Risk assessment using Failure mode and effects analysis

From apppm
(Difference between revisions)
Jump to: navigation, search
Line 20: Line 20:
  
 
To further describe the risk assessment process the following quote with the perspective of security management describes it pretty well:
 
To further describe the risk assessment process the following quote with the perspective of security management describes it pretty well:
''“A risk assessment is a quantitative, qualitative, or hybrid assessment that seeks to determine the likelihood that an adversary will successfully exploit a vulnerability and the resulting impact (degree of consequence) to an asset. A risk assessment is the foundation for prioritizing risks in order to effectively implement countermeasures.”''  <ref> Risk assessments. (2007). I: Karim H.. Vellani (Red.), “Strategic Security Management.Elsevier Inc. </ref> In the perspective of risk assessment in development projects the only difference is that the adversaries are what can go wrong in the process and the asset is the project.
+
''“A risk assessment is a quantitative, qualitative, or hybrid assessment that seeks to determine the likelihood that an adversary will successfully exploit a vulnerability and the resulting impact (degree of consequence) to an asset. A risk assessment is the foundation for prioritizing risks in order to effectively implement countermeasures.”''  <ref> Risk assessments. (2007). I: Karim H.. Vellani (Red.), ''Strategic Security Management''. Elsevier Inc. </ref> In the perspective of risk assessment in development projects the only difference is that the adversaries are what can go wrong in the process and the asset is the project.
  
 
==== Purpose of risk assessment  ====
 
==== Purpose of risk assessment  ====

Revision as of 18:25, 18 February 2023


Failure mode and effect analysis (FMEA) is an important tool in project management used for risk assessment. This tool is used to systematically identify and eliminate known or potential failures in complex systems to provide data and information for risk management decisions. The tool can be traced back till the 1940’s where it originated in the US military and were used for complex development projects. The tool identifies possible failure modes, causes and resulting effects in relation to either a product, process, or service. First the article will explain the purpose of risk assessment and hereby also the purpose of the tool usage. The article contains a thorough explanation of the application of the FMEA tool as well a discussion of the limitations of the tool based on when and how it is applied. [1]

The tool is a semi-quantitative method and therefore in relation to risk assessment must provide the user with a numerical value. The way of doing this is using the risk priority number (RPN), which in the aspect of risk assessment is a vital part of the FMEA. In brief the 3 parameters of the RPN are discussed: severity (the consequence of the failure happening), occurrence (probability/frequency of the failures occurrence) and detection (the likelihood that the failure is detected before the impact of it happens), these numbers can all be between 1-10. The scale of these numbers has been criticized in other articles and therefore a standard scale for evaluation of the parameters is presented [2] . As the knowledge of the people using the tool also effects the outcome a discussion of how and what project managers should do to get the most useful outcome from the tool is explained together with the importance of diversity in relation to the tool.



Contents

Big idea

Describe the tool, concept or theory and explain its purpose. The section should reflect the current state of the art on the topic Explanation of tool and risk assessment

Before we dive into an explanation of the tool itself a broader reasoning on why to use it follows below. This begins with a description of what risk assessment is, but first we define risk as “uncertainty that has an impact on project objectives” (Hillson 2009)

What is risk assessment

All projects undergo phases and parts that include uncertainties in the form of risks. This is inevitable and certain. Therefore, as part of the project manager task it is very relevant to be able to manage these risks. The risk management process involves assessing threats, vulnerabilities, and risk and from this information select and implement counter measures to reduce the risks. Along with the continues monitorization of the counter measures to assure effectiveness. Thereby this makes risk assessment the basis for managing risk.

To further describe the risk assessment process the following quote with the perspective of security management describes it pretty well: “A risk assessment is a quantitative, qualitative, or hybrid assessment that seeks to determine the likelihood that an adversary will successfully exploit a vulnerability and the resulting impact (degree of consequence) to an asset. A risk assessment is the foundation for prioritizing risks in order to effectively implement countermeasures.” [3] In the perspective of risk assessment in development projects the only difference is that the adversaries are what can go wrong in the process and the asset is the project.

Purpose of risk assessment

Why we make the risk assessments.

How to make a risk assessments

Mention and explain types of risk assessments.

Quantitative risk assessments

Evidence based with objective results as each risk gets assigned numerical values. Usually requires more time and bigger investment. Used for larger projects.

Qualitative risk assessments

Might use descriptive scales instead, as high medium low. Solely based on the individual’s perception on what risks are most important. Is usually quicker and requires a smaller investment. Might be used were no data is avaliable Used for smaller low value projects.


FMEA for risk assessment

Purpose of FMEA

What to include in the FMEA

Application

provide guidance on how to use the tool, concept or theory and when it is applicable

In-depth explanation of how and when to apply the tool as well as detailed examples.

When to apply FMEA

How to apply FMEA

RPN number usage

Limitations

Critically reflect on the tool/concept/theory. When possible, substantiate your claims with literature

What the tool cannot do or where it meets its limitations

Discuss the importance of diversity in the team using the tool. How to get the most useful outcome based on limitations.

The weaknesses in the FMEA tool

Despite the advantages of FMEA, there are a number of weaknesses with the method: Bullet points:

• Multiple Failures: It is not possible to consider where multiple failures occur at once as there is no linking between failures.

• Time Consuming and people dependent: I might be very time consuming to list all potential failure modes and I relies heavily in the expertise of the people identifying them.


• Updates Required Frequently: Even with the best people and staff FMEA might miss some failure modes or new ones will be discovered as people gain experience and knowledge during the project development. This means frequent assessment ant updates.

• Underestimating Risk: If the people performing the analysis fails to consider a possible failure mode the associated risk might be underestimated.


• Potential Waste of Resources: Conversely, it might be that the analysis is to time consuming compared to what is gained from it and resources thereby are wasted.

Best usage of tool based on weaknesses

Annotated bibliography

  1. Ben-Daya, M. (2009). Handbook of Maintenance Management and Engineering
  2. Nuchpho, P. (2014). Risk Assessment in the Organization by Using FMEA Innovation: A Literature Review.
  3. Risk assessments. (2007). I: Karim H.. Vellani (Red.), Strategic Security Management. Elsevier Inc.
Personal tools
Namespaces

Variants
Actions
Navigation
Toolbox