3SL: Requirements management and model driven systems engineering from concept to creation.
 Cradle®
Login:
Username:
Password:
  
Search:  
Visitor not logged in, You are: Home > Reference > Risks > Costings
 

Costings

In taking a risk, we are betting on an uncertain outcome. Opportunity is the opposite side of the coin to risk, and if the reward is high enough, a high risk approach may be the best policy. The essence of risk management lies in maximising the areas of partial control, and the minimisation of areas where we have absolutely no control. Risk management utilises a range of concepts which need early definition.

A hazard is the undesirable event that will affect the system quality, cost or schedule.

The risk is the chance of that hazard occurring.

The associated cost is the cost if the hazard actually does occur.

Risk exposure is therefore the average likely impact of the hazard (= risk x associated cost), i.e., it indicates the overall size of the risk which is being faced.

Contingency (or margin) represents the total likely sum of all the exposures added together.

The estimated cost is the predicted cost of the system without hazards.

The most likely cost of the project is called the expected cost and is defined as estimated cost + contingency.

The associated value is the benefit to be derived from taking the specific risk.

These definitions are couched in financial terms, which is how they are often evaluated. Risks may however, be evaluated in any unit appropriated for the problem, e.g., the number of days on the critical path, or the chance of an operational failure.

A two-phase approach is often used to handle risk. Initially, a simple, comparative process is used repeatedly and informally to get close to the lowest risk, at which point a more quantitative risk management approach takes over.

Everyone should be continually scanning their domain to detect actual and potential hazards. Risk analysis has to be repeated through the development to mitigate risks as they emerge. Once a hazard has been identified, it must be quantified and, if it is serious enough, dealt with.

Although it is logical and essential, risk management is not an exact science, but a means for applying intelligence. Each estimate of exposure should always be accompanied by an indication about the expected tolerance in that value. In practice, risk management is often recursive, dynamic, and concurrent. Resources in risk management should be spent on elimination or reduction of key risks first, not on trying to assess the risks too precisely.

Outline of the risk management process
Risk identification must never stop, and once a hazard is identified, the steps of the risk management processes are:

  • assessment of the current risk exposure;

  • definition of an acceptable level of risk;

  • decision-making on the response to the risk;

  • implementing the decision (outside the scope of risk management).

During the initial risk assessment stage, potential hazards that can hurt the project should be identified and recorded, their chance of happening estimated, and the impact assessed. From this information, the total 'risk exposure' can be calculated, defining the level of risk faced by a system.

Typically, this starts by generating a checklist of potential hazards (see diagram below). Risk involves the probability of loss or not receiving what we expect. When different kinds of risks need to be compared or prioritised, the risks need to be measured in consistent units - a process that inevitably leads to even greater tolerance in risk estimation.

Each project must identify the acceptable level of risk. This will be based on the policy for both the system and the business.

Deciding how to handle risk compares the actual risk with the acceptable risk, and decides whether to proceed with the current system and process definition, prototype, modify the system, or cancel it. These correspond to risk acceptance, risk exploration, risk mitigation and risk avoidance respectively. Risk can be avoided or eliminated, or the rewards from risk may make it worthwhile to take.

The implementation of a decision on handling risk is done within the project, but is outside the scope of risk management. The action may happen immediately or may be delayed until a hazard actually arises, in which case a pre-determined set of actions decided at the planning stage is activated. In some cases, the error in our knowledge of risk exposure may be high.

Prototyping or feasibility studies can clarify those risks. In practice, these mitigation strategies will also tend to produce decisions and actions that reduce risk.

In other cases, the risk may not be acceptable currently, but by de-scoping the product or altering the life cycle, it may be possible to reduce the risk. Modifying the product or process is followed by a re-assessment of the risk. The extreme case is to cancel the project, when risk cannot be reduced to an acceptable level.

Estimating Relationships
The estimating relationship method enables program office personnel to evaluate a program and then use an equation to determine an appropriate management reserve or risk funds budget. The management reserve funds represent the amount of funding required for work associated with unanticipated risks. The management reserve funds requirement is usually expressed as a percentage of the Baseline Cost Estimate (BCE). This technique is called an estimating relationship method because it uses the same principles associated with Cost Estimating Relationships (CERs), used in parametric cost estimating. The method is based on the observation that costs of systems correlate with design or performance variables. The independent variables, often called explanatory variables, are analysed using regression analysis. The analysis characterises the underlying mechanism relating such variables to cost.

Life Cycle Cost Analysis
Life cycle cost analysis encompasses the defined life of a given system. In the Department of Defense (DoD) this analysis generally deals with development, production, fielding, sustainment, and disposal of the system.

Life cycle cost is a necessary and integral component of the products of the Program Management Office (PMO) and must be estimated and approved before a new program can be authorised and funded. These costs must also be updated frequently to incorporate program changes and new information. These changes may include such items as funding cuts, acquisition strategy changes, test failures, and technical performance failures. Life cycle cost analyses provide a basis for examining implicit risks associated with various programmatic decisions - for example, low initial funding increasing design risk; low RDTE and Production funding translating to higher maintenance costs; or expensive maintenance diagnostic equipment resulting in low maintenance personnel costs.

Assessing Risk Exposure
[Copyright © 3SL 2008 | Last Updated: Fri Jul 25th, 2008 ]
Registered office: 2 Highfield Road, Barrow in Furness, Cumbria, LA14 5PA, Registered in England No. 2153654