شناسایی، رتبه بندی، و مدیریت ریسک در یک سیستم عمده کسب و کار

Risk management is essential to protect the quality of a large-scale engineering effort. It should be a well-defined process that builds on an encompassing and detailed understanding of the purpose, elements, and contexts of the system. It should accommodate qualitative and quantitative information in understanding sources of risk. In an application paper, we use hierarchical holographic modeling (HHM) to identify sources of risk in the acquisition of a large ($1 billion US) software and database system. HHM provides a framework to integrate the perceptions by managers and analysts of what could go wrong in the acquisition. In addition, we filter and prioritize the identified sources of risk based on their likelihoods and potential consequences. Finally, we generate and evaluate alternatives for risk management, focusing on potential impacts to the acquisition schedule.

The identification and management of sources of risk to complex systems can be aided by the consideration of multiple, complementary decompositions of the problem using hierarchical holographic modeling (HHM). Identification of sources of risk can make use, in turn, of different perspectives on the system in terms of its organizational and functional hierarchical structures; the various time horizons; the multiple decision makers, stakeholders, and users of the system; and the host of institutional, legal, and other socioeconomic conditions that require consideration [6]. The contribution of this paper is the application of an HHM-based methodology for identifying, prioritizing, and managing perceived sources of risk in the acquisition of a large-scale software and database system. In Section 2, we describe some relevant literature. In Section 3, we introduce the problem of the risk management of the acquisition of a large data-management system. In Section 4, we describe the application of the HHM to identifying sources of risk. In Section 5, we address the ranking of the identified sources of risk. In Section 6, we demonstrate the evaluation of risk management options and, in Section 7, give some conclusions of the paper.

A process of risk management has involved risk identification, risk ranking, and tradeoff analysis. A methodology based on the HHM has been used to collect and synthesize information on the perceived risks associated with a complex database-system acquisition. A set of criteria is developed to rank the identified risks according to their likelihoods and potential impacts. Finally, we evaluate options for risk management in terms of their costs and potential impacts on the acquisition schedule. There is no one correct structure of the different views or perspectives of the HHM; rather the HHM challenges and evolves with the knowledge of managers and analysts. With integrated product teams (IPTs) prevailing in large government projects, the development of the problem structure in an HHM is often a committee process. The HHM-based method may be more supportive, relative to traditional hazard analyses, of diverse and contradictory views of problem structure. A committee approach combined with the HHM thus should not lead to merely the least common denominator of ideas and concepts. The most widely perceived sources of risks are not necessarily deserving of the greatest concern. Likewise, yet unperceived risks may be important threats to the system cost, schedule, or performance. The HHM has supported a principled inventory of known sources of risk and stimulates managers and analysts to identify a more encompassing set of sources of risk for comparison and management. Yet decomposed hierarchical views of sources of risk may tend to treat factors that are highly correlated as if they were independent and/or obscure the potential for common-mode failures. Appropriate logic structures (e.g. fault trees, event trees, influence diagram, FMECA) to include the causality and influence links among sources of risk have been addressed by many others in the literature cited above.