Risk management

Quantitative risk: Definitions

Hazard (or threat): a set of conditions that can lead to an undesirable event
accident, loss, law breaking
Risk: the possibility of loss
A function of three things (Leveson, 1991):
r = P(h) * P(a) * l

Quantitative risk: Risk management

Risk management seeks to tackle at least one of the three elements of risk by: r = P(h) * P(a) * l
Risk management tackles one or more of these

Question: What does this suggest about the role of metrics?

Software risk management steps

Boehm's risk management diagram

Risk assessment

Risk identification produces lists of risk items
checklists, comparison with experience (assumption analysis), decomposition
Risk analysis assesses the loss probability and magnitude for each item
performance and cost models, statistical decision analysis
Risk prioritisation produces a ranked ordering of risk items
risk exposure analysis, risk leverage (cost benefit analysis)

Risk control

Risk-management planning helps you address each risk item
avoiding (relaxing requirement), transferring (sub-contracting) or reducing (insuring) risk
Risk resolution produces a situation in which risk items are eliminated or resolved
prototypes, simulations, analyses
Risk monitoring involves tracking progress toward resolving risk items and taking corrective action
milestones, top 10 risks

Risk and the control loop

Plain control loop

Risk at macro level

UpOther topics Comments please to: dwfarthi@glam.ac.uk © 1999, University of Glamorgan