Integrity Management Consulting and GovLoop are proud to present a 12-part series called “Conscientious Contracting: A Thoughtful Approach to Acquisition and Program Management,” that aims to address common challenges and achieve new efficiencies in government procurement. Integrity Matters will bring you occasional posts written by GovLoop’s Andrew Krzmarzick, featuring the expertise of Integrity subject matter experts.
“Risk comes from not knowing what you’re doing.” – Warren Buffett
It’s virtually impossible to eliminate risk. That’s the stark truth about any project. The key is knowing how to mitigate that risk effectively and, as Warren Buffett says in the quote above, your chances of limiting risk increase considerably if you know what you’re doing.
That reality is also true when it comes to government acquisition.
In a recent interview with Integrity Fellow Tom Kuhn, a former instructor and Risk Management Director at Defense Acquisition University, and a subject matter expert with more than 22 years of mitigating risk for the DoD, VA and DHS, I learned that there are four primary ways to mitigate risk.
Each of these approaches are perfectly acceptable, but what’s most important in the acquisition lifecycle is to think through these risks and select a method for mitigation in the first phase – right up front when you are planning and defining requirements.
With that in mind, consider these four risk mitigation methods:
1) Avoid It: “If risk is a cliff,” Kuhn said, then avoidance simply means that “you go around the cliff.” Kuhn was quick to point out that this doesn’t mean ignoring it. In any acquisition, you can lay out a risk register, asking, “What could go wrong with this contract?” and “What could throw a cog in the wheel – both expected and unexpected?” Build a list of those items and then generate some potential responses, including the possibility of circumnavigating a risk entirely.
2) Transfer It: The classic case of transferring risk in the commercial sector is a warranty. “If you buy a product and something goes wrong with it,” explained Kuhn. “The risk is now on the manufacturer to fix it” versus the location where you bought it. In this instance, ownership of risk is transferred. The type of contract vehicle you use is one way to accomplish risk transfer. For instance, you might implement a ceiling through a firm-fixed price contract. If the vendor goes over that amount, they absorb the additional expenses and the government pays only the originally agreed upon amount.
3) Control It: Another approach is to identify the risk and then control it. Kuhn used the example of driving down the road 70 MPH when you realize that your tires start vibrating. If you slow down to 65 MPH, you might not get to your location as fast – but you’ll get there. Sometimes there are technical, cost and schedule trade-offs. Would you rather risk losing the entire project by pushing a vendor to perform a task order in a shorter period of time, or allow a short-term lag to ensure completion of the contract with the core mission objectives intact?
4) Assume It: Kuhn used to fly airplanes for the Marine Corps and he says, “in flying, I always assumed risk.” What this means, he says, is that “you have a conscious understanding of what your risk is and what the probability and consequences are and you accept that.” According to Kuhn, this is the “cheapest method” as there’s little up front cost or adjustment. The primary downside with this method is that the assumed risk could be greater than you anticipated at the outset. One of the benefits of incorporating risk management early in the acquisition lifecycle is that you are more prepared for those moments when a risk arises. In most cases, you will have anticipated the problem and will have an effective solution sketched out and ready to apply.
For instance, Kuhn talked about the potential for coming up with a nonmaterial solution in the requirements process “where you don’t have to buy or design anything – you just have to change how you’re doing things.” Kuhn says that “you may get to a point in your execution of your program where you come upon a risk. Let’s say you have 70% of your system designed or out there, or tested. You may mitigate your risk at that point if it’s a schedule risk (or a cost risk if you have to redesign it) by changing how you do something.”
Ultimately, the most successful acquisition and project management professionals will not run from risk. They’ll methodically plot out the pitfalls in advance and have the peace of mind to know that they’re ready for anything.
How do you manage risk in your organization?
Do you have an example of proactive risk identification and mitigation?