Although most programs and organizations implement some type of risk management approach, preventable failures continue to occur. Since management control of programs, business processes, and technologies is shared by multiple decision makers, it is difficult to successfully manage risks caused by program, process, and system complexity or manage shared risks that cross organizational boundaries. Many approaches for managing risk and opportunity tend to be bureaucratic, burdensome, and time-intensive, which can consume valuable program resources. The more traditional approaches to risk management that focus on the tactical analysis of numerous, individual risk statements do not easily scale to the needs of today's programs.

Integrated risk and opportunity management uses a systemic approach, which assumes a holistic view of risk to objectives by examining the aggregate effects of multiple conditions and potential events on a program's key objectives. This approach starts at the top—with the identification of a program's key objectives.

Once the key objectives have been explicitly articulated, a set of critical factors, called drivers, are identified. Drivers are important because they

• provide a means of translating vast amounts of detailed data about current conditions and potential events into useable information that supports program decision making
• define a small set of factors that a manager can use to determine whether a program is on track to achieve its key objectives

From a systemic approach, the risk triggered by each driver provides an aggregate view of potential loss. The goal, then, is to assess and manage those risks. Because systemic approaches begin with the big-picture view of risk, we refer to them as incorporating a top-down analysis. Plus, they tend to be easier to perform than tactical approaches, especially when applied to complex environments.