3SL: Requirements management and model driven systems engineering from concept to creation.
 Cradle®
Login:
Username:
Password:
  
Search:  
Visitor not logged in, You are: Home > Reference > Risks > Risk Management
 

Risk Management

Risk management, in the context of systems engineering, is the recognition, assessment, and control of uncertainties that may result in schedule delays, cost overruns, performance problems, adverse environmental impacts, or other undesired consequences.

There are two main branches of risk management:

  • Program risk management: the management of technical risks and task performance uncertainties associated with systems engineering and development programs, in order to meet performance, cost, and schedule objectives.

  • Environmental risk management: the management of environmental, health and safety risks associated with the production, operation and disposal of systems, in order to minimise adverse impacts and assure sustainability of these systems.

These two types of risk management have different objectives, involve different skills, and require different methodologies. They are related to the extent that Environmental Risk Management should be considered as an integral part of system development, and therefore is incorporated into Program Risk Management.

Function
Risk management must be an integral component of overall program management, and must be pro-active in nature to assure that undesirable consequences are anticipated as early as possible in the life of the program.

The functions of a risk management program are to:

  1. Identify the potential sources of risk and identify risk drivers.Quantify risks, including risk levels, and assess their impacts on cost (including life-cycle costs), schedule, and performance.Determine the sensitivity of these risks to program, product, and process assumptions, and the degree of correlation among the risks.Determine and evaluate alternative approaches to mitigate moderate and high risks.Take actions to avoid, control, assume, or transfer each risk.

  2. Ensure that risk is factored into decisions on selection of specification requirements and design and solution alternatives.

Object
The objective of risk management is to ensure the timely delivery of a system and its associated processes that meet the customer's need.

Objective
The challenge of risk management is to achieve the proper balance between risk and reward. A reasonable level of risk can be accepted when the payoff is to achieve a valuable goal; the athletic motto "no-pain, no-gain" applies here as well. Thus, risk management in systems engineering should not attempt to avoid all risk.

Result
Effective risk management requires a rigorous framework, supported by a formal model such as probabilistic decision theory. Even qualitative judgments of likelihood should be meshed with this framework. The result of applying a risk management framework is improved insight into the uncertainties that may inhibit successful program completion, and improved capability to deal with these uncertainties.

Organisational Participation
Risk management is usually performed by a risk management organisation or team with specific responsibility for carrying out the process. However, it is important that consciousness of risk management not be confined to that team. Risk management cannot be successful unless the proper environment is first established by the most senior program management; personnel on the program must be free (indeed encouraged) to identify risk, assess risk, and mitigate risk as they find it. At all costs, management must avoid creating a risk-denial atmosphere where "messengers are shot" for surfacing risks. It is imperative that everyone on the program feel free to openly discuss risk; risks which are hidden tend to multiply and grow out of control, with the potential to destroy the program at a later time.

How to do it
Risk management involves five processes - planning, identification, assessment, analysis, and mitigation. These steps are depicted in the diagram below.

  • Risk planning is the process of deciding (in advance) how risk will be managed, including the specification of the risk management process and organisational responsibilities.Risk identification is the process of recognising potential risks and their root causes as early as possible, and setting priorities for more detailed risk assessment.Risk assessment is the process of characterising or quantifying those risks which merit attention. Risk analysis is the process of evaluating alternatives for handling the assessed risks. This includes performing "what if" studies.

  • Risk handling, finally, is the process of dealing with a risk by choosing a specific course of action. Risk can be mitigated by choosing to avoid the risk (perhaps with a change in the design), to control the risk (perhaps with additional development resources), to assume the risk (expecting that the event can be overcome in normal development), or to transfer the risk (for example, with special contract provisions).

Risk management should be part of the program manager's toolbox during all program phases, including pre-program activities. The above steps should be carried out in a flexible, iterative manner, with resources focused on the risks of greatest concern. Finally, risk management should be considered an integral part of the concurrent engineering process, since resolution of risks in an early phase has the "leverage of time" and can be achieved at lower cost than during a later phase.

 

Risk Management
[Copyright © 3SL 2008 | Last Updated: Fri May 16th, 2008 ]
Registered office: 2 Highfield Road, Barrow in Furness, Cumbria, LA14 5PA, Registered in England No. 2153654