Technical Risk Assessment Handbook - Defence Science and ...

More documents

Recommendations

Info

12 3.18 Technology risk and technical risk are therefore defined as 7 : Technology risk: Technical risk: ‘the risk that the project will not achieve its objectives due to an underpinning technology not maturing in the required timeframe’. ‘the risk that the project will not achieve its objectives due to risks which arise in the integration of critical technologies, and/or sub-systems dependent on them, or to the integration of the system into the ADF’. 3.19 The AS/NZS ISO 31000:2009 standard notes that impacts can be either negative or positive, the later commonly being referred to as opportunities. Technology opportunities are most likely to lead to greater performance than anticipated or delivery earlier than required. Where there are significant opportunities that warrant consideration by the project they should be raised in the TRA. 3.20 The TRA addresses sources of risk that arise only from technical and technology sources, while risks from other source types are assessed by other contributors to the project and integrated into the project risk management plan (eg, workforce risk, cost and schedule risks are all addressed in other risk assessments). Assessing technical risks 3.21 Technical risks are assessed using a likelihood and consequence framework consistent with the ANS/NZS ISO 31000:2009 standard 8 . In this construct, risks are described through a risk statement that identifies the risk source and the event that could impact on the project’s objectives, and describes this impact. Risk statements can be expressed simply as IF…….THEN ……. statements such as: ‘IF this risk event were to occur THEN it would impact on achieving one or more project objectives.’ So for example: ‘IF the development of the radar is not successfully achieved, THEN this could adversely affect the ability to detect approaching air threats by the required range.’ 3.22 More methodically, the risk statement can be expressed in the following form: ‘There is a chance that { Project xx…} will be affected by {…risk event…} leading to an impact on {… list of project objectives…}.’ Or for the example above: ‘There is a chance that the radar development will not be successful leading to an impact on the required ability to detect approaching air threats by the required range. ‘ 3.23 Risk statements constructed in this latter form help ensure that the risk is clearly described, characterised at the appropriate level to drive management action, and 7 These definitions have been updated from Moon, T., Smith J., Nicholson J., Fewell, S. and Duus, A. (2004). TRA Principles, Process and Practice. DSTO-GD-0405, to refer to the project’s objectives. 8 Standards Australia (2009) Risk management - Principles and guidelines, AS/NZS ISO 31000:2009 Technical Risk Assessment Handbook Version 1.1
13 linked to the key objectives of the project. A risk event can affect more than one objective and it is important to consider and list all objectives that are impacted. The risk assessment should be based on the highest impact where multiple objectives are impacted by a particular risk. Risk criteria 3.24 Risk criteria are used to evaluate the significance of risk. The AS/NZS ISO 31000:2009 standard 9 notes that risk criteria should be adapted to meet the objectives of the organisation and of the risk assessment. 3.25 The following risk criteria have been developed to meet Defence’s requirements of the TRA, that is, to identify technical risks and issues for risk treatment and issue resolution, and to inform Government of the level of technical risk in a major project 10 . In some circumstances the PSTA may consider that it may be appropriate to adopt different risk criteria, such as for a highly-developmental project or for a project with significant safety risks. In those cases the PSTA may develop appropriate risk criteria in consultation with the Studies Guidance Group (SGG) of DSTO Projects and Requirements Division, who are responsible for technical risk policy and process in DSTO. 3.26 As part of the risk assessment, each risk event identified is examined to estimate the likelihood of its occurrence and its impact on the project’s objectives to arrive at the risk itself. Any risk event which is assessed as having a likelihood greater than 50% is rated as More Than Likely, between 20-50% as Less Than Likely, and less than 20% as Unlikely. 3.27 Once the likelihood is assessed, each risk event is examined to assess the impact of the event, if it were to occur, on the project’s objectives in terms of the required performance, supportability, safety, cost or schedule. The impact or consequence is expressed in terms of either Major, Moderate or Minor as follows: • Major: significant impact on achieving the project’s objectives, such as a significant reduction in performance or safety or a major shortfall in supportability. • Moderate: moderate impact on achieving the project’s objectives. • Minor: little impact on achieving the project’s objectives. 3.28 Once the likelihood and impact for an event are determined, the risk assessment is expressed in terms of high (shown in Table 1 as red), medium (yellow) or low (green) as shown in the risk matrix at Table 1. 9 Standards Australia (2009) Risk management - Principles and guidelines, AS/NZS ISO 31000:2009 10 Moon, T., Smith, J. and Cook, S.C. (2005). Technology Readiness and Technical Risk Assessment for the Australian Defence Organisation. In Proceedings of the Systems Engineering, Test & Evaluation Conference, SETE 2005 – A Decade of Growth and Beyond, Brisbane, Queensland. Technical Risk Assessment Handbook Version 1.1
Page 1 and 2: UNCONTROLLED IF PRINTED DSTO TECHNI
Page 3 and 4: iii Overview Preface The Technical
Page 5 and 6: 1 Chapter 1 Introduction 1.1 Techni
Page 7 and 8: 3 Chapter 2 Technical Risk Assessme
Page 9 and 10: 5 activities link into project risk
Page 11 and 12: 7 2.16 Following Government Project
Page 13 and 14: 9 Establishing the context Communic
Page 15: 11 modifying the equipment may intr
Page 19 and 20: 15 Technology Readiness Description
Page 21 and 22: 17 3.36 Annex C provides a more det
Page 23 and 24: 19 4.7 Risk treatment strategies fo
Page 25 and 26: 21 in this project, what is not inc
Page 27 and 28: 23 a list for each sub-system of th
Page 29 and 30: 25 5.27 These technical risks are t
Page 31 and 32: 27 Project AIR 1234 TRA Summary Lik
Page 33 and 34: 29 being modified. In this case the
Page 35 and 36: 31 the degree of divergence of expe
Page 37 and 38: 33 Acronyms ADF ADO CABSUB CDG CDB
Page 39 and 40: 35 Annex B Indicative Structure of
Page 41 and 42: 37 Software Technology Readiness Le
Page 43 and 44: 39 System Readiness Levels 1 SRL De
Page 45 and 46: 41 7. What regulatory hurdles need

Technical Risk Assessment Handbook - Defence Science and ...

Create successful ePaper yourself

Delete template?

Save as template?