Rack EK – Risk Management

Aisle E — Defense Enterprise

Library:  Main Page — Professional Development (A) — Defense Enterprise (E) — Force Structure (F) — Modernization (M) — Personnel (P) — Readiness (R) — Special Enterprises (S) — Resource Management (X) — References (Z)

Defense Enterprise (E):  Organization of DoD (EA) — Defense Business Area (EB) — Civil-Military Relations (EC) — Interagency Operations (EI) — Risk Management (EK) — Enterprise Leadership (EL) — Global Context (EN) — Strategic Planning (ES) — Defense Transformation (ET)


Disclaimer: The inclusion of resources here is for informational, historical, and research purposes only and is provided as a service for US Army War College faculty, students, and graduates to support their educational and professional requirements. These may include outdated or superseded materials. The inclusion of these materials does not constitute endorsement by the U.S. Army War College, the U.S. Army, or Department of Defense.


This rack contains resources concerning the theories and practices of risk management — both generally and specific to the defense enterprise. Topics include the meanings of risk, hazard, and other concepts and frameworks for systematizing the analysis and responses to risk. Risk, “the potential for something adverse to happen,”[i] is an inherent part of any strategic decision pursued within the defense enterprise. What is meant by ‘potential’ and ‘adverse’ is often subjective. Pursuing the capability and capacity to meet current and emerging requirements is constrained by uncertainty in both the global and domestic security environments, forcing senior leaders to make decisions and manage defense programs with incomplete information. Measuring the risk of any course of action is a highly complex and dynamic problem, sometimes resulting in the superb programming choice of two years ago to appear foolish today.

Moreover, the demand for capabilities (in quantity, time, and space) will always exceed national resources or will. Annual budgets, even when less constrained, are still finite, creating inherent tensions among actors within the enterprise competing for resources to perform their part of the mission of providing combat-ready forces. Decisions on developing, sustaining, or mobilizing those capabilities involve tradeoffs, and tradeoffs induce risk.  Consider the question of investing more of the defense budget in people (e.g., training, equipping, compensation and benefits) versus modernizing weapons systems. If one cannot do both completely, then anything not undertaken may present risk. Additionally, the defense enterprise faces a unique and very difficult challenge in calibrating risk assessments across strategic, operational, and tactical levels. For these reasons, the services and the joint community have developed and employed decision support systems known as risk management systems to identify, assess, and control risks in clear and consistent ways to aid strategic decision making.[ii]

[i] Paul K. Davis, Lessons from RAND’s Work on Planning under Uncertainty for National Security (Santa Monica, CA: RAND Corporation, 2012), 1.

[ii] Drawn from definition of ‘risk management’ in Chairman of the Joint Chiefs of Staff, Department of Defense Dictionary of Military and Associated Terms (Washington, DC: The Joint Staff, 2010), 208.

Shelf EK.00 — General

Risk management in the context of enterprise decision-making differs from the operational context. Risk, defined as “the potential for something adverse to happen,” is an inherent part of any strategic decision pursued within the defense enterprise. What is meant by ‘potential’ and ‘adverse’ is often subjective. Pursuing the capability and capacity to meet current and emerging requirements is constrained by uncertainty in both the global and domestic security environments, forcing senior leaders to make decisions and manage defense programs with incomplete information.

Measuring the risk of any course of action is a highly complex and dynamic problem, sometimes resulting in the superb programming choice of two years ago to appear foolish today. Designing and implementing risk management systems requires a framework to help harmonize the terms used and calibrate assessments, so that the categorization of risk as ‘high’ or ‘low’ can be trusted. The framework must also address the changing nature of the environment and its longitudinal effects on risks, along with how best to articulate risks to help in the decision-making process.

— Galvin, Thomas P. and Jay Rouse, “The Challenges of Managing Strategic Risk: Setting a Foundation for Joint Decision-Making,” DM Faculty Paper EK-001.

This shelf presently provides all available information on risk management. This is a stub and distinct shelves for theoretical matters and practice will be broken out in the future.

Faculty Publications:
Laws, Policies, Memos, and Regulations (sorted by regulation number):
Strategies and Reports:
Commentaries (inclusion does not represent endorsement):

​​​​​​​Title image credit:  Airman 1st Class Jerilyn Quintanilla, Davis-Monthan Air Force Base, public domain.

Defense Enterprise (E):  Organization of DoD (EA) — Defense Business Area (EB) — Civil-Military Relations (EC) — Interagency Operations (EI) — Risk Management (EK) — Enterprise Leadership (EL) — Global Context (EN) — Strategic Planning (ES) — Defense Transformation (ET)

Library:  Main Page — Professional Development (A) — Defense Enterprise (E) — Force Structure (F) — Modernization (M) — Personnel (P) — Readiness (R) — Special Enterprises (S) — Resource Management (X) — References (Z)