Risk management tools

From Wikipedia, the free encyclopedia

Risk management is a non-intuitive field of study, where the most simple of models consist of a probability multiplied by an impact. Understanding individual risks may be difficult as multiple probabilities can contribute to Risk total probability. Likewise, impacts may be measured in "units" of cost, time, events (for example, a catastrophe), market states, reputation, and other dimensions. This is further complicated by there being no straightforward approach to consider how multiple risks, and their responses, will influence one another or increase the overall risk of the subject of analysis.

Risk management tools allow planners to explicitly address uncertainty by identifying and generating metrics, parameterizing, prioritizing, and developing responses, and tracking risk. These activities may be difficult to track without tools and techniques, documentation and information systems.

Simple risk management tools allow documentation. More sophisticated tools provide a visual display of risks, while the most cutting edge, such as those developed by Air Force Research Laboratory Headquarters, are able to aggregate risks into a coherent picture.

Representative tools and techniques

  • Capital asset pricing model – Used to determine the appropriate required rate of return of an asset, if that asset is added to an already well diversified portfolio, based on non-diversifiable risk.[1]
  • IBM OpenPages GRC Platform – Integrated enterprise governance, risk and compliance solution that includes modules for operational risk management, policy and compliance management, financial controls management, IT governance, and internal audit management
  • SureStep:RMS OpRisk Platform - A flexible and scalable SaaS (Software-as-a-Service) or 'on-prem' operational risk management solution with a strong emphasis on business user access and mobility. Suitable for the SMB and enterprise markets.
  • Probabilistic risk assessment (PRA, also called Probability Consequence or Probability Impact Model) – Model based upon single-point estimates of probability of occurrence, initiating event frequency, and recovery success (e.g., human intervention) of a specific consequence (e.g., cost or schedule delay).
  • RiskAoA – A predictive tool used to discriminate between proposals, choices, or alternatives, by expressing risk for each as a single number, so a proposal's trade-space between cost, scheduled time and risk from its desired characteristics can be compared instantly.[2] RiskAoA and variations of PRA are the only approved tools for United States Department of Defense Military Acquisition.
  • GessNet TurboAC - Medical device risk management tool with integrated solutions for ISO 14971, hazard analysis, fault tree analysis (FTA), failure mode and effects analysis (FMEA), risk traceability analysis, and safety assurance case.
  • Risk register – A project planning and organizational risk assessment tool. It is often referred to as a Risk Log.
  • EPRI Risk and Reliability Workstation (CAFTA) – Widely used tool to create and quantify core damage frequency numbers at American commercial nuclear power plants.[3]
  • Altova MetaTeam – A tool providing the framework required for managing risk management activities, as discussed in ISO 31000 and the PMBOK. A broadly applicable overview of this approach is available.[4]

See also

References

  1. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=447580
  2. https://acc.dau.mil/CommunityBrowser.aspx?id=126070
  3. http://teams.eprisolutions.com/RR/default.aspx
  4. http://blog.metateam.net/2013/01/using-metateam-to-track-and-manage-risks.html
This article is issued from Wikipedia. The text is available under the Creative Commons Attribution/Share Alike; additional terms may apply for the media files.