The SEI has been conducting research and development in various aspects of risk management for nearly 20 years. The Continuous Risk Management (CRM) approach to managing project risk is still in use today—almost 15 years after it was released. But the work at the SEI hasn't stopped because, despite the plethora of risk management approaches, methods, tools, and techniques, programs continue to fail from risks that turn into preventable catastrophes.

From Continuous Risk Management to Mosaic

The tactical, bottom-up approaches to analyzing numerous risk statements have, in today's complex, distributed programs and environments, led to partial views of the "big picture" and inefficient allocation of scarce resources. Many risk management processes have turned into time and resource-intensive bureaucratic nightmares that, in the end, do not provide the right information. The SEI recognized that something else clearly was needed to return risk management to its original purpose—supporting effective management decisions that lead to program success.

Current SEI research is focused on systemic risk management—top-down, system-oriented analyses of risk in relation to program objectives—which is better suited to managing risk in distributed environments. This research has brought about the development of a suite of methods—Mosaic—that can be used to manage risk and opportunity across the life cycle and supply chain, enabling decision makers to more efficiently engage in the risk management process, navigating through a broad tradeoff space (including performance, reliability, safety, and security considerations, among others) and strategically allocating their limited resources when and where they are needed the most.

We have found systemic approaches to be better suited for managing risk and opportunity in distributed environments. In contrast to the bottom-up analyses employed in tactical risk management, systemic approaches incorporate top-down, system-oriented analyses of risk in relation to program objectives.

News and Notes

Audrey Dorofee conducted a tutorial session at the NDIA12th Annual Systems Engineering Conference, in San Diego, CA. The tutorial focused on rethinking risk management approaches. You can view the tutorial presentation and accompanying materials through the links below.

• Reference 1
• Reference 2
• Workbook