Leading large organizations is challenging, especially in uncertain times. Leaders are looked upon to make the right decision at the right time and it is paramount to consider risk and its potential impacts on the organization’s ability to accomplish the mission. Risk management is a critical and challenging issue where leaders must develop an understanding of the ambiguous current environment by implementing risk management into the decision-making processes in an effort to identify future hazards.
Risk management isn’t about predicting the future; rather, it is about strengthening our abilities to cope with uncertainty. Leaders must identify potential hazards and assess the impacts these hazards are likely to have on the mission. Integrating risk management into how we think is crucial to maintaining combat power and ensuring mission accomplishment. The Army provided its leaders a tool to assist with this process; it is known as risk management. This article is extracted from ATP 5-9 to provide our leaders an overview of risk management.
Risk management is the process of identifying, assessing, and controlling risks arising from operational factors and making decisions that balance risk cost with mission benefits (JP 3-0). Some refer to this as risk vs reward. The Army uses risk management to help maintain combat power while ensuring mission accomplishment in current and future operations. The process of weighing risks against opportunities and benefits helps to maximize unit capability, save lives, and preserve resources. The Army has outlined risk management into five steps: Identify the hazards; Assess the hazards; Develop controls and make risk decisions; Implement controls; and Supervise and evaluate. (ATP 5-9; 1-1)
Step 1—Identify The Hazards
A hazard is a condition with the potential to cause injury, illness, or death of personnel; damage to or loss of equipment or property; or mission degradation (JP 3-33). Hazards create the potential for harmful events that can cause degradation of capabilities or mission failure. Several mission variables must be considered in this process to include —mission, enemy, time, terrain, weather, troops and support available, as well as civil considerations (METT-TC). Leaders must identify potential hazards and assess their likely impact on the mission. (ATP 5-9; 1-4)
Step 2—Assess The Hazards
To assess hazards, risk management practitioners consider how identified hazards (conditions) could lead to harmful events and how those events would affect operations. They envision the potential for the events and their predictable effects. When hazards are assessed and risk levels are assigned, the resulting analysis is a measurement of risk—probability and severity of loss linked to hazards (JP 5-0). Risk levels reflect a combination of the probability of occurrence and the severity of the adverse impact. Probability is the likelihood an event will occur; it is assessed as frequent, likely, occasional, seldom, or unlikely. While severity is the expected consequences of an event in terms of injury, property damage, or other mission-impairing factors; it is assessed as catastrophic, critical, moderate, or negligible. A risk level is a type of score that assesses the odds (probability) of something going wrong and the effect (severity) of the incident when it occurs. Planners determine the level of risk by using the risk assessment matrix (illustrated in table 1-1). (ATP 5-9; 1-6, 7)
Step 3—Develop Controls And Make Risk Decisions
After studying the hazards, risk management practitioners develop and consider options for controls. During control development, they consider the mitigating effects of the proposed controls. They reassess the initial level of risk and determine a residual level of risk (risk after controls are implemented). Risk management practitioners continue developing control options, considering their mitigating effects, and reassessing risk until they have determined the most effective controls. The responsible commander at the appropriate echelon determines the risk tolerance for the situation. The responsible commander makes risk decisions—to accept or not accept the risk based on METT-TC and residual risk level. (ATP 5-9; 1-10)
The appropriate level of command must approve the mission, making a final risk decision based on the residual level of risk. Planners should sort hazards and controls under consideration according to residual risk, placing the highest-risk hazards first. This allows decisionmakers at the appropriate level of command to identify the highest-risk hazards easily. Decisionmakers should keep in mind that the residual level of risk is valid (true) only if forces implement the controls. The overall residual level for the mission will be equal to or higher than the highest residual level for each hazard (ATP 5-9; 1-13)
Step 4—Implement Controls
Controls or countermeasures are normally implemented during the preparation activities of the operations process. Army leaders establish how the controls will be implemented and who will manage them. It’s imperative that all leaders understand the controls and the associated implications if not implemented as well as the residual risk. Furthermore, planners should develop contingency plans should a control measure fail along with associated decision points. Once implemented, risk management must be supervised and evaluated to provide optimum flexibly to mission accomplishment. (ATP 5-9; 1-14)
Step 5—Supervise And Evaluate
Primarily, step 5 involves ensuring that controls are implemented and performed to standard. Risk management practitioners apply this step to validate that selected controls support achieving the end state. They identify weaknesses of controls and make changes or adjustments based on performance or changing situations, conditions, or events. However, supervision and evaluation are not limited to controls. Like other steps of risk management, supervision and evaluation must occur throughout all phases of any operation or activity. Risk management practitioners supervise and evaluate all aspects of risk management continuously with associated decision points to obtain maximum operational flexibility. (ATP 5-9; 1-14).
Live fire training exercises, zero visibility “brown out” landings, and rail load operations are great examples of where the risk management process is vital to ensuring safe and effective mission accomplishment. Another example that might assist us with gaining a better understanding of the risk management process is evaluating the execution of physical training in the current socially distanced, virtual environment. Consider that most reserve Soldiers are likely to train by themselves under these conditions. Before doing so, individuals should identify what hazards may be encountered during the work out. For example, consult the weather forecast for extreme temperatures and/or excessive precipitation, execute a terrain reconnaissance of an unknown running route for traffic hazards, visibility and adequate lighting, determine the strength of cell signal and ability to call for assistance if it becomes necessary, and ensure the intensity of the workout matches the abilities of the individual executing it. Next, assess the probability of the identified hazards coming into play during the workout, and the severity of the impacts the hazard(s) will have on the individual conducting the exercise. Use the table above as necessary. A hazard consisting of a poorly lit running route that results in the runner getting hit by a car may be assessed as an unlikely probability with catastrophic severity, for example. Step 3 requires the user to develop and make decisions that help reduce the risk. Should a different run route be used? Perhaps the runner needs to use a safety light to lower the chances of getting struck, and carry a cell phone to use to call for help in case an accident happens. Deciding to use a safer run route, use a safety light and carry a cell phone are examples of implementing controls, as is ensuring we hydrate to ensure we do not become a heat casualty when we exercise. In this example it is imperative that the individual supervise and evaluate the use of the risk management process, as the Soldier executing PT in this virtual environment doubles as the leader closest to the activity. Individuals must consider before, during, and after the workout if the process was effective in relation to the conditions encountered during the workout. As demonstrated, risk management process can be applied to most any task. I’m sure the current administration is running risk models in support of their decision to open the economy while battling COVID-19.
Another near term real life example includes the functionality of the risk management process in safe, effective support provided to Operation Agile Leader. The United States Army Cadet Command’s (USACC) Cadet Summer Training (CST) exercise is being executed via a series of Regional Training Exercises (RTX) at the USACC Brigade level, titled Operation Agile Leader. These RTX’s will begin in the last two months of FY 20 and continue through the 1st
Quarter of FY 21. The Timberwolves will support these exercises, and must bear in mind the positive impacts that Soldiers who understand the risk management process have on an exercise of this nature. The USACC RTX’s are being executed in a decentralized manner to mitigate the impacts of COVID 19. By default these plans are being developed in a very narrow window of time, with limited resources, resulting in plans being refined as the event draws near. It is vital that Soldiers proactively prepare themselves to apply the tenets of risk management in this environment, as the environment we are stepping into will be saturated with a lot of unknowns. The ability to perfect battle drills and the depth of the validation processes we aspire to every summer in support of CST may not be in place. We must overcome this by anticipating and mitigating the risks associated with a mission of this nature.
In conclusion, risk management is designed to assist with identifying hazards and implementing countermeasures to increase the probability of mission success and as well as flexibility. And although Army risk management is most often associated with military combat operations it can be nested into the military decision-making process and applied to any problem set. Understanding risk management and its application can be a powerful tool for any organization, and for any individual. And one parting thought, practice asking “what risks are associated with this mission and how do we mitigate them to increase the likelihood of mission success?”
BG Edwards, Commanding General and Mr. John Kaikkonen, Chief Executive Officer