How to conduct performance Risk Analysis

As part of the requirements development process you must identify and analyze risk
areas that can impact the performance results you are trying to achieve. Identify
possible events that can reasonably be predicted which may threaten your
acquisition. Risk is a measure of future uncertainties in achieving successful
program performance goals. Risk can be associated with all aspects of your
requirement. Risk addresses the potential variation from the planned approach and
its expected outcome.
Risk assessment consists of two components:
(1) Probability (or likelihood) of that risk occurring in the future
(2) The consequence (or impact) of that future occurrence.
Risk analysis includes all risk events and their relationships to each other. Therefore,
risk management requires a top-level assessment of the impact on your requirement
when all risk events are considered, including those at the lower levels. Risk
assessment should be the roll-up of all low-level events; however, most likely, it is a
subjective evaluation of the known risks, based on the judgment and experience of
the team. Therefore, any roll-up of requirements risks must be carefully done to
prevent key risk issues from "slipping through the cracks."
It is difficult, and probably impossible, to assess every potential area and process.
The program or project office should focus on the critical areas that could impact
your program and thus impact your performance results. Risk events may be
determined by examining each required performance element and process in terms
of sources or areas of risk. Broadly speaking, these areas generally can be grouped
as cost, schedule, and performance, with the latter including technical risk. When the
word "system" is used, it refers to the requirement for services as a "system" with
many different activities and events. The more complex the service requirement is,
the more likely it will have the components and characteristics of a "system."
Additional areas, such as environmental impact, security, safety, and occupational
health are also analyzed during the requirements definition phase. The acquisition
team should consider these areas for early assessment since failure to do so could
cause significant consequences. Program/project managers must recognize that any
work being performed on government property or government workspace should
have the proper control and oversight into access of facilities, clearances, and visitor
control.
Identifying risk areas requires the acquisition team to consider relationships among
all these risks and may identify potential areas of concern that would have otherwise
been overlooked. This is a continuous process that examines each identified risk
(which may change as circumstances change), isolate the cause, determine the
effects, and then determine the appropriate risk mitigation plan. If your acquisition
team is requesting the contractor to provide a solution as part of their proposal that
contains a performance-based statement of work and performance metrics and
measures, then it is also appropriate to have the contractor provide a risk mitigation
plan that is aligned with that solution.