This rack contains resources concerning the theories and practices of risk management — both generally and specific to the defense enterprise. Topics include the meanings of risk, hazard, and other concepts and frameworks for systematizing the analysis and responses to risk. Risk, “the potential for something adverse to happen,”[i] is an inherent part of any strategic decision pursued within the defense enterprise. What is meant by ‘potential’ and ‘adverse’ is often subjective. Pursuing the capability and capacity to meet current and emerging requirements is constrained by uncertainty in both the global and domestic security environments, forcing senior leaders to make decisions and manage defense programs with incomplete information. Measuring the risk of any course of action is a highly complex and dynamic problem, sometimes resulting in the superb programming choice of two years ago to appear foolish today.

Moreover, the demand for capabilities (in quantity, time, and space) will always exceed national resources or will. Annual budgets, even when less constrained, are still finite, creating inherent tensions among actors within the enterprise competing for resources to perform their part of the mission of providing combat-ready forces. Decisions on developing, sustaining, or mobilizing those capabilities involve tradeoffs, and tradeoffs induce risk.  Consider the question of investing more of the defense budget in people (e.g., training, equipping, compensation and benefits) versus modernizing weapons systems. If one cannot do both completely, then anything not undertaken may present risk. Additionally, the defense enterprise faces a unique and very difficult challenge in calibrating risk assessments across strategic, operational, and tactical levels. For these reasons, the services and the joint community have developed and employed decision support systems known as risk management systems to identify, assess, and control risks in clear and consistent ways to aid strategic decision making.[ii]

[i] Paul K. Davis, Lessons from RAND’s Work on Planning under Uncertainty for National Security (Santa Monica, CA: RAND Corporation, 2012), 1.

[ii] Drawn from definition of ‘risk management’ in Chairman of the Joint Chiefs of Staff, Department of Defense Dictionary of Military and Associated Terms (Washington, DC: The Joint Staff, 2010), 208.

Shelf EK.00 — General

This shelf presently provides all available information on risk management. This is a stub and distinct shelves for theoretical matters and practice will be broken out in the future.

Faculty Publications:

• Galvin, Thomas P. and Jay Rouse, “The Challenges of Managing Strategic Risk: Setting a Foundation for Joint Decision-Making,” DM Faculty Paper EK-001.

Laws, Policies, Memos, and Regulations (sorted by regulation number):

• Chairman of the Joint Chiefs of Staff, Joint Risk Analysis, CJCS Manual 3105.01: 2023 (B version) | 2021 (A version) | 2016 (original)

Strategies and Reports:

• Davis, Paul K., Lessons from RAND’s Work on Planning Under Uncertainty for National Security (Santa Monica, CA: RAND – National Defense Research Institute, 2012).
• Emmons, Debra L., et al. Mitigating Cognitive Biases in Risk Identification: Practitioner Checklist for the Aerospace Sector
  (Washington, DC: Defense Acquisition University, 2018).
• International Risk Governance Council, Risk Governance: Towards an Integrative Approach (white paper, Geneva, Switzerland: International Risk Governance Council, 2006).
• Murdock, Clark A. (director). Risk Management in Non-DoD U.S. Government Agencies and the International Community: Best Practices and Lessons Learned (Washington, DC: Center for Strategic and International Studies, 2011), https://www.csis.org/analysis/risk-management-non-dod-us-government-agencies-and-international-community.

Commentaries (inclusion does not represent endorsement):

• Deptula, David A. “Managing Risk in Force Planning,” The Heritage Foundation, 2022 Index of U.S. Military Strength, October 20, 2021, https://www.heritage.org/military-strength/topical-essays/managing-risk-force-planning
• Du Mont, Malia K., “Incorporating Risk into National Security Planning” (white paper, The Atlantic Council, February 28, 2019), https://www.atlanticcouncil.org/content-series/strategy-consortium/incorporating-risk-into-national-security-planning/  
• Freier, Nate. “Good Luck with the Strategy, Mr. Secretary … It’s a ‘Risky’ Undertaking,” WAR ROOM, May 30, 2017, https://warroom.armywarcollege.edu/articles/good-luck-strategy-mr-secretary-risky-undertaking/
• Johnson, Chris W. “The Paradoxes of Military Assessment: Will the Enterprise Risk Assessment Model, Composite Risk Management and Associated Technique Provide the Predicted Results?” In Proceedings of the 25th International Systems Safety Conference, Baltimore, USA. International Systems Safety Society, Unionville, VA, USA, vol. 8, pp. 59-69, http://www.dcs.gla.ac.uk/~johnson/papers/Military_Risk/Short_Military_Risk_Assessment_CJohnson.pdf
• ​​​​​​​Mazaar, Michael J., “Rethinking Risk in Defense,” War on the Rocks, April 13, 2015, https://warontherocks.com/2015/04/rethinking-risk-in-defense/.

---

​​​​​​​Title image credit:  Airman 1st Class Jerilyn Quintanilla, Davis-Monthan Air Force Base, public domain.