Fillable Printable Composite Risk Management Instruction
Fillable Printable Composite Risk Management Instruction
Composite Risk Management Instruction
Section
1
Key Points
1 The Composite Risk Management Process
COMPOSITE RISK
MANAGEMENT
Risk management is not an add-on feature to the
decision making process but rather a fully integrated
element of planning and executing operations. Risk
management helps us preserve combat power and
retain the flexibility for bold and decisive action.
Proper risk management is a combat multiplier that
we can ill afford to squander.
GEN Dennis J. Reimer, Army Chief of Staff
e
Officership Track
Composite Risk Management ■ 113
Introduction
By this point in the course, you should understand that you, as an Army leader, will be
required to plan and execute difficult, complex, and dangerous operations. The best
preparation for combat is tough, realistic training. From ROTC training exercises to FTX
operations to intense combat scenarios, all involve risk-taking. To train and win with
minimum losses, the Army applies the Composite Risk Management (CRM) process to
give commanders and other leaders a framework to take only those risks necessary to
accomplish the mission—to win. By following the composite risk management process
combined with critical thinking, you can make informed, deliberate decisions about
which risks will lead to the best outcome under the most difficult conditions. This
chapter will cover the five steps of the risk management process.
During a deployment to a desert training area, a support platoon was driving
many miles during both daylight and darkness in support of their tank battalion.
During these movements, the dust from the vehicles could be seen for miles. The
platoon sergeant, who had deployed to the desert numerous times throughout
his career, informed his platoon leader of the problems associated with driving in
the desert. The platoon leader did not think it was a major problem, so he did not
take it into consideration while completing his daily risk assessment.
One day at the evening convoy briefing, the platoon leader instructed the
drivers to maintain only 50 meters distance between vehicles during that night’s
movement to avoid separation among the vehicles. When several of the drivers
expressed concern about this requirement, the platoon leader stated that it was
unlikely that following so close would cause any problems, and that the drivers
would just need to stay alert during the mission.
As you’ve probably already guessed, this platoon leader failed to properly
gauge the impact of his decision. At one point during the night move, the
platoon leader stopped his vehicle abruptly. The five-ton truck that was following
him had to brake hard to avoid a collision. The next two vehicles were also able
to avoid a collision. However, the last three vehicles in the convoy were not as
fortunate. The collision resulted in two injured drivers and three heavily damaged
vehicles. All because the platoon leader failed to properly assess the hazards his
unit faced. Regrettably, he did not learn from the experience of the platoon
sergeant; neither did he recognize that hair stood up on the back of his men’s
necks when he described the plan of operation; nor did he appreciate the
courage it took for his platoon sergeant and his unit to raise concerns for their
personal safety and the success of their mission.
No, the platoon leader didn’t have the personal experience to adequately
assess the hazard. But he had plenty of clues and opportunities to get to the truth
about the risk and consider the consequences. One of the Army’s great strengths
is learning from the successes and failures of each other, and growing stronger on
that foundation.
The next time you see something that just doesn’t look right, take a moment,
and ask yourself how this might impact you, or the Soldier next to you, or your
unit, or the family of four who might be driving down the road as your convoy
approaches. Safety is not a sometimes thing, and your actions don’t just affect
you. Exercise the courage to tell the truth about the hazards, and to face the
potential consequences. That way, you and your unit can avoid those
consequences. Army Safety Center Website
The Composite Risk Management Process
Composite risk management (CRM) is the Army’s primary decision making process for
identifying hazards and controlling risks across the full spectrum of Army missions,
functions, operations, and activities. (See Figure 1.1.)
CRM is a decision making process used to mitigate risks associated with all hazards
that have the potential to injure or kill personnel, damage or destroy equipment, or
otherwise impact mission effectiveness. In the past, the Army separated risk into two
categories,
tactical risk
and
accident risk
. While these two areas of concern remain, the
primary premise of CRM is that it does not matter where or how the loss occurs, the
result is the same—decreased combat power or mission effectiveness.
The Guiding Principles
The guiding principles of CRM are as follows:
•
Integrate CRM into all phases of missions and operations
•
Make risk decisions at the appropriate level
•
Accept no unnecessary risk
•
Apply the process cyclically and continuously
•
Do not be risk averse.
CRM is a five-step process:
Step 1 – Identify hazards
Step 2 – Assess hazards to determine risk
Step 3 – Develop controls and make risk decisions
Step 4 – Implement controls
Step 5 – Supervise and evaluate.
114 ■ SECTION 1
Critical Thinking
Discuss how you would assess and manage the risks described in the vignette
above.
e
risk management
the process of
identifying, assessing,
and controlling risks
arising from operational
factors and making
decisions that balance
risk costs with mission
benefits
risk
probability and severity
of loss linked to hazards
Risk management
formulates balanced
controls to eliminate
or mitigate mission
hazards.
Composite Risk Management ■ 115
hazard
any actual or potential
condition that can cause
injury, illness, or death
of personnel, damage to
or loss of equipment,
property or mission
degradation; a condition
or activity with potential
to cause damage, loss,
or mission degradation
Figure 1.1 The Composite Risk Management Process
Step 1 – Identify Hazards
A hazard is a condition with the potential to cause injury, illness, or death of personnel;
damage to or loss of equipment or property; or mission degradation. A hazard may also
be a situation or event that can result in degradation of capabilities or mission failure.
Hazards exist in all environments—combat operations, stability operations, base support
operations, training, garrison activities, and off-duty activities.
The factors of mission, enemy, terrain and weather, troops and support available,
time available, and civil considerations (METT-TC) serve as a standard format for
identification of hazards, on-duty or off-duty. The factors of METT-TC are used because
they are institutionalized in the Army. They are part of the common knowledge imparted
through the Army’s professional military education and initial entry training.
Sources of Hazards and Risks
Hazards may arise from any number of areas, including enemy activity, accident potential,
weather or environmental conditions, health, sanitation, behavior, and/or material or
equipment. CRM does not differentiate among the sources of the hazard. The loss of
personnel, equipment, or material due to any hazard has the same disruptive impact on
readiness or mission capabilities no matter what the source. You may have a greater influence
to effect change in hazards arising from behavior, accident potential, equipment, or material
than over hazards that arise from enemy action. The bottom line is the effect of the hazard,
not its source.
The Role of METT-TC in Hazard Identification
The factors of METT-TC provide a standardized way to address both threat and hazard-
based risk for tactical and nontactical operations and for off-duty activities. You can use
METT-TC as part of the military decision making process (MDMP) for tactical missions.
However, the same thought process works equally well for nontactical operations and the
off-duty environment. The factors of METT-TC require no explanation for a tactical or
operational environment. You can apply the same factors in nonmilitary activities. For
the sake of clarity, however, the terms are different to reflect the nonmilitary application.
For garrison and off-duty activities, the METT-TC factors become
activities, disrupters,
terrain and weather, personnel, time,
and
legal considerations
. Both processes address similar
considerations expressed in different terms.
Mission – The nature of the operational mission may imply specific hazards.
Enemy – Enemy presence/capabilities that pose hazards to the operation or mission.
Terrain and W eather – Use the factors of observation and fields of fire, avenues
of approach, key and decisive terrain, obstacles, and cover and concealment
(OAKOC) to identify and assess hazards impacting on mission-type
operations.
Troops (or People) and Equipment – For mission-related risk assessment,use
the term troops to consider hazards that are associated with the level of
training, staffing, and equipment maintenance and condition.
Time – Insufficient time for mission preparation often forces commanders to accept
greater risk in planning, preparation, and execution of orders and plans
associated with mission planning.
Civil or Legal Considerations – This function expands the consideration of hazards
to include those hazards that a tactical mission may pose to the civilian
populace and noncombatants in the area of operations.
116 ■ SECTION 1
risk assessment
identification and
assessment of hazards;
an identified hazard is
assessed to determine
the risk (both the
probability of occurrence
and resulting severity)
of a hazardous incident
due to the presence of
the hazard.
Risk assessment
identifies and prioritizes
hazards to mission
safety and security.
Figure 1.2 Continuous Application of Risk Management
Composite Risk Management ■ 117
Hazard Probability
TABLE 1.1
continued
Frequent (A) Occurs very often, continuously experienced
Single item Occurs very often in service life. Expected to occur several times
over duration of a specific mission or operation. Always occurs.
Fleet or Occurs continuously during a specific mission or operation, or
inventory over a service life.
of items
Individual Occurs very often in career. Expected to occur several times
Soldier during mission or operation. Always occurs.
All Soldiers Occurs continuously during a specific mission or operation.
exposed
Likely (B) Occurs several times
Single item Occurs several times in service life. Expected to occur during a
specific mission or operation.
Fleet or Occurs at a high rate, but experienced intermittently (regular
inventory intervals, generally often).
of items
Individual Occurs several times in career. Expected to occur during a
Soldier specific mission or operation.
All Soldiers Occurs at a high rate, but experienced intermittently.
exposed
Occasional
(C) Occurs sporadically
Single item Occurs several times in service life. May occur about as often
as not during a specific mission or operation.
Fleet or Occurs several times in service life.
inventory
of items
Individual Occurs several times in career. May occur during a specific
Soldier mission or operation, but not often.
All Soldiers Occurs sporadically (irregularly, sparsely, or sometimes).
exposed
Seldom (D) Remotely possible; could occur at some time
Single item Occurs in service life, but only remotely possible. Not expected
to occur during a specific mission or operation.
Fleet or Occurs as isolated incidents. Possible to occur some time in
inventory service life, but rarely. Usually does not occur.
of items
Individual Occurs as isolated incident during a career. Remotely possible,
Soldier but not expected to occur during a specific mission or operation.
All Soldiers Occurs rarely within exposed population as isolated incidents.
exposed
118 ■ SECTION 1
Step 2 – Assess the Hazards
Assess the hazards systematically using charts, codes, and numbers. These give you a way
to assess probability and severity and thus obtain a standardized level of risk. The five-
step CRM process is a method for expressing and depicting a normally intuitive and
experience-based thought process. The risk management process is a disciplined application
of five steps to obtain and express a risk level in terms that all levels of command readily
understand. The methodology assesses and assigns risk in terms of how likely and how
severe the adverse impact of an event or occurrence would be. This step considers the risk
or likelihood of an event or incident adversely affecting the mission, capabilities, people,
equipment, or property. In other words, what are the odds (probability) of something going
wrong and what is the effect (severity) of the incident if it does occur?
You assess hazards and associated risks during the mission analysis, COA development,
analysis, and rehearsal and execution steps of the MDMP. You also consider both mission-
and non-mission-related aspects that may have an impact. The result of this assessment
is an initial risk estimate for each identified hazard expressed as
extremely high, high,
moderate,
or
low
as determined from your standardized application of the risk assessment
matrix.
This step has three sub-steps:
1. Assess the probability of the event or occurrence
2. Estimate the expected result or severity of an event or occurrence
3. Determine the specified level of risk for a given probability and severity using the
standard risk assessment matrix.
Assess Each Hazard on the Probability of the Event or Occurrence
Probability
is the likelihood of an event. This is your estimate, given the information you
know and what others have experienced. The probability levels that you estimate for each
hazard are based on the mission, COA, or frequency of a similar event. For the purpose
of CRM, there are five levels of probability—frequent, likely, occasional, seldom, and
unlikely (see Table 1.1):
continued
TABLE 1.1
Unlikely (E) Can assume will not occur, but not impossible
Single item Occurrence not impossible, but can assume will almost never
occur in service life. Can assume will not occur during a specific
mission or operation.
Fleet or Occurs very rarely (almost never or improbable). Incidents may
inventory occur over service life.
of items
Individual Occurrence not impossible, but may assume will not occur
Soldier in career or during a specific mission or operation.
All Soldiers Occurs very rarely, but not impossible.
exposed
Composite Risk Management ■ 119
Determining overall
mission risk by
averaging the risks of all
hazards is not valid. If
one hazard has high
risk, the mission’s overall
residual risk is high, no
matter how many
moderate- or low-risk
hazards are present.
Frequent –
Occurs very often, known to happen regularly
Likely –
Occurs several times, a common occurrence
Occasional –
Occurs sporadically, but is not uncommon
Seldom –
Remotely possible, could occur at some time
Unlikely –
Can assume will not occur, but not impossible.
Estimate the Expected Result or Severity of an Occurrence
Severity
is the degree to which an incident will affect combat power, mission capability, or
readiness.You use the following four levels on the risk assessment worksheet to express the
degree of severity:
1. Catastrophic
2. Critical
3. Marginal
4. Negligible
Determine Specified Level of Risk
Using the standard risk assessment matrix in Figure 1.3, you convert probability and severity
for each identified hazard into a specified level of risk. This matrix provides an assessment
of probability and severity expressed as a standard level of risk.
This assessment is an estimate, not an absolute. It may or may not indicate the relative
danger of a given operation, activity, or event. The levels of risk are listed in the lower left
corner of the matrix. You must make sure the appropriate level of command approves all
accepted residual risk.
Extremely High Risk – You won’t be able to accomplish the mission if hazards
occur.
High Risk – Significant degradation of mission capabilities: you won’t be able to
accomplish all parts of the mission, or you won’t be able to complete the
mission to standard if hazards occur during the mission.
Moderate Risk – Expected degraded mission capabilities: you won’t be able to meet
the required mission standard and will have more difficulty completing the
mission capability if hazards occur.
Low Risk – Expected losses will have little or no impact on your ability to accomplish
the mission.
Figure 1.3 Risk Assessment Matrix
Step 3 – Develop Controls and Make Risk Decisions
In Step 2, you assessed hazards and determined an initial risk level. In this step, you develop
and apply controls, then reassess the hazard to determine a residual risk. Continue the
process of developing and applying controls and reassessing risk until you achieve an
acceptable level of risk or until you can reduce all risks to a level where benefits outweigh
the potential cost.You accomplish this step during the course of action (COA) development,
COA analysis, COA comparison, and COA approval of the MDMP.
Develop Controls
After assessing each hazard, you develop one or more controls that either eliminate the
hazard or reduce the risk (probability and/or severity) of a hazardous incident occurring.
In developing controls, consider the reason for the hazard, not just the hazard itself.
Controls can take many forms, but normally fall into one of three basic categories:
1. Educational (awareness) controls
2. Physical controls
3. Avoidance/Elimination.
Find Control Measures
Other sources for selecting controls include:
•
personal experience
•
after action reports (AARs)
•
accident data from automated risk management systems available through the
United States Army Combat Readiness Center (USACRC)
•
standing operating procedures (SOPs)
•
regulations
•
tactics, techniques, and procedures (TTPs)
•
lessons learned from similar past operations.
CRM worksheets from previously executed missions provide another source for selecting
controls. The key to effective control measures is that they reduce the effect of, or eliminate,
the identified hazard.
Reassess Risk
With controls applied, you reassess risk to determine the residual risk associated with
each hazard, as well as the overall residual risk for the mission. Continue the process of
developing and applying controls and reassessing risk until you achieve an acceptable level
of risk or until all risks are reduced to a level where benefits outweigh potential cost.
Residual risk is the risk remaining after you select controls for the specific hazard.
Residual risk is valid only if you have implemented the identified controls. As you identify
120 ■ SECTION 1
Critical Thinking
Think of a situation in your ROTC training that involves risk of injury. Using the
three-part process of assessing hazards, estimate the risk of this situation.
e
controls
actions taken to
eliminate hazards or to
reduce their risk
Composite Risk Management ■ 121
The commander alone
decides if controls are
sufficient and
acceptable and whether
to accept the resulting
residual risk. If the
commander determines
the risk level is too high,
he or she directs the
development of
additional controls or
alternate controls or
modifies, changes, or
rejects a given plan of
action.
and select controls for hazards, reassess the hazards as in Step 2. Then revise the level of risk.
Available controls may not be sufficient to warrant lowering the risk level of a given hazard.
Determine overall residual risk by considering the residual risks for all of the identified
hazards. The residual risk for each hazard may be different, depending on the probability
you assess and the severity of the hazardous incident. You determine overall residual risk
based on the greatest residual risk of all the identified hazards. The overall residual risk of
the mission will be equal to or higher than the highest identified residual risk.
Consider the number and type of hazards present. In some cases you may determine
that the overall residual risk is higher than any one hazard. This is based on a number of
lower-risk hazards if they present a greater hazard in combination. For example, a mission
risk assessment may result in moderate residual risk for all identified hazards. However,
based on the complexity of required controls and the potential interaction of all hazards,
you may determine that the mission’s residual risk is high.
Make Risk Decisions
The purpose of the CRM process is to provide you a basis for making sound decisions
regarding individual and leadership risk. A key element of the risk decision is determining
the acceptable level of risk. You do this by balancing risk or potential loss against
expectations or expected gains. Risk decisions must always be made at the appropriate level
of command or leadership based on the level of risk involved.
Step 4 – Implement Controls
You must ensure that controls are integrated into SOPs, written and verbal orders, mission
briefings, and staff estimates. The critical check for this step is to ensure that controls are
converted into clear and simple execution orders. Implementing controls includes
coordinating and communicating with the following:
•
Appropriate superior, adjacent, and subordinate units, organizations, and
individuals
•
Logistics Civil Augmentation Program (LOGCAP) organizations and civilian
agencies that are part of the force or may be impacted by the activity, hazard,
or its control
•
The media and nongovernmental organizations (NGO) when their presence
affects or is affected by the force.
Be sure to explain how the controls will be implemented in areas such as the following:
•
Overlays and graphics
•
Drills for vehicle and aircraft silhouette identification
•
Rehearsals and battle drills
•
Refresher training on intensive threat and friendly vehicle identification for all
anti-armor and air defense weapons crews
•
Orientation for replacement personnel
•
Installation and maintenance of communications links for key civilian
organizations
•
Operating convoys with a prescribed minimum number of vehicles
•
Provisions to carry weapons and wear body armor and helmets when outside
secure compounds
•
Accident awareness, safety briefings, and warnings.
Step 5 – Supervise and Evaluate
In Step 5 of the CRM process you ensure that risk controls are implemented and enforced
to standard. You also make sure the selected control measures are adequate and support
the objectives and desired outcomes. Like other steps of the CRM process, you must
supervise and evaluate throughout all phases of any operation or activity. In this way, you
will be able to identify weaknesses and make changes or adjustments to controls based on
performance, changing situations, conditions, or events.
Supervise
Supervision is a form of control measure. In Step 5 of CRM, supervision becomes an
integral part of the process. During supervision, you ensure subordinates understand how,
when, and where there are controls. You also ensure that controls are implemented,
monitored, and remain in place.
Situational awareness is a critical component of the CRM process when identifying
hazards. Situational awareness is equally important in supervision. It will enable you to
make sure that complacency, deviation from standards, or violations of policies and risk
controls do not threaten success. Monitor factors such as fatigue, equipment serviceability/
availability, and the weather and environment. Then you can mitigate the hazards they
present. Through supervision and oversight you can gain the situational awareness necessary
to anticipate, identify, and assess any new hazards and to develop or modify controls as
necessary.
You must have an extraordinary degree of discipline to avoid complacency from
boredom or overconfidence when personnel are performing repetitive tasks. It can be easy,
due to overconfidence or complacency, for people to ignore controls established and
implemented for a prolonged period. During stability operations, for example, at the
beginning of an operation, you may identify land-mine hazards and establish and enforce
controls. However, over time and with success (no accidents or incidents), complacency
may set in. Established controls may lose their effectiveness.A terrorist threat and personal
security are examples. When personnel live or operate in an area that is not considered a
high threat area or in cases where personnel have operated in a high threat area for an
extended period without incident, they risk losing situational awareness and may fail to
122 ■ SECTION 1
Figure 1.4 Composite Risk Management Worksheet
