From Hazard Maps to Objective Paths — Reimagining Risk for Modern Program Managers
Why It’s Time to Rethink the Way We Define Risk
Imagine you’re driving to a destination on a foggy road. Instead of looking ahead, you focus on all the hazards around you and navigate with your rearview mirror. That’s not how anyone drives—but that’s how most organizations manage risk.
For decades, risk management has been rooted in a failure-based mindset. We look for what might go wrong, assign it a probability and a consequence, and map it onto a colored matrix. If it’s red, we panic. If it’s green, we relax.
But in the real world, success isn’t just about avoiding potholes. It’s about getting somewhere—on time, on budget, and with your mission intact. That’s the fundamental shift proposed by Tom Monroe, Ph.D., P.E., Marissa Miller, Ph.D., and Mario Beruvides, Ph.D., P.E., in their 2024 paper, “Framework for Objective-based Risk Management,” presented at the 2024 American Society for Engineering Management conference: to manage risk not by what might go wrong, but by how far an event pulls us from our objective.
Both Monroe and Miller work in the Strategic Systems Analysis Group at Systems Planning & Analysis (SPA); Monroe is Program Manager and Principal Risk Capability Leader and Miller is a Technical Program Analyst. They collaborated with Beruvides, who is a professor of industrial and systems engineering at the University of Miami.
The Disconnect Between Definitions and Decisions
The Department of Defense’s own Risk, Issue, and Opportunity (RIO) Guide reveals this contradiction clearly. Its first part of the definition of risk focuses on achieving program objectives. The second reverts to the classic hazard framework: likelihood times severity.
But which part of the definition gets applied? In practice, it’s the failure-focused one. Colored matrices and isolated risk registers dominate decision-making. Mitigations are chosen based on the scariest potential outcomes—not necessarily the ones that most directly interfere with mission goals.
This, Monroe argues, is not how humans make decisions. Whether consciously or not, we assess risks based on how they impact our ability to succeed—not how frightening they are in a vacuum.
“Every decision involves future uncertainty of achieving an objective. So why is risk routinely managed from the perspective of hazard avoidance rather than achieving objectives?”
SPA Program Manager Tom Monroe, Ph.D., P.E.
A New Definition: Risk as the Distance from Success
At the heart of the trio’s proposed model—FORM, the Framework for Objective-Based Risk Management—is a simple but powerful redefinition:
Risk is the negative effect that a potential future event or condition may have upon one or more objectives.
This reorientation does several important things:
- It shifts focus from what might happen to what that event would mean.
- It forces teams to define their objectives clearly and specifically.
- It highlights that one event might affect several objectives in different ways.
- And it opens the door to modeling risk as a dynamic, connected system—not just a list of individual hazards.
In short, it turns the headlights back on and focuses the gaze on the road ahead. You’re no longer driving by looking backward.
Modeling Risk Like a Living System
To illustrate, Monroe compares program objectives to the DNA of a living system. Just as a tree needs sunlight, nutrients, and time to mature into its intended form, a program needs resources (usually funding) over time (schedule), and its performance can be benchmarked along the way toward its goals.
Events that interfere—like a drought for the tree or a funding cut for the program—introduce uncertainty. And just like the tree can survive some challenges while others are fatal, a program may weather certain delays but be derailed by others. The key is understanding which risks truly matter and how they interact with each other and the program objectives.
That’s where the FORM model shines. Instead of treating risks as static points on a grid, it builds a network: a map of objectives, events, mitigations, and the relationships between them. Every event is a node. Every impact is an arc. Every objective is a waypoint or destination on the map.
And like a living system, this network evolves. Some risks fade as the program matures. Others become more urgent. The model lets you see that change over time.
Why the PRA Model Falls Short
The traditional probabilistic risk assessment (PRA) model—developed in the wake of the Three Mile Island nuclear incident—was never intended for the complexity of modern program management. It treats a 1% chance of catastrophe the same as a 90% chance of minor failure, as long as the math works out the same.
But that’s not how people think. We intuitively prioritize risks that are more likely to derail our goals—even if they seem smaller on paper. FORM aligns with this human instinct, and models it more effectively.
“Management is prediction,” wrote W. Edwards Deming in “The new economics for industry, government, education.” And prediction, by nature, is about navigating uncertainty—toward something. That “something” is your objective. Not just the avoidance of danger, but the pursuit of success.
So, What Changes?
Implementing FORM doesn’t just mean switching to a new software platform or redrawing your risk matrices. It means starting with a different question:
“What are we trying to achieve?”
From there, it’s about mapping how events may pull you away from that goal—and which actions can bring you closer. That clarity transforms risk management from a compliance task into a decision-making superpower.
It discourages fear-based funding battles. It reduces the incentive to overstate risks for attention. And it allows program managers to optimize their resources around what really matters.
Final Thought: Steering Toward Success
The goal of risk management isn’t to just track every possible hazard – it’s to inform good decision making so you can arrive successfully at your destination, well prepared for the journey. By focusing on objectives rather than obstacles, FORM helps program managers steer—not just swerve.
If your current risk framework feels like a spreadsheet of disconnected fears, it may be time to change the question.
Instead of “What could go wrong?”
Ask: “What might pull us off course—and how can we stay on track?”
Curious how objective-based risk modeling could transform your program?
Contact SPA to explore how the FORM framework can be applied to your organization.
Next up in Post 2: We’ll look at how FORM enables smarter modeling—using networks, Markov chains, and sensitivity analysis to prioritize mitigations and optimize decision-making.
Subscribe to our newsletter
We respect your privacy.
[ Related Articles ]
