Planning for the Best: A New Approach to Risk in Tactical

Operation Planning

MAJ Brian Schonfeld, PMP

Abstract:

Websters dictionary defines risk as the, possibility of

loss or injury. When the Army discusses risk it is almost

always with an eye toward preventing that loss. In the world of

Project Management, risk has a more neutral connotation. The

Project Management Body of Knowledge (PMBOK) Guide describes

risk as merely the possibility that the outcome of a given event

will be different than the expected outcome. Army Doctrine

Publication (ADP) 6-0, Mission Command, states the sixth

principle of Mission Command is, accept prudent risk, which is

used to create opportunity and seize the initiative. In this

paper I will review the tools and techniques that both the Army

and the field of Project Management use to determine risk and

explore a new way to systematically account for risk in the

Military Decision-making Process (MDMP) that will allow the

staff to leverage positive risk for tactical gains. Finally,

while it is difficult to pin the rose on a single member of a

brigade staff because each staff is different, I will discuss

some of the likely candidates for filling the role of Risk

Manager in order to ensure that positive risk is accounted for

in tactical planning. I will focus this effort at the brigade

level because Brigade Combat Teams (BCTs) are the largest

maneuver element deployed under the current force structure.

Websters dictionary defines risk as the, possibility of

loss or injury.1 When the Army discusses risk it is almost

always with an eye toward preventing that loss. In the world of

Project Management, risk has a more neutral connotation. The

Project Management Body of Knowledge (PMBOK) Guide describes

risk as merely the possibility that the outcome of a given event

will be different than the expected outcome.2 Army Doctrine

Publication (ADP) 6-0, Mission Command, states the sixth

principle of Mission Command is, accept prudent risk, which is

used to create opportunity and seize the initiative.3 By not

developing tools to plan for positive risk/opportunity, the Army

is pushing this into the intuitive decisionmaking of the art of

command side of Mission Command, where only commanders, using

their personal experience, recognize opportunities.4 Developing

a systematic approach to determining positive risk will move

this to the science of control5, where the staff can improve

the commanders understanding of the battlefield in ways that

set the conditions for seizing these opportunities. In this

paper I will review the tools and techniques that both the Army

and the field of Project Management use to determine risk and

explore a new way to systematically account for risk in the

Military Decision-making Process (MDMP) that will allow the

staff to leverage positive risk for tactical gains. Finally,

while it is difficult to pin the rose on a single member of a

brigade staff because each staff is different, I will discuss

some of the likely candidates for filling the role of Risk

Manager in order to ensure that positive risk is accounted for

in tactical planning. I will focus this effort at the brigade

level because Brigade Combat Teams (BCTs) are the largest

maneuver element deployed under the current force structure.

The Army way

The Armys doctrinal approach to risk is detailed in Field

Manual (FM) 5-19, Composite Risk Management. Composite Risk

Management (CRM) is defined as, a decisionmaking process used

to mitigate risks associated with all hazards that have the

potential to injure or kill personnel, damage or destroy

equipment, or otherwise impact mission effectiveness.6 With a

definition like this it is little wonder that the Army is a risk

adverse culture. Even when a commander accepts risk, the

expectation is that they are choosing the lesser of two evils or

sacrificing assets in the name of mission accomplishment.

A review of FM 5-19 outlines the steps of risk management

as: identify hazards, assess hazards, develop controls and make

risk decisions, implement controls, and supervise and evaluate7.

Using a tactical movement from the Caspian Sea Warfighter

scenario we can examine these steps in detail. The Caspian Sea

scenario is based on the Decisive Action Training Environment

(DATE) document. It is a fictional scenario based in the

Caucasus region that provides an operational environment for

training purposes8. Fig. 19 shows an example of a risk

management worksheet (Department of the Army (DA) FORM 7566) for

a chemical attack.

Fig. 1. DA FORM 7566 (Composite Risk Management Worksheet)

As we can see, the form lists the potential hazards as well as

the risk level, which is determined using a simple probability

matrix (Fig. 2)10 based on probability of occurrence and severity

of impact. Probability and severity are both determined by the

person filling out the form and verified by the commander

signing off on the document. This is known as expert

judgement11 in the field of Project Management. The DA 7566

breaks down the risk into a list, much akin to a risk register

in Project Management. However, in its current form this does

not lend itself to cataloging positive risk.

Fig. 2 Risk Assessment Matrix

Army Doctrine Reference Publication (ADRP) 3-37

(Protection) lists two methods for assessing threats and

hazards, MSHARPP and CARVER assessments.12 MSHARPP (mission,

symbolism, history, accessibility, recognizability, population,

and proximity) is a targeting analysis tool that is geared

toward assessing personnel vulnerabilities, but it also has

application in conducting a broader analysis.13 The purpose of

the MSHARPP matrix is to analyze likely terrorist targets and to

assess their vulnerabilities from the inside out. The CARVER

(criticality, accessibility, recuperability, vulnerability,

effect, and recognizability) matrix is a valuable tool in

determining criticality and vulnerability during missions.14 For

criticality purposes, CARVER helps assessment teams and

commanders (and the Soldiers that they are responsible for)

determine assets that are more critical to the success of the

mission. The common use of the CARVER assessment is to

determine the Critical Asset List (CAL) and the Defended Asset

List (DAL). This technique would be difficult to adapt to

mission planning. The MSHARPP and CARVER assessments can be

viewed as defensive in nature; i.e. This is what we must

protect.

The Project Management way

In Project Management all risk, positive and negative, must

be planned for. To do this a cyclic risk management plan must

be developed and used. The steps of this plan are: identify,

analyze, plan, and monitor and control15. The first step,

identify risk, is self explanatory. The PMBOK, like the army,

recognizes expert judgment as the most common way of identifying

risks. It is also a good idea to examine previous

plans/projects of a similar nature to see the risks identified

there. Once identified, risks are catalogued in a risk

register.16 During the second step, each risk is analyzed in

order to determine the probability of their occurrence and the

potential impact (positive or negative) on the project or plan.

Next, each risk is examined in order to plan a response. Since

we are looking specifically at positive risk in this paper, I

will only discuss the strategies for responding to positive risk

here. The PMBOK recognizes four strategies for responding to

positive risk: exploit, share, enhance, and accept.17 Risks are

exploited if the organization wishes to ensure the opportunity

is realized.18 For example, exploiting the enemys lack of

night vision would mean scheduling an attack at night. Sharing

a risk entails allocating some or all of the ownership to a

third party who is best able to capture the opportunity.19

Enhancing a positive risk is a way to increase the probability

and/or the positive impacts of an opportunity.20 A feint can be

used to draw enemy forces away from the true objective in order

to create more favorable force ratios for the main effort. To

accept the risk is to be willing to take advantage of it if it

comes along, but not actively pursuing it.21 Once you decide

what to do about each risk a plan can be developed to exploit,

share, enhance, or accept the risk. The Project Management step

of monitor and control is analogous with the continuous

assessment of plans during the MDMP process. Deciding which

positive risks to exploit or enhance often depends on the

probability of their occurrence, which is determined during the

risk analysis phase. The PMBOK Guide refers to this as

qualitative risk analysis.22 Risk is generally qualified based

on expert judgment and can be assessed using a probability and

impact matrix. Fig. 2 and 3 are both examples of this sort of

matrix. Fig. 2 represents a non-mathematical assessment and

Fig. 3, taken from the PMBOK, shows a mathematical distribution

that can be used to weigh and rank each risk23.

 Fig. 3. Probability and Impact Matrix

Utilizing the chart in Fig. 3 requires the unit to

determine how impact will be rated for each risk event.

Possibilities include using projected casualties or amount of

time gained or lost. For example, a probability of cloud cover

obscuring the moon is 70 percent and the impact to the enemy

would be a 40 percent reduction in the effectiveness of their

night vision devices (a positive impact from our perspective).

Using the table in Fig. 3, we see that this gives a numerical

value to associate with this risk. Once catalogued, the risk

can be incorporated into the risk management plan and the

decision to exploit, share, enhance, or accept it can be made.

This technique may require additional modeling or simulations in

addition to expert opinion in order to determine impacts and

probability.

Modeling and simulation are closely related techniques for

evaluating plans. Modeling is best described as building a

representation of the plan, risk, etc. in order to see how it

behaves under the chosen conditions24. For example, wargaming a

single, directed course of action (COA) would be a form of

modeling. Simulations take the existing model and test it

multiple times with changing variables25. It would be an

oversimplification to say that wargaming two COAs would be a

simulation. A more correct, but less probable, example would be

to wargame the same COA at different enemy strengths and

environmental conditions in order to account for the many

possible variations to that scenario. Simulation can be used in

calculating risk response to determine the force ratios or

environmental requirements needed to make a risk move from the

enhance category to the exploit category in the risk response

plan. Then, based on the commanders guidance on risk, they can

be presented and wargamed.

Translate opportunities to planning (MDMP)

In its most basic form, positive risk is knowing your

enemys weaknesses and exploiting them. To do this, the enemys

critical assets must be assessed and targeted. This is done by

creating a CAL for the enemy. The Armys tool used to attack

the enemys CAL is the High Payoff Target List, or HPTL.

Training Circular (TC) 2-50.5 (Intelligence Officers Handbook)

defines the HPTL as, a prioritized list of High Priority

Targets (HPT)26. Their loss to the enemy contributes to the

success of the friendly COA. For example, if you know that

the enemys radios operate in a given frequency range then you

can decide to jam that frequency during the attack. The

(negative) risk to you is the exposure of the jamming assets to

enemy detection and targeting. Commanders can then decide

whether shutting down the enemy communications network outweighs

the risk to unit assets. They can make that decision because

someone gave them the analysis of the risks, both positive and

negative. A function of this technique would be to use the High

Payoff target List (HPTL) as a tool to set the conditions needed

to create and to take advantage of opportunities. In order to

provide a systematic approach to developing the HPTL the CARVER

assessment can be applied to the enemy in order to determine

their weaknesses.

In a larger form, positive risk can be expressed by

developing a Most Favorable Course of Action (MFCOA)27 in

addition to the standard duo of the Most Likely Course of Action

(MLCOA) and the Most Dangerous Course of Action (MDCOA). Using

the Caspian Sea scenario again, if there are two bridges that

need to be captured at crossing sites and the MLCOA has both

sites equally defended, and then the MFCOA could have one site

much less defended in order to reinforce the more important site

near the city. Accepting this possibility could allow a brigade

to shift its main effort from the battalion directly attacking

the more tactically important (and more heavily defended)

objective to the battalion attacking the less defended objective

before moving to a double envelopment. Further development of

this COA could identify the force ratios that would be needed to

make this scenario plausible. Even if this COA is not initially

chosen, it can be retained as a branch plan and used if the

conditions are identified that support the employment of this

plan. It is important to remember, a risk is merely an event

that may not happen as expected. Decision points can be

developed during wargaming to determine what conditions would

need to be set in order to employ this COA.

As I touched on above, the current Composite Risk

Management worksheet used today is inadequate for use as a

tactical risk assessment tool. Figs. 4a and 4b28 are an example

of what a Tactical Risk Register might look like.

 TACTICAL RISK REGISTER
Probabil
Positiv Response
ity
Phase/ e/
Risk (see Response Plan
Time Negativ H/M/L or
instruct
e %
ions)

Compiled Mission/Operation
by:__________________________ name:________________________
___
Date:________________ Unit:________________________
__ ___
Page 1 of 2

Fig. 4a. Tactical Risk Register (pg.1)

 Fig. 4b. Tactical Risk Register (pg.2)

The risk register can be started during Mission Analysis but it

would be a very open-ended document until Courses of Action are

developed and risk can be assessed for each. This document is

not so different from the CRM worksheet currently in use that it

would require extensive training to use appropriately. The

first column, risk, is self apparent. In later editions of the

Risk Register, the risks can be prioritized and listed in order.

The second column, phase/time, refers to when in the operation

the risk is anticipated to occur. By determining the type of

risk, positive or negative, the third column can act as a short

answer to the planned response, as defined in the instructions

on page two. The response plan in the final does not need to be

a full tactical plan, so much as a reference to the actions

discussed. For example, the annotated plan for the MFCOA shown

above could be shown as, 1-XX CAV seizes bridge. 3-XX AR

conducts movement to contact to destroy enemy reserve. 3-XX

Seizes OBJ BRAVO (which, in this case is the enemy position in

the vicinity of the city).

Pinning the rose

While it is easy enough to say, We should be doing this!

it is more difficult to decide who will be in charge of

assessing risk. ADRP 3-37, Protection, discusses risk as

something to be mitigated29. As discussed above, the Army does

not view risk as a positive. Yet, when the topic of risk is

discussed, it is generally under the umbrella of the Protection

Warfighting Function (WFF). Another candidate is the

Intelligence Officer, or S-2. The Intelligence WFF is

responsible for evaluating the enemys capabilities. This would

give them insight into the enemys potential weaknesses that can
be turned into positive risks. Indeed, at division and higher

echelons, the Red Team would be a major player in this process30.

Red Teams are small groups trained in critical and creative

thinking in order to allow them to explore alternatives in plans

as well as view plans from the perspective of our adversaries.

Brigade Combat Teams lack the manning to staff a dedicated Red

Team. The High Payoff Target List (HPTL) is a collaborative

effort between the multiple WFFs, specifically Fires and

Intelligence. Another argument can be made for tucking risk up

under the Mission Command WFF, who is tasked with creating

opportunities according to ADP 6-031. When we look at the

staffing at the BCT level, we start to eliminate some of these

possibilities. The Chief of the Protection WFF is often filled

by a more junior officer or the tasks that fall under Protection

may be divvied up among the other staff sections. The

Operations Officer (S-3) or the Executive Officer (XO) have the

advantage of seniority and experience over the rest of the

staff, yet they have many other tasks associated with MDMP that

must be conducted. If a risk working group were to be formed,

either would be a logical choice to chair it. Working alone,

they may not have the time to devote to risk analysis. Another,

often overlooked (and more experienced) member of the senior

staff is the Command Sergeant Major (CSM). Despite usually

being a graduate of the Armys Battle Staff Course, the CSM

traditionally has limited input in the MDMP process and could

find a potential outlet for their experience in this venue. The

Intelligence Chief (S-2) makes a good possible choice, assuming

that the S-2 section is staffed well enough to allow them time

for risk analysis. They are generally senior enough to have

gained much of the insight required for this analysis. Many S-2

shops have a senior captain or warrant officer that could also

be tasked with the duty of risk analysis. In the end, it is

impossible to name a single duty position that would work in

every case. Every brigade has different manning and different

personalities, and since assessing positive risk is not tasked

to a particular WFF, the choice of naming someone to conduct

positive risk analysis must fall to the commander.

Conclusion

As an Army, we have greatly overlooked the opportunities

afforded us by incorporating positive risk into the MDMP

process. By factoring in positive risk in the same fashion we

account for negative risk, units can use the science of

control to assist the commander in their ability to create

opportunity and seize the initiative. That way, the commander,

while still the approving authority, is not solely responsible

for discovering these opportunities. Identifying a Risk Manager

as well as adopting a systematic approach to identifying risk,

both positive and negative, will better allow the unit to create

opportunities instead of bumping into them on the battlefield.

Whether this involves developing a MFCOA with decision points

that can be incorporated into the final plan or creating a

working group to develop a full blown tactical risk register, it

is important to account for positive risk so that the staff can

better inform the commander as opportunities arise. While it is

impossible to dictate a single position that must be responsible

for risk planning because of the individual experience level of

each staff differs, we have identified several likely

candidates, to include the XO, CSM, Protection WFF Chief, or S2.

As the smallest deployable command, it is especially important

for BCTs, with their staff constraints, to designate someone to

take this alternate view of risk where the rubber meets the

road.

Notes

1. Dictionary and Thesaurus - Merriam-Webster Online. The

primary definition of risk is the possibility of loss or

injury. <http://www.merriam-webster.com/dictionary/risk>.

2. Project Management Institute, A Guide to the Project

Management Body of Knowledge (PMBOK) Fourth Edition (PMI

Publications, Atlanta, GA, 2008) 170.

3. From The Principles of Mission Command. Army Doctrine

Publication (ADP) 6-0, Mission Command (2012). (Department of

the Army, Washington, DC)2.

4. Intuitive decision making is reaching a conclusion through

pattern recognition based on knowledge, judgment, experience,

education, intelligence, boldness, perception, and character.

Army Doctrine Reference Publication (ADRP) 6-0, Mission Command

(2012). (Department of the Army, Washington, DC) 2-8.

5. Ibid., 2-8.

6. Composite Risk Management (CRM) is defined as, a decision

making process used to mitigate risks associated with all

hazards that have the potential to injure or kill personnel,

damage or destroy equipment, or otherwise impact mission

effectiveness. Field Manual (FM) 5-19, Composite risk

Management (2006). (Department of the Army, Washington, DC) 1-

1.

7. Ibid., 1-2 1-3.

8. The purpose of this Decisive Action Training Environment

(DATE) documentformerly known as the Full Spectrum Training

Environment (FSTE)is to provide the US Army training community

with a detailed description of the conditions of five

operational environments (OEs) in the Caucasus region;

specifically the countries of Ariana, Atropia, Gorgas, Minaria,

and Donovia. It presents trainers with a tool to assist in the

construction of scenarios for specific training events but does

not provide a complete scenario. Decisive Action Training

Environment (DATE) Version 2.0, (2011). (TRADOC G2, TRADOC

Intelligence Support Activity (TRISA)-Threats, Contemporary

Operational Environment and Threat Integration Directorate

(CTID), Fort Leavenworth, KS) 1-I-1.

9. Field Manual (FM) 5-19, A-2.

10. Ibid., 1-8.

11. PMBOK, 77.

12. The purpose of the MSHARPP matrix is to analyze likely

terrorist targets and to assess their vulnerabilities from the

inside out. The CARVER matrix is a valuable tool in determining

criticality and vulnerability during missions. Army Doctrine

Reference Publication (ADRP) 3-37, Protection (2012).

(Department of the Army, Washington, DC) 2-6.

13. Ibid., 2-6.

14. Ibid., 2-6.

15. PMBOK, 273.

16. The risk register is a catalogue or list of all identified

risks and their possible responses. Ibid. 288.

17. Ibid., 303.

18. Ibid., 304.

19. Ibid., 304.

20. Ibid., 305.

21. Ibid., 305.

22. Perform Qualitative Risk Analysis is the process of

numerically analyzing the effect of identified risks on overall

project objectives. Ibid. 294.

23. Ibid., 292.

24. A model translates the specified detailed uncertainties of

the project. Ibid. 299.

25. A simulation uses a model that translates the specified

detailed uncertainties of the project into their potential

impact on project objectives. Iterative simulations are

typically performed. Ibid. 299.

26. High-payoff target list (HPTL) is a prioritized list of

HPTs. Their loss to the enemy contributes to the success of the

friendly COA. Training Circular 2-50.5, Intelligence Officers

Handbook (2010). (Department of the Army, Washington, DC) E-5.

27. The term Most Favorable Course of Action (MFCOA) is not a

doctrinal term. It has been coined by the author for this work

in order to mirror Army doctrine.

28. The Tactical Risk Register has been created by the author

for use in this work.

29. Risk management helps commanders preserve lives and

resources, avoid or mitigate unnecessary risk, identify and

implement feasible and effective control measures where specific

standards do not exist, and develop valid courses of action

(COAs). Army Doctrine Reference Publication (ADRP) 3-37,

Protection (2012). (Department of the Army, Washington, DC) 2-

2.

30. Red Teams are small groups trained in critical and creative

thinking in order to allow them to explore alternatives in plans

as well as view plans from the perspective of our adversaries.

Army Posture Statement (2009). Red Team Education and Training.

Retrieved on February 5, 2013 from

http://www.army.mil/aps/09/information_papers/red_team_education

.html.

31. Army Doctrine Publication (ADP) 6-0, 2.

BIO

Major Brian Schonfeld is currently an Engineer Observer

Coach/Trainer for the Movement and Maneuver Warfighting Function

with the Mission Command Training Program (MCTP) at Fort

Leavenworth, Kansas. He currently holds a B.S. from Old Dominion

University and a M.A from Webster University and is certified as

a Project Management Professional by the Project Management

Institute (PMI). His previous assignments include the 91st

Engineer Battalion, 1st Cavalry Division and the 249th Engineer

Battalion (Prime Power), U.S. Army Corps of Engineers. He has

deployed as a Combat Engineer Platoon leader and a Mission

Transition Team Staff Maneuver Trainer.