Abstract: In project management practice, risk always exists. Therefore, how to evaluate and measure the size of the risk, determine the acceptable risk and the unacceptable risk, further analyze the unacceptable risk, formulate compensation measures, and reduce the risk to the minimum or acceptable level is an urgent problem to be solved. This paper discusses the basic methods of risk assessment from the meaning of risk assessment.
Key words: the necessity of risk assessment project management
The meaning of risk assessment
In project management practice, risk mainly refers to the risk of dangerous events, so it is also called dangerous risk. There are unsafe factors in the design and operation of software systems, which will cause damage to equipment, environment and people and loss of tasks. Risk is a measure of the damage and loss caused by these unsafe factors.
Risk assessment has developed over the last two decades as an essential part of safety analysis. Although there are strict standards, rules and implementation guidelines in terms of design, there are always some factors that are consciously or unconsciously introduced into the system, causing potential dangers to exist. These factors mainly exist in three aspects:
(1) Equipment level and implementation rules are usually formulated for representative and typical problems, and some external and accidental events are often not considered.
(2) A level of immaturity and its potential dangers are introduced into the design.
(3) Human factors and computer factors may cause danger in system design, manufacturing, structural technology, operation, maintenance, etc.
Therefore, risks are always present. Even so, the size of the risk can be evaluated and measured, to determine the acceptable risk and the unacceptable risk, to further analyze the unacceptable risk, to formulate compensatory measures to reduce the risk to a minimum or acceptable level.
In practice, people usually define hazard risk as: the possibility of an accident occurring under a certain condition in the future, expressed by the possibility of danger (that is, the probability of hazard occurrence) and the severity of hazard consequences. That is, the risk R of a hazardous event is a function of the probability P of that event and the degree of loss C: that is, R = f(P,C). Therefore, the purpose of our hazard analysis is for risk assessment. Without a risk assessment, a safety assessment is meaningless, or at least incomplete, to say the least.
Safety evaluation, also known as hazard evaluation or risk analysis, is aimed at ensuring safety, in accordance with scientific procedures and methods, to carry out pre-safety analysis and evaluation of inherent or potential dangers and seriousness in the system, and when conditions permit. Under the premise, make a quantitative representation with a given index, grade or probability value, and provide a scientific basis for formulating basic protective measures and safety management. Safety evaluation mainly starts from the possibility, scope and severity of loss and injury, and has the nature and characteristics of prediction. Effective safety countermeasures and measures to eliminate or reduce risks, and compare with safety indicators to study whether safety measures are effective, and on the basis of predicting the possibility of accidents, master the general laws of accidents, and make qualitative and quantitative analysis. Evaluation in order to propose effective safety control measures to reduce and control the occurrence of accidents.
Usually, a security evaluation of a software project should include at least the following:
Investigate the application background of the software project, determine its operating conditions and operating environment;
According to the design goals and principles of the software project, determine the development process, system structure and operation process of the software project;
According to the function, work characteristics and technical requirements of the system, determine the undesired events or event states for the system, as well as the harmful consequences that these events may cause to the system, and classify these events as undesired events of the system, In order to be used as the basis and standard to carry out systematic risk identification;
Identify various sources of hazards that are potentially in the system, including various hazardous states and events that are inherent, potential or man-made in various aspects such as materials, equipment, processes, operations, and maintenance;
Carry out a hazard analysis on the identified hazards, and investigate the system's fault handling and the effectiveness of hazard control measures;
Based on the integrity of the system, comprehensively evaluate the existing security level of the system, give the expected security level, and put forward corresponding security suggestions and measures accordingly.
The above content is aimed at safety evaluation in a broad sense, including the main work of risk analysis and risk assessment. This paper mainly studies the so-called safety evaluation in the narrow sense, that is, the process of risk evaluation. The main work is to carry out the sixth item in the above content. The purpose is to evaluate the safety status of the system and to evaluate whether the various hazards identified after the risk analysis are under control. or what security measures should be taken to incorporate it into the overall goal of system security.
Two methods of risk assessment
Perform risk analysis on the system, first identify the hazards in the system, and then carry out risk assessment. According to different risk assessment methods, it can be divided into qualitative risk assessment and quantitative risk assessment.
1. Qualitative Evaluation Methods
Qualitative risk assessment can reveal the dangers in the system, sub-system and equipment in order according to the system level, so as not to miss any item, and classify them according to the possibility and severity of risks, so that safety measures can be taken according to their priorities. In practice, there are two qualitative risk estimation methods, namely the Risk Assessment Code (RAC) method and the Total Risk Exposure Code (TREC) method.
(1) RAC Law
The RAC method is a commonly used method for qualitative risk estimation. It divides the two factors that determine the risk of a dangerous event, the risk severity and the risk possibility, into relative levels according to their characteristics, forming a risk evaluation matrix, and assigning a risk assessment matrix. Qualitatively measure the risk size with a certain weighted value.
Hazard Severity Level—Due to system, sub-system or equipment failure, environmental conditions, design defects, improper operating procedures, and human errors that may cause harmful consequences, the severity of these consequences is relatively qualitatively divided into several levels, called The severity level of the hazardous event. There are usually four levels of severity, as shown in Table 1.
Table 1 Severity levels of hazardous events
Level Level Description Accident Consequences Description
Ⅰ Catastrophic death or system failure
Ⅱ Serious personal injury, serious occupational disease or serious system damage
Ⅲ Minor personal injury, minor occupational disease or minor damage to the system
Ⅳ Minor personal injury and system damage is less than Grade Ⅲ
According to the frequency of the occurrence of dangerous events, the possibility of dangerous events is qualitatively divided into several levels, which are called the probability level of dangerous events. Usually the possibility level is divided into five levels, as shown in Table 2.
Table 2 Possibility levels of hazardous events
Scale grades describe individual occurrences and general occurrences
A Frequent, frequent, continuous occurrence
B is likely to have several frequent occurrences during the lifetime
C May sometimes occur several times during the lifetime
D Rarely unlikely to occur during the lifetime, but likely to occur Less likely to occur, but reasonably expected to occur
E Impossible to be so unlikely that it can be considered unlikely to be unlikely, but likely to occur
The above-mentioned hazard severity and possibility level are made into matrices and given qualitative weighting indexes respectively to form a risk evaluation index matrix. Table 3 is an example of a risk evaluation index matrix.
Table 3 Examples of Risk Assessment Index Matrix
Severity level \ Likelihood level I (catastrophic)
Ⅱ (severe)
Ⅲ (mild)
IV (slight)
A (frequent) 1 3 7 13
B (probably) 2 5 9 16
C (sometimes) 4 6 11 18
D (rarely) 8 10 14 19
E (impossible) 12 15 17 20
The weighted index in the matrix is called the risk assessment index, and the index 1 to 20 is determined according to the probability and severity level of the hazardous event. with catastrophic consequences. The minimum risk index is 20, which corresponds to the fact that dangerous events are almost impossible to occur and the consequences are minor. The assignment of numerical grades is arbitrary, but it is convenient to distinguish the grades of various risks. , so it needs to be formulated according to the specific object.
The indices in the matrix give four different categories of decision outcomes, also known as risk acceptance criteria. The index is 1 to 5, which are unacceptable risks; 6 to 9 are undesired risks, which need to be decided by the ordering party; 10 to 17 are controlled acceptance risks, which need to be reviewed by the ordering party before they can be accepted; 18 ~ 20 is an acceptable risk without review.
Risk assessment indices are usually developed subjectively, and qualitative indicators are sometimes impractical, which is a major disadvantage of such assessments. Because it is difficult to make a strict qualitative measure of either the severity or likelihood of a hazardous event. For example, the highest level of severity is usually a loss of several million yuan or the death of one or two people, but many dangerous events may lead to hundreds or thousands of deaths and hundreds of millions of yuan in property damage. In this case, it is impossible to use the highest level to express its risk. Thus, the practical value of such an index is affected. Another disadvantage of the RAC method is that risk assessment indices are usually developed subjectively, and qualitative indicators are sometimes impractical.
(2) TREC method
The TREC (Total risk exposure code) method is an improvement of the RAC method. The notable difference between TREC and RAC is that the severity scale is expanded and all losses are converted into currency, and the "exposure" scale replaces the "probability" scale in the evaluation matrix. Exposure indices are determined by multiplying the probability of a single hazardous event (usually expressed as the number of events per 10,000 exposure hours) by an estimate of the total exposure hours over the life cycle and the total amount produced by the system.
The TREC method divides the severity into 10 levels, all in monetary terms, ranging from a minimum of less than 100 yuan to a maximum of more than 1,010 yuan. The scale for each severity level increases in a certain order of magnitude. This representation can evaluate a wide range of losses. Table 4 lists the ranges and averages of each severity index for the TREC method.
Table 4 Severity Index
Severity Index Range (yuan) Average (yuan)
10 > 10×109 5×1010
9 (1~10)×109 5×109
8 100×106~109 5×108
7 (10~100)×106 5×107
6 (1~10)×106 5×106
5 100,000~1,000,000 5×105
4 10,000~100,000 5×104
3 1,000~10,000 5×103
2 100~1,000 5×102
1 < 100 5×101
The exposure index is divided into 10 grades, as shown in Table 5. The exposure index indicates an estimate of the total number of incidents in the system. The minimum value of the index of 1 indicates that the probability of an accident of a certain size caused by a hazardous event over the life of the system is estimated to be less than 0.00001 (1 in 100,000 occurrences); the maximum value of the index is 10, which estimates Hazardous events will result in more than 1,000 incidents over the life of the system. Although the exposure unit of the hazardous event is calculated based on the exposure time (hours, years, number of cycles, etc.), for the convenience of use, the unit can be omitted in the calculation.
Table 5 Exposure Index
Exposure Index Range Average
10 >1,000 5×103
9 100~1,000 5×102
8 10~100 5×101
7 1~10 5×100
6 0.1~1 5×10-1
5 0.01~0·1 5×10-2
4 0.001~0·01 5×10-3
3 0.0001~0·001 5×10-4
2 0.00001~0·0001 5×10-5
1 <0.00001 5×10-6
The total risk exposure index can be obtained by adding the severity index and the exposure index. Table 6 is a total risk exposure index matrix.
Table 6 Total Risk Exposure Index Matrix
Exposure Index
\Severity Index 10 9 8 7 6 5 4 3 2 1
10 20 19 18 17 16 15 14 13 12 11
9 19 18 17 16 15 14 13 12 11 10
8 18 17 16 15 14 13 12 11 10 9
7 17 16 15 14 13 12 11 10 9 8
6 16 15 14 13 12 11 10 9 8 7
5 15 14 13 12 11 10 9 8 7 6
4 14 13 12 11 10 9 8 7 6 5
3 13 12 11 10 9 8 7 6 5 4
2 12 11 10 9 8 7 6 5 4 3
1 11 10 9 8 7 6 5 4 3 2
The total risk exposure index can be used to express the monetary loss associated with the system's lifetime. Using TREC can provide system design managers with the following information:
a. Total Risk Exposure (TRE) - The monetary aggregate estimate of the risk arising from the specific hazardous event being evaluated. Its calculation formula is:
THREE = 5 × 10 (TREC-5)
b. Annual Risk Exposure (ARE) – Total risk exposure divided by estimated design life (in years):
ARE=TRE/design life
c. Unit exposure (URE) - monetary loss per unit of product (or allocation per product), ie TRE divided by the total number of products produced.
URE=TRE/Number of products
d. Risk to Exposure Ratio (RER) – The ratio of total risk exposure to design cost.
RER=TRE/Total investment
The accuracy of TREC depends on the quality of the input data. Therefore, one of the important tasks of system safety is to determine and correct raw estimates of failure rate, exposure rate, design life, quantity of this product in the system, etc. Of course, as can be seen from the above analysis and calculations, TREC has developed qualitative risk estimates to a somewhat quantitative level.
2. Quantitative evaluation method
For a system, device or equipment, through qualitative evaluation, people can have a general understanding of the dangers and the weak links in the security of the system. However, sometimes it is necessary to know what the safety level is, how much the improvement of the system can improve the safety level, how likely is the accident to happen, how serious the consequences are, etc. Answering these questions requires a quantitative risk assessment (Quantified Risk Assessment: QRA). The purpose and role of QRA are shown in Figure 1.
Quantitative risk assessment is a widely used management decision support technique. Quantitative risk assessment consists of five elements:
(1) Hazard identification: Identify accident scenarios, hazards, hazardous events, and their causes and mechanisms. Hazards identified are generally obtained from the Hazard Checklist (PHL), Preliminary Process Hazard Analysis (PPHA), Hazard and Operational Analysis (HAZOP).
(2) Frequency estimation: Determine the frequency of occurrence of identified hazardous events. Typically determined from historical data, fault tree analysis (FTA), reliability and effectiveness studies, and failure mode and effects analysis (FMEA).
(3) Consequence Analysis: Determine the magnitude and probability of the consequences of the identified hazardous event. Determined by event tree analysis (ETA), accident classification/definition.
(4) Risk estimation: Determining the risk level is a combination of frequency and consequence.
(5) Sensitivity analysis: Prioritize the risks of the study, further estimate those meaningful risk levels, compare relevant risk estimates, prioritize the risks of the study, assess independent uncertainties, and set an implementation schedule.
The QRA obtains the evaluation value by alternating cycles. Begin by deriving estimates of quantities through causes, consequences, costs, possible frequencies, and then analyze the sensitivity of these quantities to initial assumptions. QRA is very suitable for application in decision-making problems related to the failure of technical equipment.
Figure 1 The purpose and role of QRA
The establishment of three evaluation models
When evaluating the safety of software projects, the first thing to consider is what principles and standards should be used to examine the safety of the system. As mentioned in the previous risk analysis, the risk factors that cause the system to be unsafe come from various modules in the system. Therefore, consider establishing an evaluation model based on each module in the system, and examine the safety level of the system under various safety indicators according to the work items and contents of safety evaluation. mainly includes:
System function evaluation: the effectiveness of the system in fulfilling the designed function;
System structure evaluation: evaluate system structure (including fault tolerance, adaptability, operability, maintainability, expandability, etc.) risk and risk control;
System operation evaluation: evaluate the danger and risk control of the system in each working period and under different working conditions. Including the use and maintenance of two working states.
Four Summary
There is no absolutely safe thing in the world, and dangerous events exist objectively. However, some dangerous events occur frequently and others rarely; some have serious consequences, while others are very minor. However, no matter under any circumstances, whether it is the development of a large system related to the national economy and people's livelihood, or the compilation of small programs with little impact, there is a need for risk assessment, but their respective assessments have adopted a method suitable for the project itself. There is no doubt that with the development of project management theory, people will pay more and more attention to risk factors, and more and more risk assessment techniques will appear.
references:
[1] Wu Zengyu, Xibao, Liu Changbin. Comparative study on the risk management system of construction projects in China and the United States, research and exploration
[2] Lu Youjie, Lu Jiayi, Project Risk Management [M]. Beijing: Tsinghua University Press, 1998, 95-98
[3] Tian Delu, Lu Fengjun, Analysis of Risk Management Elements. Journal of China Agricultural University. 1998, 3