Risk is defined in two dimensions: uncertainty and effect on objectives. It is common to use the terms “probability” and “impact” to describe these two dimensions, and assessing the significance of any given risk means considering both. It is relatively simple to assess effect on objectives, since this merely requires defining the situation after the risk has occurred, and then imagining what happens: “If this risk occurred, what would the effect be?” Probability is not so easy however. Risk practitioners and project teams alike experience repeated difficulty in assessing the probability that a given risk might occur. There are a number of reasons for this.
•Language. In English, different words are often used interchangeably to describe the uncertainty dimension of a risk, such as “probability”, “frequency”, “likelihood” or “chance”. In fact these do not mean the same thing, and confusion can arise if the terms are misused. For example “frequency” describes how often an event or set of circumstances is expected to occur based on previous experience, either in a period of time (e.g. once per year) or in a number of trials (e.g. seven times out of ten). So frequency really applies to repeatable events. This is not the same as “probability” which is a statistical term describing how likely a single uncertain event or set of circumstances is to occur. One solution is to use a more general term such as “likelihood”, and recognise two variants called “probability” (for single events) and “frequency” (for repeatable events).
•Format. The uncertainty dimension of a risk can be expressed in several ways, including both numerical and textual formats, such as: 35%, “once per month”, 2:7, “unlikely”, “one in six times”, 10-4, “low probability”, 0.2, and so on. Most people have problems interpreting different numerical formats, and even the textual phrases can mean different things. This problem can best be overcome by education, as well as using a set of agreed definitions which everyone understands.
•Subjectivity. Assessment of probability requires forming an opinion about a future event or set of circumstances which have not yet happened. Different people will take different views about the future, and there is no “single right answer” since the future has not yet happened. Risk probability cannot be measured, only estimated. Assessments of the uncertain future are influenced by many factors, including perceptual filters, motivational bias, cognitive bias, or subconscious heuristics. The solution here is to take a team-based approach, exploring different perspectives, examining underlying assumptions, and reaching consensus wherever possible. Sources of bias should also be understood and corrected where possible.
•Lack of data. Some risks have never been experienced before, especially those relating to the unique aspects of projects. In other cases, even though a risk might have been encountered previously, there may be no record of its existence due to absence of a learning mechanism (such as a knowledge base or checklist). As a result there is no body of evidence to assist in estimating the probability of occurrence of these novel risks. Addressing these shortfalls requires acknowledging that some areas lack relevant previous experience, as well as implementing an effective lessons-to-be-learned process (e.g. a post-project review).
All this matters for two reasons:
•Faulty probability assessment means risks will be wrongly prioritised, leading to a failure to focus on the most significant risks, selection of inappropriate responses, inability to manage risks effectively, and loss of confidence in the risk process.
•Sound assessment of risk probability improves the understanding of each risk, allowing appropriate prioritisation, better response selection, enhanced risk management effectiveness, and more reliable achievement of project and business objectives.
We need to understand the problems associated with assessing probability, and take action to address the concerns, by using appropriate language and formats, identifying and managing sources of bias, learning lessons to improve the effectiveness of the probability assessment process, and monitoring risk management performance to determine the accuracy of assessed risk probability.
--------------------------------------------------------------------------------
風險是以兩個向度:不確定性與對目標的影響來定義的,一般用「機率」與「衝擊」描 述這兩個向度,而評估風險的嚴重性意指同時考慮兩者。評估對目標的影響是相對容易的,因 為只需要定義風險發生後的情況,然後想像:「如果這個風險發生,其影響為何?」然而,機 率就不是那麼容易了,風險實務專家與專案團隊在評估某特定風險可能發生的機率時都會一再 碰到困難,以下是一些這些困難的原因:
•語意 通常會交替使用不同的詞彙來描述風險的不確定性向度;如「機率」、「頻率」、「可能 性」、或「機會」,事實上這些詞彙代表不同意義,如果誤用了會造成混淆。例如「頻率 」是描述基於過去的經驗,預期一個事件或一組狀況多常發生,可以是在一段期間(如一 年一次)或數次嘗試中(10次中有7次),因此頻率是應用在可重複的事件上的,這和用 以描述一個單一不確定事件或一組狀況有多可能發生的統計名詞「機率」是不同的。一種 解決方法是用更一般化的詞彙如「可能性」,並認知兩個相異的詞彙「機率」(用於單一 事件)與「頻率」(對重複事件)。
•格式 風險的不確定向度有7種表達方式,包括數字及文字格式,如:35%、「每月1次」、2:7 、「不可能」、「6次中1次」、10- 4、「機率低」、0.2等,大部分人有解讀數字格式的問題,既使是文句也可能代表不同意 義。這種問題最好是由教育來克服,並且使用大家都能瞭解的定義。
•主觀 機率的評估需要對尚未發生的未來事件或一組狀況形成一個看法,不同的人對未來有不同 觀點,由於未來尚未發生所以沒有「單一的正確答案」。風險機率無法衡量只能估計,對 不確定未來的評估被許多因素所影響,包括感知的過濾、動機偏差、認知偏差、以及潛意 識的直覺。解決方法是採取一個以團隊為基礎的途徑、探究不同的觀點、檢驗內在的假定 、以及盡可能取得共識,偏差的來源也應該盡可能瞭解並改正。
•資料缺乏 有些風險是過去從來不曾經歷過的,特別是和專案特殊面向有關的風險。另外,既使風險 可能之前經歷過,也可能因為缺乏學習機制(如知識庫或檢查清單)而沒有其存在的紀錄 ,因而導致沒有具體證據可用來協助估計此一新風險的發生機率,應付此種缺失需要瞭解 某些領域缺乏之前的相關經驗,並且實行有效的教訓檢討程序(如一個專案的結案後檢討 )。
以上這些之所以需考慮是基於以下兩個原因
•錯誤的機率評估代表風險將有錯誤的優先等級,導致無法專注在最嚴重的風險上、選擇了 不適當的風險回應、沒有有效管理風險的能力、以及對風險程序失去信心。
•健全的風險機率評估,可增進對每一個風險的瞭解、得到適當的優先等級、選擇較佳的風 險回應、增進風險管理效益、以及更可靠地達成專案與企業目標。 我們需要瞭解關於風險評估的問題,並採取行動來因應,經由使用適當的語意與格式、 辨識並管理偏差的來源、從教訓中學習以改進機率評估程序的效果、以及監督風險管理績效以 決定評估風險機率的精確性。 | 
發表文章
沒有留言:
張貼留言