Skip to main content
Image coming soon

Program Risk Quantification for Federal Contractors

$199.00
Adding to cart… The item has been added

A focused course, tailored for you

Program Risk Quantification for Federal Contractors

Turn your risk register into a credible, audit-ready evidence package that survives a DCMA review.

The risk register gets sent back because it reads as a list, not an analysis. Program Risk Managers at federal contractors know the issues on their programs. What is missing is the quantitative scaffolding that converts qualitative log entries into cost-and-schedule risk estimates a contracting officer and a DCMA auditor will accept without follow-up questions.

$199 one-time
Tailored to your situation. Access within 24 hours. 30-day money-back.

Includes a hand-built implementation playbook delivered alongside course access, generated for your specific situation.

Why this course

Federal program risk management sits at the intersection of EVM, IMS, and risk policy. A risk register that names the risk, assigns an owner, and calls it medium probability does not satisfy a DCMA EVMS surveillance or a formal program management review. The customer wants probability distributions on cost impact, schedule risk analysis tied to the IMS critical path, and mitigation evidence that shows the risk is actually burning down. Most program risk managers have the instinct but not the methodology. The result is a risk package that gets revised three times before a PMR, still draws questions, and never quite becomes the artefact the program office can rely on between reviews.

What you walk away with

  • Build a risk register structure that maps directly to WBS elements and IMS milestones rather than sitting as a separate qualitative log.
  • Apply Monte Carlo simulation basics to produce probability distributions on cost and schedule impact that a DCMA analyst can verify.
  • Construct a risk burn-down chart with milestone-gated evidence that proves mitigation actions are reducing residual risk.
  • Write risk-adjusted cost estimates that are traceable from the risk register through the control account plan to the program baseline.
  • Produce a mitigation evidence package structured around DCMA EVMS surveillance criteria and program management review formats.
  • Integrate risk findings into the monthly CPR narrative so the customer sees a consistent story across sections.

The 12 modules

Module 1. Federal Program Risk Fundamentals
Maps the regulatory landscape: FAR 34.2, DFARS 252.234-7002, ANSI/EIA-748 risk guidelines, and DoDI 5000.02 risk management requirements. Explains how DCMA surveillance uses the risk register as an audit artefact and why the standard qualitative log fails that test. Establishes the vocabulary your program office, CO, and auditor share.
Module 2. Risk Register Architecture Tied to WBS
Rebuilds the risk register schema so every risk entry maps to a WBS element and at least one IMS task. Covers risk identification by WBS level, risk statement format (condition, consequence, timeframe), ownership at the control account level, and the data fields a DCMA examiner will look for during an EVMS surveillance visit.
Module 3. Probability and Impact Scoring That Holds Up
Moves past the generic 3x3 or 5x5 matrix. Establishes program-specific probability and impact scales calibrated to your contract value, schedule margin, and customer risk tolerance. Covers the most common failure mode: teams that compress all risks into the medium-medium cell because no one wants to own a high-impact rating without a mitigation plan in place.
Module 4. Monte Carlo Basics for Cost and Schedule Risk
Introduces triangular and PERT distributions for cost and schedule risk inputs without requiring a statistics background. Walks through a representative cost risk analysis using a stripped-down WBS and shows how to read the S-curve output to determine a risk-adjusted cost estimate at a defensible confidence level. Covers the Primavera Risk Analysis and @Risk tool environments commonly used in federal programs.
Module 5. Integrating Risk into the IMS
Explains schedule risk analysis: adding risk tasks to the IMS, running near-critical path analysis, and identifying schedule risk drivers that do not sit on the critical path but carry high probability of impact. Covers the difference between schedule contingency and schedule reserve, and how each should be documented in the baseline change control process to survive a DCMA review.
Module 6. Risk-Adjusted Cost Estimates and CBB
Shows how risk-adjusted cost estimates feed into the Contract Budget Base and management reserve. Covers the mechanics of a risk-informed estimate at completion, the relationship between risk reserve drawdown and EAC variance, and how to document the rationale so the CO and ACO can follow the logic without a meeting. Includes a worked example of a control account risk rollup.
Module 7. Mitigation Planning with Traceable Evidence
Builds mitigation plans that produce audit evidence, not just narrative. Each mitigation action gets an owner, a milestone, an evidence type (test result, supplier confirmation, design review closure), and a residual risk reassessment trigger. Covers the common failure mode of mitigation plans that stay open for six months because the evidence criteria were never defined.
Module 8. Risk Burn-Down: Tracking and Communicating Progress
Constructs the risk burn-down chart as a formal program artefact: risk count by category over time, risk exposure (probability times cost impact) trending, and milestone-gated closure criteria. Covers how to present burn-down at a monthly program management review so the customer sees a credible story rather than a static list with updated dates.
Module 9. DCMA EVMS Surveillance and Risk
Walks through how a DCMA EVMS surveillance visit uses the risk register. Covers the surveillance criteria related to risk management in the DCMA EVMS Standard Surveillance Plan, typical findings related to inadequate risk-to-EAC linkage, and the corrective action request process if risk documentation does not meet ANSI 748 guidelines. Includes a pre-surveillance self-assessment checklist.
Module 10. Risk Sections of the CPR and IPR
Shows how risk data flows into the monthly Contract Performance Report narrative and the Integrated Program Review briefing. Covers Format 5 (explanations and problem analysis) risk language, the IMS integrated master schedule risk summary, and how to keep the risk story consistent across the CPR sections so there are no contradictions between cost variance explanation and risk mitigation status.
Module 11. Opportunity Management Alongside Risk
Introduces opportunity identification and quantification as the counterpart to risk management. Covers opportunity register structure, probability-weighted opportunity value, and how to document realized opportunities in the EAC without triggering a baseline change. Addresses the DCMA position on opportunity management and the risk of recognizing upside too early in the performance measurement baseline.
Module 12. Building Your Program Risk Management Plan
Assembles the Risk Management Plan as a standalone contract deliverable: scope, risk identification process, risk analysis methodology, mitigation planning process, risk reserve management, and reporting cadence. Provides a template structured to satisfy a CDRL requirement and survive a technical baseline review. Covers the review and approval cycle with the program office and the CO.

How this addresses your situation

Specific modules that map to what you said you are dealing with.

Risk register gets sent back at PMR: Modules 2, 3, 8
DCMA surveillance finding on risk documentation: Modules 9, 6, 7
EAC variance explained but risk section contradicts it: Modules 10, 6
Mitigation plans are all open with no closure criteria: Modules 7, 8

What you get with this course

  • 12 written modules covering federal program risk from register architecture through DCMA surveillance
  • Downloadable risk register template tied to WBS and IMS structure
  • Monte Carlo input worksheet for cost and schedule risk analysis
  • Risk burn-down chart template with milestone-gated closure criteria
  • Pre-surveillance self-assessment checklist mapped to DCMA EVMS Standard Surveillance Plan
  • Risk Management Plan template structured as a CDRL-ready deliverable
  • Hand-built implementation playbook tailored to your program environment

What you will have in hand by Day 1, Week 1, Month 1

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

Before and after

Before

Risk register is a qualitative list. Mitigation plans stay open for months. The risk section of every CPR is rewritten the day before submission. DCMA surveillance finds inadequate risk-to-EAC linkage.

After

Risk register maps to WBS and IMS. Cost and schedule risk estimates are defensible at a PMR. Mitigation plans have evidence criteria and close on schedule. DCMA surveillance finds a complete package.

What happens if you do not address this

The next PMR risk package gets revised again. The CO asks for a formal risk management plan as a contract deliverable and the team has no template. DCMA surveillance opens a corrective action request on EVMS guideline 32 (risk management). The program carries more management reserve than it should because the quantification methodology is not credible enough to release it.

Who it is for

You are a Program Risk Manager at a federal defense or civilian IT contractor. You own the risk register, facilitate risk working groups, and produce the risk sections of program status reports and monthly contract performance reports. You work with EVM analysts, schedulers, and technical leads to roll risk into cost and schedule baselines. You know DFARS clauses and have some exposure to CMMC or NIST 800-171 if your program touches CUI.

Who this is NOT for. Commercial program managers with no EVM or federal acquisition exposure. Risk analysts in financial services. Anyone looking for a general project management risk overview.

How it arrives

Text-based course in the Art of Service learning environment, plus downloadable templates and worked examples for every module, plus the hand-built implementation playbook delivered alongside course access.

Time investment. Each module is self-contained and can be completed in 30-45 minutes. The full course runs roughly 6-8 hours spread across however many sessions fit your program review cycle.

Why $199 is the right number

A PMI-RMP certification course covers general risk principles but has no federal acquisition context and no DCMA-specific content. Internal training at most contractors covers the risk register format but does not address quantitative analysis or audit evidence packaging. A program management consultant to fix the risk package costs $15,000-$40,000 and does not build internal capability.

FAQ

Does this cover CMMC or NIST 800-171 risk specifically?
The course focuses on program execution risk tied to EVM and the IMS, which is the primary risk surface for most program managers. If your program has CUI handling and CMMC exposure, the risk register architecture in Module 2 includes a section on cybersecurity risk as a program risk category, not as a separate compliance audit track.
I am not the EVM analyst on my program. Is this still relevant?
Yes. The course is written for the risk manager who works alongside EVM and scheduling without owning those functions. Modules 4 through 6 explain the EVM interfaces in plain terms so you can have productive conversations with the EVM analyst and contribute to the cost risk analysis without needing to run the numbers yourself.
What if my program does not have DCMA oversight?
Most of the content applies equally to civilian agency programs with GAO or IG audit exposure. DCMA surveillance is used as the primary reference because it has the most detailed published criteria, but the risk register structure, quantification methodology, and evidence packaging practices transfer directly to any federal oversight environment.

30-day money-back guarantee. If after a week of working through the materials this is not what you needed, reply to the receipt email and a full refund is processed. No questions, no forms.

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.