Risk management tools
There are three distinct types of risk tools: Two are identified by their approach, Capital asset pricing model (CAP-M) and RiskAoA, and the third, Probabilistic risk assessment (PRA), is the mainstay of project risk management. These are classified by the quality and fidelity of information required for their calculations. Market-Level tools use market forces to make risk decisions between securities. System-Level tools use project constraints to make risk decisions between projects. Component-Level tools use the functions of probability and impact of individual risks to make decisions between resource allocations.
System or Project-Level (RiskAoA)
RiskAoA is a predictive tool used to discriminate between proposals, choices, or alternatives, by expressing risk for each as a single number. It uses Ceteris paribus statistics to develop state equations for each alternative considered. The results are an alternative's culturally adjusted trade-space between cost, scheduled time and risk.
These tools are applications of PRA and allow planners to explicitly address uncertainty by identifying and generating metrics, parameterizing, prioritizing, and developing responses, and tracking risk from components, tasks or costs. PRA, also called Likelihood-Consequence or Probability-Impact, is based upon single-point estimates of probability of occurrence, initiating event frequency, and recovery success (e.g., human intervention) of a specific consequence (e.g., cost or schedule delay).
Notable PRA tools and techniques
- Event chain methodology - A method of managing risk and uncertainties affecting project schedules
- The RIMS Risk Maturity Model (RMM) for enterprise risk management, was published in 2006. The RMM is an umbrella framework of content and methodology that details the requirements for sustainable and effective enterprise risk management. The RMM model consists of twenty-five competency drivers for seven attributes that create ERM’s value and utility in an organization. The 7 attributes are: an ERM-based approach, ERM process management, risk appetite management, root cause discipline, uncovering risks, performance management, and business resiliency and sustainability. The model was published by the Risk and Insurance Management Society and developed by Steven Minsky, CEO of LogicManager in collaboration with the RIMS ERM Committee. The Risk Maturity Model is based on the Capability Maturity Model, a methodology founded by the Carnegie Mellon University Software Engineering Institute (SEI) in the 1980s.
- Risk Radar Enterprise (RRE) - Web based application for enterprise-wide program and/or project level Risk Management. RRE enables effective management and communication of project Cost, Schedule, Technical and Performance risk in one or many projects within a common flexible and scalable enterprise framework.
- Risk register – A project planning and organizational risk assessment tool. It is often referred to as a Risk Log.
- Systems Analysis Programs for Hands-on Integrated Reliability Evaluations (SAPHIRE) – A probabilistic safety and reliability engineering assessment software tool.
- SimpleRisk - a simplified, open-source enterprise risk management system based on NIST 800-30 risk management framework.
Importantly, ISO/IEC 31010 (Risk assessment techniques) has a detailed but non-exhaustive list of tools and techniques available for assessing risk.
- ISO 31000, ISO/IEC 31010
- Project Management Body of Knowledge
- Problematic integration theory
- Peren–Clement index
- Conley, Harry. "RiskAoA (Predictive Risk Analysis for the AoA process)". Defense Acquisition Portal. Defense Acquisition University July 2012.
- Tyler, Gregory; Masquelier, Barbra (January 2007). "Quantifying risk across the Department of Defense" (PDF). Defense AT&L. 36 (1): 60–61.