Risk management tools allow uncertainty to be addressed by identifying and generating metrics, parameterizing, prioritizing, and developing responses, and tracking risk. These activities may be difficult to track without tools and techniques, documentation and information systems.
There are two distinct types of risk tools identified by their approach: market-level tools using the capital asset pricing model (CAP-M) and component-level tools with probabilistic risk assessment (PRA). Market-level tools use market forces to make risk decisions between securities. Component-level tools use the functions of probability and impact of individual risks to make decisions between resource allocations.
ISO/IEC 31010 (Risk assessment techniques) has a detailed but non-exhaustive list of tools and techniques available for assessing risk.
CAP-M uses market or economic statistics and assumptions to determine the appropriate required rate of return of an asset, given that asset’s non-diversifiable risk.
Probabilistic risk assessment is often used in project risk management. These tools are applications of PRA and allow planners to explicitly address uncertainty by identifying and generating metrics, parameterizing, prioritizing, and developing responses, and tracking risk from components, tasks or costs. PRA, also called Likelihood-Consequence or Probability-Impact, is based upon single-point estimates of probability of occurrence, initiating event frequency, and recovery success (e.g., human intervention) of a specific consequence (e.g., cost or schedule delay).
Notable PRA tools and techniques
- Event chain methodology – A method of managing risk and uncertainties affecting project schedules
- Risk register – A project planning and organizational risk assessment tool. It is often referred to as a Risk Log.
- Systems Analysis Programs for Hands-on Integrated Reliability Evaluations (SAPHIRE) – A probabilistic safety and reliability engineering assessment software tool.