COMP8130 and COMP4130 Adrian Marshall Verification and Validation Risk Management Adrian Marshall.

COMP8130 and COMP4130 Adrian Marshall

Verification and Validation

Risk Management

Adrian Marshall


Overview

Introduction

AS/NZS 4360 – The Australian Risk Management Standard

Risk Management Definitions

Risk Management Process Overview• RM 1: Communicating & Consulting• RM 2: Establishing the context• RM 3: Identifying risks• RM 4: Analysing risks• RM 5: Evaluating risks• RM 6: Treating risks• RM 7: Monitoring & reviewing risks

Risk Management Plans


Risk Management Basics

• Managing risks involves both threats and opportunities

• Managing risks requires rigorous thinking

• Managing risks requires forward thinking

• Managing risks requires balanced thinking

• Managing risks requires accountability in decision making

• Managing risks requires communication

THE ALTERNATIVE TO RISK MANAGEMENT

IS RISKY MANAGEMENT


AS/NZS 4360:2004

The Australian Risk Management Standard

• Represents leading practice

• Provides a generic guide for managing risk

• Should be applied at all stages in the life of an activity, function, project, process or asset

• Is intended to be applied to the management of both potential gains and losses

• Is supported by a handbook which includes commentary on the Standard’s contents and provides examples of tools, techniques and related work products (HB 436:2004)


Risk Management Definitions

Consequence• Outcome or impact of an event

Hazard• A source of potential harm

Likelihood• A probability or relative frequency of occurrence of an event

Loss• Any negative consequence or adverse effect

Risk• The chance of something happening that will have an impact on objectives (Risk may have a positive or negative impact)a measure of risk = consequences x likelihood


Risk Management Process


Communicating & Consulting

• Internal & external communications

• Stakeholder consultation

• Expert contributions

• Sharing ownership


Establishing the Context

• The external context

• The internal context

• The risk management context

• Develop risk criteria

• Define the necessary risk management structure


Identifying Risks

• What can happen, where and when?

• Why and how can it happen?

• Tools and techniques


Analysing risks

• Risk sources• Positive & negative consequences• Cause and effect analysis• Existing controls• Sensitivity analysis• Modelling & simulation• Qualitative analysis• Semi - quantitative analysis• Quantitative analysis• Financial impact analysis


Analysing Risks - 1

Qualitative Representation


Analysing Risks - 2

Semi Quantitative Representation


Evaluating Risks - 1

• Decision making based on analysis outputs

• Comparison of risk levels for events

• Ranking and prioritisation

• Tolerable risk


Evaluating Risks - 2

Tolerable risk – as low as reasonably practicable


Evaluating Risks (3)

Tolerable risks• Tolerance may vary from project to project


Treating Risks

• Identifying treatment options

• Assessing treatment options

• Preparing and implementing treatment plans

• Mitigation and Contingency


Monitoring & Reviewing Risks

• Monitoring environmental and causal factor changes

• Monitoring treatment effectiveness

• Monitoring risk management process effectiveness


Risk Management Plans

• Define how risk management is to be conducted

• Communicate the risk management policy

• Establish accountability and authority

• Customise the generic risk management process

• Identify risk management resources, techniques and tools

• State how risk management activities will be measured, recorded, evaluated and reported

Date post:	21-Dec-2015
Category:	Documents
View:	216 times
Download:	2 times

COMP8130 and COMP4130 Adrian Marshall Verification and Validation Risk Management Adrian Marshall.

Documents