................................................15
Figure 6 - R/O Terms Definitions.............................................................................
Figure 7 - Risk Identification Details....................................................................18
Figure 8 - Example Risk Analysis Framework.....................................................20
Figure 9 - PID Matrix...........................................................................................21
Figure 10 - Example Opportunity Analysis Framework.......................................22
Figure 11 - Risk Waterfall Chart..............................................................................
1.0 Introduction
1.1 Overview

The risk and opportunity management (ROM) process is used to focus

management attention on potential events before they impact the organization
and to provide visibility in a structured, documented manner, to the efforts being
undertaken to handle risks and opportunities.

Risk and opportunity management is a continuous, iterative process. The

process utilizes a methodology to identify and assess risks and opportunities
(R/O), create handling plans for those R/Os, and monitor those actions to
completion as depicted in Figure 1 - Continuous Lifecycle Process.

Figure 1 - Continuous Lifecycle Process

1.2 Scope

This plan defines the methods and tools used throughout the ROM process to
accomplish the identification of R/Os on the SPEED RACER program. This plan
also identifies roles and responsibilities, process/organizational interfaces, and
guidelines for the identification, assessment, handling, monitoring, escalation,
and closure of risks at the functional level. The plan also illustrates different
documents that can provide different approaches when it comes to planning.
1.3
1.1 Strategy

The R/O Management process is implemented to proactively manage ROM

within the SPEED RACER program. All members of the SPEED RACER team
participate in identifying, capturing and mitigating/achieving ROM’s on a
continuous basis. The processes and tools defined herein will allow for various
groups to own and manage ROM’s within the respective group. A Change
Control and Risk/Opportunity Management Board (CCRMB) will be established
to manage significant/critical ROM events and/or provide a formal path of
escalation
1.4 Applicable Documents

 Systems Engineering Management Plan (SEMP)

 Program Management Plan (PMP)
 Risk and Opportunity Management Plan (ROMP)
 Configuration Management Plan (CMP)
 Integrated Master Plan (IMP)
 Integrated Master Schedule (IMS)
 Requirements Verification Plan (RVP)

1.5 Risk and Opportunity Management Plan (ROMP)

Risk and opportunity management plan (ROMP) involves the planning phase of a
project management plan (PMP). This phase of planning helps the program
identify potential risks that can arise during a project. ROMP provides a clear
guideline and roles for project stakeholders. ROMP document can also provide a
planned reporting and tools that can be used in planning. Figure 2 indicates the
simple process of ROMP

Figure 2- Risk and Opportunity Management Plan

1.5.1 Risk Matrix
ROMP has the risk matrix which helps define probability of occurrence of various
risks and the level of impact when a risk occurs. This helps organizations prepare
themselves earlier for any risk. Risk matrix is different from other analysis tools
that define risk in terms of numerical standards. Risk matrix evaluates risk
impacts base on qualitative analysis. This is achieved by assessing risks on a
critical scale. Figure 3 represents the risk matrix table.

Figure 3- Risk Matrix Heat Map

.

2.0 Program Overview

The SPEED RACER (Small Penetrating Expendable Decoy—Radically

Affordable, Compact, Extended Range) system is designed to maintain a
documentable relationship with system-level attributes for an operational vehicle
aligned with emerging DoD needs. This operational vision vehicle is referred to
as Compact Multi-Mission Truck (CMMT, “Comet”). With this intent in mind, the
SPEED RACER team is empowered to make decisions at the organizational
level closest to the related activity where the greatest knowledge resides, while
using modern tools to implement the digital thread. This enables the team to
move and adapt rapidly throughout development while continuing to further
SPEED RACER’s goals and objectives.

The SPEED RACER program objectives are to develop the flight test vehicle as
outlined above while ensuring the efficient procurement of COTS subsystems,
and to demonstrate the Air System’s capabilities through two flight tests.
Additional program objectives include minimizing risk and cost by implementing
objective manufacturing technology, in addition to COTS subsystems,
prototyping the digital thread within the 3DX platform, and demonstrating a
foundation for the development of the Compact Multi-Mission Truck (CMMT).
3.0 Risk & Opportunity Management Board
3.1 Overview and Activities
A Risk and Opportunity Management Board (ROMB) occurs biweekly but can
occur more frequently based on program needs. A decision log will be
maintained within the digital thread to capture any actions, changes, or notes
made at each ROMB.

The ROMB activities will include:

 Approval of recommended R/O items for inclusion/removal in the baseline
o Validating R/O definitions
o Validating likelihood and impact scoring
 Determination/Approval of the appropriate R/O mitigation method and
alternatives
o Validating mitigation approach and responsible owner
o Validating cost, schedule, and performance impact assessments
o Monitoring the status of chosen mitigation plans and their
effectiveness
 For opportunities only:
o Validating opportunity type
o Validating opportunity funding source
o Validating/Acknowledging opportunity integration timeline and
system impacts
o Monitoring status of chosen opportunity realization plans and their
effectiveness

The ROMB activities will not include issue management

3.2 ROMB Members

The SPEED RACER ROMB members are required stakeholders in the risk and
change management process. If a required member is unable to participate, a
delegate with decision-making authority must attend on behalf of the missing
participant. Multiple stakeholders may delegate to the same individual. For both
parties, the Program Manager and Chief Engineer hold the ultimate delegation of
authority and can veto other stakeholders at any time.

The ROMB will consist of the following program personnel:

 Risk Manager
 Program Manager
 Chief Engineer
 Air Vehicle IPT Lead
 Systems Engineering IPT Lead
 Other Subject Matter Experts, as required
3.3 ROMB Roles and Responsibilities

To ensure the successful implementation of the Risk Management Process, all

program personnel have the responsibility and authority to identify and document
risks and opportunities. These R/Os are to be directly communicated to the Risk
Manager, with IPT lead approval, for elevation to the ROMB. Their
responsibilities and tasks are outlined in Table 1 – R/O Management Roles and
Responsibilities. Other stakeholders, in addition to the identified roles, that may
participate in the risk management process are senior management, functional
organizations, suppliers, and end users.
Role Responsibilities
Program Responsible for the overall management of R/Os and assuring all R/Os are
Manager resolved. Tasks include:
 Guide and promote overall R/O management effort
 Set the cost/schedule scoring values for low to high risks
 Review project R/Os with stakeholders
 Review and approve, as well as monitor the status of R/O
mitigation/achievements
 Assign or change the responsibility for R/O within the project
 Prioritizes all the R/Os to determine the top R/O for the project
 ROMB co-chair
Chief Engineer Responsible for ensuring technical risks/opportunities on the program are
mitigated/achieved. Tasks include:
 Collect, Review and Assess all R/Os identified by the IPTs (including
subcontractors)
 Provide recommendations on R/O mitigations/achievement plans before
implementation
 Brief customer and management on R/O mitigation/achievement status
 Coordinate preparation of risk reports and briefing materials for all
management reviews, as required
 Manage watch items and elevate appropriate items to the CCRMB
 Ensure an integrated program performance perspective while balancing
technical R/Os with program performance objectives
 Assure functionality and configuration control of the template for R/O
management

Risk Manager  Collect, Review and Assess all R/Os identified by the IPTs (including
subcontractors)
 Ensure the risk database is updated to include stakeholder inputs and
results of program R/O meetings (IRWG and CCRMB)


IPT Lead Responsible for representing the IPT within the R/O process. Tasks include:
 Accountable for all R/O items within their IPT
 Review and assess all R/Os identified within IPT, including
subcontractors
 Obtain/assign the necessary resources for R/O handling
 Review and approve mitigation/achievement plans before implementation
 Support Risk Manager in preparing R /O reports and briefing materials
for all management reviews
 Keep customer and subcontractor counterparts informed on all team R/O
items and their status
 Conduct internal R/O and watch item reviews within the IPT, as required
 Member of CROMB
IPT Member Tasks include:
 Table 1 – R/O Management Roles and Responsibilities

4.0 R/O Management Processes

By utilizing the tools within the digital thread framework, end-to-end visibility of
active risks is available to the development team, as shown in Figure 2 - Risk
Process Flow.

Figure 3 - Risk Process Flow

Figure 4 - Opportunity Process Flow

 4.1 Risk Identification
The term ‘risk’ is used throughout this document to reference a watch item, risk,
opportunity, and/or issue. The definition for “watch item,” “risk,” “opportunity,” and
“issue” are found in Table 2 – Risk Definitions.

Term Definition
Candidate All risks begin as candidates when they are brought up by
anyone on the program. The ROMB can determine that
additional information is required before deciding to
acknowledge/board or reject the risk.
Watch Item/ ROMB determines the risk requires oversight and mitigation
Boarded
Mitigating/ Taking clear, discrete, and unplanned actions to reduce the
Emerging impact on the program
Closed Risk mitigated to an RPN the ROMB deems sufficient to no
longer warrant additional oversight or mitigation
Accepted ROMB has determined not to attempt to mitigate but instead
address any impacts if the risk realizes itself as an issue
Risk A potential undesirable event or threat that could affect the
project’s ability to meet its performance, cost, schedule, or other
objectives. It is an uncertain item, caused by external factors,
which may cause an execution failure in the project. A risk is an
item that has a measurable likelihood of occurrence and a
measurable negative impact on the project’s performance, cost,
schedule, and product delivery. A risk is an item that may occur
in the future and can be mitigated or prevented. Risks can be out
of the scope of control of the project and may require outside
resources to mitigate. Once the likelihood and impact are known
to be quantifiable, the items are then categorized as risks.
Opportunity An opportunity is an item that can either save cost or schedule
or add the capability to the system or program.
Issue An issue is an item with a measurable negative impact on a
project’s schedule, cost, or performance that is certain to occur
or has already occurred. An issue cannot be prevented; rather,
the final negative impact on the project can only be reduced.
Table 2 – Risk Definitions
The risk identification process is comprised of activities that highlight potential
R/Os that could increase or decrease the likelihood of meeting cost, schedule,
and/or performance objectives. Any project team member may and should
identify a potential R/O. R/Os are identified through ad-hoc working meetings,
team meetings, and/or one-on-one expert interviews. Potential R/Os are
documented at the IPT level for review and potential elevation to the ROMB. The
identification of R/Os is an iterative process. Potential R/O items are identified
throughout the life of the project through the performance of tasks and R/O
reviews performed at each ROMB meeting.

4.1.1 Risk, Issue, Opportunity Statement Formats

Risk statements must be worded with both IF and THEN statements: “IF [X
happens] THEN [it will have Y impact on the program].” The IF statement is a
description of a potential future event, while the THEN statement describes the
outcome/impact of the occurrence of that event. If a risk becomes an issue, the
issue retains the wording of a risk. Opportunities should be stated in the same
manner as risks.

4.1.2 Risk Analysis

The official classification of a proposed watch item is determined by the CRRMB.

Once a watch item is validated, its likelihood of occurrence, impact on cost,
schedule, or technical performance is assessed to determine the appropriate
level to elevate or monitor it. The CCRMB decides whether to track watch items
at the IPT, CE, or Program level depending on the item criticality.
4.1.2.1 Risk Scoring

The rating methodology used to rate and rank R/Os is outlined in AeroCode AC-
5601 and elaborated in section 6, Tools and Procedures. The Risk Manager will
input data into our selected risk management software that will auto-score the
risk level as determined by the standard scoring matrix. The risk level is
determined by evaluating the Likelihood of occurrence and the Impact of the risk
item. They are both scored from low to high.

The impact scoring criteria are subdivided into cost, schedule, and performance
impacts. The impact component of the risk level assumes the highest ranking of
the cost, schedule, and performance scores.
4.1.2.2 Risk Assessment

Each identified R/O is analyzed to assess the likelihood of occurrence and the
resulting impact. The combination of the likelihood and impact results in a score
that provides a means to rank the severity of R/O items. The use of a scoring
matrix and templates ensure consistency in scoring results. The order in which
the program addresses R/Os will be prioritized based on rating and its position in
the integrated master schedule (IMS).
 The Risk Manager will interface with program and management personnel to
develop a Rough Order of Magnitude (ROM) dollar value estimate and schedule
impact assessment for each high and moderate R/O.
4.1.2.2.1 Probability of Occurrence

The probability of a R/O event occurring is documented by using a scoring

scheme of five rating bands from High to Low as shown in Table 3 - Probability of
Occurrence.

Level Likelihood Probability of

Occurrence
(5) High Near Certainty 81% - 99%
Cannot mitigate. No known process or workarounds
are available
(4) Significant Highly Likely 61% - 80%
Cannot mitigate but a different approach might work
(3) Moderate Likely 41% - 60%
May mitigate but workarounds will be required
(2) Minor Low Likelihood 21% - 40%
Mitigation is possible with minimal oversight
(1) Low Not Likely 1% - 20%
Will Avoid R/O or mitigate this candidate
Table 3 - Probability of Occurrence

4.1.2.2.2 Impact /Consequence of Occurrence

The Impact or Consequence of R/O Occurrence is determined by the highest

Cost, Schedule, or Performance. Table 4 below includes examples of the
different impacts as it pertains to Cost, Schedule, and Performance per
standardized risk factor guidelines. Note that each contract has the flexibility to
determine and establish its impact thresholds and the following examples may
not be representative of the SPEED RACER Program.

Level Consequence – Cost

(5) High >20% impact. Major cost impact to project.
(4) Significant 15-20% impact. Significant cost impact to project.
(3) Moderate 10-15% impact. Moderate cost impact to project.
(2) Minor 5-10% impact. Minor cost impact to project.
(1) Low <5% impact. Negligible impact to project.

Level Consequence – Schedule

(5) High  Schedule Slip >1-3 months and/or Major impact to
 project schedule
 Cannot meet Key Milestone Dates

(4) Significant  Schedule Slip 3-4 weeks and/or Moderate impact

to critical path milestones
(3) Moderate  Schedule Slip 2-3 weeks and/or Minor impact to
critical path milestones
 A workaround will likely maintain a schedule
 Key dates impacted

(2) Minor  Schedule Slip 1-2 weeks and/or could impact non-
critical path milestones
 No impact on key dates or critical path

(1) Low  <1 Week schedule impact and/or negligible impact

on the project schedule

Level Consequence – Performance

(5) High  Severely impacts technical performance
 Endangers project success
 Must be fixed before AV delivery

(4) Significant  Significantly degrades the technical performance

 Impacts project success
 Performance below goal, no design margins
available

(3) Moderate  The moderate shortfall in technical performance

 Limited impact on project success
 Design margins significantly reduced

(2) Minor  Minor impact on technical performance

 No impact on project success. Acceptable
degradation
(1) Low  Negligible impact on technical performance

4.1.3 R/O Mitigation Planning

Risk mitigation plans establish a proactive approach to achieving an acceptable

level of risk within a given program. A mitigation plan should identify specific

Table 4 – Risk Factor Guidelines

milestones to reduce risk or maximize opportunity. Each mitigation action/event
within a given plan is further quantified using the risk scoring template and then
individually scored against the risk scoring matrix to status the reduction of the
risk, or increased likelihood of realizing an opportunity per action.

These actions are represented in an accompanying risk waterfall chart (Figure 4),
which tracks the R/O mitigation progress. Each risk waterfall should show the
original R/O mitigation plan, the actual progress, and any revisions that have
taken place.

Figure 4 – Example Risk Waterfall Chart

4.1.3.1 R/O Mitigation Implementation

After completing the assessment, High or Moderate R/Os whose strategy is to

mitigate or enhance must have a mitigation or achievement plan developed. The
mitigation/achievement plan supports the selected handling option often referred
to as the handling strategy and defines a set of action steps aimed at, in the case
of a risk, reducing or eliminating the likelihood and/or impact of the risk event.
R/O handling plans must document what is to be accomplished with the exit
criteria. After a R/O is approved it is monitored by the ROMB until closure.

4.1.4 R/O Handling Strategies

4.1.4.1 Risk Handling Strategies

The four basic handling strategies for risk are: Avoid, Mitigate, Transfer, and
Accept.

· Avoid: Seeks to simply eliminate the event leading to the risk. This
option is often used in the proposal phase where diligent planning can
help avoid risk before execution either through contract language or
coordination with the customer.

· Mitigate A strategy that seeks to decrease the probability of the risk

occurring and/or the impact of the risk through the expenditure of
funds and/or resources.
 · Transfer: Seeks to allocate risk liability to another organization or
responsible party. Transferring assumes SE will likely not maintain
ownership, however, SPEED RACER R/O Management may
continue to track transferred items to ensure action.

· Accept A strategy where it is determined that some risks are not

feasible to mitigate or cannot be avoided, transferred, and/or they are
not high enough in priority or impact to expend resources on.

Low-risk items will typically be monitored but do not require detailed

handling plans unless otherwise dictated by the SPEED RACER ROMB.

If the Mitigate strategy is chosen, then handling steps for the risk must be
defined. For all risks that are scored High, regardless of strategy, a fallback plan
must be defined should the primary handling plan fail, or the risk occurs. Fallback
plans are developed with implementation criteria and decision dates to execute
the fallback plan should it become evident that the primary mitigation plan will not
succeed. Mitigation plans may be developed for Low risks but are not required by
this process.
4.1.4.2 Opportunity Handling Strategies

For opportunities, the steps would focus on achieving the benefit. Strategies for
capturing an opportunity can be assessed once the opportunity is adequately
defined. Like a risk, an opportunity has four basic handling strategies Exploit,
Share, Enhance, and Accept.

· Exploit: Seeks to take immediate advantage of an opportunity. These

opportunities typically require very little additional development and
should have a relatively straightforward handling plan.

· Share: Seeks to develop teaming/partnerships that will increase the

probability of the opportunity. Like transferred risks, shared opportunities
assume Systems Engineering will not maintain sole ownership,
however, SPEED RACER R/O Management may continue to track
shared items to ensure appropriate and timely action.

· Enhance: Seeks to determine what actions can be taken to increase the

probability and/or benefit. These opportunities may require further
analysis and/or maturation but are generally recognized and accepted
to be attainable.

· Accept: There is too much activity to ensure a good return on

investment. Continue to monitor and maintain the R/O register to see if
circumstances change.
 5.0 R/O Tools and Procedures

Speed Racer uses two tools for ROM, 3DX, and GitLab. The R/O register source
of truth is 3DX and is managed by the Risk Manager. Boarded 3DX risks are also
copied to Gitlab. In Gitlab, the risk is linked to related issues. Gitlab intends to
allow for higher participation and visibility among non-board members.
5.1 R/O Life Cycle Actions

Risk & Opportunity Management is the continuous, proactive process of

identifying and assessing risks or opportunities, implementing R/O handling
steps, and monitoring those steps to completion. The life cycle of a R/O is
described in Figure 2 - R/O Life Cycle Actions.

Initial R/O R/O Ready to R/O Handling R/O Closure

Identified Board Approved Plan
Approved
Condition Watch Item or All of the risk- R/OMB Handling Plan The R/O no longer
emerging R/O defining fields have approves R/O approved by exists, is not cost-
captured in been completed in candidate as ROMB effective to track,
RMIS RMIS. The R/O is Active or defers has been combined
ready to be R/O to Program with another R/O, or
formalized as or Enterprise. has been abated to
Active. closure.
Comment May contain The handling Plan The handling Approved R/O R/O closed either
s incomplete may or may not be Plan may or with H or M administratively or
required ready for board may not be risk level must abated to closure.
fields. Not review at this point. approved at this have a
ready for point. handling plan.
CCRMB
consideration.
Status Watch Item or Candidate (not Active (included Active-in- Closed
Emerging (not included in metrics) in metrics) Abatement or
included in Active-Being
metrics) Enhanced
(included in
metrics)
Defining Emerging Ready to Board Last Review Handling Plan Closed Date
Date Date Date. This date Notes field Approved Date
starts the clock on used to
the latency metric. document R/O
approval date.
Figure 2 - R/O Life Cycle Actions

5.2 Issue Management

An issue is defined as a realized risk or known risk item with a 100% likelihood
that will affect the program’s ability to meet its operational capability and
performance, technical, cost, schedule, financial, or other commitments. An
issue describes a definite variation from planned baselines and should be
appropriately captured and quantified.

Within the context of the SPEED RACER ROM process, an issue is NOT an
event for which there is no opportunity to reduce the cost/schedule/performance
impact or that currently exists within the existing scope of the Performance
Measurement Baseline. Instead, an issue should be outside the scope of
existing baselines and have adequate lead time to allow for the activities
defined within this ROMP. Issue Management is the continuous, reactive
process of identifying and assessing impacts, implementing handling plans to
reduce impacts, and monitoring those plans to completion. “Real-time” issues
that do not fall within the responsibility of the program team should be
communicated to the appropriate parties to support timely action and inclusion
into program baselines.

5.3 Opportunity Management

An opportunity is a potential enhancement or positive impact that may improve
the program’s ability to meet its operational capability and/or cost, schedule, or
performance objectives. By LM Aero's definition, opportunities apply solely to
established contract baselines, while the term ‘Affordability’ is more generally
used to discuss the potential for increased value/cost reduction on future work.
In parallel with this ROMP, the functional business area and program
Affordability organizations provide methods for identifying opportunities through
lean initiatives and cost excellence/affordability activities.

Like a risk, every opportunity has two components that must be assessed:
1) The probability of occurrence – measuring the likelihood of capturing the
opportunity.
2) The potential benefit – what, performance, schedule, or financial benefits
can be captured.

Opportunity assessment techniques are also used to calculate the anticipated

Return on Investment (ROI) to meet established thresholds. Assessments should
be performed as soon as an opportunity has been identified so that an
achievement plan can be developed to obtain the maximum benefit to the
program should the ROI be worthwhile.

The SPEED RACER R/O approach places a primary focus on the identification
and management of situations that may cause potentially undesirable program
effects before they impact the health of the overall project. The process is
implemented continuously through the development lifecycle while regularly
updating and refining risk management data.
5.4 Planning

The planning step of R/O Management consists of all the activities resulting in
the creation of the R/O Management Plan (ROMP) following the requirements of
AC-5601.

The planning step of ROM shall be accomplished by:

 Defining the specific process implementation for the program tailored from
the local businesses’ standard processes
 Identifying ROM requirements
 Defining roles and responsibilities to include the ROM organization
 Describing the reporting and reviewing approach
 Determining methods and tools for capturing R/O in a repository
5.5 Identification

The identification of R/Os is initiated at the program kickoff and continues

throughout its execution phases. It is expected most R/Os to be identified by
working level programs and functional personnel, CAMs, or suppliers. R/Os
identified in formal reviews, such as INRs, ICE reviews, etc, will be captured and
brought into the normal ROM process as defined herein.

The identification activity examines all elements in detail, including plans,

processes, resources, training, tools, documentation, and other essential
technical and management elements. As risks and opportunities are identified,
they are described, documented, and categorized as cost, schedule, or
performance.

When identifying R/Os, it is important to consider all possible sources that may
affect program performance baselines.

Some examples of potential sources of R/Os are:

 Program Capture:
o Assumptions by the capture team
o Ground-rules
 Immature technology/COTS solutions
 Requirements maturity
 New processes (design, analysis, production, etc.)
 New design
 Design complexity
 Changing requirements
 Engineering change orders
 Cost and schedule estimating assumptions and accuracy
 Resources availability (people, material, tools, budget, schedule, etc.)
  Suppliers/subcontractors (availability, reliability, experience, etc.)

At the initial identification of a R/O, the details, source, and point(s) of contact
are entered into the SPEED RACER Risk Register within the digital thread.
The risk register is intended to capture details while the R/O is further
investigated and developed.

Candidate R/Os specifically proposed for ROMB review shall contain the
content outlined in Figure 3 - Risk Identification Details. Before a formal
CCRMB evaluation, R/Os will be entered into the risk management tool as an
“Emerging R/O” or “Watch Item” until sufficient information is available to fully
define it as a risk or opportunity. Emerging risks, opportunities, and watch
items are not active items and as such are not included in any risk metrics.
Realizing R/Os may be very complex and/or span many organizations. Each
captured item should be specific to a single root cause and able to be
addressed by a focused handling plan.

Field Description

Title Naming Structure: - SPEED RACER – Brief Description

Short / Concise statement of the condition that if realized

If Statement
would result in an associated consequence/benefit (IF...)

Short/ Concise statement of the consequence/benefit that

Then Statement would result from realizing the associated condition
(THEN...)
Sufficient definition of the R/O such that the item is
easily understood without an additional context. This
Description field should address the basic elements of Who / What /
When / Where / Why.
Defines the point of contact related to the R/O
Interest Group
and/or affected organizational lead(s)

Figure 3 - Risk Identification Details

Figure 7 provides a summary for identifying, classifying, and handling Risks
Opportunities, and Issues.

Figure 7 – R/O/I Summary

5.5.1 Risk Assessment

The ROMB will review risk candidates for formalization. The SPEED RACER risk
manager will work with the board-designated risk owners to develop the required
inputs to the risk scoring tool. This includes a risk statement in the IF…THEN
format (“IF (undesirable event occurs) THEN (plan will change as a
consequence)” leading to the estimated impacts to cost, schedule, and
performance. The RMIS scoring template (found on the scoring tab) is used to
assess the likelihood and impact of the “IF” event on the program/project. It is
also used to assess the impact or consequence to schedule, cost, and
performance or other impact areas if needed. See Figure 8 - Example Risk
Analysis Framework for details of the risk analysis scoring template.

Risks and Opportunities have two parameters, the Probability or Likelihood of

Occurrence (Po), and the Consequence of Occurrence (C o) for cost, schedule,
and performance or other impact areas. The overall risk and opportunity score is
then defined by the Probability Impact Diagram (PID) matrix in Figure 9 - PID
Matrix as shown by the intersection of the P o rating and the highest of the Co
ratings.
Figure 8 - Example Risk Analysis Framework
 Figure 9 - PID Matrix

5.5.2 Opportunity Assessment

Opportunity candidates are formalized by the CCRMB in a manner similar to that

for risk candidates. The opportunity owner designated by the CCRMB will work
with the assistance of the R/O Manager if needed to develop opportunity
formalization data for entry into the RMIS. This data consists of the following:

 Opportunity Title
 Opportunity Description
 Likelihood of Success
 Estimated ROM EAC Impact if Opportunity Achieved
 Estimated Cost of Achieving Opportunity (cost of handling plan steps)
 Opportunity Level
 Opportunity Owner

The likelihood of success and the estimated EAC impact (benefit) is to be

estimated using the opportunity assessment template in the RMIS (See example
in Figure 4 - Example Opportunity Analysis Framework)
 Figure 4 - Example Opportunity Analysis Framework

5.5.3 Qualitative Assessment

The consequence is evaluated by answering the following question: “If the R/O is
realized, what will be the magnitude of the impact or benefit?” There are five
qualitative options used to classify the consequence of risk: Low, Minor,
Moderate, Significant, or High.

5.5.4 Quantitative Assessment

R/Os scored High or Moderate will undergo a quantitative assessment of risk

exposure expressed in dollars, time, and performance, as applicable.

Quantitative data shall be considered when developing the handling plan and
includes:

 Impact of risk is allowed to occur

 Delta cost to implement risk mitigation plan or ROI for opportunities
  Expected risk reduction or benefit
 Likelihood of success
 Resource requirements
 Interdependencies with other activities
 Requirements for external approval or direction

To avoid unnecessary efforts, the quantitative analysis should only be conducted

once the R/O has been ‘Approved’ for elevation or as deemed necessary by the
CCRMB. Comprehensive quantitative analysis may often be time-consuming to
perform, as many impacts are conditional or not fully understood until realized.

5.5.5 Risk Mitigation

Risk mitigation and opportunity capture steps are proactive efforts outside of
planned milestones and baselines that describe the step-by-step detail to reduce
or eliminate the probability and/or consequence of the risk or achieve the capture
of the opportunity. Issue corrective action steps are reactive efforts outside of
planned milestones and baselines that detail the plan to reduce the overall
impact. Each R/O handling step should include the target score that the
mitigation/achievement step seeks to achieve, and the proposed ECD
(Engineering Change Description) that the step will be completed.
Quantitative data shall be considered when developing the risk mitigation or
opportunity achievement plan and includes:

 Impact of the risk can occur

 Cost to implement risk mitigation plan or return multiple opportunities
 Expected risk reduction or benefit
 Likelihood of success
 Resource requirements
 Interdependencies with other program activities
 Requirements for external approval or direction

R/Os approved as “program level” shall be elevated and handled per the SPEED
RACER ROMP and “Portfolio level” shall be elevated and handled per ISR &
UAS’s risk charter. Approved SPEED RACER program R/Os must have a
handling plan developed. The Systems Engineering IPT shall ensure that R/O
Owners create and sufficiently detail the handing plan and are submitted for
timely review and approval.
5.6 R/O Escalation

The SPEED RACER ROMB may approve a R/O for escalation to the associated
program or Aero’s BA leadership team based upon the level of potential impact,
need for a program or BA-level resources, and/or the appropriate level of
management to properly handle. Additionally, R/O initiators/owners are permitted
to elevate an item to the respective program in parallel (i.e. without prior SPEED
RACER CCRMB) if the scope of the risk is solely applicable to a singular
program and no advanced functional business area review is determined to be
warranted.

When elevated, the R/O Initiator / Owner shall formally coordinate this escalation
per each unique program or BA-level risk/opportunity management process. For
escalated R/Os, the functional area may provide recommendations for general
handling strategies but will not fully quantify the R/O or develop detailed handling
plans unless delegated to by the associated program(s) or BA-level leadership.
Upon elevation, a R/O will generally receive one of three dispositions and
corresponding action:
 Approved as Program or BA-level Risk – The R/O is approved for the
program or BA-level ownership and managed in accordance with the
program's unique ROM process requirements. The Systems Engineering
IPT will retain a formal ‘Watch Item’ within the 3DX platform and capture
any business area-owned steps from within the approved handling plan for
tracking purposes.
 Disapproved – The R/O is not approved by the program. Contingent upon
agreement by the SPEED RACER CCRMB, the originating IPT will
manage the risk in accordance with the CCRMB’s disposition and, as
appropriate, manage the handling plan.

Error: Reference source not found depicts the process flow for R/Os from
identification through the closure and the decision gate for when R/Os are
escalated or transferred to the functional, program, or Aero BA level. Error:
Reference source not found describes the elements of the CCRMB decision
gate.
5.7 R/O Metrics & Reports

R/O metrics are continuously developed and represent an appropriate measure

of overall process effectiveness and group performance. Configuration
Management, Systems Engineering, and program management review these
formal R/O metrics at the CCRMB. Each team member is responsible for risk
items in which they are the risk “Owner” and metrics are evaluated by two
primary categories:

 “Active – [insert Functional Area Name] Owned” must contain handling

plan steps and will be evaluated for tardiness (ex. On Track, Delayed, Off
Track)
 “Watch Items” are assessed to ensure the next review dates are not
delinquent and are actively being worked on.