Risk Management ARMO News People Learning Guidance Recommended Reading NASA Risk Management Program NASA’s mission success depends on informed decision-making under uncertainty. Risk Management (RM) is a core competency that supports this effort across the Agency. In 2023, NASA established the Agency Risk Management Officer (ARMO) within the Office of Safety and Mission Assurance (OSMA) to strengthen and coordinate the Agency’s RM framework. About the ARMO The ARMO leads Agency-wide efforts to advance risk management policy, culture, and capability. While there is currently no formal NASA Risk Management Program Office, the ARMO role was created to develop the foundations needed to better support NASA’s Mission Directorates, Centers, and Program/Project Managers in managing and communicating risk. The ARMO is focused on building capabilities that: Integrate risks from various boards and forums to provide a consolidated perspective on top enterprise risks. Champion risk leadership initiatives to improve communication and clarify the Agency’s overall risk posture. Develop and implement best practices for integrating Enterprise Risk Management (ERM) into day-to-day operations and decision-making. Investigate and co-develop with stakeholders new methods to identify, monitor, and manage NASA’s highest-level risks. ARMO Areas of Emphasis and Strategic Priorities The ARMO’s work is organized around five interconnected emphasis areas: Risk Framework: Strengthening Agency-wide structures, processes, and principles for consistent RM practice. Risk Leadership: Building capacity and accountability for effective risk-informed leadership at all levels. Tools: Identifying and advancing RM tools that support risk analysis, decision-making, and cross-level communication. Training: Equipping NASA personnel with the knowledge and skills to practice effective RM, tailored to their roles and responsibilities. Communication: Fostering timely, transparent, and meaningful risk dialogue across the enterprise. Standard Risk Categories Common risk types are frequently identified and managed across NASA’s activity domains. To support consistency and clarity in risk reporting, NASA has adopted a set of recommended standard risk categories. These categories provide a structured way to characterize risks based on the objectives they most significantly affect. Importantly, risks are categorized according to the objective at greatest risk even though a single risk may threaten multiple domains. These are intended for use in high, Agency-level risk discussions and are particularly relevant for enterprise and senior leadership contexts. Domain Category Description Enterprise Strategic Risks that may hinder NASA’s long-term goals or strategic direction (e.g., policy changes, geopolitical shifts). Enterprise Financial Budget instability, funding constraints or issues in financial oversight that could affect program continuity. Enterprise Reputational Threats to public trust, stakeholder confidence or NASA’s image. Enterprise Compliance Legal, regulatory or policy noncompliance with potential for broad impact. Programmatic Technical Engineering, design or technology risks that could degrade mission performance. Programmatic Schedule Delays caused by unforeseen challenges, resource limitations or process issues. Programmatic Cost Budget overruns, inaccurate cost projections or scope changes. Programmatic Safety & Security Risks to mission execution involving physical or data safety concerns. Institutional Operational Workforce, infrastructure or support function issues affecting day-to-day operations. Institutional Compliance Institutional adherence to applicable standards, laws or policies. Institutional Safety & Security Threats to the protection of people, systems or data from harm or cyber-attack. All Domains Other Unique or emerging risks not adequately represented in the standard taxonomy. Note: While categorization aids communication and visibility, it is not intended to restrict risk thinking. Regular updates and flexibility are essential to accommodate emerging risks and evolving mission needs The Objectives-Driven Risk Management Framework (ODRMF) NASA applies an Objectives-Driven Risk Management Framework (ODRMF) to guide how risks are identified, analyzed, communicated, and managed across the Agency. This framework emphasizes aligning risk decisions with clearly defined objectives at all levels—from mission design to strategic planning. The ODRMF consists of two interrelated processes: RIDM (Risk-Informed Decision Making): A structured process that uses risk analysis to inform decisions where uncertainty could affect mission or program success. RIDM supports evaluation of options and trade-offs by considering likelihood, consequence, and stakeholder priorities. CRM (Continuous Risk Management): A repeatable process used to manage operational risks throughout the life of a mission, project, or activity. CRM helps teams identify, track, and mitigate risks proactively as part of day-to-day execution. Together, RIDM and CRM ensure that risks are managed both strategically and tactically, providing an integrated approach that supports safe, successful, and sustainable outcomes. Risk Management News Re-Focus on Risk with New Risk Management SATERN Courses May 16, 2025 The Agency Risk Management Officer, with support from the NASA Safety Center and the Academy of Program/Project & Engineering Leadership, has developed four new risk-focused training courses. Read More Updated Handbook Takes a Comprehensive and Integrated Approach to Risk Management March 12, 2025 NASA’s Risk Management (RM) program recently released an updated version of the RM Handbook. This marks the first update to the handbook since the initial version was released in 2011. Read More Cancellation of NPR 8705.5 Reflects Evolution of NASA Policy for Safety and Mission Success January 04, 2023 NPR 8705.5, Technical Probabilistic Risk Assessment Procedures for Safety and Mission Success for NASA Programs and Projects was cancelled, a move consistent with the policy direction to be more objectives-driven, as defined in the recent update to NPD 8700.1, NASA Policy for Safety and Mission Success. Read More Changes to NPR 8000.4 Reflect Increased Relevancy of Cyber-Related Threats April 22, 2022 Revision C of NPR 8000.4, Agency Risk Management Procedural Requirements went into effect on April 19, 2022. The changes made primarily reflect the increasing relevance of cyber-related threats and incidents across both government agencies and the private sector. The update reflects an action item from the NASA Enterprise Protection Board to the Office of Safety and Mission Assurance to make the subject of cybersecurity and cyber risk explicit within NPR 8000.4. Read More OSMA Hosts Risk Management Summit to Address Key Challenges and Opportunities December 12, 2014 Events, Risk Management The Office of Safety and Mission Assurance hosted a Risk Management (RM) summit to address key RM challenges and opportunities for the agency. Read More People Dr. Mary Skow Agency Risk Management Officer Dr. Mary R. Coan Skow, Ph.D., is the Agency Risk Management Officer. In this role, which she helped formulate and establish, Dr. Skow integrates risks from various boards and forums to achieve perspective on top-enterprise risks. Read More Learning SATERN Courses Fundamentals of Risk Management SMA-OV-WBT-137 This course is designed to provide an overview of risk management, including key concepts and terminology, agency principles and practices, foundations of the Objectives-Driven Risk Management framework, and communication of risk information. As an IACET Accredited Provider, the NSC offers IACET CEUs for its learning events that comply with the ANSI/IACET Continuing Education and Training Standard. Please refer to the CPE field below for the number of CEUs on this course. SMA-OV-WBT-137 Details Launch SATERN Risk Leadership SMA-HQ-WBT-220 This course provides you with an overview of the definition of risk leadership as stated in the NASA Agency Risk Management Procedural Requirements, NPR 8000.4. It highlights important aspects such as risk culture, risk posture, decision velocity, and the importance of balancing risk versus benefits. Throughout, you'll hear from NASA's risk leaders from a variety of fields and expertise as they share their experiences and describe what risk leadership means to them. You’ll also learn the vital role that you play in risk leadership at NASA. As an IACET Accredited Provider, the NSC offers IACET CEUs for its learning events that comply with the ANSI/IACET Continuing Education and Training Standard. Please refer to the CPE field below for the number of CEUs on this course. SMA-HQ-WBT-220 Details Launch SATERN APPEL-Understanding Risk Management: Exploration of Core Concepts APPEL-RMCC This course provides detailed insight of NASA’s risk management principles and practices. The course takes up and explores in greater detail core concepts introduced in the required pre-requisite “Fundamentals of Risk Management at NASA” SATERN course. Recommended approaches and guidance for applying Risk Informed Decision Making (RIDM) and Continuous Risk Management (CRM) processes are introduced. Required Pre-requisite: Fundamentals of Risk Management at NASA SMA-OV-WBT-137. APPEL-RMCC Details Launch SATERN APPEL-Applying Risk Management: From Theory to Practice APPEL-RMTP This course builds on the knowledge of NASA’s approach to managing risk provided in Understanding Risk Management: An Exploration of Core Concepts. The course provides an opportunity to evaluate and practice application of the Risk Informed Decision Making (RIDM) and Continuous Risk Management (CRM) in the context of NASA projects and programs. Participants will collaborate on a threaded case study as described in the Risk Management Handbook. Required Pre-requisite: Fundamentals of Risk Management at NASA SMA-OV-WBT-137. APPEL-RMTP Details Launch SATERN Policy and Guidance NASA Policy Title Buttons Buttons NPD 1000.0 NASA Governance and Strategic Management Handbook NPD 1000.0 Details See NPD 1000.0 NPD 1000.5 Policy for NASA Acquisition NPD-1000-5 Details See NPD 1000.5 NPD 1200.1 NASA Internal Control NPD 1200.1 Details See NPD 1200.1 NPD 7120.4 NASA Engineering and Program/Project Management Policy NPD 7120.4 Details See NPD 7120.4 NPD 8700.1 NASA Policy for Safety and Mission Success NPD 8700.1 Details See NPD 8700.1 NPR 8000.4 Agency Risk Management Procedural Requirements NPR 8000.4 Details See NPR 8000.4 NASA/SP-2024-3422 NASA Risk Management Handbook: Version 2.0, Part I NASA/SP-2024-3422 Details See NASA/SP-2024-3422 NASA/SP-2024-0014326 NASA Risk Management Handbook: Version 2.0, Part II NASA/SP-2024-0014326 Details See NASA/SP-2024-0014326 NASA/SP-2014-615 Organizational Risk and Opportunity Management Concepts and Processes for NASA's Consideration NASA/SP-2014-615 Details See NASA/SP-2014-615 Recommended Reading Title Author Year Workshop Minutes Enterprise Risk and Opportunity Management 2014 Minutes Details See Minutes NASA and the Importance of Risk NASA Administrator Charlie Bolden 2013 Message Details See Message Preparation, Submission, and Execution of the Budget Office of Management and Budget 2014 Circular A-11 Details See Circular A-11 Management's Responsibility for Enterprise Risk Management and Internal Control Office of Management and Budget 2016 Circular A-123 Details See Circular A-123 × Close Dr. Mary Skow Dr. Mary SkowAgency Risk Management OfficerDr. Mary R. Coan Skow, Ph.D., is the Agency Risk Management Officer. In this role, which she helped formulate and establish, Dr. Skow integrates risks from various boards and forums to achieve perspective on top-enterprise risks. Additionally, she champions risk leadership initiatives through the facilitation of risk communication and clarifies risk posture. Dr. Skow also develops and implements best practices to integrate Enterprise Risk Management processes into day-to-day operations and decision-making, while investigating and developing methods to create and manage top risks for the agency.Prior to her current position, Dr. Skow served as the strategic evaluation program manager for the Chief Program Management Officer at NASA Headquarters, where she excelled at motivating varied teams and initiating strategic initiatives. She previously held the role of portfolio analyst at Headquarters for the Office of the Chief Financial Officer, where she was responsible for understanding and working with the Exploration Systems Development Mission Directorate for the Human Landing System, Gateway and Spacesuit User Interface Technologies for Students (SUITS).Dr. Skow began her career at NASA as a graduate student in the co-op program at Kennedy Space Center working on In-Situ Resource Utilization. Following her co-op, she became a project manager at NASA Johnson Space Center for Environmental Control Life Support Systems.Dr. Skow graduated from the University of Rochester with a Bachelor of Science degree in chemical engineering. She received her PhD in chemical engineering with a focus in microelectronics from Texas A&M University. Dr. Skow actively participates in outreach programs, mentoring underprivileged children and college students and promoting NASA's mission to the next generation of scientists and engineers.