Operationalizing Risk Management for Division and Corps

According to Army Doctrine Publication (ADP) 6-0, Mission Command: Command and Control of Army Forces, risk is “the exposure of someone or something valued to danger, harm, or loss” and “because risk is part of every operation, it cannot be avoided.”¹

 

Commanding generals (CGs) must accept risk in order to reap the rewards of employing their combat power. How-ever, they do not simply gamble with their division or corps. They have entire staffs that collect and refine information, allowing them to minimize risk to the mission as well as risk to the force. Division and corps staffs excel at determining how U.S. forces will engage and defeat the enemy. However, most staffs need to improve their ability to mitigate enemy effects on friendly combat power and the mission. This article presents a methodical approach to operationalizing risk management for division and corps level operations, which will provide CGs with improved visualization of risk in time and space, input for CGs’ friendly forces information requirements (FFIR), and an edge to win at the decisive point.

The new approach to operational risk is based on the following tenets:

• It is challenging to apply the current accident-focused Army risk assessment model at higher-echelon large-scale combat operations (LSCO); a paradigm shift is re-quired for better applicability to LSCO.
• Risk should be avoided, eliminated, and/or mitigated be-fore the CG accepts residual risk. The warfighting functions (WFFs) are linked to these risk decision options.
• FFIR should be developed with the same rigor as priority intelligence requirements (PIRs).
• Risk management begins during mission analysis. Wargaming serves as the laboratory for testing risk reduction measures and should assist in developing decision points.
• Risk should be visually presented to the CG in time, space, and purpose, with linkage to FFIR to drive decisions.

Staffs discuss risk during each phase of the military decision-making process as well as during operations. How-ever, risks must often be revised and better understood. Staffs owe it to their CGs to capture and operationalize risk management to preserve combat power and achieve the mission.

 

During the fifth warfighter exercise for the protection observer, coach/trainer team, Mission Command Training Program, U.S. Army Combined Arms Center, Fort Leavenworth, Kansas, it was the job of Operations Group Alpha to train the division protection staff to keep the combat power alive. However, the enemy always has a say during combat operations and the observer, coach/trainer team observed that the same combat power losses encountered in previous warfighter exercises were manifesting themselves again. The division CG directed the protection cell to update the critical asset list/defended asset list² and reevaluate the air defense scheme, but losses continued. The division protection chief, dutifully following the Army risk management model, identified many battlefield hazards, articulating each on his risk matrix. Enemy fixed-wing; rotary-wing; and chemical, biological, radiological, and nuclear weapons were captured, assessed, mitigated, and assigned residual risk. Yet, losses continued to occur at an unacceptable rate. The staff captured enemy threats, but friendly combat power losses continued to surprise the staff and CG. Why was the staff failing to anticipate where losses would be taken? And why was it struggling to do something to stop them? What could the staff do to better understand the risk to combat power? These questions drove the protection observer, coach/ trainer team to examine the Army’s risk assessment model in detail. What emerged is a method that, if employed properly, will be effective at determining risk for division and corps level operations, providing input for the CG’s FFIR, and operationalizing the risk management process.

Current Army Risk Assessment Model

Before exploring new ways to visualize risk for divisions and corps, the way in which the Army currently conducts risk assessment should be examined. Army Techniques Publication (ATP) 5-19, Risk Management,³ outlines risk assessment and management using the identify, assess, control, implement, and supervise methodology (Figure 1, page 24). The identification of hazards involves listing the environmental threats that can cause harm. The subsequent assessment of the hazards is described in ATP 5-19 and outlined in Table 1. The Army model for risk assessment is based on two criteria: the probability and the severity of an event. Staff can use the risk assessment matrix presented in Table 1 to qualitatively evaluate the initial risk inherent to a specific hazard. Once the assessment is complete, one or more of the following types of controls are developed:

• Educational controls, which inform CGs that a hazard exists.
• Physical controls, which block access to a hazard.
• Hazard elimination controls, which make use of engineering methods and administrative and personal protective equipment to mitigate a hazard.

Figure 1. Current Army risk assessment and management methodology

CGs then implement the controls and supervise/evaluate them for effectiveness. While the current Army risk assessment model has merit, it is an “accidental” risk mitigation model (as is evident in the following two examples) and its application becomes nebulous at higher echelons.

Table 1. Risk assessment matrix

Example 1: A Soldier’s Road Trip Home

In the first example, a Soldier is traveling home by vehicle for the holidays. The associated risk assessment matrix (Table 2) illustrates that the likely hazards are a vehicle accident, a vehicle breakdown, and inclement weather. Using ATP 5-19 and Table 1, it is determined that the probability of a vehicle accident is “seldom” and the severity of an accident is “critical,” while the probability is “occasional” and the severity is “moderate” for both a vehicle breakdown and inclement weather—and that the initial risk for all events is “moderate.” Educational, physical, and hazard elimination controls are then implemented (via the chain of command) to mitigate the risk, leaving an overall residual risk of “low.” In this way, the CG is informed of events that the Soldier may encounter and a plan is developed in case a hazard is encountered. While the subjective nature of this type of assessment can be argued, the model holds up well when applied to an individual Soldier. Indeed, it holds up well even when applied at the squad to company level. However, the applicability of the model breaks down when transitioning to higher echelons.⁴

Example 2: Division Wet-Gap Crossing in LSCO

For the second example, the current Army risk management model is applied to a division conducting a wet-gap crossing in LSCO (Table 3). Vital hazards present during attack are identified; enemy rotary-wing aircraft and enemy artillery hazards are assessed as “frequent” and “catastrophic,” and a chemical attack hazard is assessed as “likely.” The initial risk is assessed as “extremely high.” Physical and hazard response controls are implemented through the or-der process, leaving a residual risk of “high.”

Limitations of Current Risk Model

The risk assessment model is a tool that should be used to inform the CG. But what information does it provide to the CG? In most cases, the CG has more than 25 years of military experience—yet, he is effectively told simply that “War is dangerous.” The current model does not pro-vide the CG with information about risk in time or space or about purpose—nor does it provide him with information on which to base decisions. But criticism of any existing paradigm must be accompanied by suggestions for a solution or better process.

 

To preserve limited combat power, staff should think differently about how it addresses battlefield hazards. The Project Management Institute (PMI)© presents a risk mitigation paradigm that is suitable for division and corps level operations.⁵ According to the PMI paradigm, risks should be avoided, eliminated, and/or mitigated (in that order) before the CG accepts residual risk (Figure 2). Too often, staffs seek to mitigate hazards before they try to avoid and/or eliminate them.

Using the PMI model, each WFF is integrated into the risk management process. The intelligence WFF helps the CG avoid risk by providing information about where the enemy is strong and where it is weak or where critical battlefield systems are arrayed. The fires WFF eliminates systems that can destroy friendly combat power, thereby reducing overall hazards to the force. The protection WFF arrays combat power to assist in survivability and mitigate the risk. Combat power is assigned as a last resort so that CGs can focus assets at the decisive point. Finally, after avoidance, elimination, and/or mitigation, the CG accepts the residual risk. The CG owns the risk for his unit; however, the staff must manage it.

According to Sun Tzu, “If you know the enemy and know yourself, you need not fear the result of a hundred battles.”⁶ The U.S. Army struggles with the latter of these two elements. The staff exists to inform the CG and assist him in making decisions. The information that the CG deems necessary for him to make informed decisions is codified in the CG’s critical information requirements, which are broken down into two subsets—PIRs, or what we need to know about the enemy, and FFIR, or what we need to know about ourselves.

Through intelligence preparation of the battlefield, the staff determines the likely actions, locations, and strength of the enemy. It then develops a collection plan in which named areas of interest are directly linked to PIRs, which—for divisions or corps—are generally listed in great detail. The collection plans are phased, contain assigned assets for collection, and are linked to CG decision points. This is not shocking, as tactical intelligence efforts focus on PIRs. CGs and their staffs also have the doctrine to drive the CG’s decision-making cycle. ATP 2-01, Collection Management,⁷ specifically addresses how to develop plans to address PIRs.

FFIR are another matter. Staffs often need to define who is responsible for developing and tracking FFIR. Is that the role of the protection staff? Or does that responsibility reside with the operations section? Unlike PIRs, FFIR are typically not phased, do not drive decisions, and are not depicted on the decision support matrix. In short, FFIR generally do not provide the CG with effective or timely information. Take a moment to develop FFIR for a division attack in LSCO. Think about what the CG needs to know about his forces, how to maintain combat power, and how FFIR would impact the mission based on your experience. Your FFIR likely include at least two of the following effects on friendly equipment:

• Loss of an Avenger platoon.
• Loss of counter-fire radar.
• Loss of an Apache platoon or higher.
• Loss of a chemical, biological, radiological, and nuclear reconnaissance vehicle.

How can FFIR be so quickly and accurately determined? Could the same exercise be conducted with PIRs? The simple fact is that we are products of our development. We list these particular FFIR because we learned them from the executive officer (S-3) who trained us as junior officers. And he learned FFIR development in the same way. While equipment systems such as Avengers; counter-fire radar Apaches; and/or chemical, biological, radiological, and nuclear vehicles are surely important to the CG, does their loss really inform him of anything? Again, the CG likely has more than 25 years of service. He understands that the loss of an Avenger platoon is bad. Does this information contribute to his decision making? The answer is no. So, how can we de-velop effective FFIR?

 

Risk Management During the Decision-Making Process—The Key to Informed FFIR

Effective risk management is key to developing updated, phased, and living FFIR. Risk management must begin during mission analysis; it cannot be an afterthought. The step-by-step process of one effective technique can be used to assess risk for division offensive operations in LSCO and turn risk modeling into actionable FFIR that can contribute to decision making.

Step 1 of the risk assessment/FFIR development process, which takes place during mission analysis, is to assign the responsibility of managing the risk matrix to a WFF. By doc-trine, this role is filled by the protection WFF; however, as long as a single party is deemed responsible, the process will be successful. For the purpose of this article, the protection WFF will serve as the responsible party for the risk matrix.

Risk to mission and force statements should be included on all WFF running estimates. During mission analysis, the protection cell captures any risk that the WFFs identify (Table 4). At this point, there is no risk assessment; there is simply an identification of hazards in the operational environment. Their impact on the force is noted; but at this phase of planning, the impacts are broad. The WFF that identified the risk is also captured. That WFF will own the risk for the duration of the operation. The purpose of risk management during the mission analysis portion of the decision-making process is for the staff to brainstorm where it envisions threats. The staff does not assign assets to “mitigate” the threat.

Table 4. Example of a mission analysis risk matrix

Step 2, which takes place during course of action (COA) development, builds on mission analysis 
activities. During COA development, the staff develops broad, phased concepts from initiation of movement to achievement of the final objective. Expansion of the risk model begins, and the number of columns in the COA matrix (Table 5, page 28) increases over that of the mission analysis matrix. A column for the operational phase is now included. Also included is a column for probability, which contains a subjective assessment of the likelihood of event occurrence. By this phase of planning, the staff should have a fair idea of when the division or corps will encounter a certain hazard. The staff can now begin to formulate how to reduce the hazard. Will it be avoided, eliminated, and/or mitigated? As planning progresses, additional hazards will likely become evident. These hazards—along with the dates the hazards are identified—should be noted on the risk matrix. For example, the first row of Table 5 (page 28) indicates that on 3 June 2019, it was determined that the main effort brigade combat team (BCT) would be reduced to 65 percent combat power before crossing the gap. Quantitative data, which is often derived from operations research/systems analysis, is extremely useful during COA analysis. WFF chiefs should examine the risk assessment matrix and determine how risks incurred from one function may impact another. Using the example of the main effort BCT at 65 percent combat power, leaders of the sustainment WFF can infer that there is a significant risk for a mass casualty event and task-organize to mitigate this hazard.

By the time the staff reaches Step 3 of the process, the risk matrix should be specific to the situation. At this stage, during COA analysis (wargaming), the WFF has determined second-order effects and is now prepared to plan in detail. The COA analysis risk matrix delineates phases. Some hazards are present throughout the operation; however, it is important to note how they will affect the mission during critical events. Also included in the COA risk matrix are risk-to-mission and risk-to-force columns; the intent is to show how the controls affect risk and where significant risk will still be incurred by the division. In the case of the 65 percent combat power loss of the main effort BCT, the Phase III wet-gap crossing is a key event for the division. During wargaming, branch plans are identified and, in some cases, developed in order to execute when FFIR are triggered. The focus is now on the actual units to which the staff assigned missions.

In Step 3, risk management focuses on avoiding, eliminating, and/or mitigating risk. For example, if division artillery is unable to provide effective fires to the support coordination line, risk can be avoided by positioning fires as-sets farther ahead in the order of march. The hazard could concurrently be eliminated by coordinating with the joint force CG to shift the fire support coordination line for this phase of the battle, if permissible—which could impact targeting.

Some hazards cannot be avoided or eliminated. For example, the division does not have the ability to prevent a chemical, biological, radiological, and nuclear attack. However, through task organization and the orders process, it can mitigate the corresponding reduction in tempo and casualty threat. By this point in the process, the protection chief should have a good product for facilitating action/reaction planning during key events. The protection chief provides the risk matrix to the chief of staff as input for adjudication. This can drive additional decisions. For example, if the reduction of the main effort BCT to 65 percent combat power is deemed too low for adequate correlation of forces, this may drive changes to targeting or support from higher headquarters and provide input for the development of branch plans. In this example, a branch plan may address the shifting of the main effort during Phase III of the operation.

This risk management process provides the science needed to drive the chief of staff’s adjudication during wargaming. Through the adjudication process, the staff may determine that, due to the friendly combat power situation, the plan cannot continue unaltered. For example, if friendly combat power losses result in unfavorable correlation-of-forces ratios, targeting may need to focus on a given enemy asset or formation to allow the operation to continue. As always, we hope for the best but plan for the worst. If the staff determines that a friendly combat power loss presents significant risk to the mission or force, a decision point is reached and a branch plan is developed to meet the CG’s intent. These FFIR-driven decision points are captured on the decision support matrix. The risk management process does not end here; it continues to develop, with staff sections maintaining risk as part of their running estimate. The protection working group serves as an excellent venue for consolidating staff risk assessments, briefly focusing the staff on the question of “What is killing us?” The tools are now in place to inform the CG of the risk and the actions that he may need to take.

Table 5. Example of a COA development risk matrix

The “Field Grade Product” Versus the “CG’s Product”—
FFIR Input to the CG’s Decisions

At this point, hazards starting at the receipt of the mission have been identified and cross-functionally screened and second- and third-order effects have been developed. Indeed, many of the second- and third-order effects have themselves become hazards added to the risk matrix. The best, most efficient way to control a risk through avoidance, elimination, and/or mitigation has been determined. Finally, an updated risk matrix has been presented to the chief of staff as input for his adjudication. Decision points have been developed, and they are now included in the decision support matrix.

Now, risk must be presented to the CG in a usable for-mat. The detailed risk matrix that has been developed is the “field grade” product. It undergoes constant refinement. However, staff members who hand this product off to the CGs do not generally remain on the staff very long. In spite of this, CG briefings contain the field grade risk matrix time and time again. No wonder risk is glanced over! The field grade risk matrix does not help the CG visualize, describe, or direct the battle. Risk must be presented to the CG in a way that helps him see it in time, space, and purpose.

At this point, the risk matrix is likely relatively large. Now is the time to focus on key risks and reduce the size of the matrix over the course of the next few days. Key risks, which should be presented at the daily battle update briefing, include—

• Risk with a linked decision point.
• Risk that cannot be directly influenced by the division or corps.
• Risk that can cause culmination.
• Risk with political consequences.

These key risks should be listed on a reduced form of the risk matrix. All extraneous information should be removed, and the risk should be expressed in terms of risk to mission and risk to force. Since this is primarily a qualitative assessment, the expert judgement of the staff should be used ​​​​to refine the product. Staff recommendations for controlling the risk through avoidance, elimination, and/or mitigation should be expressed. In cases for which the division cannot directly influence the risk, the term “transfer” should be used to indicate that coordination with a higher echelon is necessary. Coordination with the corps would be required in order to transfer the risk. The corps is postured to control the hazard; such control is critical for the operation.

An updated common operating picture should be included on a presentation slide, and a symbol should be placed where the staff believes the division will encounter the risk. This will help the CG visualize where mission hazards are expected to be encountered. This is not a decision support product, so care must be taken to avoid confusing the CG. Many—but not all—risks have a decision point associated with them.

To complete the CG’s product, an example from the risk model should be used to show when the division will encounter the risk. The risk example should be laid out in terms of risk to mission, risk to force, and political risk. Some risk elements will be classified as all three. The assessment should be used to determine the best fit spatially. Links among hazards should also be made. The hazards are now presented to the CG in time, space, and purpose. He can now see how his force may be impacted. He can now “know himself.”

Step 4, the final step in the process, is to inform the CG of the FFIR and associated decision points. FFIR are expressed as refined, detailed statements that link risk to combat power losses, which in turn requires decisions. The risk that requires decisions is presented in a concise statement. We have now provided the “then” statement to the division or corps decision support matrix with the homework to back up our assessment, and the CG now knows what friendly combat power decisions will need to be made to meet his intent. This method in which risk management drives FFIR and associated decision points can be used to better inform the CG, enhance mission accomplishment, and preserve the valuable lives of our Soldiers.

Conclusion

Risk management must move beyond identifying hazards, applying mitigation, and accepting residual risk. An integrated, whole-of-staff risk management approach to identifying, avoiding, eliminating, and/or mitigating hazards is crucial to correctly defining the operational environment as it changes during LSCO. Capturing risk and managing it for the entire staff should start with mission analysis, undergo testing through harsh adjudication during wargaming, and be maintained as part of the staff running estimate. The staff estimates should be consolidated and discussed during protection working group meetings to further refine upcoming hazards. Risk should be presented to the CG in time, space, and purpose to assist him in visualizing battlefield hazards and making decisions. Division and corps staffs must improve upon current risk management models/methods in order to reduce the risk to mission and force to the minimum residual level that allows the CG to preserve and maximize the effects of his combat power.

 

Endnotes:

¹ADP 6-0, Mission Command: Command and Control of Army Forces, 31 July 2019.

²Current doctrine uses the overarching term of Protection Prioritized List (PPL). (ADP 3-37, Protection, 31 July 2019.)

³ATP 5-19, Risk Management, 9 November 2021.

⁴Ibid, p. 1-7

⁵David Hillson, “Managing Overall Project Risk,” paper presented at PMI Global Congress 2014—European Middle East and Africa, Dubai, United Arab Emirates. Newtown Square, Pennsylvania, Project Management Institute, 2014, <https:​​​​​​​//www.pmi.org/learning/library/overall-project-risk-assessment-models-1386>, accessed on 10 October 2023.

⁶Sun Tzu, The Art of War, 5th Century B.C., with translation and commentary by Lionel Giles, Capstone Publishing, 2022.

⁷ATP 2-01, Collection Management, 17 August 2021.

Lieutenant Colonel Gervais (Retired) is the former protection chief of Operations Group Alpha, Mission Command Training Program, U.S. Army Combined Arms Center, Fort Leavenworth, Kansas. He holds a bachelor’s degree in biology from Purdue University and a master’s degree in environmental management from Webster University. He is also a graduate of the U.S. Army School of Advanced Military Studies, Fort Leavenworth.

Lieutenant Colonel Brookshire is the protection chief and provost marshal for the 1st Infantry Division, Mission Command Training Program. He is the former executive officer of the Mission Command Training Program. He holds a bachelor’s degree in psychology from the University of Maryland; a master’s degree in business and organizational security management from Webster University; and a graduate certificate in administration from Central Michigan University, Mount Pleasant.