Improving risk management: moving from risk elimination to risk avoidance

This study has examined software reliability using a risk management framework to analyze popular risk management models with regard to their emphasis on risk avoidance. Too often, risk reduction occurs late in the software development life cycle when changes are costly and less effective. We suggest that early risk avoidance techniques, like the cleanroom software development process and its sub-process of software inspections, leads to superior products. Our approach is different from the current mainstream approach of testing to eliminate errors because we propose using risk models that emphasize preventive risk management early in development. We argue that the use of risk avoidance leads to benefits that far outweigh the cost of implementation.     

Disincentives for communicating risk: a risk paradox

Problems with the risk management in medium to large software projects have been well documented. For major software projects to be completed successfully, an open and cooperative attitude towards risk must be maintained. Despite this significant incentive, project stakeholders frequently conceal risks. This article identifies reasons in three key areas for such behaviour, and suggests approaches that reduce the motivation for this behaviour thereby providing a basis for effective risk management. Examples drawn from a study, undertaken by the authors, of a medium-sized industry project are used to illustrate many of these issues.     

Predicting risk as a function of risk factors

In previous work, we showed that risk factors have a significant negative effect on reliability (e.g., occurrence of failure). In this paper, we show that it is feasible to predict risk (i.e., the probability of risk factors being related to discrepancy reports occurring on the release of software). This is an important advancement over the previous research because discrepancy reports are available in the requirements phase—when the cost and labor required to correct faults is low—whereas failure data only becomes available in the test phase—when the cost and labor required for correcting faults is high. Although using historical failure data to drive traditional software reliability models would produce greater prediction accuracy, the opportunity to provide early prediction of reliability using risk factors outweighs this advantage.     

考虑风险关联的项目风险应对策略选择方法

提出解决考虑风险关联的项目风险应对策略选择问题的优化方法.首先给出风险关联的定义及风险关联程度的度量方法;其次,综合考虑项目工期、质量、项目风险应对成本3个因素,构建考虑风险关联的项目风险应对策略选择优化模型,通过求解模型得到满意的风险应对策略;最后,通过算例分析验证方法的可行性和有效性.研究结果表明,风险关联对项目风险应对决策有影响,在项目管理过程中需要考虑风险之间的关联作用.     

Uncertain risk aversion

This paper discusses the risk aversion within the framework of the uncertainty theory (Liu in Uncertainty theory: A branch of mathematics for modeling human uncertainty. Springer, Berlin, 2010b), and introduces the notions of uncertain expected utility and uncertain risk premium. In terms of the Arrow–Pratt index, an uncertain version of Pratt’s theorem is proved, which offers an effective way to make comparisons between different individuals’ risk-averse attitudes. We suggest that uncertain risk aversion can be used to measure human’s risk-averse attitudes when uncertainty exists due to lack of the observed data, just as probabilistic risk aversion when sufficient data can be obtained. Uncertain risk aversion provides an alternative method to compare the risk aversions between individuals under uncertain situations.     

基于风险因子的信息安全风险评估方法研究

为了减少主观性和客观性因素对于信息安全风险评估的影响,研究了信息安全风险评估的一些主流方法.参考风险评估的基本要素的定义,提出了风险因子的概念和基本要素.对风险因子的基本要素进行了定义和解释说明,设计了一种基于风险因子的风险评估模型.该模型将系统风险分解为若干风险因子,由专家对风险因子的基本要素进行评价,计算出风险因子的风险度.对风险度进行二次模糊化后构造隶属举证,并运用熵系数法求出各个风险因子的权重,进而计算出风险等级.最后给出一个实例证明了模型的科学性和合理性.     

基于风险因子对的软件外包风险评估方法

针对软件外包风险数据难以获取、不确定性较多的特点,提出了一种基于风险因子对的软件外包风险评估方法.该方法通过访谈获得典型的软件外包风险因子、利用文献调研度量这些软件外包风险因子,使用Delphi法确定风险因子对.在此基础上,根据风险相关数据收集情况选择使用公式法或蒙特卡洛仿真法评估软件外包项目风险.案例研究表明,该方法可以准确地评估软件外包项目中的风险,并给出对项目产生最大影响的风险因子对.     

A risk hypothesis and risk measures for throughput capacity in systems

A basic risk hypothesis for system throughput capacity in the presence of risk is proposed. It is expressed as a basic risk equation , derived in the paper, and governs all nongrowth, nonevolving, agent-directed systems. The basic risk equation shows how expected throughput capacity increases linearly with positive risk of loss of throughput capacity. The conventional standard deviation risk measure, from financial systems, may be used. A proposed new measure, the mean-expected loss risk measure with respect to the hazard-free case, is shown to be more appropriate for systems in general. The concept of an efficient system environment is also proposed. The well-known financial risk equation, hitherto deduced empirically, may be derived from the basic risk equation. When there is both risk exposure and resource sharing, the basic risk equation may be combined with a resource-sharing equation that governs how throughput capacity changes with the resource-sharing level. The basic risk equation also allows for risk elimination and reduction. All quantities in the equation are precisely defined, and their units are specified. The risk equation reduces to a useful numerical expression in practice.     

Managing project risk using combined analytic hierarchy process and risk map

The main purpose of the study is to develop an integrated framework for managing project risks by analyzing risk across project, work package and activity levels, and developing responses.Design/methodology/approachThe study first reviews the literature of various contemporary risk management frameworks in order to identify gaps in project risk management knowledge. Then it develops a conceptual risk management framework using combined analytic hierarchy process (AHP) and risk map for managing project risks. The proposed framework has then been applied to a 1500 km oil pipeline construction project in India in order to demonstrate its effectiveness. The concerned project stakeholders were involved through focus group discussions for applying the proposed risk management framework in the project under study.FindingsThe combined AHP and risk map approach is very effective to manage project risks across project, work package and activity levels. The risk factors in project level are caused because of external forces such as business environment (e.g. customers, competitors, technological development, politics, socio-economic environment). The risk factors in work package and activity levels are operational in nature and created due to internal causes such as lack of material and labor productivity, implementation issues, team ineffectiveness, etc.Practical implicationsThe suggested model can be applied to any complex project and helps manage risk throughout the project life cycle.Originality/valueBoth business and operational risks constitute project risks. In one hand, the conventional project risk management frameworks emphasize on managing business risks and often ignore operational risks. On the other hand, the studies that deal with operational risk often do not link them with business risks. However, they need to be addressed in an integrated way as there are a few risks that affect only the specific level. Hence, this study bridges the gaps.     

Dynamic risk score modeling for multiple longitudinal risk factors and survival

Modeling disease risk and survival using longitudinal risk factor trajectories is of interest in various clinical scenarios. The capacity to build a prognostic model using the trajectories of multiple longitudinal risk factors, in the presence of potential dependent censoring, would enable more informed, personalized decision making. A dynamic risk score modeling framework is proposed for multiple longitudinal risk factors and survival in the presence of dependent censoring, where both events depend on participants' post-baseline clinical progression and form a competing risks structure. The model requires relatively few random effects regardless of the number of longitudinal risk factors and can therefore accommodate multiple longitudinal risk factors in a parsimonious manner. The proposed method performed satisfactorily in extensive simulation studies. It is further applied to the motivating registry study on pediatric acute liver failure to model death using the trajectories of multiple clinical and biochemical markers. Once established, the model yields an easily calculable longitudinal risk score that can be used for disease monitoring among future patients.     

Integrated framework of risk evaluation and risk allocation with bounded data

This paper presents an integrated framework for risk evaluation and risk allocation with bounded data in a critical risk management. A risk evaluation framework using the Imprecise Data Envelopment Analysis (IDEA) method is proposed to be applied to operations of Korean Army helicopters. The risks pertaining to pilots, missions and helicopters are evaluated based on bounded data, and pilots are appropriately allocated to missions and helicopters using goal programming with bounded risk scores. Using bounded data, two risk allocation models are developed to be used with the expected value and lower/upper limit values, resulting in improved reliability of the solutions. Numerical experiments show reasonable solutions and valuable information for risk management.     

A simulation-based risk network model for decision support in project risk management

This paper presents a decision support system (DSS) for the modeling and management of project risks and risk interactions. This is a crucial activity in project management, as projects are facing a growing complexity with higher uncertainties and tighter constraints. Existing classical methods have limitations for modeling the complexity of project risks. For example, some phenomena like chain reactions and loops are not properly taken into account. This will influence the effectiveness of decisions for risk response planning and will lead to unexpected and undesired behavior in the project. Based on the concepts of DSS and the classical steps of project risk management, we develop an integrated DSS framework including the identification, assessment and analysis of the risk network. In the network, the nodes are the risks and the edges represent the cause and effect potential interactions between risks. The proposed simulation-based model makes it possible to re-evaluate risks and their priorities, to suggest and test mitigation actions, and then to support project manager in making decisions regarding risk response actions. An example of application is provided to illustrate the utility of the model.     

基于活动工期风险和资源约束风险的缓冲大小计算方法

提出一种不确定情况下考虑活动工期风险和多资源约束风险的缓冲大小计算方法. 首先, 运用贝叶斯网络技术分析关键风险因素, 评估其造成的活动工期风险; 其次, 通过资源流网络方法衡量资源约束风险, 进而提出合理的缓冲配置方法以构建稳定的关键链调度计划. 通过算例分析和比较研究, 验证了所提出方法兼具有效性和实用性, 能够在保证较高按时完工率的同时, 有效缩短项目工期并保持进度计划稳定.

     

基于人员能力和风险事件的进度风险分析

为克服传统进度分析方法的不足,根据项目风险理论,提出了基于人员能力和风险事件的软件项目进度风险分析模型ScedRisk。该模型能在已有项目计划及任务人员分配信息的基础上,分析人员能力和风险事件对项目中每个任务影响,并采用蒙特卡洛仿真模拟项目执行过程,综合分析项目进度风险及导致项目延迟的主要风险源,为软件组织制定合理的风险规避策略和科学的项目进度计划提供决策依据。     

Comparative risk assessment primer

Comparative risk assessment (CRA) is both an analytical process and a methodology for prioritizing environmental problems. It is a useful tool for managers and planners at all levels of government. A personal computer (PC) DOS-based Comparative Risk Assessment Primer has been developed to train and assist those involved in environmental policy formation, and to serve as a detailed information source for persons interested in environmental risk and risk assessment. The primer provides: definitions of key terms; an overview of risk and risk assessment; a breakdown of the CRA methodology; an overview of risk management; summaries of 36 CRA projects; glossary; bibliography; and a listing of environmental information contacts. It is an interactive software program that incorporates text, line drawings and digitized imagery. Supplemental information accessible through hypertext links imbedded in the text passages and on select graphics provides on-line help and more detailed information for interested users.