Analyze+Risk

5.1 Define the Risk Analysis Processtoc
The Risk Analysis process is the second phase of the Risk Management Process. The risk analysis has some similarities to the risk identification process; it shares the same definition for the way that it can be viewed internally and externally.

5.1.1 Process Goals
Process Goals are a set of rules that will suffice the risk analysis process and also ensure the process quality. These goals are:
 * Analyzing risk in a cost-efficient manner. You have to set a cost to each risk, and make decision on whether or not it is cost efficient to fix the risk, especially if the result from the risk is minimal, and the price to fix the risk is high.
 * Refine the risk context.
 * Determine the source of the risk. Knowing what’s causing the risk increases the probability of fixing or minimizing the risk.
 * Determine the risk exposure.
 * Determine the time frame for action.
 * Determine the highest-severity risks. Prioritize the risk from the most severe to the least.

5.1.2 Process Definition
The IDEF0 diagram below shows the Risk Analysis process definition.
 * The process controls are located on the top right corner of the IDEF0 diagram, and they regulate the risk analysis process.
 * The process inputs are located on the top left corner of the IDEF0 diagram, and they include a risk statement, which is a declaration of risk in a standard notation.
 * The process outputs are located on the bottom right of the IDEF0 diagram. After going through the risk analysis process, the output should be a risk list that has all the risk prioritized by severity.
 * The process mechanisms are located on the bottom left of the IDEF0 diagram, and they provide structure to the process activities.



5.1.3 Process Activities
The process activities are the tasks that transform uncertainty into a prioritized risk list.
 * 1) Group similar and related risk. Organizing the risk by similarity will help when you assigning the fixes to the right person, or help with coming up with a solution that could fix all the related risks.
 * 2) Determine risk drivers. Risk drivers can cause the probability of the event happening to multiply.
 * 3) Determine the source of the risk. If the risk roots are known, the solution will be easier to find.
 * 4) Use risk analysis techniques and tools. It deals with conflicting cost versus performance goals. You would use the risk analysis techniques to do a trade study on whether to make or buy, and selecting system design.
 * 5) Estimate the risk exposure. Risk exposure (RE) = P x C.
 * 6) Evaluate risk against criteria. Have a standard by which all risk is judged that way. Evaluating risk includes Risk severity and Time frame. Risk severity determines the relative priority by analyzing risk exposure versus time. Time frame is the response required time to prevent risk from happening.
 * 7) Rank risk relative to other risks. Ranking the risk relative to other risk helps prioritize and to know which risk you should focus on first. The risk ranking list should be prioritized by the risk with the highest exposure and shortest time frame for action.

5.2 Define Risk Analysis Techniques
Risk analysis is refining the risk statement and risk context.

5.2.1 Casual Analysis
Casual analysis is a way to find the source of a risk by doing a cause and effect analysis. Finding the root of a risk can prevent it from happening. The risk analysis philosophy thinking states “if an error occurred, it will happen again unless something is done to stop it”. Casual list analysis process includes:
 * 1) Determine the cause of the error.
 * 2) Determine the actions that will prevent the error in the future.
 * 3) Implement these corrective actions.

5.2.2 Decision Analysis
Decision analysis uses models to structure decisions and to represent real-world problems. A model used in decision analysis is the influence diagram. An influence diagram provides a graphical representation of the elements of a decision model. Bellow is an example of an influence diagram.
 * The squares represent the decision nodes
 * The circles represent chance events.
 * The Rectangles with rounded corners represent values.
 * The double circles represent outcomes known when the inputs are given.



5.2.3 Gap Analysis
Gap analysis determines the difference between two variables. The gap analysis is used to determine the need for improvement of risk management practices. The gap analysis uses a survey method to rate essential elements. The Radar charts shows gaps among a number of current and ideal performance. Below is a radar chart. If category E is scored from 1 -10, and got an average score of 4, the gap score is the team rating score minus the highest rating number in the rating scale so 10-4 =6, so the gap score for category E is 6. The line inside the radar chart shows the team average score, for example category A has a gap score of 5, and a team rating score of 5.

5.2.4 Pareto Analysis
The Pareto analysis determines the order in which to address issues. The Pareto analysis uses the 80/20 rule, which states that 20 percent of the sources cause 80 percent of the problems. The Pareto analysis is used to focus on the risk that can reduce the most problems. The Pareto chart gives a visual of the relative importance of the risks.

5.2.5 Sensitivity Analysis
The sensitivity analysis is setting important or variables that can affect the system at their highest level, while treating all other variables as known’s and also setting them to nominal values. A useful tool in sensitivity analysis is Tornado diagrams. The Tornado diagrams allow the user to see the most sensitive variable first. The most significant variable is found at the top, from the tornado diagram below, you can conclude that “licensed user” is the most significant variable. The chart shows that the profit of an internet service provider is largely determined by the number of licensed users. Another good tool to use for sensitivity analysis is the utility functions. Utility function is based on the feeling that you have about the risk. A parameter of the utility function is risk tolerance

5.3 Define Risk Evaluation Criteria
An evaluation criterion is ordering risk by how relatively important they are.

5.3.1 Probability
Probability in risk evaluation is the likelihood that a risk occurrence can be evaluated quantitatively and qualitatively. You can set your probability as a phrase, like “ Highly likely”, or you can set it as a percentage “>80”, or you can set it as a relative number, like with 5 being the most likely that an event would happen, you can set your probability to equal to 5.

5.3.2 Consequence
Consequence is the effect from a risk occurrence. In risk evaluation, consequence is evaluated based on each individual project, for example the consequence for losing manpower, is one week delay in the project schedule.

5.3.3 Time Frame
The time frame is the amount of time you have to prevent a risk occurrence. In Risk evaluation, the time frame can be evaluated by the amount of time and the evaluation, for example a 2month time frame can be evaluated a short amount of time.

5.4 Establish the Risk Prioritization Scheme
Prioritization is used to focus on the most important risk first, which helps with better planning, quality management and risk management.

5.4.1 Nominal Group Technique
Nominal group technique is using a team to agree on which risk they feel is the most important relative to the other risks. Each member of the team ranks the risks from most important to least important, then the total is added, the risk with the highest total is the most important risk. For example: overheating might rank 1, while decaying ranks 2 after they add all the numbers.

5.4.2 Weighted Multivoting
Like the nominal group technique, uses a group to rate, but not rank the relative importance of each risk. Each team member is giving tokens that they can use to distribute amongst the risks. For example: overheating might get 50 points, while decaying gets 25 points.