Professional Documents
Culture Documents
Risk and Opportunity: Tor Stålhane Torbjørn Skramstad
Risk and Opportunity: Tor Stålhane Torbjørn Skramstad
Part 1
Tor Stlhane
Torbjrn Skramstad
Time Topics
09:00 Risk and opportunity
What is it and why do we need to manage it?
Why is opportunity assessment important?
Why should we worry about risk and opportunity in SPI?
The SWIR model and how to use it.
Exercise Application of the SWIR model
09:50 Coffee break
10:00 Assessment and brainstorming
The human bias
Qualitative assessment
Simple brainstorming techniques
Some important diagrams for risk assessment
Exercise Build an event tree
10:50 Coffee break
11:00 Simple risk and opportunity assessment
Risk and opportunity management - barriers and enablers.
The ROP - Risk and Opportunity Pattern
Exercise Application of the ROP in SPI
11:50 Coffee break
12:00 Leverage as a decision tool
Extended risk and opportunity assessment
The ALARP and GALE concepts when is enough really enough?
The CORAS model quantitative and qualitative assessment
Exercise Application of the GALE concept
Important things to remember summing it up
12:30 Lunch
Improvements Risks
Where shall we improve What can go wrong?
ourselves? Which opportunities can
we loose
Probability H M L
H H H M
M H M L
L M L L
EuroSPI 2006 - Part 1 25
Impact and probability - 2
The multiplication table is used to rank risks
and opportunities. It can not tell us how
large they are.
We should only use resources on risks and
opportunities that are above a certain,
predefined level.
H / 10 H / 100 H / 30 M / 10
M/3 H / 30 M/9 L/3
L/1 M / 10 L/3 L/1
EuroSPI 2006 - Part 1 29
Simple brainstorming techniques
Brainstorming is an efficient way to use the
creative abilities that each person have.
In its simplest form, people just generate
ideas and a person registers the ideas on
a whiteboard or a flip-over.
We can, however, use techniques to do
better.
Wrong
personnel Estimation
Requirements Development
Not found in
unit test
Not found in
integration test Delivered
Not found in to customer
systems test
E4
C1
C6 E1
C2 E7
E5
Acc E2
C3
E6
E3 E8
C4 C7
E6
C5
Tor Stlhane
Torbjrn Skramstad
Contents of part 2
Simple risk assessment
Simple opportunity assessment
The total picture risk and opportunity
The risk and opportunity pattern
Barriers, enablers and leverage
Extended risk analysis
Extended opportunity analysis
Risk and regret
EuroSPI 2006 - Part 1 42
Simple risk assessment
In order to a simple risk assessment we
need to identify:
Dangerous events
Each events
consequence C
probability p
Possible barriers changes or controls
Person responsible for each risk - Resp.
EuroSPI 2006 - Part 1 43
Simple risk table
Barrier 6
Barrier 1
Barrier 2
Barrier 3
Barrier 5
Barrier 4
Risk Prob. Event
Reduction barriers
Reduce effect
of event
Enabler
B M
L
p L M H
Extra work needed for
L MMI-specification
C M
H
EuroSPI 2006 - Part 1 54
Unmitigated risks
Reduced number of
H MMI-related defects
B M
L
p L M H
Extra work needed for
L MMI-specification
C M
Large disagreements Partnership does not
H between designers and work
MMI experts
B M
L
p L M H
Extra work needed for
L MMI-specification
2
C M
Large disagreements Partnership does not
H between designers and work
MMI experts 1
C M
Large disagreements Partnership does not
H between designers and work
1
MMI experts
EuroSPI 2006 - Part 1 57
The tyranny of either or
All too often we are confronted by the
statement that we can get only get X if
we are willing to suffer Y.
This is the wrong attitude. The right attitude
is that we will
1. Do what is needed to get X
2. Perform activities that will remove or
reduce the bad effects of Y.
EuroSPI 2006 - Part 1 58
The risk and opportunity pattern
A pattern is a description of a standard way
to solve a common problem. The Risk and
Opportunity Pattern ROP is a way to
analyze and manage risk and opportunity.
ROP has two components:
A set of assessment and management
activities
A process that describe an activity
sequence
EuroSPI 2006 - Part 1 59
The ROP process
ROP consists of the following activities:
1. Define the job and its borders
2. Perform a risk assessment
3. Perform an opportunity assessment
4. Implement the identified barriers
5. Do the job while
controlling risks and preventing problems
searching for opportunity enables and harvesting
benefits
100 30 10 10 30 100
Costs and
Benefits and
risks
opportunities
Cost R2 R1 O1 O2 Benefit
100 30 10 10 30 100
Costs and
Benefits and
risks
opportunities
Tor Stlhane
Torbjrn Skramstad
Contents
ALARP and GALE
Using GALE
How to do risk assessment with GALE
A small example
Quantitative assessment
The CORAS model
A small example
Important things to remember
EuroSPI 2006 - Part 1 82
ALARP and GALE
There are two competing principles in the
assessment of risk:
ALARP As Low As reasonably Possible-
We have done all that is reasonable to
prevent problems and dangers.
GALE Globally At Least Equivalent. E.g.
introducing a new process will not
increase the risks compared to what it is
today.
EuroSPI 2006 - Part 1 83
ALARP
ALARP requires that we analyze each risk
separately and then implement mitigation
activities.
A reasonable goal is to reduce each risk
until the extra mitigation costs exceed the
value of the risk reduction achieved.
All that we have seen up till now fits into an
ALARP policy .
IE = FE + PE + S
IGR = log Sumi(10I)
Event S FE PE S FE PE
Measured
related to 0.0 0.1% 0.1 1.0% 1 5% 5 10% 10 100%
income
Reduce the
Measured resources of one Close down
No impact on
loss due to or more departments or Out of
business. Lost profits
impact on departments business business
Minor delays
business Loss of a couple sectors
of customers
Number of
Unwanted
1/1000 (1/500) 1/50 (1/25) 1/1
incidents per
Demand
Each Every
Unwanted Each five Each tenth
Interpretation thousand second
incident times the time the
of number of time the time the
never system is system is
demands system is system is
Occurs used used
used used