RankLabPractice Questions →
AFH 1 · Chapter 17 · Section 17.21

Five-Step Risk Management Process

Part of Emergency Management · 2 sections · ~1156 words · WAPS PFE study material

📝 Practice 3,000+ WAPS questions on RankLab — free for E-5 and E-6 prep.
Try Free →

Five-Step Risk Management Process — Steps 1-3 (Identify, Assess, Develop Controls)

Foundation

5-Step RM Foundation
Risk management is a continuous, systematic decision process consisting of five steps primarily associated with deliberate risk management planning that forms the basis for real-time risk management process considerations.

Five Steps

5 RM Steps.
  1. Identify the Hazards
  2. Assess the Hazards
  3. Develop Controls and Make Decisions
  4. Implement Controls
  5. Supervise and Evaluate

Step 1: Identify the Hazards

Step 1 Definition
Identifying the hazards involves application of appropriate hazard identification techniques to identify hazards associated with the operation or activity.

Hazards Defined

Hazards Defined
Hazards can be defined as any real or potential condition that can cause:
  • Mission degradation
  • Injury, illness, death to personnel
  • Damage to or loss of equipment or property

Step 1 Implementation

Step 1 Implementation
Implementing Step 1 includes:
  1. Reviewing current and planned operations and tasks associated with the mission or activity
  2. Identifying and listing hazards and factors that may lead to dangers and risks associated with the operation or activity
  3. Listing the causes associated with each identified hazard and trying to identify the root cause against which to apply risk management strategies

Step 2: Assess the Hazards

Step 2 Definition
Assessing the hazards involves the application of quantitative or qualitative measures to determine the probability and severity of negative effects that may result from exposure to risks or hazards and directly affect mission or activity success.

Step 2 Implementation

Step 2 Implementation
Implementing Step 2 includes:
  1. Evaluating the time, proximity, volume, or repetition involved to determine the level of exposure to hazards
  2. Determining severity of the hazard in terms of potential impact on personnel, equipment, or mission/activity
  3. Determining the probability that the hazard will cause a negative event of the severity assessed above (probability may be determined through estimates or actual numbers)
  4. Determining the level of risk associated with the hazard as related to severity and probability

Risk Assessment Matrix

Risk Assessment Matrix
Associated with Step 2 is a risk assessment matrix that can be used to form a risk assessment for each hazard by combining:
  • The probability of occurrence
  • With severity

Risk Levels

Risk Levels
Risk levels will vary from:
  • "Extremely high" as associated with frequent exposure and catastrophic effects
  • To "low" as associated with unlikely exposure and negligible effects

Matrix Reference

Matrix Reference
A complete and in-depth description of the risk assessment matrix can be found in DAFPAM 90-803, *Risk Management (RM) Guidelines and Tools*.

Step 3: Develop Controls and Make Decisions

Step 3 Definition
This step involves the development and selection of specific strategies and controls that reduce or eliminate risk.

Three Components Reduced

3 Components of Risk
Effective mitigation measures reduce ONE of the three components of risk:
  1. Probability
  2. Severity
  3. Exposure

No Cookie-Cutter Approach

No Cookie-Cutter
There is no "cookie-cutter" approach or specific standard for establishing levels of risk management decision authority across the DAF.

Higher Risk = Higher Decision

Higher Risk = Higher Decision
The HIGHER the risk, the HIGHER the decision level needs to be to ensure an appropriate analysis of overall costs to benefits has been carefully weighed.

Decision Authority Alignment

Decision Authority Alignment
Leaders and decision-makers ensure the levels of decision authority are aligned appropriately for:
  • Mission requirements
  • Experience levels of the personnel conducting operations/activities under their responsibility

Step 3 Implementation

Step 3 Implementation
Implementing Step 3 includes:
  1. Starting with the highest-risk hazards as assessed in Step 2, and identifying as many risk control options for each hazard as possible that can effectively eliminate, avoid, or reduce the risk to an acceptable level
  2. Determining the effect of each control on the risk(s) associated with the hazard
  3. Prioritizing risk controls for each hazard that will reduce the risk to an acceptable level within mission objectives, and optimize use of available resources (manpower, materiel, equipment, funding, and time)
  4. Selecting those risk controls that will reduce the risk to an acceptable level consistent with mission or activity objectives and optimum use of available resources
  5. Analyzing the level of risk for the operation or activity with the proposed controls in place, and determining if the benefits now exceed the level of risk the operation or activity presents

Five-Step Risk Management Process — Steps 4-5 (Implement, Supervise & Evaluate)

Step 4: Implement Controls

Step 4 Definition
Once control measures have been selected, an implementation strategy must be:
  • Developed
  • Carried out

Strategy Must Identify

Strategy Must Identify
The strategy must identify:
  • Who
  • What
  • When
  • Where
  • How much cost is associated with the control measure

Mission-Related Controls

Mission-Related Accountability
For mission-related controls, accountability must be emphasized across all levels of leadership and personnel associated with the action so there is a clear understanding of the risks and responsibilities of commanders and subordinates alike.

Always Accountability

Always Accountability
There must ALWAYS be accountability for acceptance of risk regardless of circumstances.

Step 4 Implementation

Step 4 Implementation
Implementing Step 4 includes:
  1. Providing a roadmap for implementation, a vision of the end state, and a description of successful implementation
  2. Establishing accountability for making the decision and determining who is responsible at the unit or execution level for implementation of the risk control
  3. Providing the personnel and resources necessary to implement the control measures

Sustainability Consideration

Sustainability Consideration
Incorporate sustainability from the beginning and be sure to deploy the control measure along with a feedback mechanism that will provide information on whether the control measure is achieving the intended purpose.

Step 5: Supervise and Evaluate

Step 5 Definition
Leaders and supervisors at every level must fulfill their respective roles to ensure controls are sustained over time.

Step 5 Implementation

Step 5 Implementation
Implementing Step 5 includes:
  1. Supervising and monitoring the operation or activity
  2. Reviewing and evaluating to ensure risk and cost are in balance

Recognize Significant Changes

Recognize Significant Changes
Significant changes in the system are recognized and appropriate risk management controls are reapplied, as necessary, to control the risks.

Effective Review

Effective Review
Effective review and evaluation will also identify:
  • Whether actual costs are in line with expectations
  • How the controls have affected mission performance (good or bad)

Error Correction

Error Correction
When risk analysis contains errors, it is important for those errors to be:
  • Identified
  • Corrected

Measurement Tools

Measurement Tools
Excellent tools for measurements:
  • After-action reports
  • Surveys
  • In-progress reviews

Feedback System

Feedback System
A feedback system must be established to ensure:
  • The corrective or preventative action taken was effective
  • Any newly discovered hazards identified are analyzed
  • Subsequent corrective action taken

Ready to test what you've learned?

RankLab has 3,000+ WAPS-style practice questions covering every AFH 1 chapter.

Start Free Practice →