Rollout and Installation of Risk Management at the IMINT Directorate, National Reconnaissance Office

Abstract : The NRO Risk Management pilot project, and subsequent rollout and installation, were launched in the Imagery Development Program (IDP) at the Imagery Intelligence (IMINT) Directorate. This was preceded by a Software Acquisition Capability Maturity Model(registered) (SA-CMM(registered)) assessment to determine strengths and gaps in IMINT's capability as an acquisition organization. From the potential SA-CMM improvement areas, IMINT leaders determined that the optimum first initiative would be Acquisition Risk Management. To launch the Risk Management initiative, MINT leaders identified the Command and Control Division (CCD) in IDP as the pilot initiative. They further decided to conduct Software Risk Evaluations (SREs) with both the government organization and the principal contractor for CCD. The CCD division proceeded to install a dynamic, interactive Risk Management process throughout its program, with a Team Risk Management approach. This approach was leveraged by monthly CCD Team Risk Reviews (TRRs). The TRRs served as regular forums for government and contractors to identify and mitigate joint risks. The IDP director, observing the success of the CCD pilot, called for consistent Risk Management training across the divisions. Concurrently, the IDP director also launched the EIS System Risk Management Team (ESRT) with a mission to identify and address system-level risks. The divisional Risk Management processes (including contractor Risk Management) were combined with system-level Risk Management at the ESRT to develop a comprehensive, consistent Risk Management process that became routinely operational. The central purpose of this report is to provide a knowledge asset repository for the National Reconnaissance Office that can be leveraged in support of further Risk Management efforts.

[1]  M. Modarres What every engineer should know about reliability and risk analysis , 1992 .

[2]  Audrey J. Dorofee,et al.  An Introduction to Team Risk Management , 1994 .

[3]  A. Tversky,et al.  Judgment under Uncertainty: Heuristics and Biases , 1974, Science.

[4]  James Morrison,et al.  The Stuff Americans Are Made of: The Seven Cultural Forces That Define Americans-A New Framework for Quality, Productivity and Profitability , 1996 .

[5]  Telecommunications Agency,et al.  Introduction to the management of risk , 1993 .

[6]  Joseph Moses Juran Juran on Leadership For Quality , 1989 .

[7]  Yacov Y. Haimes,et al.  An Acquisition Process for the Management of Risks of Cost Overrun and Time Delay Associated with Software Development , 1993 .

[8]  Hiromitsu Kumamoto,et al.  Probabilistic Risk Assessment , 1996 .

[9]  R. Keeney,et al.  Improving risk communication. , 1986, Risk analysis : an official publication of the Society for Risk Analysis.

[10]  S. Kaplan,et al.  On The Quantitative Definition of Risk , 1981 .

[11]  Frederick P. Brooks,et al.  No Silver Bullet: Essence and Accidents of Software Engineering , 1987 .

[12]  T.E. Bell Managing Murphy's law: engineering a minimum-risk system , 1989, IEEE Spectrum.

[13]  Joseph Moses Juran,et al.  Quality-control handbook , 1951 .

[14]  Audrey J. Dorofee,et al.  Team Risk Management: A New Model for Customer- Supplier Relationships , 1994 .

[15]  Yacov Y. Haimes,et al.  Risk associated with software development: a holistic framework for assessment and management , 1993, IEEE Trans. Syst. Man Cybern..

[16]  W. Edwards Deming,et al.  Out of the Crisis , 1982 .

[17]  Robert G. Easierling An Anatomy of Risk , 1977 .

[18]  C. Fisch Do you agree , 2000 .

[19]  Audrey J. Dorofee,et al.  A Collaboration in Implementing Team Risk Management. , 1996 .

[20]  B. Boehm Software risk management: principles and practices , 1991, IEEE Software.

[21]  E. Levenson Shoot the messenger: interpersonal aspects of the analyst's interpretations , 1993 .

[22]  J. T. Lochner The Journal of Defense Software Engineering , 1999 .

[23]  Juan Montes de Oca Walking around , 1996, SIGGRAPH '96.

[24]  Jack V. Michaels,et al.  Technical Risk Management , 1996 .

[25]  T. Saaty,et al.  The Analytic Hierarchy Process , 1985 .

[26]  Dale Karolak,et al.  Software engineering risk management , 1995 .

[27]  Robert N. Charette,et al.  Software Engineering Risk Analysis and Management , 1989 .

[28]  Suresh L. Konda,et al.  Taxonomy-Based Risk Identification , 1993 .

[29]  Matthew J. Fisher,et al.  Software Acquisition Capability Maturity Model (SA-CMM) Version 1.02 , 1999 .

[30]  Frank J. Sisti,et al.  Software Risk Evaluation Method Version 1.0. , 1994 .

[31]  Brian Gallagher,et al.  Software Acquisition Risk Management Key Process Area (KPA)- A Guidebook Version 1.02 , 1999 .

[32]  Yoji Akao,et al.  Quality Function Deployment : Integrating Customer Requirements into Product Design , 1990 .

[33]  Neal S. Coulter,et al.  An Evolutionary Perspective of Software Engineering Research Through Co-Word Analysis , 1996 .

[34]  Christopher J. Alberts,et al.  Continuous Risk Management Guidebook. , 1996 .

[35]  Yacov Y. Haimes,et al.  Software Risk Management , 1996 .

[36]  L. Prusak,et al.  Financial Risk and the Need for Superior Knowledge Management , 1996 .

[37]  Capers Jones,et al.  Assessment and control of software risks , 1994, Yourdon Press Computing Series.

[38]  Robert N. Charette,et al.  Applications Strategies for Risk Analysis , 1990 .

[39]  David P. Gluch,et al.  A Construct for Describing Software Development Risks , 1994 .

[40]  J. Katzenbach,et al.  The discipline of teams. , 1993, Harvard business review.

[41]  Ira Monarch,et al.  An Experiment in Software Development Risk Information , 1995 .