1. Panelists and Moderator
PM Challenge 2009 – “Making Risk Manageable” Panel
Nick Chrissotimos, NASA Goddard Space Flight Center
Mr. Chrissotimos has 26 years of project/program management experience at the Goddard Space
Flight Center (GSFC). He is currently the Associate Director of Flight Projects for Explorers and
Heliophysics where he is the Program Manager for Explorers, Living with a Star and Solar
Terrestrial Probes.
Joe Fuller, Futron Corporation
Joseph Fuller, Jr. is the founder and President of Futron Corporation. He spent the first 20 years
of his career at the National Aeronautics and Space Administration (NASA) as an aerospace
systems engineer, project manager, and senior executive. He is experienced in the design,
development, and operations of human-piloted and robotics spacecraft, and serves as an expert
advisor on independent space studies and working groups.
Richard Grou, Canadian Space Agency
Graduated from Ecole Polytechnique de Montréal, Richard Grou holds a B.A. Sc in Mechanical
Engineering and is also certified Engineer and Project Management Professional. In 1980, he
joined the Public Service of Canada. He started at the Agency in 2001 where he first held the
position of Project Manager for the implementation of the CSA Project Management Framework
(PAMF). He is currently working at the corporate level of the Canadian Space Agency as a Risk and
Program Assurance Manager within the Safety & Program Assurance Directorate.
Mike McGrath, University of Colorado
Mr. McGrath is the Engineering Director at the Laboratory for Atmospheric and Space Physics
(LASP) at the University of Colorado at Boulder and most recently participated in NASA’s
Aeronomy of Ice in the Mesosphere SMEX Mission as Project Manager. His experience extends
back to the Pioneer Venus mission, and includes NASA’s Voyager, SME, Cassini, TIMED, SNOE and
SORCE missions. He teaches spacecraft design as a Professor Adjunct in Aerospace Engineering,
and is an instructor in CU’s Integrated Teaching and Learning Laboratory.
John Turner, NASA Johnson Space Center
John V. Turner, PhD, has over twenty-three years experience in human space-flight applications,
including: mission operations, engineering development, systems engineering, project management,
risk assessment, and risk management. As a private consultant he has provided risk assessment and
management expertise in the oil and gas, defense acquisition, and airport security applications. He
currently serves as the Risk Manager and Risk Assessment lead for the Constellation human
spaceflight exploration program.
Moderator: Peter J. Rutledge, Ph.D., Quality Assurance & Risk Management Services, Inc.
Currently working as a consultant, Dr. Rutledge retired from the Office of Safety and Mission
Assurance at NASA Headquarters in 2004, after 33 years of Federal service. His last position in
NASA was that of Director, Enterprise Safety and Mission Assurance Division. His entire career
has been in the safety, reliability, and risk fields.
2. NOTES
Nick Chrissotimos, NASA Goddard Space Flight Center
Risk Management from a Project Manager’s Perspective
• Project Management is Risk Management (experience, lessons learned, intuition, decision
making).
• Use of a Risk Management tool has become essential; understand it but let someone else run it
and do not let it manage you.
• Lead System Engineer runs your Risk Management Board (they are not data entry clerks).
• Understand and track most important risks as the PM (you cannot reasonably manage more
than 10-20).
• Know and actively manage your top ten risks (Yellow and Red); know when to accept a risk.
• SE must keep you aware of which ones are bubbling up (Yellow and Red).
• Know your risk windows for exposure, separate from mitigation: a risk timeline. Budget profile
has to be correlated with the risk timeline for effective leveling.
• Decisions on which risks to mitigate and spend reserve on need to be weighed across all other
risks and programmatics (preserves precious resources).
• Always have “plan B” options for mitigating your top ten risks.
• Make clear to the Risk Management Board the projects, programs, and Center management’s
5x5 matrix definitions and risk reporting expectations.
• Know your Residual (accepted) and Single Point Failure risks and make your management aware
of these.
• Understand and use your test program as the best risk mitigation when it is appropriate (it is
already costed).
• Tracking Risks at the Program Level should be a subset of the Top Ten risks of the projects
within the program.
• At the Program level a risk that can never be retired may not make sense to track (most of
those are usually out of the program’s and projects’ control); you usually watch but you cannot
do anything about them. You should have already been aware of those (i.e., Budget, LV
availability, and inflation).
3. NOTES
Joe Fuller, Futron Corporation
Recent Trends in Risk Management Sophistication
The capability of organizations to perform risk management is growing and becoming more
sophisticated.
• 2002 MSFC Risk Management Assessment indicated projects operating at maturity Level 2;
Ares Project assessment in 2007 indicated almost Level 4.
• Exploration Technology Development Project (ETDP) combining risk and opportunity
management represents an increase in sophistication.
• Greater use of quantitative risk assessment (PRA, Cost-Schedule Risk Assessment, Dynamic
Modeling and Simulation).
• New NPR 8000.4A calling for integration of CRM and decision-making, including institutional
risk management.
Enterprise Risk Management (ERM), or Institutional Risk Management (NPR 8000.4A), will
represent a cultural change and the next level of sophistication. Implementing ERM engages and
aligns the workforce to ensure more strategic, comprehensive, and effective risk management.
4. NOTES
Richard Grou, Canadian Space Agency
The Canadian Space Agency is committed to Integrated Risk Management into all decision making
processes. This requirement is from Treasury Board Canada, the entity that provides oversight of
the Management Function of all Canadian Government Departments and Agencies. Integrated Risk
Management is one Key element of the Management Accountability Framework that sets out the
expectation of Senior Managers for good public service management.
Integrated Risk Management (IRM) is a continuous, proactive, and systematic process to
understand, manage, and communicate risk from an organization-wide perspective. It is about
making strategic decisions that contribute to the achievement of an organization's overall
corporate objectives.
In implementing IRM, CSA is adopting an holistic approach to managing risk and addressing the
following elements:
- CSA Corporate Risk Profile
- Establishing an Integrated Risk Management function
- Incorporation of Risk-Management into Existing Decision-making & Reporting
- Practicing Integrated Risk Management
- Ensuring Continuous Risk Management Learning
A few Tips:
- Communicate early and often
- Base all discussions on fact
- Credibility and trust take a long time to develop but can be destroyed in an instant
5. NOTES
Mike McGrath, University of Colorado
• Project managers continue to seek out new techniques to gain an edge in the
design/development process. Risk management on projects has been observed to provide a high
quality return for minimum investment of training time and supporting infrastructure, and is
proving to be effective in all phases of a project.
• A formal risk management process is inclusive of the team working on a project, enabling
focused, supportive discussion through the use of a concise language and a quantitative
evaluation scale. When used as part of a project management approach, risk management
supports project-wide participation that encourages discussion and review by the entire project
team -- irrespective of role or responsibility of the participant.
• By design, the risk management process is a positive, supporting process, and when structured
appropriately, risk management encourages information to be revealed, processed, and
evaluated, accompanied by a logical follow-up process.
• Risk management is particularly effective in supporting resource shifting in the early phases of
a project where TRL levels are being advanced, assuming that the appropriate team structure is
in place, and that a resilient schedule management approach is being used.
• A risk management process can be tailored to the project scope, and because of the way it
seamlessly integrates with the design/development process, it scales well with increasing levels
of project size and complexity.
6. NOTES
John Turner, NASA Johnson Space Center
• The RM program must evolve as it progresses from early development through design verification to
acceptance, operations, and retirement.
o Examples of Development Issues: Design and verification, setting achievable requirements,
selecting preliminary architectures, understanding environments and operations, verifying
achievement of requirements, optimizing risk versus other design commodities and cost, setting
operational safety baseline, characterizing transition risks.
o Examples of Operations Issues: Burning down accepted risk baseline, managing new risks as they
come up, aging, unforeseen system interactions or environmental threats, changes in performance
or mission goals, retirement issues.
• RM practice has been fairly schizophrenic over the past 20-30 years. We see major differences between
what people say about RM in books and at conferences and what we see in practice on programs and
projects.
• There is often little formal connection between critical design or operations oriented analyses and risk.
We should use integrated simulation and modeling techniques early to surface risks and enable action to
manage them.
• The way that we understand RM has evolved continuously. Most recently, the agency has been using the
term Risk-Informed Decision-Making, or RIDM.
o RIDM Moves beyond managing “risks,” to understanding the risk implications of significant
decisions.
o Requires processes to ensure risks are understood and considered in all critical decision-making
applications.
• The CxP is working to establish he formal processes and linkages that support RIDM. We have some of
these pieces in place and are developing others.
o Significant obstacles to progress:
Projects started first. Struggle between the lowest level or “the prime knows best” and
doing things consistently across primes.
• Everything is a cost, whether it is an addition or deletion, when the prime or govE
project does not wish to do it.
Parochialism
Unrealistic budget restrictions
Risk Informed Decision Making (RIDM)
Knowledge • KBRs
Management • PAL
• Knowledge Capture
Systems
Engineering
• Requirements and TPM
ATP MMRs Ops/Test Achievability
• Analysis priorities
• Test Objectives • Iterative Design and
• Risks Reviewed at Analysis
Authority to Proceed • Readiness Reviews
• C/S/T Baseline • Real Time
Decisions Systems Safety
Boards/Panels • Systematic Analysis
• Formal Risk Acceptance
• Establish Operational Safety
Continuous Risk • Managing risk Baseline (OSB)
through change
IRMA Management (CRM)
Probabilistic Design
• Standards for risk characterization
• CLAS for risks and Analysis
• Risk Communication and Reporting • Standards of Practice
Process • LOC LOM Reqts
• Prioritization of risk mitigation • Integrated Campaign,
proposals Architecture, System,
Element Analysis
Page 10 Dynamic Information Linkages
NASA CxP John V. Turner, PMC 2009