Risk analysis
Contents |
Abstract
This article is a subpart of Risk Management but will attempt to describe different approaches to analysing the risk when managing projects, portfolios and programs
Several tools will be mentioned and explained briefly, but (in order to allow the full use of the wiki) not be described in detail
Definition
According to the ISO Guide 73-2009, risk analysis is the “Process to comprehend the nature of risk and to determine the level of risk”
ISO 31000 describes risk analysis as the process which “provides an input to risk evaluation and to decisions on whether risks need to be treated, and on the most appropriate risk treatment strategies and methods”.
This process mentioned is the computational part of risk management where different aspects, variables and factors are used to estimate the risk involved with a specific feature, action, decision, condition ect. The outcome of this computation is a quantified number or percentage which can then be used as an evaluation criterion, determining either which option to select or if it is safe to proceed down the investigated path.
Main features of risk analysis
Input:
- Purpose
The purpose is the reason for analysing the risk; it assists with determining the boundaries of the analysis.
- Consequences
- Likelihood / Probabilities
- Existing control features
- Effectiveness of existing control features
- Causes of risk
- Sources of risk
- Factors influencing any of the above
- Interrelations / Interdependence
- Type of risk
- Information available
- Risk criteria
Output:
- Combined Likelihood / probability
- Consequences
- Confidence in:
- Risk level
- Sensitivity of result to preconditions and assumptions
- Information Uncertainty
- Information Availability
- Information Quality
- Information Quantity
- Ongoing relevance of information
- Limitations
Benefits of analysing risk
Different models used when analysing risk
- Brainstorming:
- Structured or semi-structured interviews:
- Delphi technique:
- Check-lists:
- Preliminary hazard analysis (PHA):
- Hazard and operability study (HAZOP):
- Hazard analysis and critical control points (HACCP):
- Toxicity assessment:
- Structured “What-If” Technique (SWIFT):
- Scenario analysis:
- Business impact analysis (BIA):
- Root cause analysis (RCA): link!
- Failure modes and effects analysis (FMEA) / failure modes and effects and criticality analysis (FMECA):
- Fault tree analysis (FTA):
- Event tree analysis (ETA):
- Cause-consequence analysis:
- Cause-and-effect analysis:
- Layers of protection analysis (LOPA):
- Decision tree analysis:
- Human reliability assessment (HRA):
- Bow tie analysis:
- Reliability centered maintainance:
- Sneak analysis (SA) / sneak circuit analysis (SCI):
- Markov analysis:
- Bayesian statistics and Bayes Nets:
- FN curves:
- Risk indices:
- Consequence/probability matrix:
- Cost/benefit analysis (CBA):
- Multi-criteria decision analysis (MCDA):
Reference
ISO Guide 73-2009 – Risk Management Vocabulary
ISO 31000 - Risk management - Principles and guidelines
ISO 31010 - Risk management
International Journal of Project Management 32 (2014) - Vahid Khodakarami , Abdollah Abdi - Project cost risk analysis: A Bayesian networks approach for modelling dependencies between cost items
