Summary: Pursuant to a congressional request, GAO reviewed the Department of Defense's (DOD) procedures and practices for risk assessment in connection with major weapons systems procurement. GAO reviewed the 25 program offices responsible for conducting risk assessments.
GAO found that, while DOD has identified a number of risk assessment approaches: (1) it has not specifically defined technical risk; (2) it has insufficient policy and training to guide program managers in assessing technical risks; (3) the program offices have developed inconsistent and sometimes contradictory approaches to risk assessment; and (4) none of the program offices have conducted a quantitative risk assessment to support budgeting for risk. Since DOD has developed no standards for risk assessments, GAO developed risk assessment criteria and found that: (1) only three offices' risk assessment efforts met the criteria; and (2) most program offices did not implement their efforts to achieve the most accurate and useful results. In addition, GAO found that: (1) program offices did not always convey technical risk information to decisionmakers; (2) some program staff were unaware of risk assessment efforts or lacked information on assessment procedures and results; (3) contractors did not often properly document their technical risk assessment data; and (4) it could not make any meaningful studies of the accuracy or effects of individual assessments until DOD improved its assessment processes.