RISK MANAGEMENT

A Systems Engineering View

Presented by:
Dr. Ghazi Albakri
 Lecture No. 1

Introductions & Overview

 Terminology and Background
• Risk
− A measure of potential loss due to natural or
human activities
− A combination of the probability or frequency of
the hazard and its consequence; e.g.,
• Loss
− Adverse consequences of such activities that affect
Human life or health
Economics or property
The natural environment
Information , etc
 Terminology and Background
• Engineering Systems Losses Can Be
− Internal to the system; i.e,
Damage to one of the system’s components
− External to the system; i.e.,
Damage to a component of the external
environment in which the system must
function; e.g.,
Humans
Organizations
Economic assets
Environmental assets
 Terminology and Background
• Risk Analysis
− Is the process of characterizing, managing, and
informing others about the existence, nature,
magnitude, prevalence, contributing factors, and
uncertainties that pertain to the potential losses
− Other names for risk analysis
Probabilistic Risk Analysis (PRA)
Quantitative Risk Analysis (QRA)
Probabilistic Safety Analysis (PSA)
 Terminology and Background
• Importance of Risk Analysis
− While formal methods for risk analysis have been
shaped by modern demands, the concept of risk
analysis is not new; it is even ancient
− People are living longer, healthier, more
prosperous lives and have more to lose
− Today people expect greater protection than
before from industry and government, and they
react with litigation when they feel let down
 Terminology and Background
• Importance of Risk Analysis
− Even as public concerns about risk exert pressure
on policy makers for regulations, engineering
systems are increasing in complexity and
autonomy
Simply making regulations without studying
their effects can be costly and suboptimal—
even dangerous
− A proper risk analysis will adequately model the
system, demonstrate the effect of mitigating
measures, and communicate these to the public
 Terminology and Background
• So Why is Risk Analysis Not Used Everywhere
− It can be complicated and difficult to understand
by managers
− It can be costly and time consuming
− It is often a function of the quality of the
modelers, the data, the assumptions, the experts,
etc and these can vary.
 Terminology and Background
• To Categorize by Potential Loss,
Estimate the Harm Caused by:
− Health Risk
Diseases affecting the health of humans, plants,
animals
− Safety Risk
Accidents caused by natural events or human-
made products, technologies, systems
− Security Risk
War, terrorism, crime, misappropriation of
information
 Terminology and Background
• To Categorize by Potential Loss,
Estimate the Harm Caused by:
− Financial Risk
Monetary loss by individuals, institutions, or
society caused by market fluctuation, loss of
property, misappropriation of funds
− Environmental Risk
Noise, contamination, pollution to ecosystems
and space
Note: All categories of risk are
interrelated; e.g., environmental risk
may lead to financial risk.
 Evolution of System Standards

ANSI/EIA
Interim ISO/IEC
632
EIA/IS 15288
632 Capability
Assessment Capability
Assessment
EIA/IS
Mil-Std Mil-Std Mil-Std SE CMMI
731
499 499A 499B Interim
SE iCMM
Not IEEE ISO/IEC
Released
1220 IEEE 15504
Trial Use 1220

1969 1974 1991-1993 1994 1998

Emerging Timeline
1/28/2015

Chart 11
 Building Blocks of
Systems Engineering

Math & Physical Sciences Body of Knowledge

– Qualitative modeling
– Quantitative modeling
– Physical modeling
– Theory of Constraints
– Physical Laws
Management Sciences
– Economics
– Organizational Design
– Business Decision Analysis
– Operations Research
Social Sciences
– Multi-disciplinary Teamwork
– Organizational Behavior
– Leadership
– Problem definition
Concept of operations
System boundaries
Objectives hierarchy
Originating requirements
– Concurrent engineering
System life cycle phases
Integration/Qualification
– Architectures
Functional/Logical
Physical/Operational
Interface
– Trades
Concept-level
Risk management
Key performance parameters

Unique to Systems Engineering

 Three Disciplines

© 2010 Nkumbwa™. All Rights Reserved. 13

 Project Dynamics:
The Triple Constraints

Cost Time
Scope
Quality

Resources

© 2010 Nkumbwa™. All Rights Reserved. 14

 PMI PMBOK
Project management Body of Knowledge

© 2010 Nkumbwa™. All Rights Reserved. 15

 Project Life Cycle -- Phases

© 2010 Nkumbwa™. All Rights Reserved. 16

 Project Management Process Groups

© 2010 Nkumbwa™. All Rights Reserved. 17

 Project Life Cycle (Frame)

Concept
Planning
Execution
Closeout
Operation
Maintenance
© 2010 Nkumbwa™. All Rights Reserved. 18
 Needs Analysis
Organizational

Key
Areas of
Analysis

Present Functional
System Requirements

© 2010 Nkumbwa™. All Rights Reserved. 19

 Data Item Description

File: D:\PhD\Spring 2003\EMSE-284\Team Project\Final Report\SEMP_RevD.doc

Last Saved Date: 04/13/2003

Version Description of Change Author Date

A Created from EIA/IS-632, modified to outline the Team # 3 04/04/2003
general understanding of such conceptual approach
B Modified to include detailed trade study analysis Team # 3 04/08/2003
C Modified to move some of the details in the final Team # 3 04/09/2003
report
D Final modification to include all the shall statement Team # 3 04/13/2003
and what is planned to be included in the SEMP

THIS PAGE TO BE DELETED WHEN PUBLISHED

 Program Plan
ENG. SPECIALTY INTEGRATION
TECH. PROG. PLANNING & CONTROL
POLICY/GUIDANCE
ORGANIZATION •Specialty Group Org.
•Prog. Mgmt Structure •Internal Interface
•Accountability •Functional Accountability
•Internal/External Interfaces SEMP •Working interface
•Tasks/Procedures &
•Milestones
Integration Test Plan
PLANNING ACTIVITIES
•SOW/CDRLs Reviews
•Schedule/Milestones Human Factor Dev. Plan
•SPEC/ICD Tree
•System Test Integrated Logistic Plan
SYSTEMS ENGINEERING PROCESS
CONTROL ACTIVITY Safety ProgRAM Plan
TECHNICAL SYSTEM REQUIRMENTS
•TPM •Development
•Accountability •Allocation Reliability/Maintainability
•Design Compliance •Verification Plan
•Config. Baseline Schedule

ENG. ANALYSIS
•Trade studies
•Design synthesis
•Problem Resolution

INTERFACE MGMT.
•Interface Control Document
•Interface Control Working
Group
 SEMP Contents
Systems Engineering Management Plan
Title Page
Part 3): Engineering Specialty Integration
Introduction – Integration Design/Plans
Reliability
Part 1): Technical Program Planning and Control Maintainability
Responsibilities and Authority Human Engineering
– Standards, Procedures, and Training Safety
– Program Risk Analysis Standardization
– Work Breakdown Structures Survivability/Vulnerability
– Program Reviews Electromagnetic Pulse Hardening
– Technical Reviews Integrated Logistics Support
– Technical Performance Measurements Computer Resources Life Cycle
– Change Control Procedures Management Plan
– Engineering Program Integration Producibility
– Interface Control Other Engineering Specialty
– Milestones/Schedule Requirements/Plans
– Other Plans and Controls
– Integration System Test Plans
Part 2):Systems Engineering Process
Mission and Requirements Analysis – Compatibility with Supporting Activities
– Functional Analysis System Cost Effectiveness
– Requirements Allocation Value Engineering
– Trade Studies TQM/Quality Assurance
– Design Optimization/Effectiveness Material and Processes
Compatibility
– Synthesis
– Technical Interface Compatibility
– Logistic Support Analysis
– Producibility Analysis
– Specification Tree/Specifications
– Documentation
– Systems Engineering Tools
 1.0
Risk Assessment Plan

1.1 1.2
Risk Associate Risk associated
with the completion with the implementation
of this project of the product of this project
 Requirements , Functions & System Elements
2. Risk Identification:
Anticipation, recognition &
prioritization of potential Program Management &
adverse outcomes and the Systems Engineering
associated root causes

3. Risk Assess mnet: Modification of

Characterization of the Program Plan
magnitude, likelihood, or
serverity of risks, if
warranted.

4. Risk Analysis:
Evaluation of cost and
benefits associated with
available risk mitigation
options, if needed
1. Planning:
Establishment of the risk
management program plan
and assignmnet of
respons ibilities.
5. Risk Handling:
Program intervention to
reduce or eliminate risks, if
justified, and tracking to
assure success.
Alternatives Increase the Build a larger Use a New SE Solution
Number of Terminal [the JTAG Transition System]
Employees

Pros. • Open new job • More space • Open new job opportunities
opportunities • Maximize the use • Increase the security
(Advantages) • Increase the of space (more • Minimize the time of check-in
security capacity of • Allow for relaxed environment
• Minimize the passengers) for the passenger
time of check- • Minimize the load on the
in terminal
• Provide Security time to monitor
suspicious passengers

Cons. • Additional • Increase the need • Additional Training is required

Training is to secure the • Increase cost
(Disadvantages) required terminal • Requires space allocation
• Increase cost • Increase cost
• Other issues • Other issues
Risk Description Probabili Severity Action Required Status
ty of of Risk
Risk

Underestimated High Moderate Tailor tasks to try Action

time to complete and stay on taken
tasks schedule
Scope grows to Moderate Low Tailor task to stay Action
satisfy the on schedule taken
expectation of all
team members, and
other reviewer
Complete Real Data High High Depend on the Action
and information available data in taken
gathering to analyze the internet, and
apply the Systems
Engineering tools,
and techniques on
the system as a
whole (black box)

Principle Low Low Planned slack and Action

investigator or team low hour weeks for taken
memebers get sick contingencies in
schedule
Alternatives Increase the Number of Build a larger Terminal Use a New SE Solution
Employees [the JTAG Transition System]

Pros. • Open new job • More space • Open new job opportunities
(Advantages) opportunities • Maximize the use of • Increase the security
• Increase the security space (more capacity of • Minimize the time of check-in
• Minimize the time of passengers) • Allow for relaxed environment for the
check-in passenger
• Minimize the load on the terminal
• Provide Security time to monitor suspicious
passengers

Cons. • Additional Training is • Increase the need to • Additional Training is required

(Disadvantages) required secure the terminal • Increase cost
• Increase cost • Increase cost • Requires space allocation
• Other issues • Other issues
 Risk Mitigation Plan
Risk Issue Mitigation / Solution to Overcome the Risk
System Maturity Present the system and this project from its basic aspects
System Complexity Keep as much as possible the use of simple definitions, and specify benefits
of minimizing the delay time with increased security repeatable
Lake of data Establish redundant resources, and spread the subject of this project to
most organizations in the airport business via the Internet. In addition, Key
individuals have already been identified for questioner.
Performance Past experience and expert study of product evaluation and operational
environment
Usability Understand the NAS and Airport’s terminal personnel and study most of
the passenger’s concerns
Maintainability Provide simple procedures to presents the JTAG transition system ability
Integration /Test Adequate test planning and procedures, test equipment, test personnel as
part of development process
Security will deal with Commercial-Of-The-Shelf (COTS) projects with the use of
sanitization, and generic phonetic alphabet terms.
Interfaces & Transition Evaluation of alternatives products for each component; good interface
specifications; mature system engineering practices
Training Assign professional trainers, and keep monitoring the training plan by
system engineering personal
Technical Factors Proper Communications were established to introduce the project to some
of the international airport managers and local airport authority makers
verbally with the proper skills gained from “communications in technical
organizations” course.
Implementation cost Past experience and schedule for additional PMRs
Product Delivery Strong specifications and requirement analysis in addition to past
performance and experience
 Risk Mitigation Plan
Risk Issue Mitigation / Solution to Overcome the Risk
System Maturity Present the system and this project from its basic aspects
System Complexity Keep as much as possible the use of simple definitions, and specify benefits of minimizing
the delay time with increased security repeatable
Lake of data Establish redundant resources, and spread the subject of this project to most organizations
in the airport business via the Internet. In addition, Key individuals have already been
identified for questioner.
Performance Past experience and expert study of product evaluation and operational environment
Usability Understand the NAS and Airport’s terminal personnel and study most of the passenger’s
concerns
Maintainability Provide simple procedures to presents the JTAG transition system ability
Integration /Test Adequate test planning and procedures, test equipment, test personnel as part of
development process
Security will deal with Commercial-Of-The-Shelf (COTS) projects with the use of sanitization, and
generic phonetic alphabet terms.
Interfaces & Transition Evaluation of alternatives products for each component; good interface specifications;
mature system engineering practices
Training Assign professional trainers, and keep monitoring the training plan by system engineering
personal
Technical Factors Proper Communications were established to introduce the project to some of the
international airport managers and local airport authority makers verbally with the proper
skills gained from “communications in technical organizations” course.
Implementation cost Past experience and schedule for additional PMRs
Product Delivery Strong specifications and requirement analysis in addition to past performance and
experience