مدل شبکه ی ریسک مبتنی بر شبیه سازی برای پشتیبانی تصمیم در مدیریت ریسک پروژه

This paper presents a decision support system (DSS) for the modeling and management of project risks and risk interactions. This is a crucial activity in project management, as projects are facing a growing complexity with higher uncertainties and tighter constraints. Existing classical methods have limitations for modeling the complexity of project risks. For example, some phenomena like chain reactions and loops are not properly taken into account. This will influence the effectiveness of decisions for risk response planning and will lead to unexpected and undesired behavior in the project. Based on the concepts of DSS and the classical steps of project risk management, we develop an integrated DSS framework including the identification, assessment and analysis of the risk network. In the network, the nodes are the risks and the edges represent the cause and effect potential interactions between risks. The proposed simulation-based model makes it possible to re-evaluate risks and their priorities, to suggest and test mitigation actions, and then to support project manager in making decisions regarding risk response actions. An example of application is provided to illustrate the utility of the model.

Project risk management (PRM) is crucial and indispensable to the success of projects. Indeed, risks in projects have become higher in terms of number and global impact. Projects are more than ever exposed and averse to risks, and stakeholders are asking for more risk management to cover themselves against financial or legal consequences. That is why it has become increasingly important to effectively and efficiently manage project risks, in order to give a higher guarantee of success and comfort to project stakeholders, or at least to warn them against potential problems or disasters. Several standards have been developed in the field of risk management and specifically in project risk management [2], [9], [22], [23], [24] and [35]. Classical PRM process is comprised of four major phases: risk identification, risk analysis, risk response planning, and risk monitoring and control [35]. Risk identification is the process of determining events which, if they occurred, could affect project objectives positively or negatively. Risk analysis is the process of evaluating and prioritizing risks, essentially with respect to their characteristics like probability and impact. The process of risk response planning aims to choose actions which can reduce global risk exposure with least cost. Risk monitoring and control is the ongoing process of “implementing risk response plans, tracking identified risks, monitoring residual risks, identifying new risks, and evaluating risk process effectiveness throughout the project” [35]. Projects are facing a growing complexity, in both their structure and context. In addition to the organizational and technical complexities described by Baccarini [5], project managers have to consider a growing number of parameters (e.g., environmental, social, safety, and security) and a growing number of stakeholders, both inside and outside the project. The existence of numerous and diverse elements which are strongly interrelated is one of the main characteristics of complexity [13], [14] and [25]. The complexity of project leads to the existence of a network of interdependent risks. For instance, there might be propagation from one “upstream” risk to numerous “downstream” risks; on the other side, a “downstream” risk may arise from the occurrence of several “upstream” risks which may belong to different categories. The extreme case of this propagation behavior is the chain reaction phenomenon or the “domino effect”. Another phenomenon is the loop, namely a causal path that leads from the initial occurrence of an event to the triggering of subsequent consequences until the initial event occurs once more. An example of loop is that one initial risk, project schedule delay, may have an impact on a cost overrun risk, which will influence a technical risk, and then propagate to and amplify the original risk of schedule delay. Many risk management methods and associated tools have now been developed. They are usually based on two concepts: probability and impact, assessed by qualitative or quantitative approaches. Criticality is an aggregate characteristic used to prioritize risks. It is generally a combination of probability and impact, or is simply defined as the product of them. Many of these methods independently evaluate the characteristics of risks, and focus on the analysis of individual risks. Risks are usually listed and ranked by one or more parameters [5] and [12]. Generally, these methods do not take into account the subsequent influence of risks and cannot represent the interrelation between them. We can also cite the creativity-based or the expertise-based techniques, like expert judgment using Delphi, affinity diagram, peer interviews or risk diagnosis methodology (RDM) [26], [27] and [28]. To comprehensively understand a risk, it is helpful to identify its causes as well as its effects. Several methods include this principle, but they still concentrate on a single risk for simplifying the problem [11] and [21]. For instance, failure modes and effects analysis (FMEA) consists in a qualitative analysis of dysfunction modes followed by a quantitative analysis of their effects, in terms of probability and impact [7] and [33]; fault tree and cause tree analyses determine the conditions which lead to an event and use logical connector combinations [34]. These methods are unable to model complex interactions among different risks. Few specific methods are able to model risk correlations with a network structure. Several papers on the application of the Bayesian belief network (BBN) have appeared in recent years in the field of project risk management [17] and [29], which could model risk interrelations, from multiple inputs to multiple outputs. Nevertheless, BBN demands oriented links, is inherently acyclic, and hence does not easily model the loop phenomenon; this oversight could potentially lead to a disaster in real projects. These methods are thus not always applicable for practical purpose and fail in some cases to represent the real complexity of the interdependencies among risks. Therefore, to manage a project with complexly interrelated risks, it is important to firstly integrate the multiple dimensions of risks, including classical characteristics like probability and impact, and secondly to bring the modeling of risk interactions into the PRM process. Risk interactions should be modeled with a network structure instead of a classical list or tree structure for representing the real complexity of the project. In this paper, we propose an integrated framework for modeling and analyzing the risk network behavior to support decision-making for risk management. We use classical project risk list, which usually only takes into account the negative aspects of risks, as the inputs of the network model. Thus, this paper mainly focuses on the conventional risks with negative effects. Existing methods like the design structure matrix (DSM) for dependency modeling and the analytic hierarchy process (AHP) for pairwise comparison evaluation are employed to identify and evaluate risk interactions. Simulation technique is used to analyze propagation phenomena and to re-evaluate risks. The aim is to support decision-makers in planning risk response actions with a structured and repeatable approach. The paper is organized as follows. Section 2 presents the framework of decision support system for risk management. Section 3 introduces the process of building the project risk network model. Section 4 describes the potential applications of this model to support managerial decision-making. An example of an application to a real project in the entertainment industry is presented in Section 5 to illustrate the proposed method. We conclude the paper in Section 6 with a discussion of the utility of the model and the perspective on the future work.

This paper has presented an interactions-based risk network model using advanced simulation. The model addresses the limitations of current methods regarding modeling complexity in project risk management. The performance of the model and the satisfaction of the users are validated by the project manager and the associated experts with whom we cooperated for the application to a real musical show project. The DSS enables the project manager to save time for designing risk response plan, and to reduce the cost of dealing with contingencies. Proactive risk management can be achieved by monitoring the status of the risk network and adjusting the risk mitigation plan as the project progresses. The integrated DSS framework provides the project manager with a structured procedure and a series of methods to model, analyze and control the risk network. The project manager and the team of experts are involved throughout the whole process of the DSS to construct the risk network model and decide the risk response plans. Through modeling the propagation behavior in the project risk network, the model enables the project manager to gain innovative insights into the risks, into the relationships between them, and into the global risk network behavior. The refined risk analysis and prioritization results support the project manager in making decisions, for instance, re-assigning the risk ownership and planning more effective mitigation actions. The model is also useful for testing and evaluating the proposed action plans. In addition to the examples of actions tested in Section 5.3, a complete list of mitigation actions is proposed to the project manager based on the DSS. The project manager is able to choose a portfolio of actions to manage the project risks. The selected case study analyzes a number of typical risks in a project of staging a musical show. Moreover, the approach manipulates values of risks and risk interactions, independently of their nature, their number and the type of project. In the risk management of any kind of project, generally risks are all assessed in terms of probability and impact, which are here included in the simulation model. This is why the approach can be generalized and applied to a much wider set of projects. Since the model uses matrix-based and simulation-based methods, the approach is possible to be applied in some very complex situations. There are some limitations and potential extensions of the model. Although the identified risk interactions are assumed to be independent in this study, sometimes the effect of an interaction is influenced by other related interactions. To address this limitation, more identification work about cross-impact between risk interactions by experts and decision-makers is required. In the future work, more parameters like cost of actions will be included so that the mitigation plan can be optimized under resource constraints. Risks with positive effects in the network will be considered, such as risks with positive impact or so-called opportunities like surplus budget and some conditions like good team communication which may mitigate some other negative risks. In addition, risk lifecycles should be registered, so that outdated risks will be deleted in the network structure during the monitoring and control phase. The effectiveness of the model also depends on the validity of the input estimations. At the end of Section 5.2, we performed a preliminary sensitivity analysis on the three-level estimations of risk spontaneous probability, demonstrating the influence of input uncertainties on the risk analysis results. Ref. [4] discusses the challenges involved in the representation and treatment of uncertainties in risk assessment, with regard to decision support. This provides some guidance for our future work on the modeling of input assessment uncertainties and their propagation in the risk network for project risk management. The DSS will be applied to projects in different industries and with different levels of complexity.