Risk Management in DoD Proposal Development
I have been studying and managing risk for the better part of my career. I am by no means an ‘expert’ but based on my experience I often see where companies miss the mark describing how they will manage project or contract risk in proposals, or don’t truly understand how risk will be evaluated by the Government. For example, I actually witnessed a company assess a risk as moderate when performing qualitative risk analysis. They took the time to develop plans to mitigate the risk and then reassessed the risk as high after the mitigation strategy was implemented. I asked them why a risk would increase in severity after mitigation and they explained it was because the likelihood would increase. I then pointed out that if this were true, then they were using the wrong risk strategy. In this case they should just accept the risk – it took them a minute to understand what I meant. Why try to mitigate a risk if it will make it worse?
Volumes have been written about risk and risk management mainly because risk is inherent in everything we do. Whether investing in stock or planning a major military exercise, risk must be identified, analyzed and managed in order to succeed. Based on the importance and complexities of risk management, it is a professional discipline that touches every industry. There are lucrative career fields for risk managers and even companies whose core capability is helping organizations (Government or industry) manage risk. As a result of the importance of risk and the universal applicability of risk management, the Project Management Institute (PMI) not only dedicates a chapter in their Project Management Book of Knowledge (PMBOK) but also produced a separate Project Risk Management booklet. Finally, DoD issued a guide in 2006 dedicated to project risk management titled: Risk Management Guide for DoD Acquisitions, Sixth Edition (Volume 1.0).
This blog could never cover all aspects of risk management or make anyone an expert in this area but its purpose is to help readers understand how the Government assess risk either directly or indirectly during proposal evaluation.
The DoD defines risk in the Risk Management Guide for DoD Acquisitions as, “a measure of future uncertainties in achieving program performance goals and objectives within defined cost, schedule and performance constraints.” The Risk Management Guide for DoD Acquisitions further describes three components of risk. These components are:
- A future root cause (yet to happen), which, if eliminated or corrected, would prevent a potential consequence from occurring,
- A probability (or likelihood) assessed at the present time of that future root cause occurring, and
- The consequence (or effect) of that future occurrence
Another important distinction of risk is to know the difference between a risk and an issue. Again, the Risk Management Guide for DoD Acquisitions states, “An important difference between issue management and risk management is that issue management applies resources to address and resolve current issues or problems, while risk management applies resources to mitigate future potential root causes and their consequences.”
The risk definition and the distinction between a risk and an issue in the DoD guide are focused on managing a DoD program, but they do have relevance when addressing risk in a proposal? The answer is an emphatic YES! Specifically when the Government asks offerors to identify risks and address how they will manage risks. Proposal writers must understand the Government’s framework for risk management when describing their approach to managing risk in proposals in order to ensure their approach follows the Government’s framework. In addition, proposal writers must understand how the Government will assess risk in their proposal when risk identification and management is not explicitly required in the solicitation.
Simply stated, a proposal helps the Government decide if the risk of awarding a contract to a vendor is worth the investment. Whether the Government asks specifically for a vendor to address risk in the solicitation or not, the Government will evaluate risk in every proposal. What does the Government evaluate? They evaluate the technical, management and past performance volumes to look for cost, schedule and performance risks in the vendor’s proposed solution and proof of the vendor meeting these factors in relevant and recent contracts (past performance). What makes risk assessment unique in proposal evaluations is the Government also considers the amount of Government oversight needed based on the vendor’s solution – a factor not discussed in the Risk Management Guide for DoD Acquisitions. A proposal may be rated low risk when assessing cost, schedule and performance and how the vendor will manage the risk, but because of the vendor’s organizational structure with sub-contractors is not clear, for example, the Government may assess the need for additional Government oversight to be too high to award the contract to the vendor.
Finally, depending on the risk tolerance of the Government evaluators, proposal writers may assess risk low but the Government assesses the risk as moderate or high. How do you find out about the Government’s risk tolerance? You ask them! This information should be a part of every capture plan so strategies are built around the Government’s risk tolerance and writers understand the need for addressing risk based on the tolerance of the evaluators.
Addressing risk management in proposals is both an art and a science. The more you understand how proposals and risks are evaluated the better you will be at writing compliant, highly rated proposals.
Please let us know how Agility can help you understand and win work in the federal market or set your company up for success.
-J. Michael Courtney
The Office of the Secretary of Defense (OSD), Acquisition, Technology, and Logistics (OUSD (AL&T)) Systems and Software Engineering, Enterprise Development (SSE/ED) (2006), “Risk Management Guide for DOD Acquisition.” Sixth Edition, (Volume 1.0)