In This Guide
1 Aerospace Risk Management Standards
Aerospace programs follow structured risk management processes (typically based on MIL-STD-882, SAE ARP4761, or company-specific standards). Each risk has a probability rating (1–5), severity rating (1–5), and a risk priority number (RPN = probability × severity). Risks scoring above a threshold require documented mitigation plans and regular review.
Most programs maintain risk registers in Excel with 100–300 rows. These spreadsheets are reviewed monthly in 2-hour risk review meetings where half the time is spent finding the right row.
Risk Priority Number (RPN)
RPN = Probability (1–5) × Severity (1–5)
20–25 = Critical (red card) — immediate mitigation + program review required
15–19 = High (orange card) — mitigation plan required within 2 weeks
8–14 = Medium (yellow card) — mitigation plan recommended
1–7 = Low (green card) — accept and monitor, document rationale
2 Visual Risk Register Canvas
Replace the spreadsheet with a risk canvas organized by risk category:
• Technical Risk — design complexity, material properties, testing limitations, integration challenges
• Schedule Risk — supplier delays, test facility availability, certification timeline
• Programmatic Risk — funding, staffing, requirements changes, subcontractor performance
• Safety Risk — failure modes, human factors, maintenance procedures
Each risk card includes probability and severity in the card notes. Color-code by RPN: red (15–25), yellow (8–14), green (1–7).
Technical Risk
Design complexity, material properties, testing limitations, integration, TRL gaps.
Schedule Risk
Supplier delays, test facility queues, certification timeline, long-lead items.
Programmatic Risk
Funding uncertainty, staffing, requirements creep, subcontractor performance.
Safety Risk
Failure modes, human factors, hazardous operations, maintenance procedures.
3 Linking Risks to Mitigations
For each risk card with RPN > 10, create a mitigation card describing the planned action. Draw a depends-on connector from the risk to its mitigation.
Mitigation cards have their own status workflow: Planned → In Progress → Completed → Effectiveness Verified.
The "Effectiveness Verified" step is critical in aerospace — a mitigation isn't closed until you've confirmed it actually reduced the risk. Add a re-assessment date to the risk card after mitigation.
A satellite subsystem team tracking 45 risks found that 8 mitigations marked "Completed" had never been verified. Two of those risks had re-emerged in testing.
Important
In aerospace programs, "Completed" does not mean "Verified." A mitigation is only effective when the risk has been re-assessed and the RPN has actually decreased. The canvas enforces this by requiring a separate "Effectiveness Verified" status.
4 Risk Review Meetings
Before each monthly risk review, run AI Risk Analysis on the canvas. The AI produces:
• Risks sorted by RPN (highest first)
• Risks with overdue mitigations
• New risks added since last review
• Risks whose probability or severity changed
Project this during the review meeting. The team works directly on the canvas — updating RPNs, assigning new mitigations, closing resolved risks. Meeting time drops from 2 hours to 45 minutes because no one is searching through spreadsheet rows.
| Spreadsheet Risk Review | Canvas Risk Review | |
|---|---|---|
| Meeting prep | 2–3 hours (update rows, sort, format) | 5 minutes (run AI Risk Analysis) |
| Meeting duration | 2 hours | 45 minutes |
| Risk discussion quality | Searching for rows, reading aloud | Visual scan, discuss high-RPNs directly |
| Action tracking | Separate action item list | Mitigation cards linked to risks |
| Audit trail | Version-controlled file (maybe) | Timestamped card history (always) |
5 Integration with Program Milestones
Draw relates-to connectors from high-severity risks to the program milestone cards they threaten. This makes it visible during schedule reviews which milestones carry the most risk.
For programs approaching CDR (Critical Design Review) or PDR (Preliminary Design Review), filter the canvas to show only risks with connectors to the upcoming milestone.
1
SRR (System Requirements Review)
Technical risks related to requirements completeness and feasibility.
2
PDR (Preliminary Design Review)
Design risks, TRL gaps, interface risks. Major risk mitigation checkpoint.
3
CDR (Critical Design Review)
Remaining technical risks, manufacturing risks, test plan adequacy.
4
TRR (Test Readiness Review)
Test facility risks, schedule risks for test campaign completion.
5
FRR (Flight Readiness Review)
Safety risks, residual technical risks, all mitigations verified effective.
Key Takeaways
- Organize the risk canvas by category: technical, schedule, programmatic, safety
- Color-code risks by RPN — red for 15–25, yellow for 8–14, green for 1–7
- Link every high-RPN risk to a mitigation card with mandatory effectiveness verification
- Use AI Risk Analysis before monthly reviews to cut meeting time from 2 hours to 45 minutes
- Connect risks to program milestones (PDR, CDR, TRR, FRR) to show which reviews carry the most risk