You are on page 1of 8

Journal of Information, Control and Management Systems, Vol. 5, (2007), No.

2
277
REVIEW OF RISK ASSESSMENT METHODS
Iveta NEDELJAKOV
University of ilina, Faculty of Management Science and Informatics,
Slovak Republic
e-mail: nedelja@utcpd.sk
Abstract
This review is about risk assessment, its methods and severity estimate and
risk. In order to solve risk and risk events it is essential to know an extent of the
risk. It is also neccesary to describe the risk and determine its importance and
possible risk effects. If a present risk is not eliminated then crisis comes..
Keywords: risk, risk management, risk assessment, risk estimate
1 INTRODUCTION
A risk of correct decision is a part of business intentions. In order to increase
probability of business success on the tough business market it is necessary to work
actively and systematically with risk. This an essential role of risk management. The
risk management means reasonable acting in a risk situation, so that you can protect
and increase present and future assets of enterprise. It can also mean systematic use of
management policies, procedures to solve risk indentification, assessment, evaluation,
analysing and management.[7]











Figure 1 Risk Management


RISK ASSESSMENT

IDENTIFICATION AND RISK ASSESSMENT
RISK EVALUATION
REGULATION (TAKING CARE) OF RISK










RISK MANAGEMENT
Review of Risk Assessment Methods 278
Business risks have a positive and a negative aspect. The positive side is related to
hope for success. The negative side is shown in worse results such as prediction or
creation of loss. Nature and character of business environment create essential sources
of a risk in an organization.
2 RISK ASSESSMENT
A man (a decision maker) decides on a risk danger everyday. His goal is always
to minimize possible damages. This decision is made consciously and automatically. It
is usually not decided on in a numeric way. It is a vector evaluation typical for one
decision maker, which is significantly subjective.
Deliberate consideration of loss (or profit) lies in analysis and evaluation of
predicted facts or facts known in advance. These are initial operations of risk
assessment:
- identification of risk danger (must be objective and systematic),
- qualification of risk danger (identification of danger based on
importance),
- quantification of risk (described numerically and evaluates scenarios in
case of danger).
The goal of risk quantification is to assess number (frequency) and seriousness in
occurrences of loss, which may put enterprise/project/subject in danger and prioritize
risks based on their values. In mathematical description absolute and relative
quantification is used. Absolute quantification expresses value of probable loss that
creates danger to a risk holder or possibly to risk recipient and it is expressed in money
or other measuring units. The relative quantification is when a risk is expressed in ratio
value in relation to a chosen base.
The following are used with risk quantification:
- empiric estimate,
- analytic estimate.
The empiric estimate is a procedure in which decision makers, (evaluators)
working in expert teams use their own experience and knowledge. In analytic estimate
mathematical statistical and mathematical probability methods are used more
frequently. However, analytic procedures cannot work without empiric elements (for
example: use of quantification results, in most cases, is based on decision makers
intuition and experience).
3 PERFORMING RISK ASSESSMENT
3.1 Tree Diagrams
The tree diagram can be defined as an organized and orientated graph describing
event development. It can also be understood as a scheme description of the process.
Journal of Information, Control and Management Systems, Vol. 5, (2007), No. 2
279
Generally tree diagrams can be divided in two basis groups (regardless of their
use):
1. analytic diagrams
determine what effects (E
i
) come out of the event (E), or what are the
reasons (E
i
) that lead to the event (E),
2. syntetic diagrams
determine what effect (E) comes out of the events (E
i
), or what is the
reason (E
i
) that leads to the events (E
i
).
There are four tree diagrams in total that are very frequently used in risk
assessment, they are combined, eventually they transfer from one to another according
to predicted development of the examination process.
Tree diagrams graphically illustrate events by use of block of various shape,
connections among the events by connection links (branches and boundaries) and
relationships among the events by gates (see fig. 2).














Figure 2 Events, reasons and effects in tree diagrams
(Source: TICH, M.: Ovldan rizika, s.170.)

They are common and effective tools in risk assessment and risk decision making.
They are used in various stages of risk assessment, risk management and they occur in
forms of: [8]:
- Event tree
- Failure tree
reason
effects
EVENTS
reasons
EVENT
effect
Analytic Diagram
Syntetic Diagram
E
i

E
i2

E
i1

E
in

Review of Risk Assessment Methods 280
- Causal tree
- Consequence tree
- Cause-consequence, cause-end-effect tree
- Association tree
- Decision tree
- Influence tree.
In all forms the tree diagram can be used in probability occurance evaluation of
a monitored event.
When making (in expert teams) a tree diagram you need to pay a great attention to
analysis, which later will be useful in risk decision.
Tree diagrams have mostly methodic significance:
- they enable a risk engineer to quickly and in detail become familiar with
a problem (or they give a general view on cases, events, reasons and
effects),
- they are a good tool in communication with the risk assessment order (an
order means procedure of risk engineering and may point out ways of
possible development),
- make team work and communication with co-workers (experts) easier,
- is a source of impulses in risk assessment.
3.2 Monte Carlo Method
Monte Carlo method can be considered as any simulation method based on use of
gradation of random and pseudorandom numbers. There are many ways of applications
of this method and they differ in calculation accuracy as well as in calculation speed.
There are also various alternatives of this method with software such as Latin
Hypercube Sampling, which shortens calculation time. Monte Carlo Method is very
flexible and it can be used not only for risk assessment tasks but for other tasks as well.
3.3 Expert Methods
Expert methods can be divided according to goals of their use. Danger and risk
assessment can be:
- verbal or
- numeric.
In case of verbal assessment a decision maker gets information and based on he
creates basis for his future decision. For example, the following methods can be used:
brainstorming, specific methods called what-if analysis as well as other. The numeric
method enables to detect parts of project (object) in danger or through comparison of
more projects (solutions) and result is uniform but variant basis for decision-making.
Journal of Information, Control and Management Systems, Vol. 5, (2007), No. 2
281
3.3.1 Failure Mode and Effect Analysis
The mostly used method of expert analysis is analysis of probable failures and
their effects FMEA (Failure Mode and Effect Analysis). It combines procedures of
verbal and numeric assessment. Verbal stage is based on brainstorming (or possibly on
brain writing) and it is focused on identification of possible failures, ways of failures
and their effects. A numeric stage follows the verbal stage and it is focused on three-
parametric risk assessment in projects with index of more-parametric risk description
(RPN). RPN Index is expressed by total of all partial values from which we get
RPN. The RPN value does not have any meaning itself. However, its advantage is
that it can be suitable for assessment of possible adjustment of the project or for
comparison of more alternatives of projects through simple comparison of RPN
values. [8]
Purpose of FMEA methods is in specification of all possible failures with regard
to failure significance, failure probability, failure detection.
Experience of experts show that this method can detect between 70 % - 90 %
possible differences. [3]
FMEA has various alternatives and uses:
- DFMEA ( Design Failure Mode and Effect Analysis), used for projecting
a product and a process,
- PFMEA (Product - Failure Mode and Effect Analysis) used for
realization,
- SFMEA (Servis Failure Mode and Effect Analysis, System Failure Mode
and Effect Analysis, Software Failure Mode and Effect Analysis),
- FMECA (Failure Mode, Effect and Critical Analysis) is a time
alternative of FMEA and is focused on seriousness and number
(frequency) of system failures,
- SAFMEA (Statistically Adjusted FMEA) is classic FMA extended with
statistic evaluation of RPN index.
3.3.2 Universal Matrix of Risk Analysis
UMRA - Universal Matrix of Risk Analysis has two stages: verbal and numeric.
Expert team carries out the verbal one and it is focused on:
- identification of project segments that are put to danger,
- identification of sources of danger that cause danger to segments.
The numeric stage solves:
- evaluation of seriousness of danger using UMRA,
- classification of danger according to assessed seriousness.
A result of verbal stage is form of initial matrix. This form is used in the
numeric stage in order to evaluate a seriousness of danger using logical-numeric scale.
Review of Risk Assessment Methods 282
UMRA form, which is filed out by an expert, is called expert matrix. By
evaluation of individual matrixes you get final matrix of danger severity, possibly
quantification matrix containing cells only, in which final matrix had higher severity
of danger that determined margin (boundaries). In final or quantification matrix we
directly see comparison of values of severity of danger for relevant project segments
and sources of danger. These values serve as basis in risk management.
3.3.3 SWOT Analysis
SWOT Analysis Strengths, Weaknesses, Opportunities, Threats. This method is
used for assessment of possible risk in the future. The presence of risk may mean a
threat or opportunity (double side of risk) for the project (procedure / object) being
examined /analyzed. The goal of assessment is to get an overview on options how to
lower probability of threat and increase probability of opportunity. This method is used
for assessment of possible risk in the future.
Danger and risk output is not expected in SWOT analysis. SWOT analysis is in
most cases a good source of suggestions. The method is based on comparison of the
subject to competition subjects or products. The principle lies in determination of
strong and weak sides in comparison to competiting organizations (products,
individuals), from possible chances and risks resulting from environment and from
strong and weak sides of the subject (enterprise/ product, ...). This means in analysis
you determine strong and weak sides (in view of goal of analysis) and deduce
opportunities and risks resulting from environment as well as from position of our
strong and weak sides. This procedure is shown in the picture below (Figure 3, 4) [2]:














Figure 3 Graphic chart of goals of SWOT analysis
(Source:http://www.ibispartner.sk/index.php?option=com_content&task=view&id=
133 &Itemid=7)
Assessement goal
(derived from goals of the subject)
Current
situation of
competition?
Determination of out strong and
weak sides
Current environment situation?
(e.g. on the market)
Our current
situation?
Determination of our
prospective (chances) and risks
Journal of Information, Control and Management Systems, Vol. 5, (2007), No. 2
283


















Figure 4 Graphic chart of change of goals in identification of threat prevalence
(Source:http://www.ibispartner.sk/index.php?option=com_content&task=view&id=
133&Itemid=7)
4 CONCLUSSION
Risk assessment is a base element in risk engineering and important in risk
identification. It is essential to know extent of risk in order to work out risk cases and
events. The goal of risk analysis is to give a manager information to control risk and
a decision maker information for decision on risk. Methods of risk assessment have not
been codified yet and due to the variety of risk problem area it is therefore hard to
predict if this happens. Methods of risk analysis can be divided according to way of
expression of value used in risk analysis. Due to a great variety of risk problem area
this article is focused on selected analytic and expert methods in various areas of
practical use.
REFERENCES
[1] FOTR, Ji.: Jak hodnoti a sniovat podnikatelsk riziko. Management Press.
1992. ISBN 80-85603-06-3.
Assessement goal
(derived from goals
of the subject)
SWOT analysis
Are chances bigger
than risks?
Change of goals, focus
on their strong sides
Strategic decision
on business goals
Operative measures on
use of chances and
resolution of risks
Yes
No
Review of Risk Assessment Methods 284
[2] http://www.ibispartner.sk/index.php?option=com_content&task=view&id=133
&Itemid=7
[3] http://www.ipaslovakia.sk/slovnik_view.aspx?id_s=23
[4] http://www.jiscinfonet.ac.uk/InfoKits/risk-management/what-is-risk-
management
[5] http://www.msys.sk/nastroje_analyza_moznych_chyb.htm
[6] MIKOLAJ, J.: Rizikov mamament. RVS, ilina 2001. ISBN 80-88829-65-8.
[7] NEDELJAKOV, I.: Algoritmizcia vybranch procesov manamentu.
Psomn prca na dizertan skku. ilina 2006
[8] TICH, M.: Ovldan rizika. Analza a management. C.H.Beck, Praha 2006.
ISBN 80-7179-415-5.

You might also like