comp8130 and comp4130 adrian marshall verification and validation risk management adrian marshall
Post on 21-Dec-2015
216 views
TRANSCRIPT
COMP8130 and COMP4130 Adrian Marshall
Overview
Introduction
AS/NZS 4360 – The Australian Risk Management Standard
Risk Management Definitions
Risk Management Process Overview• RM 1: Communicating & Consulting• RM 2: Establishing the context• RM 3: Identifying risks• RM 4: Analysing risks• RM 5: Evaluating risks• RM 6: Treating risks• RM 7: Monitoring & reviewing risks
Risk Management Plans
COMP8130 and COMP4130 Adrian Marshall
Risk Management Basics
• Managing risks involves both threats and opportunities
• Managing risks requires rigorous thinking
• Managing risks requires forward thinking
• Managing risks requires balanced thinking
• Managing risks requires accountability in decision making
• Managing risks requires communication
THE ALTERNATIVE TO RISK MANAGEMENT
IS RISKY MANAGEMENT
COMP8130 and COMP4130 Adrian Marshall
AS/NZS 4360:2004
The Australian Risk Management Standard
• Represents leading practice
• Provides a generic guide for managing risk
• Should be applied at all stages in the life of an activity, function, project, process or asset
• Is intended to be applied to the management of both potential gains and losses
• Is supported by a handbook which includes commentary on the Standard’s contents and provides examples of tools, techniques and related work products (HB 436:2004)
COMP8130 and COMP4130 Adrian Marshall
Risk Management Definitions
Consequence• Outcome or impact of an event
Hazard• A source of potential harm
Likelihood• A probability or relative frequency of occurrence of an event
Loss• Any negative consequence or adverse effect
Risk• The chance of something happening that will have an impact on objectives (Risk may have a positive or negative impact)a measure of risk = consequences x likelihood
COMP8130 and COMP4130 Adrian Marshall
Communicating & Consulting
• Internal & external communications
• Stakeholder consultation
• Expert contributions
• Sharing ownership
COMP8130 and COMP4130 Adrian Marshall
Establishing the Context
• The external context
• The internal context
• The risk management context
• Develop risk criteria
• Define the necessary risk management structure
COMP8130 and COMP4130 Adrian Marshall
Identifying Risks
• What can happen, where and when?
• Why and how can it happen?
• Tools and techniques
COMP8130 and COMP4130 Adrian Marshall
Analysing risks
• Risk sources• Positive & negative consequences• Cause and effect analysis• Existing controls• Sensitivity analysis• Modelling & simulation• Qualitative analysis• Semi - quantitative analysis• Quantitative analysis• Financial impact analysis
COMP8130 and COMP4130 Adrian Marshall
Evaluating Risks - 1
• Decision making based on analysis outputs
• Comparison of risk levels for events
• Ranking and prioritisation
• Tolerable risk
COMP8130 and COMP4130 Adrian Marshall
Evaluating Risks - 2
Tolerable risk – as low as reasonably practicable
COMP8130 and COMP4130 Adrian Marshall
Evaluating Risks (3)
Tolerable risks• Tolerance may vary from project to project
COMP8130 and COMP4130 Adrian Marshall
Treating Risks
• Identifying treatment options
• Assessing treatment options
• Preparing and implementing treatment plans
• Mitigation and Contingency
COMP8130 and COMP4130 Adrian Marshall
Monitoring & Reviewing Risks
• Monitoring environmental and causal factor changes
• Monitoring treatment effectiveness
• Monitoring risk management process effectiveness
COMP8130 and COMP4130 Adrian Marshall
Risk Management Plans
• Define how risk management is to be conducted
• Communicate the risk management policy
• Establish accountability and authority
• Customise the generic risk management process
• Identify risk management resources, techniques and tools
• State how risk management activities will be measured, recorded, evaluated and reported