Risk assessment using Failure mode and effects analysis
(→Purpose of risk assessment) |
|||
Line 17: | Line 17: | ||
''In this figure it will be marked what area is focused on" | ''In this figure it will be marked what area is focused on" | ||
− | === Introduction === | + | === Introduction and purpose of risk assessment === |
Before we dive into an explanation of the tool itself, we begin with an explanation for why to use such tool. This starts with a basic description of what risk assessment is. The first step in this is to understand what risk means. Therefore the following definition from PRINCE2 is used as a baseline for what risk is in this article. ''An uncertain event or set of events that, should it occur, will have an effect on the achievement of objectives. A risk is measured by a combination of the probability of a perceived threat or opportunity occurring, and the magnitude of its impact on objectives.'' <ref> AXELOS. ''Managing Successful Projects with PRINCE2'', The Stationery Office Ltd, 2017. </ref>. Other definitions exist but this is the one that will be used here. As seen from the quote PRINCE2 define risk as both threats and opportunities, however most risk assessments mainly focuses on the threats. The reason for this is the negative impact threats can have for projects and thus the the need to evaluate and assess risks using risk assessments arises. | Before we dive into an explanation of the tool itself, we begin with an explanation for why to use such tool. This starts with a basic description of what risk assessment is. The first step in this is to understand what risk means. Therefore the following definition from PRINCE2 is used as a baseline for what risk is in this article. ''An uncertain event or set of events that, should it occur, will have an effect on the achievement of objectives. A risk is measured by a combination of the probability of a perceived threat or opportunity occurring, and the magnitude of its impact on objectives.'' <ref> AXELOS. ''Managing Successful Projects with PRINCE2'', The Stationery Office Ltd, 2017. </ref>. Other definitions exist but this is the one that will be used here. As seen from the quote PRINCE2 define risk as both threats and opportunities, however most risk assessments mainly focuses on the threats. The reason for this is the negative impact threats can have for projects and thus the the need to evaluate and assess risks using risk assessments arises. | ||
− | + | All projects undergo phases and parts that include uncertainties in the form of risks. This is inevitable and certain. Therefore, part of the project managers task is to be able to manage these risks. Part of the risk management process involves assessing the threats and vulnerabilities in the project. From this information the project manager must enforce countermeasures that are to be implemented to reduce the risks. A a strong basis for making this decisions is vital and this is where a good risk assessment tool plays an important role in helping the project manager to respond the best way. | |
− | All projects undergo phases and parts that include uncertainties in the form of risks. This is inevitable and certain. Therefore, part of the project managers task is to be able to manage these risks. Part of the risk management process involves assessing the threats and vulnerabilities in the project. From this information the project manager must enforce countermeasures that are to be implemented to reduce the risks. | + | |
− | + | To give a relatable example the risk assessment process it is viewed from the perspective of security management: ''“A risk assessment is a quantitative, qualitative, or hybrid assessment that seeks to determine the likelihood that an adversary will successfully exploit a vulnerability and the resulting impact (degree of consequence) to an asset.”'' <ref> Risk assessments. (2007). I: Karim H.. Vellani (Red.), ''Strategic Security Management''. Elsevier Inc. </ref>. This is actually quite intuitive and the very same process that is used to make a risk assessment in project management. The only difference is that the adversaries are the things that can go wrong and the asset is the project. To sum up risk assessment is one or more method/tools that are used discover ''what can go wrong'' and how big ''the impact'' will be if it happens. | |
− | To | + | |
==== How to make a risk assessment ==== | ==== How to make a risk assessment ==== |
Revision as of 22:27, 5 April 2023
This article is under construction
Abstract
Failure mode and effect analysis (FMEA) is a risk assessment tool used in project management. It is used to systematically identify and eliminate known or potential failures in complex systems to provide data and information for risk management decisions. The tool can be traced back till the 1940’s where it originated in the US military and were used for complex development projects. The tool identifies possible failure modes, causes and resulting effects in relation to either a product, process, or service. The tool is a semi-quantitative method and therefore in relation to risk assessment must provide the user with a numerical output value. The way of doing this is using the risk priority number (RPN), which in the aspect of risk assessment is a vital part of the FMEA. In brief the 3 parameters of the RPN are discussed: severity (the consequence of the failure happening), occurrence (probability/frequency of the failures occurrence) and detection (the likelihood that the failure is detected before the impact of it happens), these numbers can all be between 1-10. The scale of these numbers has been criticized in other articles (such as Garcia et al., 2005) and therefore a standard scale for evaluation of the parameters is presented [1] .
Before diving into the specifics of the tool the article will explain the purpose of risk assessment and hereby also the purpose of the tool usage. Hereby follows a thorough explanation of the application of the FMEA tool as well a discussion of the limitations of the tool based on when and how it is applied. [2] . As the knowledge of the people using the tool also effects the outcome a discussion of how and what project managers should do to get the most useful outcome from the tool is explained together with the importance of diversity in relation to the tool.
Contents |
Big idea
Describe the tool, concept or theory and explain its purpose. The section should reflect the current state of the art on the topic Explanation of tool and risk assessment
Here will be a figure with boxes describing each step in the risk assessment process In this figure it will be marked what area is focused on"
Introduction and purpose of risk assessment
Before we dive into an explanation of the tool itself, we begin with an explanation for why to use such tool. This starts with a basic description of what risk assessment is. The first step in this is to understand what risk means. Therefore the following definition from PRINCE2 is used as a baseline for what risk is in this article. An uncertain event or set of events that, should it occur, will have an effect on the achievement of objectives. A risk is measured by a combination of the probability of a perceived threat or opportunity occurring, and the magnitude of its impact on objectives. [3]. Other definitions exist but this is the one that will be used here. As seen from the quote PRINCE2 define risk as both threats and opportunities, however most risk assessments mainly focuses on the threats. The reason for this is the negative impact threats can have for projects and thus the the need to evaluate and assess risks using risk assessments arises.
All projects undergo phases and parts that include uncertainties in the form of risks. This is inevitable and certain. Therefore, part of the project managers task is to be able to manage these risks. Part of the risk management process involves assessing the threats and vulnerabilities in the project. From this information the project manager must enforce countermeasures that are to be implemented to reduce the risks. A a strong basis for making this decisions is vital and this is where a good risk assessment tool plays an important role in helping the project manager to respond the best way.
To give a relatable example the risk assessment process it is viewed from the perspective of security management: “A risk assessment is a quantitative, qualitative, or hybrid assessment that seeks to determine the likelihood that an adversary will successfully exploit a vulnerability and the resulting impact (degree of consequence) to an asset.” [4]. This is actually quite intuitive and the very same process that is used to make a risk assessment in project management. The only difference is that the adversaries are the things that can go wrong and the asset is the project. To sum up risk assessment is one or more method/tools that are used discover what can go wrong and how big the impact will be if it happens.
How to make a risk assessment
Mention and explain types of risk assessments. There are multiple types of risk assessments but all of them are either quantitative or qualitative - or a hybrid.
Quantitative risk assessments
Evidence based with objective results as each risk gets assigned numerical values. Usually requires more time and bigger investment. Used for larger projects.
Qualitative risk assessments
Might use descriptive scales instead, as high medium low. Solely based on the individual’s perception on what risks are most important. Is usually quicker and requires a smaller investment. Might be used where no data is available. Used for smaller low value projects.
FMEA for risk assessment
Description of what sort of risk assessment method this is
Can argue for both qualitative and quantitative In most cases it will be a hybrid The values used will be based on the subjectivity of the individual grading the risk, however it is based in multiple parameters in the end
Application
Provide guidance on how to use the tool, concept or theory and when it is applicable
In-depth explanation of how and when to apply the tool as well as detailed examples.
When to apply FMEA
Where in the project management face does one need to be to use it?
Most of the time FMEA is used in development projects and it was also primarily these sort of projects it was developed for. The main thing is that the method is designed to find/describe failure modes in a system and evaluate them. Usually the following three types of development projects represent the use case for FMEA quite well.
-product development projects -processe development projects -service development projects
How to apply FMEA
Here will be a figure showing the elements in matrix of the FMEA. So the FMEA always does the following three things
-Identify possible failure mode -Identify consequence -Identify causes
Identify the possible failure modes
Consequence if failure happens and severity rating
Cause of failure and occurrence rating
Detection rating
RPN number
This is the severity x occurrence x detection multiplied and gives a number that suggested which is risk is most important.
Example of FMEA application
Here will an in depth example of the FMEA be explained using an example with an airplane from a world wide airline.
Step 1 - Failure mode identification
Step 2 - Severity, occurrence, detection rating
Step 3 - RPN number interpretation
Limitations
Critically reflect on the tool/concept/theory. When possible, substantiate your claims with literature
What the tool cannot do or where it meets its limitations
Discuss the importance of diversity in the team using the tool. How to get the most useful outcome based on limitations.
The weaknesses of the FMEA tool
Despite the advantages of FMEA, there are a number of weaknesses with the method: Bullet points:
• Multiple Failures: It is not possible to consider where multiple failures occur at once as there is no linking between failures.
• Time Consuming and people dependent: I might be very time consuming to list all potential failure modes and I relies heavily in the expertise of the people identifying them.
• Updates Required Frequently: Even with the best people and staff FMEA might miss some failure modes or new ones will be discovered as people gain experience and knowledge during the project development. This means frequent assessment ant updates.
• Underestimating Risk: If the people performing the analysis fails to consider a possible failure mode the associated risk might be underestimated.
• Potential Waste of Resources: Conversely, it might be that the analysis is to time consuming compared to what is gained from it and resources thereby are wasted.
Best usage of tool based on weaknesses
Annotated bibliography
- ↑ Nuchpho, P. (2014). Risk Assessment in the Organization by Using FMEA Innovation: A Literature Review.
- ↑ Ben-Daya, M. (2009). Handbook of Maintenance Management and Engineering
- ↑ AXELOS. Managing Successful Projects with PRINCE2, The Stationery Office Ltd, 2017.
- ↑ Risk assessments. (2007). I: Karim H.. Vellani (Red.), Strategic Security Management. Elsevier Inc.