NASA Systems Engineering Handbook
NASA Systems Engineering Handbook
NASA Systems Engineering Handbook
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
6.4 Technical Risk Management<br />
Te Technical Risk Management Process is one of the<br />
crosscutting technical management processes. Risk is defned<br />
as the combination of (1) the probability that a program<br />
or project will experience an undesired event and<br />
(2) the consequences, impact, or severity of the undesired<br />
event, were it to occur. Te undesired event might<br />
come from technical or programmatic sources (e.g., a<br />
cost overrun, schedule slippage, safety mishap, health<br />
problem, malicious activities, environmental impact,<br />
Key Concepts in Technical Risk Management<br />
or failure to achieve a needed scientifc or technological<br />
objective or success criterion). Both the probability<br />
and consequences may have associated uncertainties.<br />
Technical risk management is an organized, systematic<br />
risk-informed decisionmaking discipline that proactively<br />
identifes, analyzes, plans, tracks, controls, communicates,<br />
documents, and manages risk to increase<br />
the likelihood of achieving project goals. Te Technical<br />
Risk Management Process focuses on project objectives,<br />
Risk: Risk is a measure of the inability to achieve overall program objectives within defned cost, schedule, and technical<br />
constraints and has two components: (1) the probability of failing to achieve a particular outcome and (2) the<br />
consequences/impacts of failing to achieve that outcome.<br />
Cost Risk: This is the risk associated with the ability of the program/project to achieve its life-cycle cost objectives and<br />
secure appropriate funding. Two risk areas bearing on cost are (1) the risk that the cost estimates and objectives are<br />
not accurate and reasonable and (2) the risk that program execution will not meet the cost objectives as a result of a<br />
failure to handle cost, schedule, and performance risks.<br />
Schedule Risk: Schedule risks are those associated with the adequacy of the time estimated and allocated for the development,<br />
production, implementation, and operation of the system. Two risk areas bearing on schedule risk are (1)<br />
the risk that the schedule estimates and objectives are not realistic and reasonable and (2) the risk that program execution<br />
will fall short of the schedule objectives as a result of failure to handle cost, schedule, or performance risks.<br />
Technical Risk: This is the risk associated with the evolution of the design and the production of the system of interest<br />
afecting the level of performance necessary to meet the stakeholder expectations and technical requirements.<br />
The design, test, and production processes (process risk) infuence the technical risk and the nature of the product as<br />
depicted in the various levels of the PBS (product risk).<br />
Programmatic Risk: This is the risk associated with action or inaction from outside the project, over which the project<br />
manager has no control, but which may have signifcant impact on the project. These impacts may manifest<br />
themselves in terms of technical, cost, and/or schedule. This includes such activities as: International Trafc in Arms<br />
Requirements (ITAR), import/export control, partner agreements with other domestic or foreign organizations, congressional<br />
direction or earmarks, Ofce of Management and Budget direction, industrial contractor restructuring, external<br />
organizational changes, etc.<br />
Hazard Versus Risk: Hazard is distinguished from risk. A hazard represents a potential for harm, while risk includes consideration<br />
of not only the potential for harm, but also the scenarios leading to adverse outcomes and the likelihood of<br />
these outcomes. In the context of safety, “risk” considers the likelihood of undesired consequences occurring.<br />
Probabilistic Risk Assessment (PRA): PRA is a scenario-based risk assessment technique that quantifes the likelihoods<br />
of various possible undesired scenarios and their consequences, as well as the uncertainties in the likelihoods<br />
and consequences. Traditionally, design organizations have relied on surrogate criteria such as system redundancy<br />
or system-level reliability measures, partly because the difculties of directly quantifying actual safety impacts, as opposed<br />
to simpler surrogates, seemed insurmountable. Depending on the detailed formulation of the objectives hierarchy,<br />
PRA can be applied to quantify Technical Performance Measures (TPMs) that are very closely related to fundamental<br />
objectives (e.g., Probability of Loss of Crew (P(LOC))). PRA focuses on the development of a comprehensive<br />
scenario set, which has immediate application to identify key and candidate contributors to risk. In all but the simplest<br />
systems, this requires the use of models to capture the important scenarios, to assess consequences, and to systematically<br />
quantify scenario likelihoods. These models include reliability models, system safety models, simulation models,<br />
performance models, and logic models.<br />
<strong>NASA</strong> <strong>Systems</strong> <strong>Engineering</strong> <strong>Handbook</strong> 139