Rack EK – Risk Management – Defense Management Library

Rack EK – Risk Management

Aisle E — Defense Enterprise

Library: Main Page — Professional Development (A) — Defense Enterprise (E) — Force Structure (F) — Modernization (M) — Personnel (P) — Readiness (R) — Special Enterprises (S) — Resource Management (X) — References (Z)

Defense Enterprise (E): Organization of DoD (EA) — Defense Business Area (EB) — Civil-Military Relations (EC) — Interagency Operations (EI) — Risk Management (EK) — Enterprise Leadership (EL) — Global Context (EN) — Strategic Planning (ES) — Defense Transformation (ET)

Disclaimer: The inclusion of resources here is for informational, historical, and research purposes only and is provided as a service for US Army War College faculty, students, and graduates to support their educational and professional requirements. These may include outdated or superseded materials. The inclusion of these materials does not constitute endorsement by the U.S. Army War College, the U.S. Army, or Department of Defense.

This rack contains resources concerning the theories and practices of risk management — both generally and specific to the defense enterprise. Topics include the meanings of risk, hazard, and other concepts and frameworks for systematizing the analysis and responses to risk. Risk, “the potential for something adverse to happen,”[i] is an inherent part of any strategic decision pursued within the defense enterprise. What is meant by ‘potential’ and ‘adverse’ is often subjective. Pursuing the capability and capacity to meet current and emerging requirements is constrained by uncertainty in both the global and domestic security environments, forcing senior leaders to make decisions and manage defense programs with incomplete information. Measuring the risk of any course of action is a highly complex and dynamic problem, sometimes resulting in the superb programming choice of two years ago to appear foolish today.

Moreover, the demand for capabilities (in quantity, time, and space) will always exceed national resources or will. Annual budgets, even when less constrained, are still finite, creating inherent tensions among actors within the enterprise competing for resources to perform their part of the mission of providing combat-ready forces. Decisions on developing, sustaining, or mobilizing those capabilities involve tradeoffs, and tradeoffs induce risk. Consider the question of investing more of the defense budget in people (e.g., training, equipping, compensation and benefits) versus modernizing weapons systems. If one cannot do both completely, then anything not undertaken may present risk. Additionally, the defense enterprise faces a unique and very difficult challenge in calibrating risk assessments across strategic, operational, and tactical levels. For these reasons, the services and the joint community have developed and employed decision support systems known as risk management systems to identify, assess, and control risks in clear and consistent ways to aid strategic decision making.[ii]

[i] Paul K. Davis, Lessons from RAND’s Work on Planning under Uncertainty for National Security (Santa Monica, CA: RAND Corporation, 2012), 1.

[ii] Drawn from definition of ‘risk management’ in Chairman of the Joint Chiefs of Staff, Department of Defense Dictionary of Military and Associated Terms (Washington, DC: The Joint Staff, 2010), 208.

Shelf EK.00 — General

Risk management in the context of enterprise decision-making differs from the operational context. Risk, defined as “the potential for something adverse to happen,” is an inherent part of any strategic decision pursued within the defense enterprise. What is meant by ‘potential’ and ‘adverse’ is often subjective. Pursuing the capability and capacity to meet current and emerging requirements is constrained by uncertainty in both the global and domestic security environments, forcing senior leaders to make decisions and manage defense programs with incomplete information.

Measuring the risk of any course of action is a highly complex and dynamic problem, sometimes resulting in the superb programming choice of two years ago to appear foolish today. Designing and implementing risk management systems requires a framework to help harmonize the terms used and calibrate assessments, so that the categorization of risk as ‘high’ or ‘low’ can be trusted. The framework must also address the changing nature of the environment and its longitudinal effects on risks, along with how best to articulate risks to help in the decision-making process.

— Galvin, Thomas P. and Jay Rouse, “The Challenges of Managing Strategic Risk: Setting a Foundation for Joint Decision-Making,” DM Faculty Paper EK-001.

This shelf presently provides all available information on risk management. This is a stub and distinct shelves for theoretical matters and practice will be broken out in the future.

Faculty Publications:

Galvin, Thomas P. and Jay Rouse, “The Challenges of Managing Strategic Risk: Setting a Foundation for Joint Decision-Making,” DM Faculty Paper EK-001.

Laws, Policies, Memos, and Regulations (sorted by regulation number):

DoD Instruction 8510.01, DoD Risk Management Framework for DoD Systems, 2022.
Chairman of the Joint Chiefs of Staff, Joint Risk Analysis, CJCS Manual 3105.01: 2023 (B version) | 2021 (A version) | 2016 (original)

Strategies and Reports:

Davis, Paul K., Lessons from RAND’s Work on Planning Under Uncertainty for National Security (Santa Monica, CA: RAND – National Defense Research Institute, 2012).
Emmons, Debra L., et al. Mitigating Cognitive Biases in Risk Identification: Practitioner Checklist for the Aerospace Sector
(Washington, DC: Defense Acquisition University, 2018).
International Risk Governance Council, Risk Governance: Towards an Integrative Approach (white paper, Geneva, Switzerland: International Risk Governance Council, 2006).
Murdock, Clark A. (director). Risk Management in Non-DoD U.S. Government Agencies and the International Community: Best Practices and Lessons Learned (Washington, DC: Center for Strategic and International Studies, 2011), https://www.csis.org/analysis/risk-management-non-dod-us-government-agencies-and-international-community.

Commentaries (inclusion does not represent endorsement):

Deptula, David A. “Managing Risk in Force Planning,” The Heritage Foundation, 2022 Index of U.S. Military Strength, October 20, 2021, https://www.heritage.org/military-strength/topical-essays/managing-risk-force-planning
Du Mont, Malia K., “Incorporating Risk into National Security Planning” (white paper, The Atlantic Council, February 28, 2019), https://www.atlanticcouncil.org/content-series/strategy-consortium/incorporating-risk-into-national-security-planning/
Freier, Nate. “Good Luck with the Strategy, Mr. Secretary … It’s a ‘Risky’ Undertaking,” WAR ROOM, May 30, 2017, https://warroom.armywarcollege.edu/articles/good-luck-strategy-mr-secretary-risky-undertaking/
Johnson, Chris W. “The Paradoxes of Military Assessment: Will the Enterprise Risk Assessment Model, Composite Risk Management and Associated Technique Provide the Predicted Results?” In Proceedings of the 25th International Systems Safety Conference, Baltimore, USA. International Systems Safety Society, Unionville, VA, USA, vol. 8, pp. 59-69, http://www.dcs.gla.ac.uk/~johnson/papers/Military_Risk/Short_Military_Risk_Assessment_CJohnson.pdf
Mazaar, Michael J., “Rethinking Risk in Defense,” War on the Rocks, April 13, 2015, https://warontherocks.com/2015/04/rethinking-risk-in-defense/.

Title image credit: Airman 1st Class Jerilyn Quintanilla, Davis-Monthan Air Force Base, public domain.