Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Journal of Information, Control and Management Systems, Vol. 5, (2007), No. 2 277 REVIEW OF RISK ASSESSMENT METHODS Iveta NEDELJAKOVÁ University of Žilina, Faculty of Management Science and Informatics, Slovak Republic e-mail: [email protected] Abstract This review is about risk assessment, its methods and severity estimate and risk. In order to solve risk and risk events it is essential to know an extent of the risk. It is also neccesary to describe the risk and determine its importance and possible risk effects. If a present risk is not eliminated then crisis comes.. Keywords: risk, risk management, risk assessment, risk estimate 1 INTRODUCTION A risk of correct decision is a part of business intentions. In order to increase probability of business success on the tough business market it is necessary to work actively and systematically with risk. This an essential role of risk management. The risk management means reasonable acting in a risk situation, so that you can protect and increase present and future assets of enterprise. It can also mean systematic use of management policies, procedures to solve risk indentification, assessment, evaluation, analysing and management.[7] IDENTIFICATION AND RISK ASSESSMENT RISK ASSESSMENT RISK EVALUATION REGULATION (TAKING CARE) OF RISK RISK MANAGEMENT Figure 1 Risk Management Review of Risk Assessment Methods 278 Business risks have a positive and a negative aspect. The positive side is related to hope for success. The negative side is shown in worse results such as prediction or creation of loss. Nature and character of business environment create essential sources of a risk in an organization. 2 RISK ASSESSMENT A man (a decision maker) decides on a risk danger everyday. His goal is always to minimize possible damages. This decision is made consciously and automatically. It is usually not decided on in a numeric way. It is a vector evaluation typical for one decision maker, which is significantly subjective. Deliberate consideration of loss (or profit) lies in analysis and evaluation of predicted facts or facts known in advance. These are initial operations of risk assessment: - identification of risk danger (must be objective and systematic), - qualification of risk danger (identification of danger based on importance), - quantification of risk (described numerically and evaluates scenarios in case of danger). The goal of risk quantification is to assess number (frequency) and seriousness in occurrences of loss, which may put enterprise/project/subject in danger and prioritize risks based on their values. In mathematical description absolute and relative quantification is used. Absolute quantification expresses value of probable loss that creates danger to a risk holder or possibly to risk recipient and it is expressed in money or other measuring units. The relative quantification is when a risk is expressed in ratio value in relation to a chosen base. The following are used with risk quantification: - empiric estimate, - analytic estimate. The empiric estimate is a procedure in which decision makers, (evaluators) working in expert teams use their own experience and knowledge. In analytic estimate mathematical – statistical and mathematical – probability methods are used more frequently. However, analytic procedures cannot work without empiric elements (for example: use of quantification results, in most cases, is based on decision maker’s intuition and experience). 3 PERFORMING RISK ASSESSMENT 3.1 Tree Diagrams The tree diagram can be defined as an organized and orientated graph describing event development. It can also be understood as a scheme description of the process. Journal of Information, Control and Management Systems, Vol. 5, (2007), No. 2 279 Generally tree diagrams can be divided in two basis groups (regardless of their use): 1. analytic diagrams determine what effects (Ei) come out of the event (E), or what are the reasons (Ei) that lead to the event (E), 2. syntetic diagrams determine what effect (E) comes out of the events (Ei), or what is the reason (Ei) that leads to the events (Ei). There are four tree diagrams in total that are very frequently used in risk assessment, they are combined, eventually they transfer from one to another according to predicted development of the examination process. Tree diagrams graphically illustrate events by use of block of various shape, connections among the events by connection links (branches and boundaries) and relationships among the events by gates (see fig. 2). reason EVENT Analytic Diagram Ei1 Ei2 Ei effects EVENTS reasons effect Syntetic Diagram Ein Figure 2 Events, reasons and effects in tree diagrams (Source: TICHÝ, M.: Ovládaní rizika, s.170.) They are common and effective tools in risk assessment and risk decision making. They are used in various stages of risk assessment, risk management and they occur in forms of: [8]: - Event tree - Failure tree 280 Review of Risk Assessment Methods - Causal tree - Consequence tree - Cause-consequence, cause-end-effect tree - Association tree - Decision tree - Influence tree. In all forms the tree diagram can be used in probability occurance evaluation of a monitored event. When making (in expert teams) a tree diagram you need to pay a great attention to analysis, which later will be useful in risk decision. Tree diagrams have mostly methodic significance: - they enable a risk engineer to quickly and in detail become familiar with a problem (or they give a general view on cases, events, reasons and effects), - they are a good tool in communication with the risk assessment order (an order means procedure of risk engineering and may point out ways of possible development), - make team work and communication with co-workers (experts) easier, - is a source of impulses in risk assessment. 3.2 Monte Carlo Method Monte Carlo method can be considered as any simulation method based on use of gradation of random and pseudorandom numbers. There are many ways of applications of this method and they differ in calculation accuracy as well as in calculation speed. There are also various alternatives of this method with software such as Latin Hypercube Sampling, which shortens calculation time. Monte Carlo Method is very flexible and it can be used not only for risk assessment tasks but for other tasks as well. 3.3 Expert Methods Expert methods can be divided according to goals of their use. Danger and risk assessment can be: - verbal or - numeric. In case of verbal assessment a decision maker gets information and based on he creates basis for his future decision. For example, the following methods can be used: brainstorming, specific methods called what-if analysis as well as other. The numeric method enables to detect parts of project (object) in danger or through comparison of more projects (solutions) and result is uniform but variant basis for decision-making. Journal of Information, Control and Management Systems, Vol. 5, (2007), No. 2 281 3.3.1 Failure Mode and Effect Analysis The mostly used method of expert analysis is analysis of probable failures and their effects – FMEA (Failure Mode and Effect Analysis). It combines procedures of verbal and numeric assessment. Verbal stage is based on brainstorming (or possibly on brain writing) and it is focused on identification of possible failures, ways of failures and their effects. A numeric stage follows the verbal stage and it is focused on threeparametric risk assessment in projects with index of more-parametric risk description (RPN). RPN Index is expressed by total of all partial values from which we get ∑RPN. The RPN value does not have any meaning itself. However, its advantage is that it can be suitable for assessment of possible adjustment of the project or for comparison of more alternatives of projects through simple comparison of ∑RPN values. [8] Purpose of FMEA methods is in specification of all possible failures with regard to failure significance, failure probability, failure detection. Experience of experts show that this method can detect between 70 % - 90 % possible differences. [3] FMEA has various alternatives and uses: - DFMEA ( Design Failure Mode and Effect Analysis), used for projecting a product and a process, - PFMEA (Product - Failure Mode and Effect Analysis) used for realization, - SFMEA (Servis Failure Mode and Effect Analysis, System Failure Mode and Effect Analysis, Software Failure Mode and Effect Analysis), - FMECA (Failure Mode, Effect and Critical Analysis) is a time alternative of FMEA and is focused on seriousness and number (frequency) of system failures, - SAFMEA (Statistically Adjusted FMEA) is classic FMA extended with statistic evaluation of RPN index. 3.3.2 Universal Matrix of Risk Analysis UMRA - Universal Matrix of Risk Analysis has two stages: verbal and numeric. Expert team carries out the verbal one and it is focused on: - identification of project segments that are put to danger, - identification of sources of danger that cause danger to segments. The numeric stage solves: - evaluation of seriousness of danger using UMRA, - classification of danger according to assessed seriousness. A result of verbal stage is „form of initial matrix“. This form is used in the numeric stage in order to evaluate a seriousness of danger using logical-numeric scale. Review of Risk Assessment Methods 282 UMRA form, which is filed out by an expert, is called „expert matrix“. By evaluation of individual matrixes you get „final matrix of danger severity“, possibly „quantification matrix containing cells only, in which final matrix had higher severity of danger that determined margin (boundaries). In final or quantification matrix we directly see comparison of values of severity of danger for relevant project segments and sources of danger. These values serve as basis in risk management. 3.3.3 SWOT Analysis SWOT Analysis – Strengths, Weaknesses, Opportunities, Threats. This method is used for assessment of possible risk in the future. The presence of risk may mean a threat or opportunity (double side of risk) for the project (procedure / object) being examined /analyzed. The goal of assessment is to get an overview on options how to lower probability of threat and increase probability of opportunity. This method is used for assessment of possible risk in the future. Danger and risk output is not expected in SWOT analysis. SWOT analysis is in most cases a good source of suggestions. The method is based on comparison of the subject to competition subjects or products. The principle lies in determination of strong and weak sides in comparison to competiting organizations (products, individuals), from possible chances and risks resulting from environment and from strong and weak sides of the subject (enterprise/ product, ...). This means in analysis you determine strong and weak sides (in view of goal of analysis) and deduce opportunities and risks resulting from environment as well as from position of “our“ strong and weak sides. This procedure is shown in the picture below (Figure 3, 4) [2]: Assessement goal (derived from goals of the subject) Current situation of competition? Our current situation? Determination of out strong and weak sides Current environment situation? (e.g. on the market) Determination of our prospective (chances) and risks Figure 3 Graphic chart of goals of SWOT analysis (Source:http://www.ibispartner.sk/index.php?option=com_content&task=view&id= 133 &Itemid=7) Journal of Information, Control and Management Systems, Vol. 5, (2007), No. 2 283 Assessement goal (derived from goals of the subject) SWOT analysis Are chances bigger than risks? Yes Strategic decision on business goals No Change of goals, focus on their strong sides Operative measures on use of chances and resolution of risks Figure 4 Graphic chart of change of goals in identification of threat prevalence (Source:http://www.ibispartner.sk/index.php?option=com_content&task=view&id= 133&Itemid=7) 4 CONCLUSSION Risk assessment is a base element in risk engineering and important in risk identification. It is essential to know extent of risk in order to work out risk cases and events. The goal of risk analysis is to give a manager information to control risk and a decision maker information for decision on risk. Methods of risk assessment have not been codified yet and due to the variety of risk problem area it is therefore hard to predict if this happens. Methods of risk analysis can be divided according to way of expression of value used in risk analysis. Due to a great variety of risk problem area this article is focused on selected analytic and expert methods in various areas of practical use. REFERENCES [1] FOTR, Jiří.: Jak hodnotiť a snižovat podnikatelské riziko. Management Press. 1992. ISBN 80-85603-06-3. 284 Review of Risk Assessment Methods [2] http://www.ibispartner.sk/index.php?option=com_content&task=view&id=133 &Itemid=7 http://www.ipaslovakia.sk/slovnik_view.aspx?id_s=23 http://www.jiscinfonet.ac.uk/InfoKits/risk-management/what-is-riskmanagement http://www.msys.sk/nastroje_analyza_moznych_chyb.htm MIKOLAJ, J.: Rizikový mamažment. RVS, Žilina 2001. ISBN 80-88829-65-8. NEDELJAKOVÁ, I.: Algoritmizácia vybraných procesov manažmentu. Písomná práca na dizertačnú skúšku. Žilina 2006 TICHÝ, M.: Ovládaní rizika. Analýza a management. C.H.Beck, Praha 2006. ISBN 80-7179-415-5. [3] [4] [5] [6] [7] [8]