2.1
Risk Assessment Technique
A consistent risk assessment technique should be used whenever the goal is to produce results that can be compared
over time. Each approach has certain advantages and possible
weaknesses, and the risk
practitioner should choose a technique appropriate for the
circumstances of the assessment.
Bayesian Analysis
- It is a method of statistical inference that uses prior distribution data to determine the probability of a result.
- This
technique relies on the prior distribution data to be accurate in order to be effective
and to produce accurate results.
Bow Tie Analysis
- A bow tie analysis provides a diagram to communicate
risk
assessment results by displaying links between
possible causes, controls and consequences.
- The
cause of the event
is depicted in the middle of the diagram (the “knot” of the bow tie) and triggers, controls, mitigation
strategies and consequences branch off of the “knot.”
Brainstorming/Structured
Interview
- The
structured interview and
brainstorming model gather potential
risks or ideas to be ranked by a team.
- The
initial interview or brainstorming may be completed using prompts or interviews with an individual or small group.
Business Impact Analysis
- Business
impact analysis (BIA)
is a process to determine
the critical process of the
organization and decide the recovery strategy during a disaster.
-
In
addition to
identifying initial impact, a
comprehensive BIA seeks to establish the escalation
of loss over time.
- The
goal of BIA is to provide
reliable data on the basis of which senior management can make the appropriate
decision.
Cause and Consequence Analysis
-
A cause and consequence analysis
combines techniques of a fault tree
analysis and an event tree analysis and allows
for time delays to be
considered.
Cause-and-effect Analysis
- Cause
and effect analysis is used to determine the factors responsible for the
occurrence of the event.
- A cause-and-effect analysis
looks at the factors that contributed
to a certain effect and
groups the causes into categories (using brainstorming), which are then displayed using a
diagram, typically a tree structure or a fishbone diagram.
Checklists
- A checklist is a list
of potential or typical threats or other considerations that requires attention of the organization.
- The
risk practitioner may use previously developed lists, codes or
standards to assess the risk
using this method.
Delphi Method
-
In
Delphi method,
opinion from expert is obtained using
two or more rounds of
questionnaires.
- After
each round of
questioning, the results are summarized and communicated
to the experts by a facilitator.
- This
collaborative technique
is often used to build a consensus among
experts.
-
In Delphi technique, polling or
information gathering is done either anonymously or privately between the
interviewer and interviewee.
Event Tree Analysis
- Event tree is an inductive analytical diagram in which an event is analyzed to examine a chronological series of subsequent events or consequences.
- An event tree analysis is a
forward-looking model to assess the probability of different events resulting in
possible outcomes.
Fault Tree Analysis
-
In a fault tree analysis, an
event is identified and then possible means for the event is determined.
- Results are displayed in a
logical tree diagram.
- This
diagram can be used
to generate ways to reduce
or eliminate potential causes of the event.
Hazard Analysis and Critical Control Points (HACCP)
- Originally developed for the
food safety industry, HACCP is a system
for proactively preventing risk and assuring quality, reliability and safety of processes.
- The
system monitors specific
characteristics, which should fall
within defined limits.
Human Reliability Analysis
(HRA)
In human reliability analysis (HRA), attempt
is made to understand the effect of human error on systems and their
performance.
Layers of Protection
Analysis (LOPA)
- LOPA
is a
semi-quantitative risk analysis technique that uses aspects of HAZOP data to determine risk associated with risk events.
- It
also looks at controls and their effectiveness.
Markov Analysis
- Markov analysis
is a method used to forecast the value of a variable whose predicted value is
influenced only by its current state.
- The
Markov model assumes that future events are independent of past events.
-
Markov analysis
is often used for predicting behaviors and decisions within large groups of
people
-
A Markov analysis is used to
analyze systems that can
exist in multiple states.
Monte-Carlo Analysis
- Monte Carlo Analysis is a risk management technique that is used for
conducting a quantitative analysis of risks.
- This technique is used to analyze the impact of risks on your project.
- Monte Carlo methods, or Monte Carlo experiments, are a
broad class of computational algorithms that rely on repeated random sampling
to obtain numerical results.
Preliminary Hazard Analysis
Preliminary hazard analysis looks at what threats
or hazards may harm an organization’s activities, facilities or systems. The result is a list
of potential risk.
Reliability-centered Maintenance
Reliability-centered maintenance analyzes the functions and potential failures
of a specific asset, particularly a physical asset such as equipment.
Root Cause Analysis
Root cause analysis is a process of diagnosis to establish the origins of events, which
can be used for learning from consequences, typically from errors
and problems.
Scenario Analysis
- Scenario analysis examines possible future scenarios that were identified during risk identification,
looking for risk associated with the scenario
should it occur.
- Scenario analysis along with
vulnerability analysis helps to determine whether a particular risk is relevant
to the organization and determine the likelihood of significant events
impacting the organization.
Sneak Circuit Analysis
A sneak circuit
analysis is used to
identify design errors or sneak
conditions such as latent hardware,
software or integrated conditions that are often
undetected by system tests and may result in improper operations, loss of
availability, program delays or injury to personnel.
Structured “What If” Technique (SWIFT)
- A structured “what if” technique
uses structured brainstorming to identify risk, typically within a
facilitated workshop.
- It
uses prompts and guide words and is typically used with another risk analysis and evaluation technique.
Key aspects from CRISC exam perspective