Most major accidents do not result simply from proximal, physical events, but from the gradual drift of an organization to a state of heightened risk. Risk often increases so gradually that no one notices, as safeguards and constraints are relaxed due to conflicting goals. When a mishap occurs, it is almost inevitable that some event will trigger an accident. A comprehensive risk analysis method must include organizational decision-making, system complexity, technical innovation, evolution over time, and non-linear, indirect, and feedback relationships. A new risk analysis approach addressing these issues has been developed at MIT. This approach asserts that organizational structure and behavior can be modeled, analyzed, and engineered. It is based on the STAMP (System-Theoretic Accident Modeling and Processes), STAMP-based hazard analysis (STPA), and system dynamics modeling. When it was applied to a risk analysis of the NASA independent technical authority (for the NASA Chief Engineer's Office), it became apparent a simplified methodology and tool support could benefit such a risk analysis effort. Safeware Engineering Corporation proposes to develop an innovative modeling methodology and software tool support for the application of this rigorous new risk analysis approach as the next step toward development of an organizational risk management tool.