North Dakota Wing Civil Air Patrol
   Home 
   About CAP 
   Join CAP 
   Info 
   Departments 
   Aerospace Education 
   Cadet Programs 
   Emergency Services 
   Inspector General 
   Safety Program 
   Prof Development 
   Communications 
   Administrative 
   Publications 
   Events 
   Staff 
   Squadrons 
   Reports 
   Site Map 
  

ORM 101: A Basic Course in Common Sense

By Col. James L. Stanley, HQ ACC/SEO, Langley AFB, VA
[Reprinted from the May 1999 issue of The Combat Edge]

Capturing the Essence of ORM

I have got to be perfectly honest with you - since taking over as Air Combat Command's ORM Czar, I have been reading everything available to find out what Operational Risk Management really is. I have reviewed the computer based training available on the ACC Web Page (you find it under ACC/TRSS)... I have read and studied AFI 91-213, "Operational Risk Management (ORM) Program," and AFPAM 91-125, "ORM Guidelines and Tools," which combine to give the reader a "soup-to-nuts" review of the USAF ORM Program... I reviewed COMACC's tape on ORM and its importance to Air Combat Command... I even talked to "Orville" before he rode off into the sunset. What I am about to give you is my interpretation of this critical program, which is too often misunderstood and maligned. Hang in there with me as I do my best to capture the essence of ORM.

The "M" Word

First of all, I believe we can do a better job at instituting Operational Risk Management into our everyday activities - which is where it should be. ORM started out with one hand tied behind its back due to its name. It suffers from the disease I will call the "M" word. That's right, "Management." The "M" word connotes visions of Big Brother mandating another program down to the masses - does TQM (Total Quality Management) or MBO (Management By Objectives) sound familiar? ORM will continue to struggle until it is ingrained into daily work and play practices of all our personnel. Real use of ORM cannot be legislated; it must be part of the Air Force culture... to become part of our culture, it must be embraced in everything we do... to become embraced, it must be easily understood - this is where we can do a better job.

Operational Risk Management is depicted as a formalized 6-step process:

  1. Identify the Hazards
  2. Assess the Risk
  3. Analyze Risk Control Measures
  4. Make Control Decisions
  5. Implement Risk Controls
  6. Supervise and Review

When reviewed, it is a logic train which we perform every day; however, it is difficult to memorize and cumbersome to execute in daily operations. My goal is that COMACC should be able to stop any Air Force member and ask them what ORM is... and they should be able to tell him. When COMACC can do that, he will know that his ORM program is in full swing and making a difference.

Short, Sweet, and To the Point

Let's try this - ORM is a systematic, common sense approach to minimize risk. Short, sweet, to the point, and by-golly, captures the essence of ORM without taking half a page. Now, let's look at the steps in a different way. How about Identify, Assess, Analyze, Decide, Implement, Review. You Identify a hazard... Assess that it does pose a risk... Analyze measures to take to eliminate or minimize the risk... Decide which measures to take based on cost and benefits... Implement the risk control measure... and lastly, Review the risk control measure to see if it worked. It is critical to remember that ORM doesn't stop at the Review step; it is a circular process that pushes you to ensure that your measure was the correct decision. If during the Review step you identify that it did not give you the result you desired, you determine the reason by starting at step one again - Identify. The most important point to make now is that the 6-step process is perfect for more strategic ORM. Daily, simple ORM may only require a few of the steps - and you do it daily without having to remember the 6-step process.

The Three Levels of ORM

I like to break ORM down into three fundamental categories - Basic, Operational, and Strategic. Each level is equally important; however, each requires a different amount of ORM effort - some intuitive and some complex.

Basic Level

Basic ORM is risk management you do every day, throughout the day, at work and at home. For example, imagine you are walking through your office when you see Amn Newbee's desk drawer protruding outwards and causing a hazard. After you push it back in, you go about your business grumbling about his inconsiderate behavior. Congratulations - you just did ORM, and you didn't even have to think about it. You Identified the drawer hazard, Assessed that the drawer sticking out in a walking space was a risk, Analyzed which risk control measures are available, and Decided to correct the problem by electing to push in the drawer. You carried out a very simple process; however, it is critical to our risk management culture.

Operational Level

The operational category is a more staffing type of ORM. Here is a good example. The ACC staff was reviewing a proposal for F-16s to pull some of our Iceland alert commitment. Historically, this alert had been tasked to F-4... and now F-15... aircraft, both of which are two engine aircraft. Now a proposal to use F-16s was up for consideration. During review of the proposal, the following issues were identified and researched: (1) the F-16 has only one engine, (2) prevailing weather and crosswind were valid concerns, and (3) alternate airfields would be difficult to reach due to the range of the F-16. It was the classic opportunity for ORM to work its magic! The hazards were identified as weather, range, and single engine operations. The risk was assessed for the F-16 to perform this mission in the demanding Iceland environment. Analysis revealed that no risk control measures were available or realistic. The decision was made not to task the F-16.

Strategic Level

This is the full-blown, call out the cavalry, ORM which most of our personnel equate to their training. In reality, it will be the exception when this level of ORM is used or needed. A prime example of this type of ORM occurred during DESERT STORM when Coalition forces were employing tactics that were primarily low-level ingress and attack. The decision to utilize low-level attacks was based on months of target and threat study; it was determined that the low-level attacks would minimize risk to our forces. After a couple of days, however, it was evident that loss rates due to low-level attacks were exceeding an acceptable level of risk. At that time, a decision was made to use mid-to-high-level attacks. This change in tactics saved lives and assets. This is ORM in its most strategic forum. Our planners went through the ORM 6-Step Process and ultimately used Step 6 (Review) to determine that risk levels were unacceptable. Then after going back to Step 1 (Identify the hazards), new risk control measures were instituted which were more effective.

ORM - a Common Sense Program

Operational Risk Management is not magic and should not be a burden to getting the mission accomplished. These three examples of different levels of ORM show you that it is a common sense program which has application at home, work, or during contingency operations. It is easy to execute - it just takes awareness of risk and a proactive attitude to mitigate that risk. My ultimate goal is for ORM to become so much a part of the Air Force culture that my position as ORM Czar is no longer required. COMACC will be coming to your base soon. Be prepared to tell him all about Operational Risk Management and why it has become part of your lifestyle!

Return to Safety Program

Return to Departments

Site © 2003-08 - All Rights Reserved
Last modified: 4 January 2008 by Maj Sundhagen