Download Risk management process: The systematic application of

Risk management process: The systematic application of management policies,
procedures and practices to the tasks of establishing the context, identifying, analysing,
evaluating, treating, monitoring and communicating risk.
Qualitative and quantitative risk assessment: The term "qualitative" currently covers
two distinct types of risk assessment. The first is descriptive in nature and the second is
one which uses formal qualitative methods and techniques. It is, therefore, more
appropriate to talk about three types of risk assessments, all of which may have an
appropriate function. All three types have elements which may be combined
appropriately in any one import commodity risk analysis.
Descriptive risk assessments rely upon a strong narrative relating of principle events and
factors. This form of assessment may contain scientific references, references to other
risk assessments, significant quantitative data, etc. Generally these present a salient
description of the situation of a particular commodity vis a vis a particular country or
region. The end product of this form of risk assessment is an opinion on the
categorization of a level of risk ("high, medium, low, minimal, etc.").
Qualitative risk assessments utilize a formal model and a large variety of methodologies
found in the scientific literature. In a qualitative study, categorical, and sometimes
quantitative, data are moved through the model in a calculated manner. Qualitative risk
assessments may include both parametric and non-parametric statistics. The techniques of
a qualitative risk assessment are transparent.
The end product of a qualitative risk assessment is a calculated measure of risk. It is
expressed as categorization of a level of risk. But unlike descriptive risk assessments, this
end product is more than a judicious "opinion." It is rather a measure which can be
replicated under other circumstances.
Quantitative risk assessments rely heavily upon quantitative techniques, such as
parametric and non-parametric statistics, probability distributions, analysis of variance,
sensitivity analysis, and other statistical methodologies. At the same time, they frequently
are linked to narrative and qualitative techniques within the whole of their risk analysis.
The end product of a quantitative risk assessment is frequently presented as a
Relative risk: The ratio of the rate of the disease (usually incidence or mortality) among
those exposed to the rate among those not exposed.
Secondary risks: Risks which arise from actions taken to mitigate other risks or from
extensions to the original scope of the project. Secondary risks can sometimes be
important and always need to be analyzed in their own right.
Reliability: Evaluating the inherent quality of a test report or publication relating to
preferably standardized methodology and the way the experimental procedure and results
are described to give evidence of the clarity and plausibility of the findings. It is the
probability a system performs a specified function or mission under given conditions for
a prescribed time
Risk estimation: The scientific determination of the characteristics of risks, usually in as
quantitative a way as possible. These include the magnitude, spatial scale, duration and
intensity of adverse consequences and their associated probabilities as well as a
description of the cause and effect links.
Risk evaluation: A component of risk assessment in which judgments are made about
the significance and acceptability of risk.
Risk identification: Recognizing that a hazard exists and trying to define its
characteristics. Often risks exist and are even measured for some time before their
adverse consequences are recognized. In other cases, risk identification is a deliberate
procedure to review, and it is hoped, anticipate possible hazards.
Risk checklist: A checklist of risk mitigation techniques that is used by project
evaluators to manage and reduce the potential for loss in a project.
Risk diversification: The process of distributing risk to all contractual parties in a
construction project; risk diversification is normally accomplished through use of
contingency amounts, or risk premiums.
Risk measurement: The process of objectively and accurately assessing the amount of
potential loss in a construction project. Risk measurement can be either deterministic (a
number) or probabilistic (a percent associated with a number).
Risk mitigation: The process of removing or reducing risk. Risk mitigation may include
risk analysis, or other activities designed to assess the results of risk mitigation
initiatives.
Risk premium: Contingency amount(s) included in a construction contract to allocate or
compensate for funding/cost and schedule uncertainties, which are perceived by the
contracting parties to be present in the project.
Risk variable: A critical or highly variable cost or schedule (duration) element of a
construction project.
Residual risks: Those risks which are not avoided, eliminated or transferred in the risk
mitigation strategy.
Risk analyst: An individual whose primary task is the identification and evaluation of
risks during the risk review.
Risk assessment tables: Tables that may be used to allocate ‘scores’ to risks, to help in
prioritizing them.
Risk custodian: An individual who has responsibility for monitoring, controlling and
minimizing the project’s residual risks.
Risk event: The occurrence of an event which has the potential to affect the viability of a
project. The manifestation of risk into Consequences. Otherwise, Risk is only a potential.
Risk matrix: The presentation of information about risks in a matrix format, enabling
each risk to be presented as the cell of a matrix whose rows are usually the stages in the
investment life-cycle and whose columns are different causes of risk. A risk matrix is
useful as a checklist of different types of risk which might arise over the life of a project
but it must always be supplemented by other ways of discovering risks. Risk matrix is a
form of Risk Measurement and Risk Prioritization in one step that uses risks on the
horizontal axis and system components or audit steps on the left axis. Both axes are
sorted to the left corner (High), creating a matrix with quadrants of High, Medium and
Low groups of elements and risks.
Risk mitigation strategy: An overall plan for mitigating the risks in the investment
activity.
Risk register: A list of risks identified in the risk review process, including full
descriptive detail and cross-references.
Risk response plan: A plan (prepared towards the end of the risk review) for controlling
the risks once implementation begins.
Risk review: An overall assessment of the risks involved in a project, their magnitude
and their optimal management. Risk reviews can in principle be held at any stage in the
life of a project with each review building on the results of previous ones. Each risk
review should be preceded by a risk review plan. Risk reviews should generate
information for inclusion in the risk register, risk mitigation strategy and risk response
plan. The results of a risk review should be set out in a risk review report.
Risk acceptance: An informed decision to suffer the Consequences of likely Events.
Risk avoidance: An informed decision not to become involved in a risk situation.
Risk adjusted value: In portfolio analysis, this is the (Upside minus Risk-Aversion)
muliplied by the Downside or Regret.
Risk classification: The categorization of risk, typically into High, Medium, Low and
intermediate values.
Risk factors: Measurable or observable manifestations or characteristics of a process that
either indicates the presence of Risk or tends to increase Exposure.
Risk framework: A Model of risks in the organization. Risk frameworks typically
enumerate the various classes of risk and the degree of Risk Management expected.
Risk model: A mathematical, graphical or verbal description of risk for a particular
environment and set of activities within that environment. Useful in Risk Assessment for
consistency, training and documentation of the assessment.
Risk prioritization: The relation of acceptable levels of risks among alternatives.
Risk ranking: The ordinal or cardinal rank prioritization of the risks in various
alternatives, projects or units.
Risk reduction: Application of Risk Management principles to reduce the Likelihood or
Consequences of an Event, or both.
Risk response: Management's decisions and actions when risks are revealed.
Risk retention: Intentional (or unintentional) retaining the responsibility for loss or Risk
Financing within the organization.
Risk scenarios: A method of identifying and classifying risks through creative
application of Probabilistic events and their Consequences. Typically a Brainstorming or
other creative technique is used to stimulate "what might happen."
Risk transfer: Shifting the responsibility or Risk Financing burden to another party.
Risk treatment: Another term for Risk Management.
Expert opinion: Use of experts and expert opinion are intended to be a methodological
tool, rather than simply a supportive personal communication. Examples of how expert
opinion has been methodologically accessed include (1) requesting and evaluating
independent analyses from multiple experts in a given field; or (2) convening a panel of
experts who present their analyses on a given topic, followed by interactive panel
discussion and recommendation of preferred methods.
Quality assurance: 1) The process of evaluating overall project performance on a
regular basis to provide confidence that the project will satisfy the relevant quality
standards. 2) The organizational unit that is assigned responsibility for quality assurance.
Quality control: 1) The process of monitoring specific project results to determine if the
comply with relevant quality standards and identifying ways to eliminate causes of
unsatisfactory performance. 2) The organizational unit that is assigned responsibility for
quality control.
Quality planning: Identifying which quality standards are relevant to the project, and
determining how to satisfy them.
Software engineering: A discipline that encompasses the process associated with
software development, the methods used to analyze, design and test computer software,
the management techniques associated with the control and monitoring of software
projects and the tools used to support process, methods, and techniques.
@RISK software: Computer software designed to perform probabilistic risk analysis on
a personal computer. @RISK is suitable for spreadsheet or schedule applications. The
software allows the user to specify probability distribution type and ranges of variation
for activities within the project (critical variables), and then conducts a Monte Carlo
random simulation on the specified cost and schedule variables.
Sampling: Is the process by which values are randomly drawn from input probability
distributions. Two methods of sampling used in @RISK – Monte Carlo sampling and
Latin Hypercube sampling.
Simulation: It is a technique whereby a model, such as Excel worksheet, is calculated
many times with different input values with the intent of getting a complete
representation of all possible scenarios that might occur in an uncertain situation.
Monte Carlo simulation: A computerized technique which is the basis for probabilistic
risk analysis, and which replicates real life occurrences by mathematically modeling a
projected event. Monte Carlo simulation uses pre-defined probability distributions of risk
variables to perform random modeling over many "simulations" or computer trials. The
results are probabilistic (they form a probability distribution) and therefore yield an
expected value (mean) and a standard deviation, as well as cumulative probabilities (zero
to 100 percent) which express total likelihood (probability) at any level of variable
outcome.
Latin hypercube: It is a relatively new stratified sampling technique used in simulation
modeling. Stratified sampling techniques, as opposed to Monte Carlo type techniques,
tend to force convergence of a sampled distribution in fewer samples.
Iteration: An iteration is one recalculation of user’s model during a simulation. A
simulation consists of many recalculations or iterations. During each iteration, all
uncertain variables are sampled once according to their probability distributions, and the
model is recalculated using these sampled values.
Uncertainty: A source of risk derived from a lack of sufficient knowledge about the
underlying probabilities of adverse events and/or their consequences.
Consequence: The outcome of an event expressed qualitatively or quantitatively, being a
loss, injury, disadvantage or gain. There may be a range of possible outcomes associated
with an event.
Event: An incident or situation, which occurs in a particular place during a particular
interval of time.
Probability: The likelihood or degree of certainty of a particular occurrence taking place
during a specified time period. Independent probabilities relate to events which do not
depend on other events which have occurred previously. Dependent probabilities are the
probabilities of occurrence once previous specified events have occurred.
Probability distribution: A distribution, input or output, of data point probabilities (can
be discrete or continuous), which describe the probability of occurrence of all data points
in the distribution. Probability distributions take many various shapes, and are each
characterized by a mean (average) and a standard deviation (measure of internal
variation). Probability distribution is a distribution which relates a range of particular
outcomes to their likelihood. The most common probability distribution is the normal
distribution which is shaped like the cross-section of a bell.
Probability density function: A relative frequency curve which shows the total area
(100 percent) of all data points contained in the distribution.
Cumulative distribution function: The zero to 100 percent successive probability for
each observed value in a probability distribution. Cumulative probability functions
(CDFs) are normally used to express the total probability (zero to 100 percent) for a
specified level of output variables (cost and schedule variables) following the
probabilistic simulation analysis.
Uniform probability distribution: A "flat curve" probability distribution which is
characterized by only two points: a lower bound and an upper bound.
Triangular distribution: A statistical distribution, which requires the identification of
high, low, and most likely values for each selected variable. The resultant data points
form the basis for the triangular or three-point distribution.
Random variables: Computer-generated "y" axis values which, depending on a userdefined probability distribution, randomly generate new "x" values for each trial in a
simulation.
Probabilistic estimate: The result of a probabilistic risk analysis; a forecast for modeled
cost or schedule events, which is the result of probabilistic or random simulation.
Probabilistic risk analysis: An analysis based on computer simulation, which uses predefined probability distributions to model input variables for project cost and schedule.
The input variables are cost and schedule variables, which possess a high degree of
uncertainty. This uncertainty is expressed through "ranging" the variables, or defining
their bounds according to the data points required by the input distributions. For
example, triangular distribution requires high, low, and most likely values. Output
variables for cost and schedule duration result from the computer simulation, and are also
characterized by probability distributions having means (averages) and standard
deviations (measures of internal dispersion). A cumulative distribution function
describes the total probability or likelihood of occurrence at any level of output variable
(cost or schedule). This technique -- probabilistic risk analysis -- requires effective user
facilitation, but is a model for collaborative decision-making and risk mitigation.
Project management control system: Any method, process, or system, which exists to
manage project resources, document project activity, or authorize project events.
Beta distribution: A unimodal distribution with confined lower and upper bounds; shape
can be asymmetrical, and depends on the particular distribution.
Coefficient of variation: A measure of relative dispersion within a probability
distribution. The coefficient of variation is the standard deviation of the probability
distribution divided by its expected value (mean). This coefficient serves as a measure
of relative risk.
Confidence interval: The probability (zero to 100 percent) that an observed value is the
true or actual value. The confidence interval, expressed as a percent, is used to interpret
the output or results of a probabilistic analysis.
Contingency: A risk premium factor or amount that is added to the project budget and/or
the schedule, by any party to the contract, to allow/compensate for uncertainty or risk in
project implementation.
Construction risk: Risk associated with the physical construction phase of project
development; for example, construction risk is differentiated from economic risk (loss of
project income due to unpredictably low ridership or poor tax base) and political risk
(project may be shelved due to new constituent representation).
Cost-benefit analysis: Economic analysis used to forecast the net value, usually over
time, for a series of capital payments or revenue/cash flow related to project
implementation.
Cost escalation factor: An inflation-adjustment factor applied to base year costs.
Cost index: An inflation-adjustment factor applied to non-base year costs.
Critical path: The longest path in a schedule of duration-defined activities.
Deterministic method: Cost estimation method, which allows for successive iteration of
projected or estimated values, each yielding or "determining" a new bottom line.
Histogram: A relative frequency polygon, or bar-chart, which shows discrete noncumulative probabilities for all points in a probability distribution.
Lognormal distribution: A unimodal distribution that can take only positive values, and
is skewed or "slanted" to the right.
Multivariate: An analytical technique that considers or solves for multiple (more than
one) decision variables.
Ogive: A cumulative frequency polygon (distribution curve), which begins at zero and
ends at 100 percent probability for the data points in the distribution.
PERT method: Program Evaluation and Review Technique, a probabilistic networkbased scheduling technique in which a beta distribution is used to model activity
durations. The total project duration is computed along the network's critical path (the
longest path) by adding the means of the activities on the critical path.
Tornado graph: A graph, which describes the calculated sensitivities of critical variables
resulting from a Monte Carlo simulation.
Sensitivity analysis: A technique used to discover how sensitive the results from
economic and financial models are to changes in the input values of the variables used to
calculate the results. A high degree of sensitivity is a warning to interpret the results of
the model with care and circumspection; especially because many of the input variables
will themselves have been estimated and therefore be subject to error. Use of econometric
models must not obscure awareness of their limitations and possible pitfalls, especially
when they are being used for forecasting.
Scenario analysis: It identifies combination of inputs which lead to output target values.
Scenario analysis attempts to identify groupings of inputs which cause certain output
values.
Significant: Is to be interpreted as implying a risk the potential consequence of which
could have a significant effect on one of the objectives, parameters or 'deliverables', even
if it has only a small probability of occurrence.
Regression: A mathematical technique used to explain and/or predict. The general form
is Y = a + bX + u, where Y is the variable that we are trying to predict; X is the variable
that we are using to predict Y, a is the intercept; b is the slope, and u is the regression
residual. The and b are chosen in a way to minimize the squared sum of the residuals.
The ability to fit or explain is measured by the R-square.
Regression analysis: A statistical technique that can be used to estimate relationships
between variables.
Regression coefficient: Term yielded by regression analysis that indicates the sensitivity
of the dependent variable to a particular independent variable.
Regression equation: An equation that describes the average relationship between a
dependent variable and a set of explanatory variables.
Modeling: Is a catch-all phrase that usually means any type of activity where one tries to
create a representation of a real life situation so one can analyze it.
Predictive microbiology: Predictive microbiology involves knowledge of microbial
growth responses to environmental factors summarized as equations or mathematical
models. The raw data and models may be stored in a database from which the
information can be retrieved and used to interpret the effect of processing and distribution
practices on microbial proliferation. Coupled with information on environmental history
during processing and storage, predictive microbiology provides precision in making
decisions on the microbiologic safety and quality of foods.