February 15, 2024

Integrated Issues and Risk Management: A Theoretical Framework Overview


The contractor requirements document for DOE O 226.1B, Implementation of Department of Energy Oversight Policy, requires DOE/NNSA contractors to establish an assurance system that includes, among other things, “Rigorous, risk-informed, and credible self-assessment and feedback and improvement activities. Assessment programs must be risk-informed, formally described and documented, and appropriately cover potentially high consequence activities” and “Contains an issues management process that is capable of categorizing the significance of findings based on risk and priority and other appropriate factors….” However, the term “risk-informed” is not defined in this or any other DOE order, and no formal guidance on how to integrate the two concepts currently exists. The Risk Management Guide for Defense Programs released by NA-18, Office of Systems Engineering and Integration (SE&I), states it is “a framework and general guidance to program office personnel on the effective management of program risks and issues”, however it then defines issues as “events with 100% likelihood of affecting program objectives” and states “unless specified otherwise, the term “risk” will also serve to represent issues for the remainder of this plan,” severally limiting its ability to provide adequate guidance on this topic. Outside of DOE scope, the U.S. Nuclear Regulatory Commission (U.S. NRC) imposes similar requirements. ASME NQA-1-2015 Requirement 16 states “Conditions adverse to quality shall be identified promptly and corrected as soon as practicable. In the case of a significant condition adverse to quality, the cause of the condition shall be determined, and corrective action taken to preclude recurrence. The identification, cause, and corrective action for significant conditions adverse to quality shall be documented and reported to appropriate levels of management. Completion of corrective actions shall be verified”. The purpose of this document is to provide a best-in-class framework for an integrated risk and issues management process. This process would provide a robust feedback loop between risk management and issues management to: • Enhance risk identification and characterization, • use risk handling principles to improve corrective action planning, • and ensure regulatory compliance.

Published: February 15, 2024


DeLong-Weetch M.K. 2022. Integrated Issues and Risk Management: A Theoretical Framework Overview Richland, WA: Pacific Northwest National Laboratory.