Model‐based risk analysis for system design

Abstract

AbstractDespite being the dominant risk analysis paradigm, event guessing is useless for systems design. In management, no event guessing has ever preempted the launch of policies that are decided, not designed. In engineering, events are not guessed; rather, they are created for testing purposes. Events provide inputs to which systems respond according to their structure, as described by state‐space or equivalent System Dynamics models. A new risk analysis framework draws design support information from model attributes. Risk‐informed dynamic models help design physical architectures or organizational policies that capably respond to arbitrary events. The approach builds on the notion that all inputs carry energy. Physical or policy systems change states by trading energy with the surroundings, through expected transactions and unexpected disturbances. A non‐probabilistic risk framework supports the design by showing that the system exhibits intended functionality when responding to arbitrary inputs. Instead of guessing countless hypothetical events, the framework systematically and comprehensively analyzes weaknesses in the system model using a programmed algorithm. It applies to any state‐space dynamic model by defining risk as a function of the energy needed to move the system from an acceptable to a faulty state. Robust systems dissipate excess energy, whereas vulnerable systems lose functionality. Fuses and cushions are generic classes of protections. Placing them into system models at identified weak points helps improve design. Two published simple models of business policies illustrate the framework, which is extended to define measures for consequence and uncertainty as functions of acceptable and faulty states.