A model-based approach to System of Systems risk management

The failure of many System of Systems (SoS) enterprises can be attributed to the inappropriate application of traditional Systems Engineering (SE) processes within the SoS domain, because of the mistaken belief that a SoS can be regarded as a single large, or complex, system. SoS Engineering (SoSE) is a sub-discipline of SE; Risk Management and Modelling and Simulation (M&S) are key areas within SoSE, both of which also lie within the traditional SE domain. Risk Management of SoS requires a different approach to that currently taken for individual systems; if risk is managed for each component system then it cannot be assumed that the aggregated affect will be to mitigate risk at the SoS level. A literature review was undertaken examining three themes: (1) SoS Engineering (SoSE), (2) M&S and (3) Risk. Theme 1 of the literature provided insight into the activities comprising SoSE and its difference from traditional SE with risk management identified as a key activity. The second theme discussed the application of M&S to SoS, providing an output, which supported the identification of appropriate techniques and concluding that, the inherent complexity of a SoS required the use of M&S in order to support SoSE activities. Current risk management approaches were reviewed in theme 3 as well as the management of SoS risk. Although some specific examples of the management of SoS risk were found, no mature, general approach was identified, indicating a gap in current knowledge. However, it was noted most of these examples were underpinned by M&S approaches. It was therefore concluded a general approach SoS risk management utilising M&S methods would be of benefit. In order to fill the gap identified in current knowledge, this research proposed a new model based approach to Risk Management where risk identification was supported by a framework, which combined SoS system of interest dimensions with holistic risk types, where the resulting risks and contributing factors are captured in a causal network. Analysis of the causal network using a model technique selection tool, developed as part of this research, allowed the causal network to be simplified through the replacement of groups of elements within the network by appropriate supporting models. The Bayesian Belief Network (BBN) was identified as a suitable method to represent SoS risk. Supporting models run in Monte Carlo Simulations allowed data to be generated from which the risk BBNs could learn, thereby providing a more quantitative approach to SoS risk management. A method was developed which provided context to the BBN risk output through comparison with worst and best-case risk probabilities. The model based approach to Risk Management was applied to two very different case studies: Close Air Support mission planning and the Wheat Supply Chain, UK National Food Security risks, demonstrating its effectiveness and adaptability. The research established that the SoS SoI is essential for effective SoS risk identification and analysis of risk transfer, effective SoS modelling requires a range of techniques where suitability is determined by the problem context, the responsibility for SoS Risk Management is related to the overall SoS classification and the model based approach to SoS risk management was effective for both application case studies

Appropriate Models In Decision Support Systems For River Basin Management

In recent years, new ideas and techniques appear very quickly, like sustainability, adaptive management, Geographic Information System, Remote Sensing and participations of new stakeholders, which contribute a lot to the development of decision support systems in river basin management. However, the role of models still needs to be emphasized, especially for model-based decision support systems. This paper aims to find appropriate models for decision support systems. An appropriate system is defined as ‘the system can produce final outputs which enable the decision makers to distinguish different river engineering measures according to the current problem’. An appropriateness framework is proposed mainly based on uncertainty and sensitivity analysis. A flood risk model is used, as a part of the Dutch River Meuse DSS to investigate whether the appropriate framework works. The results showed that the proposed approach is applicable and helpful to find appropriate models

A Model for Investigating Internal Control Weaknesses

Scandals in corporate finance in the early 2000s and subsequent policy changes led corporate executives to adopt a more risk-based approach in corporate governance. Therefore, identification and assessment of risks became extremely important. Risk assessment poses a particular challenge for auditors due to the highly complex structure and processes of internal control systems. Extant research in this area mostly focused on probabilistic models and expert systems that capture and model heuristic knowledge. However, evidence suggests that knowledge of the structure of the internal control system is also essential. There is relatively little research that focuses on the modeling of the structural aspects of financial processes and their internal control systems as a means of helping corporate executives and auditors perform their respective tasks of risk management and assessment. This article proposes an approach to risk management and assessment in internal control systems that models the structure and financial processes of an internal control system. The model uses a directed graph to represent the various elements in an internal control system, such as financial statement assertions, control activities, financial processes, and the causal relationships that exist among these elements. The article demonstrates the usefulness of the model by presenting and discussing algorithms based on this model to help corporate executives manage risk and to help internal and external auditors assess risk, for designing substantive testing and for tracing sources of errors

O-RADS US risk stratification and management system: A consensus guideline from the ACR ovarian-adnexal reporting and data system committee.

The Ovarian-Adnexal Reporting and Data System (O-RADS) US risk stratification and management system is designed to provide consistent interpretations, to decrease or eliminate ambiguity in US reports resulting in a higher probability of accuracy in assigning risk of malignancy to ovarian and other adnexal masses, and to provide a management recommendation for each risk category. It was developed by an international multidisciplinary committee sponsored by the American College of Radiology and applies the standardized reporting tool for US based on the 2018 published lexicon of the O-RADS US working group. For risk stratification, the O-RADS US system recommends six categories (O-RADS 0-5), incorporating the range of normal to high risk of malignancy. This unique system represents a collaboration between the pattern-based approach commonly used in North America and the widely used, European-based, algorithmic-style International Ovarian Tumor Analysis (IOTA) Assessment of Different Neoplasias in the Adnexa model system, a risk prediction model that has undergone successful prospective and external validation. The pattern approach relies on a subgroup of the most predictive descriptors in the lexicon based on a retrospective review of evidence prospectively obtained in the IOTA phase 1-3 prospective studies and other supporting studies that assist in differentiating management schemes in a variety of almost certainly benign lesions. With O-RADS US working group consensus, guidelines for management in the different risk categories are proposed. Both systems have been stratified to reach the same risk categories and management strategies regardless of which is initially used. At this time, O-RADS US is the only lexicon and classification system that encompasses all risk categories with their associated management schemes

Risk management of groundwater pollution: a knowledge-based approach

Risk assessment and risk management now underpin environmental protection in the UK. Risk assessment provides for a structured and systematic analysis of a problem, and is an objective tool to inform risk management decisions. In particular, risk assessment can assist in the prioritisation of management activities to direct resources more effectively to significant risks. However, the application of risk assessment remains ad hoc and often focused on quantified approaches. The problem of how to integrate the results of a risk assessment into decisionmaking processes remains. The objective of this research was to assess whether a knowledgebased approach could be usefully applied to risk management decisions associated with the protection of groundwater. The use of a knowledge-based system offers considerable potential to support regulatory decision-making relating to environmental risks. Such systems utilise expert knowledge to solve specific problems as an expert would but without requiring specialist or skilled users. This research describes the development of a prototype decision-support system to assist non-specialist regulatory personnel, in the prioritisation of risks and management activities relating to groundwater threats from hydrocarbon point-sources. The research focused on the knowledge acquisition process using semi-structured interviews, concept sorting and risk rating to identify the type of information required by the expert in their decision-making processes and also to distinguish any differences of approach between experts and 'non-experts'. A conceptual model was developed that represented expert decision-making and problem solving. This model was used to develop the prototype decision-support system which was subsequently evaluated by experts and users, resulting in system refinements. A positive response to the usability and utility of the system was received from both expert and user groups, suggesting a knowledge-based approach can be usefully applied to risk management decisions associated with the protection of groundwater

Risk Management in Financial Information Systems using Bayesian Networks

During the last 20 years many technological advances have inundated the entire spectrum of our everyday lives. None of these advances has had such an impact like the IT revolution which can only compare with the Industrial Revolution of the 18th Century. The advent and acceptance of Information Technology as the norm rather the exception has seen this sector move from a tedious and cumbersome manually managed and run sector, to an almost paperless industry that is almost entirely dependent on Information Systems. With the growth of the dependency on IT, the impact of risk concerns on the development and exploitation of information systems has also increased exponentially. Within the financial services industry, risk management involves assessing and quantifying business risks, then taking measures to control or reduce them. These methods are generally built around a well structured process. However, the product coming from the different risk management steps is still largely informal, and often not analytical enough. This lack of formality hinders the automation of the management of risk-related information. Furthermore, these risk management system focuses on specific phases of the software life cycle, without recognizing that risks in one stage can have an impact on other stages. This necessitates the proposed study in order to propose a generic approach that may be deployed to mitigate risks from the early stages of financial information systems development for daily financial institution operations until the post-implementation phases. This paper proposes a new approach for performing a risk analysis study of financial information systems. It is aimed at developing a generic approach for Risk Analysis and Management applicable from the early phases of information system development unlike in the existing models which are applied after the development process. It can be utilized for identifying and valuating the assets, threats, and vulnerabilities of the information system, followed by a graphical modeling of their interrelationships using Bayesian Networks. The proposed approach will exploit the results of the risk analysis for developing a Bayesian Network model, which presents concisely all the interactions of the undesirable events for the system. Based on “what–if” studies of system operation, the Bayesian Network model identifies and prioritizes the most critical events. Keywords: Riks, risk management, Bayesian Network mode

A systems approach to risk management through leading safety indicators

The goal of leading indicators for safety is to identify the potential for an accident before it occurs. Past efforts have focused on identifying general leading indicators, such as maintenance backlog, that apply widely in an industry or even across industries. Other recommendations produce more system-specific leading indicators, but start from system hazard analysis and thus are limited by the causes considered by the traditional hazard analysis techniques. Most rely on quantitative metrics, often based on probabilistic risk assessments. This paper describes a new and different approach to identifying system-specific leading indicators and provides guidance in designing a risk management structure to generate, monitor and use the results. The approach is based on the STAMP (System-Theoretic Accident Model and Processes) model of accident causation and tools that have been designed to build on that model. STAMP extends current accident causality to include more complex causes than simply component failures and chains of failure events or deviations from operational expectations. It incorporates basic principles of systems thinking and is based on systems theory rather than traditional reliability theory

Empirical Testing of the Implementation of Supply Chain Management and Successful Supporting Factors of Management Accounting Information Systems

Abstract-This study aims to measure empirically tested conceptual models regarding the magnitude of intellectual capital influence, operational risk management, and business strategy on the effectiveness of management accounting information systems and their implications on the performance of a balanced scorecard based company. This research used sensus as sampling technique, it used all existing population. This research was conducted using a survey method in Banking Sectors in Indonesia based on the supply chain management. Data analysis was performed using Structural Equation Model (SEM) approach alongside a Linear Structural Relationship (Lisrel) analysis tool. The results of the study found that intellectual capital, operational risk management, and business strategy have a significant positive effect on the effectiveness of accounting information system, while its significance on the performance of balanced scorecard based company operational risk management and business strategy alone has a significant positive effect. While the effectiveness of accounting information systems are known to have significant implications on the company’s performance-based balanced scorecard

Research of the scope of testing required for qualification of the hvac system

In the pharmaceutical industry, HVAC system qualification is carried out by applying a risk management model in accordance to relevant GMP requirements.Qualification of these systems is an integral part of quality assurance and represents a systemic approach of data collection and data analysis that will provide documentary evidence that the system works properly and continuously gives the expected results.GMP requires identifying the extent of the qualification required to ensure reliability and compliance with GMP principles based on the outcome of the risk assessment.This paper provides an example of risk assessment approach using the FMEA method.Potential risks were identified, it was estimated which risks were considered acceptable, and risk reduction actions were proposed, from their impact on the HVAC system

Research of the scope of testing required for qualification of the hvac system

In the pharmaceutical industry, HVAC system qualification is carried out by applying a risk management model in accordance to relevant GMP requirements.Qualification of these systems is an integral part of quality assurance and represents a systemic approach of data collection and data analysis that will provide documentary evidence that the system works properly and continuously gives the expected results.GMP requires identifying the extent of the qualification required to ensure reliability and compliance with GMP principles based on the outcome of the risk assessment.This paper provides an example of risk assessment approach using the FMEA method.Potential risks were identified, it was estimated which risks were considered acceptable, and risk reduction actions were proposed, from their impact on the HVAC system