||DSMC RMG 4th: Risk Management Guide 4th
Figure 5-13 shows the process for this technique, which
relies on qualitative judgment and multi-voting methods to summarize risks at
the critical risk area and process level in terms of PF and
CF. The risks identified in the RIFs and Risk Prioritization List
are first grouped according to critical risk areas and processes, and listed
in priority sequence.
Within each area and process, the individual risks are
evaluated against a set of established criteria to determine the overall
aggregate risk rating for the area/process. Aggregation criteria needs to be
established separately for PF and CF; PF and
CF should not be combined into a single index, e.g., moderate risk.
Examples of aggregation criteria include: (1) most undesirable PF
and CF of all the risks within a risk area or process becomes the
aggregated values for the area or process, or (2) the PF and
CF for each area or process represents the mean value for that area or process.
The team then votes on each risk area and process to
determine its rating for PF and CF, and the results are
documented. In addition to the PF and CF ratings for
each critical risk area and process, those risks that tend to "drive" the
aggregate risk rating for the area/process should be included in a list of
aggregated risks to give substance to the aggregated ratings, e.g., all risks
in which either PF or CF are rated as high. Figure 5-14
provides a sample list of aggregated risks.
Risk Matrix is a software tool that is designed to aid
in managing the identification, rating, and prioritization of key risks that
might affect a project. It provides a structured method for prioritizing
project risks and for tracking the status and effects of risk-handling
efforts. The major feature that Risk Matrix offers the program office is a
means to both rate and rank program risks. This is helpful in differentiating
among risks that have the same rating. For example, if a program has eight
risks that the program office has evaluated/rated as high, Risk Matrix
provides the means to rank them in order of severity. The user can use this
ranking as a guide to help focus risk-handling efforts. Risk Matrix was
developed by the Air Force Electronic Systems Center (ESC) and The Mitre
Corporation and is available to program offices free of charge. Another useful
software tool to use in voting on risks is "Expert Choice" - based on the
Analytical Hierarchy Process (AHP). Whatever software tool is used, the
analyst should recognize that a number of inherent limitation exist with such
software tools, (e.g., unintentionally biasing the voting process) that can
lead to erroneous results.