1
INSE 6320 -- Week 10
• Risk utility or risk tolerance is the amount of satisfaction or pleasure received from a
Risk Analysis for Information and Systems Engineering
•
•
• Risk Utility
• Project Risk Management
•
•
Dr. A. Ben Hamza
3
Risk Utility
potential payoff
A utility function shows the relationship between utility and return (or wealth) when the
returns are risk-free. It represents a way to translate dollars into “Utility Units”.
Risk-Neutral Utility Functions: Investors are indifferent to risk. They only analyze
return when making investment decisions. For Risk Neutral person, maximizing EV is
the same as maximizing expected utility.
Risk-Seeking Utility Functions: For any given rate of return, investors prefer more risk.
Risk-Averse Utility Functions: For any given rate of return, investors prefer less risk.
Concordia University
2
Risk Management Process
•
4
Risk Utility
Risk
 Uncertain or chance events that planning cannot overcome or control.
 Basic decision on expected values (EVs) is convenient, but it can lead to
decision that may not seem intuitively appealing.
 Using expected Values to make decision means that the decision maker is
considering only the average payoff
 EV does not capture the risk attitudes.
•
Payoff
(0.5)
EV=$14.5
Game 1
EV=$50
(0.5)
(0.5)
$30
-$1
Which game would you
choose, game 1 or game 2?
$2,000
Game 2
(0.5)
-$1,900
Risk Management
 A proactive attempt to recognize and manage internal events and external
threats that affect the likelihood of a project’s success.
If expected value (EV) is the basis for the decision, you should choose Game 2. Most
of us, however, may consider Game 2 to be too risky and thus choose Game 1.
This example illustrates that EV analysis does not capture risk attitudes of decision
makers. Individuals who are afraid of risk or are sensitive to risk are called risk-averse.
5
Utility Function
•
•
7
Risk Attitude (Cont.)
Utility functions are models of an individual’s attitude toward risk
Utility functions translate dollars into utility units, and might be specified in
terms of :
 Graph
 Table
 Mathematical expression
U( x )  log( x),
U( x ) 
Utility
Risk-Neutral
Risk-Seeking
Risk-Averse
x
Utility
Dollars
U(x)
A utility function that displays risk-aversion
(upward sloping and concave)
Shapes of Utility Functions of Three Different Risk Attitudes
•
Dollars
x
The purpose of a utility function is to help decision maker choose from
among alternatives that have uncertain payoffs.
6
Some Terminologies
Risk Attitude
• Risk-Averse: Afraid or Sensitive to Risk
 Would trade a gamble for a sure amount that is less than the expected value of the gamble
 U(x) is a concave (opening downward) curve
x 


 U( x )
x
•
(continuous)
U(x  Δ x)  U(x)  U(Δ x) (discrete)
Risk-Neutral: An EV Decision Maker
 Maximizing utility is the same as maximizing EV
 U(x) is a straight line
 U( x )
is constant
x
(continuous)
U ( x  Δ x )  U( x )  U(Δ x ) (discrete)
Expected Utility (EU)
 Weighted average of utilities of all possible states. Instead of maximizing expected
value, the decision maker should maximize expected utility.
•
(continuous) U ( x  Δ x )  U( x )  U(Δ x) (discrete)
Risk-Seeking: Willing to Accept More Risk
 Would play a state lottery
 U(x) is a convex (opening upward) curve
x 

U ( x )
x
8
Certainty equivalent (CE)
 Amount of money that is equivalent in your mind to a given situation that involves
uncertainty. Certainty equivalent is a dollar amount, whereas expected utility is in
utility units.
•
Risk Premium
 Difference between the EV and the CE, i.e., the amount you would pay to avoid the
risk. Premium can be thought of as a measure of how risk-averse a decision maker
is in regard to a particular risky situation.
You have a lottery which has 0.3 probability of winning $200 and 0.7 probability of losing
$10, and you are willing to sell it for $30.
Your certainty equivalent for this lottery is $30
The risk premium of the lottery is:
(0.3*200+0.7*(-10))-30 =53-30=$23
9
Utility Function Assessment Via
Certainty Equivalence
Utility
U(CE) = EU
Expected Utility
(EU)
11
Utility
Curve
•
 Step 1: set the utility of the best payoff to 1 and the utility of the worst
payoff to 0
 Step 2: Construct a situation that involves uncertainty and find its CE using
reference lottery.
 Step 3: Calculate the expected utility of the lottery, EU. Because EU is
equal to U(CE), we get another point (CE, EU) on the utility curve
 Step 4: Repeat Steps 2 and 3 until getting enough points to plot the utility
curve
Risk
Premium
Certainty EV
Equivalent
(CE)
Assess several certainty equivalents from which the utility function is
derived
Dollar
Graphical Representation of Expected Utility,
Certainty Equivalent, and Risk Premium
For a risk-seeking person, CE would be on the right side of EV on the
horizontal axis
10
Utility Function Assessment
•
Assessing a Utility Function is a Subjective Judgment, just like assessing
subjective probability
 Different people have different risk attitudes toward risk and are willing to
accept different levels of risk
•
Two Utility Assessment Methods:
 Assessment using certainty equivalent
• Requires the decision maker to assess several certainty equivalents
 Assessment using probabilities
12
You face an uncertain situation in which you may earn $10 in the worst case, $100 in the
best case, or some amount in between. You have a variety of options, each of which leads to
some uncertain payoff between $10 and $100. To evaluate the alternatives, you must assess
your utility for payoffs from $10 to $100.
 Step 1: let U(10)=0 and U(100)=1
 Step 2: imagine you have the opportunity to play the following reference lottery
A
B
(0.5)
$100
(0.5)
$10
Suppose your CE in this lottery is $30
CE
 Step 3: Calculate EU of lottery A, which is 0.5∙U(100)+0.5∙U(10)=0.5. Therefore,
U(30)=0.5 and you have found a third point on your utility curve.
• This approach use the probability-equivalent (PE) for assessment technique
 Step 4: To find another point, you can take a different reference lottery, say using $100
and $30 as two equally likely outcomes in lottery A, and then follow steps 2 and 3. Continue
with the same procedures until you have enough points to plot the utility function.
13
15
Risk Tolerance and Exponential Utility Function
Suppose you now have five points on your utility curves: U(10)=0, U(18)=0.25,
U(30)=0.5, U(50)=0.75, and U(100)=1, you can plot the utility function
•
Exponential Utility Function
U ( x)  1  e
x
R
U(x)
R is risk tolerance, showing how risk-averse the function is. Larger R means less
risk-aversion and makes the utility function flatter
1
0.9
0.8
0.7
0.6
x (Dollars)
R=1
0.5
R=3
0.4
R=5
0.3
Exponential Utility Functions with
Three Different Risk Tolerances
0.2
0.1
0
0
1
2
3
4
5
6
7
8
10
11
12
12
14
15
x ↑ => U(x) →1
x =0 => U(x) = 0
14
Utility Function Assessment Via
Probability-Equivalent
•
•
Assess the utility of a selected dollar amount directly
Adjust the probability in the reference lottery
(p)
C
D
(1-p)
16
Risk Tolerance and Exponential Utility
Function (Cont.)

Assess Risk Tolerance R
(0.5)
E
$100
$10
F
(0.5)
$Y
– $Y/2
$0
$65
U(65) = p∙U(100) + (1-p)∙U(10) = p∙1+(1-p)∙0 = p
The largest Y for which you prefer to take gamble E is approximately equal
to your risk tolerance
Suppose you decide Y is $900,
then R=900, and your utility function is U ( x )  1  e  x / 900
17
Risk Tolerance and Exponential Utility
Function (Cont.)



•
It is a fact of life that chance events will occur
and affect the outcome of your project
•
Murphy’s Laws codify this “knowledge”
Find CE of Given Uncertain Event

19
Why manage risks?
First calculate the expected utility (EU) of the uncertain event
Since U(CE)=EU, you can solve the equation to get CE
 If anything can go wrong, it will!
 Of things that could go wrong, the one that causes
the most damage will occur!
2
If you estimate the expected value,  , and variance,  , of the payoffs, then CE
2
can be approximately calculated as: CE    0.5R
Example: Suppose you face the following gamble: 1) win $2000 with probability 0.4; 2) win
$1000 with probability 0.4, or 3) win $500 with probability 0.2, and your utility can be modeled
as an exponential function with R=900. What is your CE of this gamble?
The expected utility of the gamble is:
EU = 0.4∙U($2000)+0.4 ∙U($1000 )+ 0.2∙U($500)
= 0.4∙(1-e-2000/900) +0.4 ∙(1-e-1000/900)+ 0.2∙(1-e -500/900) = 0.710
1982 Darwin Award Honorable
Mention giv en to “Lawn Chair” Larry
W alters. Cartoon by Jay Ziebarth,
2002
•
Project risks are defined as the undesirable event, the chance this event
might occur and the consequences of all possible outcomes
•
Risk management attempts to identify such events, minimize their impact &
provide a response if the event is detected
– The essence of Project Management is Risk Management!
Solve 0.710=1-e-CE/900 for CE, you can get CE=$1114.71
18
What is Risk Management?
Risk management is a continuous
and iterative decision making
technique designed to improve the
probability of success. It is a
proactive approach that:
•
•
•
•
•
•
•
Seeks or identifies risks
Assesses the likelihood and impact of these risks
Develops mitigation options for all identified risks
Identifies the most significant risks and chooses which mitigation options to
implement
Tracks progress to confirm that cumulative project risk is indeed declining
Communicates and documents the project risk status
Repeats this process throughout the project life
20
The Importance of Project Risk Management
•
Project risk management is the art and science of identifying, analyzing, and
responding to risk throughout the life of a project and in the best interests of
meeting project objectives.
•
Risk management is often overlooked in projects, but it can help improve project
success by helping select good projects, determining project scope, and
developing realistic estimates.
•
•
•
•
•
A proactive rather than reactive approach.
Reduces surprises and negative consequences.
Prepares the project manager to take advantage of appropriate risks.
Provides better control over the future.
Improves chances of reaching project performance objectives within budget and
on time.
Risk Management Considers the Entire Development and
Operations Life of a Project
21
23
ISO 27000 Security Standards
Risk Type
Examples
• Technical Performance Risk
• Failure to meet a spacecraft technical requirement or
• Cost Risk
• Programmatic Risk
• Failure to stay within a cost cap for the project
• Failure to secure long-term political support
• Schedule Risk
• Failure to meet a critical launch window
(ISO17799)
• Liability Risk
• Spacecraft deorbits prematurely causing damage over
ISO27003
ISO27000
specification during verification
ISO27001
ISO27002
the debris footprint
• Regulatory Risk
• Operational Risk
• Safety Risk
• Supportability Risk
ISO27004
• Failure to secure proper approvals for launch of nuclear
materials
• Failure of spacecraft during mission
ISO27005
• Hazardous material release while fueling during ground
operations
ISO13335
• Failure to resupply sufficient material to support human
presence as planned
22
IT Security Management
IT Security Management: a process used to achieve and maintain
appropriate levels of confidentiality, integrity, availability,
accountability, authenticity and reliability. IT security management
functions include:








organizational IT security objectives, strategies and policies
determining organizational IT security requirements
identifying and analyzing security threats to IT assets
identifying and analyzing risks
specifying appropriate safeguards
monitoring the implementation and operation of safeguards
developing and implement a security awareness program
detecting and reacting to incidents
a proposed standard which will define the vocabulary and definitions used in the
27000 family of standards.
defines the information security management system specification and requirements
against which organizations are formally certified. It replaces the older Australian and
British national standards AS7799.2 and BS7799.2.
currently published and better known as ISO17799, this standard specifies a code of
practice detailing a comprehensive set of information security control objectives and a
menu of best-practice security controls. It replaces the older Australian and British
national standards AS7799.1 and BS7799.1.
a proposed standard containing implementation guidance on the use of the 27000
series of standards following the “Plan-Do-Check-Act” process quality cycle.
Publication is proposed for late 2008.
a draft standard on information security management measurement to help
organizations measure and report the effectiveness of their information security
management systems. It will address both the security management processes and
controls. Publication is proposed for 2007.
a proposed standard on information security risk management. It will replace the
recently released British national standard BS7799.3. Publication is proposed for
2008/9.
provides guidance on the management of IT security. This standard comprises a
number of parts. Part 1 defines concepts and models for information and
communications technology security management. Part 2, currently in draft, will
provide operational guidance on ICT security. These replace the older series of 5
technical reports ISO/IEC TR 13335 parts 1-5.
24
Risk Management Steps
•
There are four major steps to developing a
risk management plan
1. Identify all the possible risk events that could
affect the project
2. Assess each risk in terms of probability, impact
severity and controllability
3. Develop a strategy and/or contingency for
responding to each risk
4. Monitor and control risks dynamically
•
•
A Risk Management Plan should be
developed during the initial project phase
and immediately implemented
The plan should reviewed & revised as
needed during each project phase
25
Identify the project risks
•
•
•
Assessing the Risk Impact
•
•
Generate list of all possible risks by “brainstorming” among team
members
Do not attempt to assess risk probability; that is for a later step
Focus on risk events, rather than risk consequences
27
Not all risks need to be subject to monitoring and control
Use a Scenario Analysis to assess the risk event impact




Determine all consequences and their severity if the event happens
Identify when, during the project, will the event likely happen
Estimate the probability that the risk event will occur
Determine how difficult it will be to detect the event occurrence
 For example, “instrument does not return correct data” is a consequence of events
like poor circuit design, incorrect or failed components, poor software
implementation
•
•
First focus on overall project risks, then identify specific risks
Lessons from past projects are captured via ‘trigger questions’, or
questions that challenge a development strategy or design solution
•
•
Seek input from sources from outside your group
Emphasize critical thinking and remember Murphy’s Laws
Failure Mode and Effects Analysis (FMEA)
Impact × Probability × Detection = Risk Value
26
Risk Assessment Matrix
Ranking the Risk Importance
• Rank risks from those that can be neglected
Likelihood of Occurrence
Harm is certain or near certain to occur
Harm will often occur
Harm will seldom occur
Likelihood Level
High
3
Medium
2
Low
1
•
to those that require elevated vigilance
A Risk Severity Matrix can be helpful in
prioritizing risks
 Plot of event probability versus impact
Severity of Harm
Severity Level
Death or major injury (as defined by RIDDOR) Major
3
3 day injury or illness (as defined by RIDDOR) Serious
2
All other injuries or illnesses
Slight
1
• Red zone identifies the most important
•
Risk = Severity x Likelihood
•
Likelihood
Severity
Slight 1
Serious 2
Major 3
1
Low (1)
Low (2)
Medium( 3)
Medium 2
Low (2)
Medium (4)
High (6)
High
Medium (3)
High (6)
High (9)
Low
3
•
events
Yellow zone lists risks that are moderately
important
Green zone events probably can be safely
ignored
Note that the zones are not symmetrical across the matrix
– High impact low probability events much more important than
likely low impact events
28
Risk During the Project
•
29
Develop a Response for Risks
Risk and the associated cost to address the risk, varies over the project
life cycle
•
 For initial phase there is high chance of risk events, but low cost impact
 For final phase there is low chance of risk events, but cost impact is high
•
A risk response plan identifies the primary components necessary for
managing the risk




Identifying and managing risks will greatly affect project success
31
What response strategy will be used
How will the risk event be detected and the response triggered
What plan will be put in place in response to the event
Who will be responsible for monitoring and controlling the risk
The Risk Event Graph
Risk Response Strategies
•
Mitigating risk
 Actions are taken during the project to either A) reduce the likelihood of a risk, or
B) reduce the impact of the risk
 For example, testing electrical components after receipt would reduce the
likelihood that “bad” parts would be used in a circuit
•
Retaining risk
 Usually for events with low probability but high impact when no alternate strategy
is feasible
 Have a contingency plan ready in case event occurs
•
30
32
Contingency Planning
•
 Can be mitigated by building and testing prototypes of critical components
 Have available backup or alternate designs that have much lower risk
•
•
Sharing risk
Risks associated with costs usually result from estimate errors and
omissions
 Time & cost are related; trade-off schedule delays with lower cost
 “Descope” options that remove components of the project, but still allow the primary
mission to proceed
Transferring risk
 Risk is assumed and managed by a unit outside the immediate project
 For example, risks associated with the balloon vehicle are transferred to the LA
ACES Project management
Risks associated with the schedule usually require a trade-off
 Manage “slack” time to provide resources for delayed components
 Bring in more people (increase costs) or reduce performance
 Multiple units associated with the project assume some portion of the risk
•
Risks associated with the technical aspects of a project can have the
most sever outcomes
•
All “budgets” (mass, power, schedule, cost) should include a reserve
percentage that can be expended as risk events occur
33
Risk and Contingency Planning
•
35
Partial Risk Profile for Product Development Project
Technical Risks
 Backup strategies if chosen technology fails.
 Assessing whether technical uncertainties
can be resolved.
•
Schedule Risks
 Use of slack increases the risk of a late project finish.
 Imposed duration dates (absolute project finish date)
 Compression of project schedules due to a shortened project duration date.
Risk Response Matrix
34
The Risk Breakdown Structure (RBS)
36
Risk Response Process Control
•
•
The Risk Management Plan should specify the risks, risk responses,
and mechanisms used to control the process
Need to continuously monitor for risk triggers
 Potential risk events should be identified early in a project and monitoring for
such events immediately commence
•
Each risk is assigned to a specific person
 Has the expertise & authority to identify & response to an event
•
•
Need environment where problems are readily reported, embraced
& solved
Changes in any aspect of the project need to be documented and
communicated
 Who will have the authority to approve a change
 Use written form to track hardware, software & document changes
 Who is notified of what changes when