ORM Operational Risk Managment


Risk is inherent in all tasks, training, missions, operations, and in personal activities no matter how routine. The most common cause of task degradation or mission failure is human error, specifically the inability to consistently manage risk. ORM reduces or offsets risks by systematically identifying hazards and assessing and controlling the associated risks allowing decisions to be made that weigh risks against mission or task benefits. As professionals, Navy personnel are responsible for managing risk in all tasks while leaders at all levels are responsible for ensuring proper procedures are in place and that appropriate resources are available for their personnel to perform assigned tasks. The Navy vision is to develop an environment in which every officer, enlisted, or civilian person is trained and motivated to personally manage risk in everything they do. This includes on- and off-duty evolutions in peacetime and during conflict, thereby enabling successful completion of any task and mission. Navy commands and activities accomplish this by executing a four pillar strategy.



It is required that all NPS Personnel take ORM training when they come on board, and every three years thereafter.

  • Individual Managing Your Risk (CIN - CPPD CPPD-ORM-MYR-1.0). This training has a mandatory triennial completion requirement for all Navy personnel.
  • Supervisor Managing Your Team’s Risk (CIN - CPPD-ORM-MYTR-1.0). This training is required upon initial assignment of supervisory responsibilities and every 36 months while assigned at command. 


In addition to these triennial trainings, there is an annual ORM Refresher training.  It is required for all individuals (Civilian and Military) per OPNAVINST 3500.39C.


Methods of training:

  • NEW MOBILE APP!!  This is by far the easist way to complete your ORM training requirements. After you complete the training, you will be propted to input the DoD ID Number from the back of your CAC. The training will then be documented as completed in ESAMS but it may take a week for it to show. You may download the app for Android and Apple devices:
  • ESAMS - All NPS Staff and Faculty (but not Students) should have an active ESAMS account.  If you are unable to log in, contact 
  • NKO - You must register for an online account at Follow the instructions for “New Users.” Then select “Navy e-Learning” under the horizontal “Learning” tab at the top of the page, On that page, in the left navigation bar under “Content,” select “Browse Categories,” then select “US Department of the Navy,” then “ORM” (the final item in the right-hand column).


ORM Process

The most common idea of what ORM is revolves around a simple five-step process that is most frequently used in planning, or at the Deliberate Level. These five steps are:


Step 1 Step 1. Identify hazards - A hazard is any condition with the potential to negatively impact mission accomplishment or cause injury, death, or property damage. Hazard identification is the foundation of the entire RM process. If a hazard is not identified, it cannot be controlled.
Step 2 Step 2. Assess the hazards - For each hazard identified, determine the associated degree of risk in terms of probability and severity. The result of the risk assessment is a prioritized list of hazards, which ensures that controls are first identified for the most serious threat to mission or task accomplishment. Combine the severity with the probability to determine the risk assessment code (RAC) or level of risk for each hazard, expressed as a single Arabic number. Although not required, the use of a matrix, such as the one below, is helpful in identifying the RAC.
Step 3 Step 3. Make risk decisions - A key element of the risk decision is determining if the risk is acceptable. This decision must be made at the right level by the individual who can balance the risk against the mission or task potential benefit and value. This individual decides if controls are sufficient and acceptable and whether to accept the resulting residual risk. If it is determined the risk level is too high, the development of additional or alternate controls, modifications, changes, or rejecting the course of action becomes necessary.
Step 4 Step 4. Implement controls - Once the risk control decisions are made, the next step is implementation. This requires that the plan is clearly communicated to all the involved personnel, accountability is established, and necessary support is provided. Careful documentation of each step in the RM process facilitates risk communication and the rational processes behind the RM decisions.
Step 5 Step 5. Supervise - Supervise and review involves determining the effectiveness of risk controls throughout the mission or task. This involves three actions: monitoring the effectiveness of risk controls; determining the need for further assessment of all or a portion of the mission or task due to an unanticipated change; and capturing lessons learned, both positive and negative.


Four Principles of ORM

Accept risks when benefits outweigh costs. Accept no unnecessary risk.
Anticipate and manage risk by planning. Make risk decisions at the right level.


The Three Levels of ORM


The in-depth level refers to situations when time is not a limiting factor and the right answer is required for a successful mission or task. Thorough research and analysis of available data, use of diagrams and analysis tools, formal testing or long term tracking of associated hazards are some of the tools used at this level. Other examples of application of ORM at the in-depth level include, but are not limited to: long term planning of complex or contingency operations; technical standards and system hazard management applied in engineering design during acquisition and introduction of new equipment and systems; development of tactics and training curricula; and major system overhaul or repair.



The deliberate level refers to situations when there is ample time to apply the RM process to the detailed planning of a mission or task. At this level, the planning primarily uses experienced personnel and brainstorming and is most effective when done in a group. The Navy planning process is a good example of ORM application integrated at the deliberate level. Other examples include: planning of unit missions, tasks or events; review of standard operating, maintenance or training procedures; recreational activities; and the development of damage control and emergency response plans.


Time Critical Risk Management (TCRM)

This is the level at which personnel operate on a daily basis both on- and off-duty. The time critical level is best described as being at the point of commencing or during execution of a mission or task. At this level there is little or no time to make a plan. An on-the-run mental or verbal assessment of the new or changed/changing situation is the best one can do. Time is limited in this situation, so the application of the 5-step process has proven impractical and ineffective. The Navy has adopted the ABCD Model.



  Assess the Situation
Assess what’s going on and what’s your role. This is about achieving and maintaining good situational awareness. You have likely received the brief which laid out the plan and should have id’d hazards, the associated risks and the controls to be used to mitigate those risks to ensure the missions success.
  Balance Your Resources and Options
Balance your resources and options.  Some resources are the controls developed during the in-depth and deliberate planning. They include publications, checklists, TTP’s and equipment.  Additionally, they can be your teammates or others supporting the operation. 
Effective communication is an essential element for the successful execution of the mission and we all have a part to play.
  Do and Debrief
First and foremost we have a mission to complete – execute the plan, manage change as it occurs and use the resources available to mitigate risk. After completion, conduct the debrief.


Risk Assessment Codes

Combine the severity with the probability to determine the risk assessment code (RAC) or level of risk for each hazard, expressed as a single Arabic number. Although not required, the use of a matrix (such as the one below) is helpful in identifying the RAC. In some cases, the worst credible consequence of a hazard may not correspond to the highest RAC for that hazard. For example, one hazard may have two potential consequences. The severity of the worst consequence (I) may be unlikely (D), resulting in a RAC of 3. The severity of the lesser consequence (II) may be probable (B), resulting in a RAC of 2. Therefore, it is important to consider less severe consequences of a hazard if they are more likely than the worst credible consequence, since this combination may actually present a greater overall risk.


Mishap Severity Categories

  1. CATASTROPHIC - Could result in death, permanent total disability, loss exceeding $1M or irresversible severe environmental damage that violates law or regulation.
  2. CRITICAL -  Could result in permanent partial disability, injuries or occupational illness that may result in hospitalization of at least three personnel, loss exceeding $200K but thess than $1M or reversible environmental damage causing a violation of law or regulation.
  3. MARGINAL - Could result in injury or occupational illness resulting in one or more lost work day(s), loss exceeding $10K but less than $200K or mitigable environmental damage without violation of law or regulation where restoration activities can be accomplished.
  4.  NEGLIGIBLE - Could result in injury or illness not resulting in a lost work day, loss exceeding $2K but less than $10K or minimal environmental damage not violating law or regulation.


Mishap Probability or Occurrence Levels

  1. FREQUENT - Likely to occur often
  2. PROBABLE - Will occur frequently
  3. OCCASIONAL - Will occur several times
  4. REMOTE - Unlikely but can reasonably be expected to occur
  5. IMPROBABLE - Unlikely to occur but possible.





Frequency of Occurrence Over Time
Highly likely Somewhat probable May Occur over time Unlikely to occur
Severity Effect of Hazard

Loss of Mission Capability, Unit Readiness or Asset, Death


1 1 2 3

Significantly Degraded Mission Capability or Unit Readiness; Severe Injury or Damage


1 2 3 4

Minor Degradation in Mission Capability or Unit Readiness; Minor Injury or Damage


2 3 4 5

Little or No Impact to Mission Capability or Unit Readiness; Minimal injury or Damage


3 4 5 5

Risk Assessment Codes

1-Critical      2-Serious      3–Moderate      4–Minor       5-Negligible