The role of risk assessment in design is to yield insights that influence decisions. If done only at the culmination of the design process, the space of remaining options among which to decide is severely constrained. In response to late-lifecycle risk insights, changes to the designed system will be limited to fine tuning and modest refinements, with the only significant areas of variability remaining in the way that system is operated, maintained and (ultimately) decommissioned. These latter are accomplished by changes to not the system itself (which must be used more or less "as is"), but to the operational procedures, maintenance practices, and scenarios of use. Conversely, if risk assessment is done early and continued throughout the design process, opportunities exist to use the risk insights to influence both the design itself and how it is to be realized. Such early insights enable significant design changes before large and irrecoverable investments have been made. The state of systems engineering is such that a form of early and continued use of risk assessments is conducted (as evidenced by NASA's adoption and use of the "Continuous Risk Management" paradigm developed by SEI). In recognition of inevitable future uncertainties as the design process unfolds, systems engineering practices include the establishment and tracking of pre-determined allocations of reserves of the kinds of resources seen to be critical to the design at hand (e.g., schedule, budget, mass, power). Risk assessment can be used to look ahead at the development plan and operational scenarios to identify significant risks. These risks can then be assessed in terms of their likelihoods, their potential impacts on the critical resources (e.g., cost, schedule and functionality), and the options for preventing/reducing risks or for workarounds should they occur. However, these practices fall short of the ideal: (1) Integration between risk assessment techniques and other systems engineering tools is weak. (2) Risk assessment techniques and the insights they yield are only informally coupled to design decisions. (3) Individual risk assessment techniques lack the mix of breadth, fidelity and agility required to span the gamut of the design space.
展开▼