A Formalised Approach to the Management of Risk: Process Formalisation

A Formalised Approach to the Management of Risk: Process Formalisation

Mike Brownsword, Rossi Setchi
Copyright: © 2011 |Pages: 18
DOI: 10.4018/jkss.2011070105
(Individual Articles)
No Current Special Offers


Observations made while working with industry and government organisations have shown a number of issues with the implementation of current risk management best practice. A major issue in many cases is the lack of pragmatism associated with the risk management process and the need for a more formalised approach to risk management. In this paper, the authors propose and validate a multi-view approach to defining the processes required to carry out risk management. The formalised approach proposed includes a definition of risk, an ontology, a set of processes, and a pragmatic methodology, which shows an application of these processes enabling pro-active management of change. The ability of the processes to be applied to different types of risk has been demonstrated through a case study highlighting health and safety issues. Within the current engineering and economic climate this logical approach provides a visualisation which is consistent, repeatable, view based, and pragmatic.
Article Preview

There are many understandings of the term ‘process’. This section focuses on understanding what risk experts and standards mean when they discuss the 'risk management process'. The focus will be on contributions which have defined a process and standards presenting a baseline approach to risk management.

In his tutorial on software risk management Boehm (1989) defines a number of steps aimed at identifying, addressing and eliminating software risks before they cause re-work or failure, and a life cycle model, called ‘Boehm’s spiral model’, in which these steps can be applied. This work was carried out when software risk management was considered to be an emerging discipline, however many of the concepts are still applied. The spiral model provides an incremental approach to defining requirements, architecture and design through the re-use of the four main elements: 'determine objectives, alternatives, constraints', 'evaluate alternatives; identify, resolve risks', 'develop, verify next level product' and 'plan next phases'.

Boehm (1989) states that the objectives of software risk management are to identify, address, and eliminate software risk items before they become either threats to successful software operation or major sources of software rework. He defines two primary steps within risk management: risk control and risk assessment. Three sub-steps exist within each; risk control covering management, monitoring and resolution, and risk assessment involving identification, analysis and prioritisation. The disadvantage of the spiral model is that it specifies the work to be completed in each step: this constrains the flexibility of the model and therefore its application to other areas. Boehm’s contribution is the differentiation between risk assessment, which he called ‘control’, and risk management, which provides in many cases a useful delineation between the work of identifying and fully defining risks, and the plans and controls which need to be in place to ensure that risks are dealt with effectively.

Complete Article List

Search this Journal:
Volume 14: 1 Issue (2023)
Volume 13: 4 Issues (2022): 2 Released, 2 Forthcoming
Volume 12: 4 Issues (2021)
Volume 11: 4 Issues (2020)
Volume 10: 4 Issues (2019)
Volume 9: 4 Issues (2018)
Volume 8: 4 Issues (2017)
Volume 7: 4 Issues (2016)
Volume 6: 4 Issues (2015)
Volume 5: 4 Issues (2014)
Volume 4: 4 Issues (2013)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing