Decisive Events and Risk Management in Defence vs Infrastructure Projects

The views expressed in this article are those of Pedram Danesh-Mand and do not reflect or represent the official policy or position of the Jacobs, Engineers Australia, Risk Engineering Society (RES), Australian Department of Defence, or Australian Army.

Over the years, I have definitely seen many common or similar methodologies and techniques which can be successfully used across different sectors and industries. In fact, I believe one of the most rewarding aspects of being an engineer (being an engineer AND a consult multiplies opportunities!) is the wide range of exciting opportunities you get to apply your engineering knowledge, experience and soft skills to find the best SOLUTION for solving a PROBLEM.

Last night with our Defence team at Jacobs was not different, when our Adrian Harding shared with me some of his exciting risk management experiences at Australian Defence. This article is a short summary of our discussions on Wargaming Decisions, Decisive Events, and Most Dangerous / Most Likely ECOA and a little bit more, not too bad for a 8pm discussion! :)

In Australia, the Secretary of Defence and the Chief of the Defence Force have signed a Joint Directive on the Management of Risk in Defence. The Joint Directive sets out the Defence’s approach to risk management through an integration into all planning, approval, review and implementation processes, at all levels, to ensure that risk is one of the major considerations in decision making. However, to ensure this integration is fully tailored to each business objectives and context, the directive does NOT mandate a specific approach or methodology for risk management in Defence. This is creating a great opportunity for Defence Force to assess, develop and implement the most optimum risk-based decision making techniques depending on requirements.

Within the Australian Army, the Decisive Events (DEs) are one of the key concepts to design battle at the tactical level for achieving key purposes:

• Articulates those major effects that the commander desires to be imposed upon the adversary
• Provides a framework for an individual or staff to commence the development of courses of action (COA)
• Focuses on the delivery of a limited number of effects which serves to avoid wasted effort in planning and the dilution of combat power during execution
• Enables a measurable assessment of a plan during execution
• Facilitates any aspiration for manoeuvre

Sounds similar? Yes, it’s actually a risk-based decision making process and hence the development and implementation of DEs resembles a ‘dark art’, similar to organisational risk management or major projects risk management, where officers – you can also read it project team – lack confidence and consistently use them in a flawed manner. I did not say this, did I?! :)

Like any other risk-based decision making technique, when used correctly, DEs can be a workable and practical method also allowing an individual or staff to produce mitigation plans that permit sudden and appropriate improvisation.

There are few definitions around DEs as part of the military decision making process (MDMP):

• Officers should develop the enemy courses of action (ECOAs).
• As part of the wargaming process, at least two different ECOAs should be developed and assessed: the most likely ECOA and the most dangerous ECOA. These two scenarios provide the realistic enemy for the wargaming process.

However, the problem is that unless you have a standard and consistent methodology for developing ECOAs that is adaptable and assists in maintaining the actions of enemy once operations begin, the technique may not effective and efficient enough – exactly the same for achieving success for any project risk management.  

So, how project risk management can help for developing ECOAs?

In my view, MDMP is essentially a process for problem solving and decision making under uncertain circumstances in high risk scenarios, with key elements below:

• All plausible (you can read this as all ROCKS!) scenarios that could exist
• Possible causes and triggers
• Control measures and/or early indicators and the ways in which they may fail
• The range of possible consequences, e.g. Most Dangerous / Most Likely or Worst Case / Most Likely
• Mitigation actions and escalation factors

The approach below can be helpful:

• To define of the problem, mission or objective
• To identify situations, conditions or circumstances which have the potential to cause damage
• To identify the top risks, i.e. ROCKS, which are the moments when control is lost over critical situations above
• For each top risks, the ‘causes’, ‘triggers’ or ‘threats’ should be then identified. These are whatever which may cause our top risks to occur.
• The key relationships, i.e. correlation, between risk events and causes then need to be identified and assessed.
• The range of consequences including Most Dangerous (or Worst Case) and Most Likely scenarios to be assessed.
• When we capture all unwanted scenarios as well as causes and range of consequences, we need to discuss ‘preventive’ (or control) and ‘recovery’ barriers. Barriers interrupt the situation so that the threats do not result in a loss of control or do not escalate into an actual impact.  
• Because barriers are never perfect and we cannot always mitigate all risks to an acceptable level, contingency barriers will be then discussed and assessed.

This is the use of bow-tie risk analysis, which in my experience is a very powerful tool supporting the team to better understand risks and their controls. The method also enables management to identify those sensitive controls and contingency plans that required regular monitoring and controls.

As per Australian Government, the basic bow-tie diagram is as below. The bow-tie process can be also linked with a control assurance management system.

The method can support the team to identify and assess Most Dangerous (MD) and Most Likely (ML) consequences, or ECOAs, so appropriate COA, both preventive and recovery actions, can be not only planned and communicated in planning phase but also effectively monitored and reported during operation.   

Within the Defence context, developing the most dangerous ECOA is much the same process as the most likely ECOA by putting all scenarios available to the enemy that would cause friendly forces the biggest problems, i.e. consequences. By assessing all possible ECOA scenarios both for the likelihood of actions and also ML/MD impacts of those actions, effective actions can be planned and implemented ONE step ahead. Winning or losing is all about the steps that you are ahead of the game, in a battle, in an organisation, in a project or even for us as an individual.

Risk management is (and should be) an asset for LIFE! If I don't say it, who else? :)