Scribd Logo
Upload

Welcome to Scribd!

  • Risk Assessment Techniques

    Uploaded by

    Ordan Karrel Njanteng Nounjio
    21 views6 pages

    Original Title

    Risk Assessment techniques

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    21 views6 pages

    Risk Assessment Techniques

    Uploaded by

    Ordan Karrel Njanteng Nounjio

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    RISK ASSESSMENT TECHNIQUES

    CERTIFIED IN RISK AND


    INFORMATION SYSTEMS CONTROL

    Bayesian Analysis

    A Bayesian analysis is a method of statistical inference that uses prior


    distribution data to determine the probability of a result. This technique relies on
    the prior distribution data to be accurate in order to be effective and to produce
    accurate results.

    Bow Tie Analysis

    A bow tie analysis provides a diagram to communicate risk assessment results


    by displaying links between possible causes, controls and consequences. The
    cause of the event is depicted in the middle of the diagram (the “knot” of the
    bow tie) and triggers, controls, mitigation strategies and consequences branch
    off of the “knot.”

    Brainstorming/Structured

    Interview The structured interview and brainstorming model gathers a large


    group of types of potential risk or ideas to be ranked by a team. The initial
    interview or brainstorming may be completed using prompts or interviews with
    an individual or small group. For more information on interviewing techniques.

    Business Impact

    Analysis Business impact analysis (BIA) is a process to determine the impact of


    losing the support of any resource. In addition to identifying initial impact, a
    comprehensive BIA seeks to establish the escalation of loss over time. The goal

    CERTIFIED IN RISK AND INFORMATION SYSTEMS CONTROL 1


    RISK ASSESSMENT TECHNIQUES
    CERTIFIED IN RISK AND
    INFORMATION SYSTEMS CONTROL

    of BIA is to provide reliable data on the basis of which senior management can
    make the appropriate decision.

    Cause and Consequence Analysis

    A cause and consequence analysis combines techniques of a fault tree analysis


    and an event tree analysis and allows for time delays to be considered.

    Cause-and-effect Analysis

    A cause-and-effect analysis looks at the factors that contributed to a certain


    effect and groups the causes into categories (using brainstorming), which are
    then displayed using a diagram, typically a tree structure or a fishbone diagram.

    Checklists

    A checklist is a list of potential or typical threats or other considerations that


    should be of interest to the organization, whose items can be checked off one at
    a time as they are completed. The risk practitioner may use previously
    developed lists, codes or standards to assess the risk using this method.

    Delphi Method

    CERTIFIED IN RISK AND INFORMATION SYSTEMS CONTROL 2


    RISK ASSESSMENT TECHNIQUES
    CERTIFIED IN RISK AND
    INFORMATION SYSTEMS CONTROL

    The Delphi method leverages expert opinion received using two or more rounds
    of questionnaires. After each round of questioning, the results are summarized
    and communicated to the experts by a facilitator. This collaborative technique is
    often used to build a consensus among experts.

    Event Tree Analysis

    An event tree analysis is a forward-looking, bottom-up model that uses inductive


    reasoning to assess the probability of different events resulting in possible
    outcomes.

    Fault Tree Analysis

    A fault tree analysis starts with an event and examines possible means for the
    event to occur (top-down) and displays these results in a logical tree diagram.
    This diagram can be used to generate ways to reduce or eliminate potential
    causes of the event.

    Hazard Analysis and Critical Control Points (HACCP)

    Originally developed for the food safety industry, HACCP is a system for
    proactively preventing risk and assuring quality, reliability and safety of
    processes. The system monitors specific characteristics, which should fall within
    defined limits.

    Hazard and Operability Studies (HAZOP)

    CERTIFIED IN RISK AND INFORMATION SYSTEMS CONTROL 3


    RISK ASSESSMENT TECHNIQUES
    CERTIFIED IN RISK AND
    INFORMATION SYSTEMS CONTROL

    HAZOP is a structured means of identifying and evaluating potential risk by


    looking at possible deviations from existing processes.

    Human Reliability Analysis (HRA)

    HRA examines the effect of human error on systems and their performance.

    Layers of Protection Analysis (LOPA)

    LOPA is a semi-quantitative risk analysis technique that uses aspects of HAZOP


    data to determine risk associated with risk events. It also looks at controls and
    their effectiveness.

    Markov Analysis

    A Markov analysis is used to analyze systems that can exist in multiple states.
    The Markov model assumes that future events are independent of past events.

    Monte-Carlo Analysis

    IEC 31010:2009 describes Monte Carlo simulation in the following manner:

    Monte Carlo simulation is used to establish the aggregate variation in a


    system resulting from variations in the system, for a number of inputs,
    where each input has a defined distribution and the inputs are related to
    the output via defined relationships. The analysis can be used for a
    specific model where the interactions of the various inputs can be
    mathematically defined. The inputs can be based upon a variety of

    CERTIFIED IN RISK AND INFORMATION SYSTEMS CONTROL 4


    RISK ASSESSMENT TECHNIQUES
    CERTIFIED IN RISK AND
    INFORMATION SYSTEMS CONTROL

    distribution types according to the nature of the uncertainty they are


    intended to represent. For risk assessment, triangular distributions or
    beta distributions are commonly used.

    Preliminary Hazard Analysis

    Preliminary hazard analysis looks at what threats or hazards may harm an


    organization’s activities, facilities or systems. The result is a list of potential
    risk.

    Reliability-centered Maintenance

    Reliability-centered maintenance analyzes the functions and potential failures of


    a specific asset, particularly a physical asset such as equipment.

    Root Cause Analysis

    Root cause analysis is a process of diagnosis to establish the origins of events,


    which can be used for learning from consequences, typically from errors and
    problems.

    Scenario Analysis

    Scenario analysis examines possible future scenarios that were identified during
    risk identification, looking for risk associated with the scenario should it occur.

    CERTIFIED IN RISK AND INFORMATION SYSTEMS CONTROL 5


    RISK ASSESSMENT TECHNIQUES
    CERTIFIED IN RISK AND
    INFORMATION SYSTEMS CONTROL

    Sneak Circuit Analysis

    A sneak circuit analysis is used to identify design errors or sneak conditions


    such as latent hardware, software or integrated conditions that are often
    undetected by system tests and may result in improper operations, loss of
    availability, program delays or injury to personnel.

    Structured “What If” Technique (SWIFT)

    A structured “what if” technique uses structured brainstorming to identify risk,


    typically within a facilitated workshop. It uses prompts and guide words and is
    typically used with another risk analysis and evaluation technique.

    CERTIFIED IN RISK AND INFORMATION SYSTEMS CONTROL 6

    You might also like