For the final installment in my series about how to improve your reputation within the Government, we’ll be discussing the importance of managing risk and being transparent. Risk is present in every project no matter how big or small. Being open, honest, and proactive about risk goes a long way in building trust in your relationship with your government customer. Risk does not mean failure or poor performance. Risk just means there are hurdles to your success that you may need to overcome. Identifying those risks as early as possible and having a plan to mitigate that risk should it arise, is your best defense against those risks derailing your project. Including your government customer in that risk analysis early and often not only helps build your reputation of being transparent, but it also provides the government an opportunity to be proactive in their ability to assist with mitigation.
By design, risk will likely come up early in your interactions with the government, whether it be in your first pitch, an industry meeting with a PEO, or in your SBIR proposal. The government is interested in hearing not just about your product, your goals on product development, and how you can help them solve a problem, they are also interested in hearing about your challenges and how you plan to overcome them. Whatever the challenge, overcoming that hurdle is typically a requirement for prototype success, making it a potential risk to your ability to make progress. Some of those risks could be supply chain backlog, data sharing issues with the Primes, or access to the necessary government equipment to properly test your prototype.
How those risks are presented in the beginning is largely up to you and your preference of communication–maybe it’s simply bullet points in a proposal or maybe it’s a table or chart. However, as you progress through government contracts, it will become more important to share your risks in more detail and more frequently. It is not enough to simply list and explain your risks. You absolutely must discuss how you intend to mitigate those risks and where you’ll need government help to do so.
If you’ve been around the government long enough, you have likely seen or filled out a risk matrix. Depending on the organization you have worked with, the matrix and its contents may look slightly different, and the risk acceptance criteria will likely change, but for the most part the primary pieces are all the same. Risk is generally calculated based on probability, which is the frequency or likelihood of an event occurring, and severity, which is the impact a risk event would have on a situation should it occur. To help you better understand how to think about risk, below is an example DAF risk matrix from DAFPAM 90-803 [1].
This risk matrix helps you determine a risk assessment level or a risk rating. In this case, that output is high, medium, or low. You simply decide the probability that your risk will occur in the top row and then go down the severity column and pick a level you think is most appropriate. This process is usually subjective. Once you have a risk assessment level, you can move on to the risk mitigation assessment. In other words, you’ve now identified a risk, you’ve evaluated the probability and severity of the risk, and you now have a score. Knowing that is half the battle, mitigating your risk is the other half. Unless otherwise directed, how you present risk mitigation is flexible. The important thing to remember is when presenting your risk analysis, you must state the risk description, your overall risk assessment level, and how you intend to mitigate that risk to prevent it from occurring.
Depending on your government contract, there may or may not be a requirement for a more formal risk assessment like the one I briefly described, but that doesn’t mean you shouldn’t always be evaluating risk. There is no project or product that doesn’t come with some level of risk. You know that and your government customer knows that. And there are multiple ways to accomplish a risk analysis. As long as you include the probability, severity, and mitigation aspects of your risk, you’ll be off to a good start.
There are entire courses and areas of study on risk management that cover the steps of identifying risk, categorizing risk, risk mitigation, and risk management. It is a serious subject and there are a lot of resources on how to become more efficient at risk management. If you find this subject interesting, I highly encourage you to check them out.
As it relates to building a good relationship and reputation with your government customer, there are things that you can do with minimal knowledge to help make you more successful. By including your understanding of your risk early in communications with the government, including risk description, risk assessment, and mitigation, you are going a long way in building credibility with the government while simultaneously being prepared for the challenges that will come your way.
Do you have any success or failure stories of risk mitigation? I’d love to hear them, so please leave a comment.
Keep moving forward,
[1] DAF Pamphlet 90-803, “Risk Management (RM) Guidelines and Tools”, 23 March 2022, https://static.e-publishing.af.mil/production/1/af_se/publication/dafpam90-803/dafpam90-803.pdf