Tools and techniques for the risk manager

A number of software tools and management frameworks are available to give government risk management initiatives some teeth.

One challenge has been that unlike discrete industry sectors such as automotive or financial services, the information technology industry is broad, making it difficult to develop relevant prepackaged risk management modeling tools. Nevertheless, the products that are available are beginning to mature, industry experts say.

One example is a risk and decision analysis software product called @Risk from Palisade Corp. @Risk is based on the Monte Carlo method of evaluating possible outcomes based on a variety of risk factors. Monte Carlo is a simulation technique first used by scientists developing the atom bomb and named after the location of the first casinos. In the IT program context, it can provide users with numeric values based on risk outcomes.

Another package frequently cited by risk management experts is Decisioneering Inc.'s Crystal Ball 2000 software, which is also based on the Monte Carlo simulation.

"Not long ago, Monte Carlo simulation was too difficult to learn and use," said J. Davidson Frame, academic dean of the University of Management and Technology. "With today's PC-based software, some Monte Carlo simulators have been developed that you can learn to use in a half-hour."

For instance, both @Risk and Crystal Ball 2000 work in conjunction with Microsoft Corp.'s Excel spreadsheet application to generate Monte Carlo models of possible risk outcomes. Palisade also offers tools that work with Microsoft's MS Project to use Monte Carlo simulation methods on project schedules, Frame said.

The city of Tampa, Fla., tapped Digital Sandbox Inc. for its Site Profiler risk management solution, which creates risk assessment reports in Microsoft Word. Site Profiler can be used to build and manage a "library of plausible threats," according to the company.

Software may be improving, but such packages have yet to catch on in government, according to Keith Kerr, a senior consulting manager at Robbins-Gioia LLC. "We haven't seen our federal customers using too many sophisticated risk management software/tool packages," he said. Instead, Kerr and others stress the value of solid risk management processes over technical tools.

Some recommend use of a broad risk management framework such as Six Sigma to ride herd over a project's many potential risk factors. Developed by Motorola Inc. more than a decade ago, Six Sigma was designed to help manufacturers keep product defects to a minimum.

Six Sigma has since been expanded to pull in program management essentials such as customer focus, organizational culture and overarching goals of quality and performance.

"Six Sigma is an approach, structure or framework that allows you to look at a project upfront and go through a methodical process to define, measure and control risks," said Kent Bauer, principal consultant and director of GRT Corp.'s Knowledge Management Office.

Some program managers are also turning to the Carnegie Mellon University Software Engineering Institute's Capability Maturity Model product suite to help manage project risks.

"CMM was developed for software," said Tom O'Rourke, a senior consultant at Total Quality Organization. But the institute and others have built on CMM concepts to expand use of the framework for more comprehensive IT undertakings, he said.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • Social network, census

    5 predictions for federal IT in 2017

    As the Trump team takes control, here's what the tech community can expect.

  • Rep. Gerald Connolly

    Connolly warns on workforce changes

    The ranking member of the House Oversight Committee's Government Operations panel warns that Congress will look to legislate changes to the federal workforce.

  • President Donald J. Trump delivers his inaugural address

    How will Trump lead on tech?

    The businessman turned reality star turned U.S. president clearly has mastered Twitter, but what will his administration mean for broader technology issues?

  • Login.gov moving ahead

    The bid to establish a single login for accessing government services is moving again on the last full day of the Obama presidency.

  • Shutterstock image (by Jirsak): customer care, relationship management, and leadership concept.

    Obama wraps up security clearance reforms

    In a last-minute executive order, President Obama institutes structural reforms to the security clearance process designed to create a more unified system across government agencies.

  • Shutterstock image: breached lock.

    What cyber can learn from counterterrorism

    The U.S. has to look at its experience in developing post-9/11 counterterrorism policies to inform efforts to formalize cybersecurity policies, says a senior official.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group