Risk management

Systems Engineering for DIAT Points Course

June 2007

J.Jayaraman

Center for Aerospace Systems Design and Engineering

Department of Aerospace Engineering
Indian Institute of technology, Bombay
 What is risk?
Risk is a concept that describes uncertainty in
achieving goals

In the context of a project, risk is the possibility

of an undesired outcome or the absence of a
desired outcome

Risk is anything which can lead to results that

deviate from the requirements
 Definition - Risk

It is a measure of the potential inability to achieve overall

program objectives within defined cost, schedule, and
technical constraints
It has two components :
Probability of risk occurrence or probability of failing
to achieve an outcome
Severity or consequences of failing to achieve it
 Some common terms
Risk – wide range of futures

Complexity – wide range of choices

Ambiguity – lack of understanding or clarity about the

critical parameters or variables of the decision problem
and /or about the nature of relationship between the
variables

Uncertainty – lack of information about a particular

system development variable of interest to the design
problem
 Some common terms
Issue – If something is certain to occur, it is called an
issue instead of risk. Issues are just as important as
risks, they are managed differently

Opportunity – Risk is inseparable from opportunity.

A risk free project is a sure route to a “me too
project” leading to failure. If risk is managed
appropriately one obtains the opportunity one seeks
in the venture
 Types of risk

 Risks within the project

o Envisioning risk: Will the system with the targeted
attributes of the system vision satisfy the user and the
developer
o Requirements risk: Requirements do not satisfy the user
needs
o Design risk: Does the system design embody the
targeted system attributes of the system vision
o Technical risk: The solution proposed does not fulfill the
requirements
 Types of risk
o Execution risk: Can the development team translate the
system design into a delivered system
o Cooperation risk: The co-designers cannot mutually
benefit from the relationship
o Iteration risks: Down stream steps imply iterations in
the system design development and deployment process
o Cost risk: Life cycle cost or any element of the life cycle
cost exceeding the budget
o Schedule risk: Schedule slipping not as planned
 Types of risk

 Internal Organization risks

o Resource risk: Resources required for design,
manufacture delivery product support are not satisfactory
or available when required
o Component risk: The materials or subcontracted parts
required are not available as projected or their cost and
quality do not fulfill the requirements
 Types of risk
 External Organization risks
o Environmental risk: The system, the components or the
manufacturing process adversely affect the environment(
toxicity/ pollution)
o Commercial risk: the system is not commercially viable
or User does not want it for some reasons
 Typical risk areas

 Threats  Concurrency
 Requirements  Capabilities of developer
 Design  Cost/ funding
 Test & evaluation  Management
 Modeling &  Schedule
simulation  Additional areas- man
 Technology power, safety, environmental
impact, systems engineering
 Logistics
 Production
 What is risk management
It is the art and science of planning assessing and
handling future events to ensure favorable outcomes
One cannot know the future but can manage its risks
It is an organized way of dealing with a range of
possible outcomes
Risk management is a misleading phrase. Risk is
never managed. It is the organization/ development
process that is managed in anticipation of the
uncertainty characterized by risk.
 Risk management

Risk management is any activity which

identifies risks and takes action to remove or
control negative results
Why bother about Risk management
New system development is very costly this activity is
always accompanied by high risk

Failure is not acceptable in the development of the

system

Objective is to minimize the risk of development

The strong point of systems engineering applied to

development is in its ability to systematically evolve a
technically complex system
 Qualitative risk management
methodology
Risk aspect Solution
System vision of user Joint working of User with the
meets his developing agencies in evolving the
objectives/needs Originating/Operational
requirements.Verify one feasible
solution exists
Requirements meet Requirement Validation
the User needs Modeling and simulation
objectives
Design development Integrated Product Team,
success Technical Audits and Reviews DoD
2167A. Track TPMs
Qualitative risk management methodology
Risk aspect Solution
Modeling and Use only Validated model
simulation
correctness
Technology adoption Technology readiness level (NASA)
success Decision aid to Technology
evaluation DATE (DRDO)
System meets all laid System Verification
down requirements Test and evaluation
Qualitative risk management methodology
Risk aspect Solution
System Track TPMs through out the product life
performance cycle and control
Development / Process metrics tracking and control .
Manufacturing List of Preferred parts and their data
process base
Management Track Cost / schedule / project
performance and control
Manpower Education and Training, IPPD, Systems
capability engineering, disciplines, communication,
teamwork
Qualitative risk management methodology
Risk aspect Solution
Concept chosen is Perform critical experiments
correct Advanced concept technology
demonstrator (ACTD) Program
Time to develop Enterprise integration, System
system engineering tools, management
tools, Modeling and simulation
tools, Design repository, knowledge
management
Cost control Proper cost estimating methods
Database creation
Risk assessment process
Pre risk assessment

Risk identification

Risk analysis

Risk impact

Prioritize Risk

Risk mitigation plans

Risk monitoring and control

 Ways of finding risks
o Schedule based:
o Process based:
o Work break down structure based:
o Success thwarting: list indicators of success for the
project and find what might stand in the way of
achieving success
o Prompt list based: experience based prompt list
common to the type of project
 Standard risk Model

Probability Probability
of risk event of impact

Risk event Impact Total loss

Risk event
Impact
drivers
drivers
 Risk Likelihood definition
level Risk Approach and process

1 Not likely Will effectively avoid or mitigate

this risk on standard practices
low Have usually mitigated this type
2 likelihood of risk with minimal oversight in
similar cases
3 likely May mitigate this risk but
workarounds would be required
4 highly likely Cannot mitigate this risk but a
different approach might
near Cannot mitigate this risk no
5 certainty known process or workarounds
are available
 Risk Severity index
Risk
Severity Severity level
index
5 Critical Inability to meet minimum
project requirements
4 Serious >25% change to budget and/or
schedule
3 Moderate 10-25% change to budget and/or
schedule
2 Minor 1-10% change to budget and/or
schedule
1 Insignificant <1% change to budget and/or
schedule
 Risk index
Risk index = Risk Likelihood level * Risk Severity = L*S
Risk RI Level of Status
index code concern
12 - 25 H High Active . Risk elements that fall into this
category warrant active management

8 – 11 or M Medium Monitor. Risk elements that fall into this

severity 5 category may be of some concern, but
don’t want active management
1-7 L Low No action. Risk elements that fall into this
category are considered not significant
and do not require monitoring or active
management
 Pragmatic risk analysis

5
4 High

Risk.
Likelihood 3 Medium

2 Low

1
1 2 3 4 5
Risk Severity
 Model for system level risk assessment
Low Risk Medium Risk High Risk
Consequences Insignificant Affects program Significant
cost, schedule objectives, cost impact,requiring
or technical or schedule; reserve or
impact however cost, alternate courses
schedule, of action to
performance recover
are achievable
Probability of Little or no Probability High likelihood of
occurrence estimated sufficiently high occurrence
likelihood to be of concern
to management
Model for system level risk assessment
Low Risk Medium Risk High Risk
Extent of Full scale Has been Significant
demo. integrated demonstrated design changes
technology has but design required in
been changes tests in order to
demonstrated relevant achieve
previously environments required/
required desired results
Existence Capability Capability Capability
of exists in known exists, but not does not
capability products; at performance currently exist
requires levels required
integration into for new system
new system
Risk mitigation methods ( Risk Control)
 Technical performance risk:
Engagement of best design tiger team
Modeling and simulation of key technical parameters
Use of mature computer aided system engineering tools
Parallel development of high risk items (back up designs)
Incentives for success
Extensive development test and evaluation
Early prototyping
Use of Mock ups
Incremental development ( retro fit later)
Trade off studies
 Risk mitigation methods
 Schedule risk
Formal master schedule development and adherence
Focus on critical and near critical paths
Best worker assignment on time critical tasks
Overtime incentives
Maximum shift to parallel activities
Early project organization and careful staffing plans
 Risk mitigation methods
 Cost risk
Identification and focus on key cost drivers
Special low cost design alternative reviews and assessments
Proof of performance through modeling and simulation
Maximum use of COTS equipment
Early bread boarding prototyping and testing
Design to cost approaches
 Risk monitoring methods

 Test analyze and fix ( TAAF )

 Demonstration events
 Technical performance measurement
 Program metrics
 Schedule performance monitoring
 Technology Readiness Levels
Technology readiness Description Risk
levels
1. Basic principles Lowest level of technology readiness High
observed and reported
2. Technology concept Invention begins. Examples are High
and / or application limited to paper studies
formulated
3. Analytical and Active R&D initiated.Analytical High
experimental critical studies, lab studies to physically
function and/or validate analytical predictions of
characteristic proof of separate elements of technology
concept
 Technology Readiness Levels
Technology readiness Description Risk
levels
4. Component or Proving in lab environment. High
breadboard validation in Integration of ad-hoc hardware in
lab environment the lab. Low fidelity of the
eventual system
5. Component or Technology tested in simulated High
breadboard validation in environment. High fidelity lab
relevant environment integration of components
6.System or sub-system Prototype tested in a high fidelity Medium
model or prototype lab environment or in a simulated
demonstration in a operational environment
relevant environment
 Technology Readiness Levels
Technology readiness Description Risk
levels
7.System prototype Demonstration in an operational Low
demonstration in an environment. Testing the prototype in
operational a test bed aircraft
environment
8.Actual system Technology has been proven to work in Low
completed and its final form and under expected
qualified through test conditions. End of true systems
and demonstration developemnt
9. Actual system System under operational mission Low
proven through conditions
successful mission
operations
System Development elements DoD-2167A

HW CI Test
Fabrication
System Detail design
definition Prelim. design CDR
HW Reqts. PDR
System System analysis
Requirements Design
analysis SDR SSR
SW Reqts.
SRR analysis PDR
Prelim. design CDR
Detail design TRR
Coding and Testing
CSCI Integration and Test
CSCI Test
System Development elements DoD-2167A

PCA FCA

System
Integration FQR Production and Deployment
and Test

PCA FCA
 Conclusion

Proactive risk assessment and control is

essential for successful system development