An innovative approach of risk planning for space programs

*Corresponding author.E-mail address: [email protected] (P. Ray).

International Journal of Industrial Ergonomics 26 (2000) 67}74

An innovative approach of risk planning for space programs

Paul Ray*

Department of Industrial Engineering, The University of Alabama, Box 870288, Tuscaloosa, AL 35487-0288, USA

Received 17 May 1999; received in revised form 10 December 1999; accepted 2 February 2000

Abstract

According to the current rule-based risk management approach at the National Aeronautics and Space Administra-tion (NASA), the e!ort is directed to contain all identi"ed risks of a program. The identi"cation of hazards and mitigatione!ort proceeds along with the development of the system hardware, till all the tradable resources for a program isexhausted. In this process, no conscious e!ort is made to evaluate risks and associated cost, and the "nal design is likelyto have undesirable residual risks. This approach also results in allocating a signi"cant amount of resources to gain onlymarginal mitigation of hazard and leave some undesirable hazards in the system due to the budget limitation. Theapproach in the proposed knowledge-based risk planning system makes a conscious attempt to trade risk with otherresources, e.g., schedule, cost, reliability, performance, and others in a judicious and cost-e!ective way. A knowledge ofthe feasible option sets requiring high incremental cost for a marginal gain in hazard reduction helps the management tomake decision for residual risk that falls within an acceptable range for an option set.

Relevance to industry

The study provides a cost-e!ective approach for planning risk of space programs. The approach can be adopted forrisk planning of large industrial projects. ( 2000 Elsevier Science B.V. All rights reserved.

Keywords: Program risk; Risk planning; Risk management

1. Introduction

The current practice of risk management forspace programs is predominantly rule-based. Theapproach is to mitigate all identi"ed hazards. Thereis no formal guideline on when risk taking becomesjusti"ed as the marginal gain in risk abatementrequires signi"cantly increased amount of re-sources (Hazard Prioritization, 1987; System En-gineering, 1994). Often the e!ort to control allperceived hazards terminates when available re-

sources get exhausted. This process results in un-planned residual hazards in the developed systemand also uses substantial resources for marginalreduction of programs risk.

The objective of this study was to improve thee$cacy of the risk planning system. The proposedapproach is knowledge-based, and makes a con-scious e!ort to trade risk as a resource (Risk Man-agement, 1997a, b) to achieve a cost-e!ective as wellas a safe program with the knowledge of the resid-ual risk and its acceptability. The process is basedon evaluation of all possible option-sets and theirassociated risks. The options that require signi"-cantly higher amount of resources for a marginal

0169-8141/00/$ - see front matter ( 2000 Elsevier Science B.V. All rights reserved.PII: S 0 1 6 9 - 8 1 4 1 ( 0 0 ) 0 0 0 0 2 - 0

Table 1Typical options in a risk trade space

Technology utilizationExisting technologyAdvanced technology

System designSingle stringSelected redundancyRedundancy (block and functional)

Parts qualityEEE commercialEEE } class BEEE } class SMechanical } military std.Mechanical } other than military std.Existing materialNew material

FabricationInspection (contractor)Inspection (government inspected)Inspection (government mandatory)Process control (contractor)Process control (government procedure)Materials control (contractor)Materials control (government procedure)

Validation/testDevelopment test } bread boardDevelopment test } prototypeDevelopment test } actual hardware

OperationSystem test onlyIntegration and system testComponent, integration, and system test

reduction of hazards indicate the boundary of eco-nomic choice of options. The project managementat that stage has to select the best possible optionfrom among the few option-sets at this economicboundary, depending upon the availability andother considerations of resources. The program costversus risk curve at this region of the cost-risk curveis relatively #at. The approach thus results in identi-fying the most cost-e!ective program with a know-ledge of the acceptable residual risk. It may bementioned here that there is no human activitywithout residual risk. It is always an e!ort to minim-ize the hazards and "nally to accept the residualrisks that are non-signi"cant.

According to NASA practice, a program has "vephases during its life cycle (Management of MajorSystems Programs and Projects, 1993a, b; MSA,1996). Program formulation takes place in the earlyphases and implementation, development, and op-erations take place during the latter phases. RiskPlanning, applying knowledge-based approach toselect the most economical, and feasible combina-tion of resources, treating risk as a resource isappropriate for the early phases. In principle, thegoal of this approach is to accept a level of riskbased on the knowledge of consequences ratherthan due to lack of resource. However, the ap-proach may be applied for developing a new pro-gram plan or adjust an existing plan to matchchanges in program parameters at any time duringthe life of the program.

2. Key components of the approach

2.1. Key functions of a program

The "rst step is to identify the key functions ofa space program. The typical functional areas are:(a) technology utilization, (b) system design, (c)parts quality selection, (d) fabrication control, (e)validation/test, and (f ) operation (Risk Manage-ment, 1997a, b).

2.2. Feasible options in each functional area

Usually several options are available in eachfunctional area, e.g., three options available for

system design are: (1) single string, (2) selected re-dundancy, and (3) comprehensive redundancy(block and functional).

The costs and risks vary signi"cantly dependingon the option selected. The cost for comprehensiveredundancy design may be several times the costfor single string design. The risk for comprehensiveredundancy system is very low but the cost is veryhigh. The cost is very low for a single string design,but it carries a high risk. It is possible to balance thecost and risk by selecting di!erent combinations ofoptions for the functional areas of a program.

Knowledge about the feasible options and theircharacteristics regarding resource requirementsand limitations is critical for e!ective planning of aprogram. Typical options for each typical functionin a risk trade space are illustrated in Table 1 (RiskManagement, 1997a, b).

68 P. Ray / International Journal of Industrial Ergonomics 26 (2000) 67}74

Table 2Illustration of resource weights for a hypothetical program

Typical resources Equal weightprogram

Rare eventprogram

Repeated #ightprogram

Unmannedtest #ight

1. Cost 1.0 0.7 1.2 1.52. Schedule 1.0 1.3 1.0 1.03. Safety 1.0 1.2 1.2 0.54. Mass 1.0 0.8 1.0 1.05. Power 1.0 1.0 0.8 1.06. Performance 1.0 1.0 0.8 1.0No. of resources used (N) 6.0 6.0 6.00 6.00

2.3. Resources

The typical resources for a functional area of aspace program are: (a) cost, (b) schedule, (c) safety,(d) mass, (e) power, (f ) performance, and (g) logistics(Table 2). Each option in a functional area will needsome of these resources and may need additionalresources for special cases.

2.4. Resource weights

Resource weights indicate the relative impor-tance of resources based on the nature of a projectand management priorities. For a rare event #ightprogram, schedule is more important as the #ightwindow may not be available for next several years.For a repeated #ight program, e.g., space shuttle#ights, cost may be more important. The weightdistribution is planned to result in total weight tobe equal to the number of resources used in a pro-gram (Table 2).

2.5. Resource categories and ratings

Each resource has been classi"ed into "ve cat-egories based on its signi"cance for a program.Category 1 indicates a low-level option, with ratingof 20 points, and the category 5 indicates a high-level option with rating of 100 points as illustratedin Table 3.

2.6. Risk categories and ratings

Risk ratings are determined using a risk assess-ment matrix (Table 4). The two components con-sidered are likelihood and severity of a mishap.

Each component has "ve levels. 1 indicates a min-imum and 5 indicates the maximum level of likeli-hood and severity (Table 4, Legend). Risk scoresare obtained by multiplying the appropriatelevels of likelihood and severity and have beenclassi"ed into "ve risk trade ratings as illustrated inTable 4 (Hazard Prioritization, 1987; InternationalSpace Station Alpha Program, 1995).

3. Risk trading system

The overall risk trading system is given in Fig. 1.The system has the following components.

1. Input data: The basic information may be ob-tained from program management o$ce tostart the program planning e!ort. Input datapreparation has several steps: (a) identify thefunctions of a program, (b) assign priorityweights (w

i) of each resource for each func-

tional option in the risk trade domain, (c)identify the options feasible for each function,(d) identify the resources required for each feas-ible option in the risk trade space of eachfunctional area, (e) identify the category of eachresource required for an option, select the ap-propriate score, and enter it in the `resourcetrading inputa form (Table 5).

2. Computational algorithm: All the computationalwork is planned to be done by a computerizedsystem. This is because a very large number ofoption sets of functional alternatives and re-sources are feasible for a single program. Thecomputer will process the aggregate resourcescores for all the competing functional activities.

P. Ray / International Journal of Industrial Ergonomics 26 (2000) 67}74 69

Table 3Resource categories and ratings (illustration)

Resource ratings

Resources 20 40 60 80 100Category 1 2 3 4 5

1. Cost No impact onbudget

Cost budget increase(5%

Budget increase5(10%

Budget increase10(15%

Cost budget increase'15%

2. Schedule/milestones

No impact onschedule

Action to takemilestones can bemet

Additional actionrequired. Keymilestones slip (1month

Major modi"cationrequired. Keymilestones slip 1}3month

Cannot meet keymilestones slip '3month

3. Safety Risk assessmentrating 1}4No impacton mission

Risk assessmentrating 5}6 Minordamage to system

Risk assessmentrating 7}9 Minorinjury or damage tosystem

Risk assessmentrating 10}12 Severeinjury or damage tosystem

Risk assessmentrating 13}25Fatality/loss of system

4. Mass Mission objectiveachievable,miniaturizedelectronics. Lesscabling stackcomponents less I2Rheat high payload

Mission objectachievable, someplanning needed,payload high

Moderate massobjective achievable,payload acceptable

Object di$cult toachieve, low payload

Std. FE or AL matl.,objective notachievableperformance poor lowpayload

5. Power Low power demand,objective achievablepower shared widetemp. control

Some planningneeded but objectiveachievable fuel andpayload good

Moderate powerplanning needed toachieve objective

Limited share ofpower, fuel conshigh modf. Toachieve objective

Objective notachievable highconsumption of fuel

6. Performance Performance meetsall objectives

Performance meetsobjectives butrequired workaround

Modest reduction inperformance

Major reduction inperformance. Workaround available

Performances doesnot meet missionobjectives.Unacceptableperformance

7. Logistics/procurement

No problem keymilestones can bemet

Some actionrequired to meet keymilestones

Moderate actionrequired keymilestones slip (1month

Major correctiveaction required keymilestones slip 1}3month

Milestones slip by(3.0 month

8. Risk Risk assessmentrating 1}4

Risk assessmentrating 5}6



Risk assessmentrating 13}25Unacceptable risk

The formula to use is

RFjk"

1

n

n+i/1

wijk * r

ijk,

where RFjk

is the resource score for the jth optionof the kth functional area, w

ithe weight for the ith

resource, rithe score assessed for the resource i, and

n the number of the resources considered for anoption.

The computer software will repeat the same processto access the resource scores for all feasible compet-ing option sets in the risk trade space and computethe overall program risk trade rating for each feas-ible option set (PRTR).3. Output reports:

z Program resource trade rating vs. programrisk ratingThe "rst output from the computer-basedsystem consists of a curve similar to the


Table 4Risk assessment and trade ratings

cost-bene"t curve (Fig. 2). The >-axis repre-sents the program risk rating (PRR) whilethe X-axis presents the program resourcetrade rating (PRTR). A visual review of thecurve is needed to identify the PRR valueswhen the program cost rating starts to in-crease signi"cantly for a low reduction ofrisk rating (PRR).

z Summmary reportFor the PRR values identi"ed from thePRTR versus PRR curve, select a few PRRvalues close to the cut o! point, where thecurve tends to become #at, and feed these tothe computer system for detailed summaryreport (Table 6). The option sets at this rangewill have almost equal risk for a number ofdi!erent option sets requiring di!erent re-sources (Fig. 2).

4. A hypothetical ergonomic project

An outline of a possible application of the pro-posed risk planning system for developing an ergo-nomic prosthetic device is illustrated below.

The potential functional areas for this projectmay be: (a) technology with options of (i) existingtechnology, or (ii) new technology, (b) system de-sign with options of (i) mechanical or (ii) electro-mechanical system, (c) material with options of (i)existing material or (ii) new light weight non-metal-lic materials, (d) fabrication with options of (i) tra-ditional or (ii) non-traditional processes, andvalidation/tests with options of (i) mock up, (ii)prototype or (iii) actual hardware.

The possible resources are: (a) cost, (b) schedule,(c) performance, (d) reliability, and (e) user learningtime. The risk is dependent on the likelihood ofaccident or injury due to malfunction of the deviceand the associated severity of injury in each case.

The proposed risk planning system will be usedin identifying the economically attractive optionsets that have an acceptable and known level of riskdue to residual hazards.

5. Decision making process

The team responsible for program planningand representatives from the functional areas will


Fig. 1. Program risk planning system #owchart.

decide on the "nal selection of the resource tradingalternatives based on the computer report toidentify the most desirable alternative set in therisk trade space. The role of the proposed riskmanagement system will be to provide a valuableinsight into the several feasible alternative sets, thatare cost-e!ective for a known degree of risk.

The optimal economic zone of the resource ver-sus risk curve will be close to horizontal and a num-ber of feasible options will have almost same levelof risks associated with them. This fact will provide#exibility for selecting the particular option thatmay match the available resources better for anon-signi"cant change in the resulting risk level ofa program. In case of a revision of resource alloca-tion or availability, the planning procedure may beapplied again to identify the best acceptable planthat matches the new parameters.

5.1. Merits of the proposed risk-managementapproach

f The knowledge-based approach will improve thee$cacy of the risk planning process for spaceprograms.

f The proposed expert system will provide a struc-tured guideline for a cost-e!ective way of plann-ing risk for a program.

f Planning will be based on the overall risk ofa program.

f The program characteristics as well as the man-agement priorities will be taken into account.

f Risk management will be integrated with programplanning to ensure e$cient overall management.

f The proposed risk-planning tool will be usefulfor adjusting a program in response to a modi"-cation of program resource allocation.


Tab

le5

Risk

trad

ing

input}

func

tion

:te

chnolo

gyutiliza

tion

(illu

stra

tion)

Risk

trad

esp

ace

Risk

cons

eque

nce

sR

esour

ceA

dvan

tage

Syst

emFlig

ht

Res

our

ces

Priority

!Rat

ing

1.Exi

stin

gte

chnol

ogy

Con

stra

ints

on

subs

yste

ms

Work

arou

nd

com

plex

ity

Cost

Sch

edule

1.9

20Q

ual

i"ed

and#ig

ht

prov

enR

esour

ceco

mpro

mise-

induce

dfa

ilure

sSa

fety

1.0

20R

eadi

lyav

aila

ble

Her

itag

etr

aps

Mas

s0.

720

Know

nre

liabi

lity

Pow

er0.

840

Per

form

ance

0.8

40Tra

inin

g0.

840

n"6

wir i/n

""28

2.A

dvan

ced

tech

nolo

gyU

nce

rtai

nte

chnol

ogy

read

ines

sU

nkno

wn

failu

res

Cost

(dev

elopm

ent,

back

-up

design

,qu

ali"

cation)

1.9

100

Sign

i"ca

nt

reso

urc

e/per

form

ance

impr

ovem

ent

Mor

eco

mpl

exU

ntr

ied

reco

very

Sche

dul

e(rea

dines

s)Les

sha

rdw

are

Unce

rtai

nin

terfac

eSa

fety

Les

sin

tegr

atio

nM

ass

1.0

100

Hig

her

pote

ntia

lre

liabi

lity

Pow

erPer

form

ance

0.7

60Tra

inin

g0.

860

0.8

200.

820

1.0

40n"

7wir i/n

"60

!Res

our

cera

ting

(ri):

20m

ost

desira

ble;

100,

leas

tde

sira

ble.

See

reso

urce

cate

gory

rating

inA

ppen

dix

2."w

i"Priority

for

ith

reso

urc

e(spec

i"ed

prog

ram

priority

),r i"

Res

ourc

era

ting

for

ith

reso

urc

e,n"

No.

ofre

sourc

esfo

rth

erisk

trad

eun

der

consider

atio

n.


Fig. 2. Program resource trade rating vs risk rating.

Table 6Resource trading summary report

Program:Option Set No. XXXXEngineer: *** Date: ***Approved by: ***

Functions Option set Resource rating

1. Technology2. System Design3. Parts quality

EEE PartsMech. PartsMaterial

4. FabricationInspectionContaminationProcessMaterial

5. Validation/testDevelopmentDynamicsQuali"cation

6. Operation7. Any otherOverall set resource rating

Acknowledgements

The study was supported by the NASA/ASEESummer Faculty Fellowship at Marshall SpaceFlight Center, Huntsville, Alabama in 1997. Theirsupport is appreciated. Opinions, interpretations,conclusions, and recommendations are those ofthe author and are not necessarily endorsed by theMarshall Space Flight Center (NASA).

An abbreviated version of this study was pre-sented at the Industrial Engineering ResearchConference held in Ban!, Canada, May 9, 1998.

References

Hazard Prioritization, 1987. NSTS Hazard PrioritizationWorking group. May 1987, pp. 6}18.

International Space Station Alpha Program, 1995. ISS a RiskSummary Card. SSP 50134, JSC-NASA, February 1995,pp. 1}2.

Management of Major System Programs and Projects, 1993a.NASA NMI 7120.4, November 1993, pp. 1}4 to 1}6, 2}2 to2}27.

Management of Major System Programs and Projects, 1993b.NASA NHB7120.5, November, 1993, pp. 2}2 to 2}26.

Management Safety Assessment for the Space Shuttle Program(MSA), 1996. JSC-NASA, NSTS 22973-F, June 1996.

Risk Management, Risk as a Resource, 1997a. Presentation atMarshall Space Flight, Dr. Michael A. Green"eld, May 22,1997, pp. 31}32.

Risk Management, Risk as a Resource, 1997b. Presentation atAdvanced Project Management, Wallops Flight Facility, Dr.Michael A. Green"eld, June 20, 1997, pp. 30}38.

System Engineering, 1994. `Toolboxa for Design-Oriented En-gineers. NASA Reference Publication 1358 and December1994, pp. 3}2 to 3}12.


Documents

An innovative approach of risk planning for space programs