Risk management
Quantitative risk: Definitions
- Hazard (or threat): a set of conditions that can lead to an undesirable
event
- accident, loss, law breaking
- Risk: the possibility of loss
- A function of three things (Leveson, 1991):
- the likelihood of a hazard occurring
- the likelihood that the hazard will lead to an accident
- the worst possible potential loss associated with that accident
r = P(h) * P(a) * l
Quantitative risk: Risk management
Risk management seeks to tackle at least one of the three elements of risk
by:
- reducing the likelihood of the hazard occurring
- reducing the likelihood of the hazard leading to accident or loss
- reducing the amount of the loss
r = P(h) * P(a) * l
Risk management tackles one or more of these
Question: What does this suggest about the role of metrics?
Software risk management steps
Risk assessment
- Risk identification produces lists of risk items
- checklists, comparison with experience (assumption analysis), decomposition
- Risk analysis assesses the loss probability and magnitude for each item
- performance and cost models, statistical decision analysis
- Risk prioritisation produces a ranked ordering of risk items
- risk exposure analysis, risk leverage (cost benefit analysis)
Risk control
-
Risk-management planning helps you address each risk item
-
avoiding (relaxing requirement), transferring (sub-contracting) or reducing
(insuring) risk
-
Risk resolution produces a situation in which risk items are eliminated
or resolved
-
prototypes, simulations, analyses
-
Risk monitoring involves tracking progress toward resolving risk items
and taking corrective action
-
milestones, top 10 risks
Risk and the control loop
Other topics