Risk analysis and management are vital to the success of any project. As contractors who work a myriad of projects, we see firsthand that different customers have different approaches towards risk. Here at SPEC Innovations, we seek to equip you with the tools to pursue your approach. Let’s take a look at some of the tools in Innoslate.
One of the most difficult parts of this process is risk identification. It requires that all the technical and program staff to consider risk in their day-to-day work and report that risk along with any mitigation techniques to the risk managers. Innoslate covers this with an explicit step in all of our processes for risk identification. This step reminds staff to consider risks at every stage of development. The figure below shows our functional analysis process with the Risk Checklist.
In the risk analysis step, the risk manager assesses the likelihood (probability) of a risk and the consequence. Once those have been pinpointed, along with the Risk Category (Technical, Programmatic, Business/External), mitigation techniques are also identified.
There exists a large number of risk management tools. The 2015 guide “Risk, Issue, and Opportunity Management Guide for Defense Acquisition Programs” (often called the RIO Guide) contains a section on “Selecting a Risk Management Tool,” where they provide the following criteria:
- Support Objectives: Does the tool aid in meeting program objectives?
- Recurrence: Will the risk management tool accommodate recurring updates to the risk management process?
- Helpfulness: Will the tool be useful during the decision-making process?
- Accessibility: Will the tool be accessible to all users, perhaps remotely, including certain tool-licensing requirements?
- Integration: Does the tool aid in the integration with other program management tools and processes?
- Requirements: Does the tool meet the requirements for the program office and contractor(s)?
A tool that does these things must have at least three forms of risk capturing and display: 1). risk matrix; 2). risk burndown chart; and 3). risk register. Innoslate provides these items and more.
The figure below shows the interactive risk matrix from Innoslate. The probabilities (rows) range from Low to High, and the consequences range from negligible to critical.
Each risk item shown on the matrix has a number of attributes and related information (seen in the figure below). The left column contains information about who created/modified this risk and when. It also contains labels, which in this case includes the category “Schedule.” Note there is a tab for comments in case you need some kind of help with this risk.
The middle panel shows the attributes associated with this risk, including the probability and consequence. A status drop-down menu and a consequence description field are also provided, as are the name, number, and description of the risk itself.
The far right panel shows various relationships, including the source of the risk (caused by) and mitigation (mitigated by). The risk decomposition shows risks at each stage of the development process. These risks are used in the Risk Burndown chart shown below.
Selecting the Risk at SRR, you can see the actual probability and consequence of the risk at this stage. Note that the consequence stays the same, only the probability changes over time. By applying the risk mitigation, the risk probability should be lowered, but the consequence (if the risk actually happens) does not change.
Finally, you can see a summary of these risks in the “risk register” shown below. This table is created in the Innoslate Database View. User can click into any cell in the table and add or change information in the cell. It shows the risk and mitigation technique, as well as other information.
Innoslate can also support risk analysis in modeling and simulation. While modeling the system behavior or process, you can associate the schedule, cost, resource usage, etc. with each step of the process. You can also apply distributions to this information that reflect uncertainty in any numerical value. Running the Monte Carlo simulation executes the models and identifies the potential risk in each factor. An example of a Monte Carlo simulation’s results is shown below.
The mean and standard deviation of the cost and schedule are shown in the first box and are reflected in the bar charts to the right. You can use these impacts to quantify the consequence, particularly the extreme tails. Although only a few simulations showed the cost in the 10 month bin, you can assign a probability and consequence value using this information.
Innoslate goes beyond the tool selection criteria in the RIO Guide. The ability to integrate the results of the risk analysis in Documents View enables more complete and effective risk management in your project. You can try Innoslate’s risk management functionality in a the guided tours by signing up for a free account.