Notes on Risk Analysis MAXIMIZING THE CHANCES OF SUCCESS AERO 401 D. B. KANIPE MARCH, 2016
Focus of Design process Design of Spacecraft Getting the design to work as planned Accomplishing the mission objectives Ambitious objectives more complex design A large number of things must work for a successful mission Failures (anomalies) are inevitable Even getting a design to work without considering failures is challenging and expensive Therefore, spending additional money to protect against potential anomalies can be a tough sell. 2
Risk, R, is defined as: What is Risk? A negative event which may occur in the future Risk is discussed in terms of Likelihood versus Consequence Risk Reliability Reliability is the probability of a failure NOT occurring Risk analysis includes the consequence of the event Robust design Tolerate some amount of failure under nominal conditions If the nominal conditions are indeterminate, the design must be able to function over a wider range of conditions. The design may still have risks in other areas Anomaly An anomaly is something which is occurring, or has occurred 3
Risk Management Risk Management gives deliberate thought to: The sources of risk Magnitude of risk Reduction of risk Mitigation of risk 4 Risk Management is a continuous and iterative decision making technique designed to improve the probability of success. It is a proactive approach.
Mission Risk Two Types of Risk Affects the total return of the mission 5 Impact: what will be lost if the negative event occurs Mission risks can be thought of as a failure or anomaly occurring during operations Example: failure of an antenna to track signal Implementation Risk Affects the cost, schedule, or engineering resources Impact: percentage of budgets or reserves used to recover from the negative event Implementation risks can be thought of as risks that occur before operations begin Example: failure to deploy solar panels
Sources of Risk 6 Unrealistic schedule estimates or allocation Unrealistic cost estimates or budget allocation Inadequate staffing or skills Uncertain or inadequate contractor capability Uncertain or inadequate vendor capability Insufficient production capacity Operational hazards Unprecedented efforts without estimates Poorly defined requirements No bidirectional traceability of requirements Impracticable design Inadequate configuration management Unavailable technology Inadequate test planning Inadequate quality assurance Issues, hazards, and vulnerabilities that could adversely affect the program s technical effort
Continuous Risk Management Part of the Design Process 7 Identify: potential risks Analyze: Estimate Likelihood and Consequence Plan: Decide what to track, establish thresholds for corrective action, and propose risk control actions Track: Compare observable data with Technical Performance Measures Control: For emergent risks, execute appropriate control action Communicate, Deliberate, and Document
One Example of Risk Identification 8
How to Identify Risks 9 Ask the people designing the system What keeps you up at night? What part, component, system doesn t have your confidence? Learn how the (part, component, system) works Learn from the experience of others NASA Lessons Learned database Military standards database Use heritage systems Caveat #1 : how different is the new environment from original usage environment Caveat #2: similar systems can have similar risks and problems Any unique area or system is a likely risk item Failure Modes and Effects Analysis (FMEA)
Documenting Risks Risk data sheet, Risk list, or Risk database Risk statement If event then consequence If the radiators cannot be activated, the crew must deorbit. Mitigation options Point of contact Any information on the Likelihood and Consequence Qualitative Risk Assessment Common method: Fever Chart 10
Risk Matrix (Fever Chart) Likelihood 2 3 4 5 11 Sample Sources of Risk Unrealistic schedule Inadequate staffing /skills New technology Test failures Operational hazards Poor requirements Infeasible design Unavailable technology Poor quality assurance Design deficiencies 1 1 2 3 4 Consequence 5 Little or no potential for increase in cost, schedule disruption, or degradation of performance May cause some increase in cost, schedule disruption, or degradation of performance Likely to cause significant increase in cost, schedule disruption, or degradation of performance 11
Placing Risks Likelihood Bin Qualitative Mission Risk Implementation Risk 1 Very low Less than 1% Less than 1% 2 Low 1% to 5% 1% to 5% 3 Moderate 5% to 15% 5% to 50% 4 High 15% to 25% 50% to 80% 5 Very High > 25% 80% to 100% Bin Qualitative Mission Risk Implementation Risk Consequence 1 Very low Minimal or no impact Within subsystem purview 2 Low 3 Moderate 4 High Small reduction in mission objectives Cannot meet full mission objectives Can t meet minimum mission success Within subsystem purview May need Project support Serious cost/schedule impact will require Project support 5 Very High Mission failure Project in jeopardy 12
Example 13 5 E Likelihood 2 3 4 D A B C 1 A Temperature violation B Reaction wheel saturation C Propulsion failure D Temporary electrical outage E Never, ever, ever have these 1 2 3 4 Consequence 5 Focus on the Bin definition and let the color fall out of that definition