Documente Academic
Documente Profesional
Documente Cultură
Publisher
CEPIS UPGRADE is published by CEPIS (Council of Euro-
pean Professional Informatics Societies, <http://www.
cepis.org/>), in cooperation with the Spanish CEPIS society Vol. XII, issue No. 5, December 2011
ATI (Asociación de Técnicos de Informática, <http://
www.ati.es/>) and its journal Novática
Farewell Edition
CEPIS UPGRADE monographs are published jointly with
Novática, that publishes them in Spanish (full version printed; 3 Editorial. CEPIS UPGRADE: A Proud Farewell
summary, abstracts and some articles online)
— Nello Scarabottolo, President of CEPIS
CEPIS UPGRADE was created in October 2000 by CEPIS and was
first published by Novática and INFORMATIK/INFORMATIQUE, ATI, Novática and CEPIS UPGRADE
bimonthly journal of SVI/FSI (Swiss Federation of Professional — Dídac López-Viñas, President of ATI
Informatics Societies)
CEPIS UPGRADE is the anchor point for UPENET (UPGRADE Euro- Monograph
pean NETwork), the network of CEPIS member societies’ publications,
that currently includes the following ones: Risk Management
• inforewiew, magazine from the Serbian CEPIS society JISA (published jointly with Novática*)
• Informatica, journal from the Slovenian CEPIS society SDI Guest Editor: Darren Dalcher
• Informatik-Spektrum, journal published by Springer Verlag on behalf
of the CEPIS societies GI, Germany, and SI, Switzerland
• ITNOW, magazine published by Oxford University Press on behalf of
the British CEPIS society BCS 4 Presentation. Trends and Advances in Risk Management
• Mondo Digitale, digital journal from the Italian CEPIS society AICA — Darren Dalcher
• Novática, journal from the Spanish CEPIS society ATI
• OCG Journal, journal from the Austrian CEPIS society OCG
• Pliroforiki, journal from the Cyprus CEPIS society CCS 10 The Use of Bayes and Causal Modelling in Decision Making,
• Tölvumál, journal from the Icelandic CEPIS society ISIP
Uncertainty and Risk — Norman Fenton and Martin Neil
Editorial TeamEditorial Team
Chief Editor: Llorenç Pagés-Casas
Deputy Chief Editor: Rafael Fernández Calvo 22 Event Chain Methodology in Project Management — Michael
Associate Editor: Fiona Fanning
Trumper and Lev Virine
Editorial Board
Prof. Nello Scarabottolo, CEPIS President
Prof. Wolffried Stucky, CEPIS Former President 34 Revisiting Managing and Modelling of Project Risk Dynamics -
Prof. Vasile Baltac, CEPIS Former President A System Dynamics-based Framework — Alexandre Rodrigues
Prof. Luis Fernández-Sanz, ATI (Spain)
Llorenç Pagés-Casas, ATI (Spain)
François Louis Nicolet, SI (Switzerland) 41 Towards a New Perspective: Balancing Risk, Safety and Danger
Roberto Carniel, ALSI – Tecnoteca (Italy)
— Darren Dalcher
UPENET Advisory Board
Dubravka Dukic (inforeview, Serbia)
Matjaz Gams (Informatica, Slovenia) 45 Managing Risk in Projects: What’s New? — David Hillson
Hermann Engesser (Informatik-Spektrum, Germany and Switzerland)
Brian Runciman (ITNOW, United Kingdom)
Franco Filippazzi (Mondo Digitale, Italy) 48 Our Uncertain Future — David Cleden
Llorenç Pagés-Casas (Novática, Spain)
Veith Risak (OCG Journal, Austria)
Panicos Masouras (Pliroforiki, Cyprus) 55 The application of the ‘New Sciences’ to Risk and Project
Thorvardur Kári Ólafsson (Tölvumál, Iceland)
Rafael Fernández Calvo (Coordination) Management — David Hancock
English Language Editors: Mike Andersson, David Cash, Arthur
Cook, Tracey Darch, Laura Davies, Nick Dunn, Rodney Fennemore, 59 Communicative Project Risk Management in IT Projects
Hilary Green, Roger Harris, Jim Holder, Pat Moody. — Karel de Bakker
Cover page designed by Concha Arias-Pérez
"Liberty with Risk" / © ATI 2011 67 Decision-Making: A Dialogue between Project and Programme
Layout Design: François Louis Nicolet
Composition: Jorge Llácer-Gil de Ramales Environments — Manon Deguire
Editorial correspondence: Llorenç Pagés-Casas <pages@ati.es>
Advertising correspondence: <info@cepis.org> 75 Decisions in an Uncertain World: Strategic Project Risk
Subscriptions Appraisal — Elaine Harris
If you wish to subscribe to CEPIS UPGRADE please send an
email to info@cepis.org with ‘Subscribe to UPGRADE’ as the
subject of the email or follow the link ‘Subscribe to UPGRADE’ 82 Selection of Project Alternatives while Considering Risks
at <http://www.cepis.org/upgrade> — Marta Fernández-Diego and Nolberto Munier
Copyright
© Novática 2011 (for the monograph) 87 Project Governance — Ralf Müller
© CEPIS 2011 (for the sections Editorial, UPENET and CEPIS News)
All rights reserved under otherwise stated. Abstracting is permitted
with credit to the source. For copying, reprint, or republication per-
mission, contact the Editorial Team
91 Five Steps to Enterprise Risk Management — Val Jonas ./..
The opinions expressed by the authors are their exclusive responsibility
* This monograph will be also published in Spanish (full version printed; summary, abstracts, and some
articles online) by Novática, journal of the Spanish CEPIS society ATI (Asociación de Técnicos de
ISSN 1684-5285
Informática) at <http://www.ati.es/novatica/>.
Vol. XII, issue No. 5, December 2011
Farewell Edition
Cont.
CEPIS NEWS
Editorial
It was in year 2000 that CEPIS made the decision to UPENET (UPGRADE European NETwork), set up in 2003
create "a bimonthly technical, independent, non-commer- in order to increase the pan-European projection of the jour-
cial freely distributed electronic publication", with the aim nal.
of gaining visibility among the large memberships of its And, last but not least, thanks a lot also to the multitude
affiliated societies, and beyond this, the wider ICT commu- of authors from Europe and other continents who have sub-
nities in the professional, business, academic and public ad- mitted their papers for review and publication, as well as to
ministration sectors worldwide, contributing in parallel to the Guest Editors of the monographs and our team of vol-
enlarge and permanently update their professional skills and unteer English-language editors. We cannot praise them all
knowledge. enough for their decisive and valuable collaboration.
CEPIS UPGRADE was the name chosen for that jour- Now let’s say farewell to CEPIS UPGRADE, but a re-
nal, born with the initial cooperation and support of the so- ally proud one!
cieties ATI (Asociación de Técnicos de Informática, Spain) Nello Scarabottolo
and SVI/FSI (Swiss Federation of Professional Informatics President of CEPIS
Societies), along with their respective publications, Novática <http://www.cepis.org>
and Informatik/Informatique, cooperation and support that
have continued until now, in the case of ATI and Novática. Note: A detailed history of CEPIS UPGRADE is available at
<http://www.cepis.org/upgrade/files/iv-09-calvo.pdf>.
Eleven years and more than 60 issues later, actual meas-
urable facts show that CEPIS UPGRADE has achieved those
goals: hundreds of thousands visits to, and downloads from,
the journal website at <http://www.cepis.org/upgrade>; pres- ATI, Novática and
ence in prestigious international indexes; references by many CEPIS UPGRADE
publications; citations made in countless business, profes-
sional, academic and even political fora; a newsletter with
The lifecycle of CEPIS UPGRADE has come to an
around 2,500 subscribers.
end after eleven years. The decision has been taken by the
All these achievements must be duly stressed now that
governing bodies of CEPIS and is fully shared by the
CEPIS has made the decision of discontinuing CEPIS UP-
Board of ATI (Asociación de Técnicos de Informática),
GRADE because it is not at all failure or lack of results that
the Spanish society that has edited the journal on behalf
have dictated this extremely painful choice but the general
of CEPIS from the very beginning.
economic climate. In our case, CEPIS has reached the con-
ATI, a founding member of CEPIS which has partici-
clusion that publishing a technical-professional journal is
pated in a large number of its projects and undertakings,
not a top priority today and that our resources should be
is proud to have played a decisive role in CEPIS UP-
dedicated to other projects and activities.
GRADE’s success by providing all its own human and
CEPIS is proud of its journal and at the sad moment of
material editorial resources through its journal Novática.
distributing its farewell issue our most sincere acknowledge-
We must thank CEPIS for having given us the oppor-
ment and gratitude must be presented to all and everyone
tunity to be part of such an important publishing endeav-
who have contributed to its success. Let me name a few of
our.
them: the above mentioned societies ATI and SVI/FSI;
New projects and activities will undoubtedly be pro-
Wolffried Stucky and François Louis Nicolet, that gave the
moted by CEPIS and, as in the case of CEPIS UPGRADE,
initial spin; the three Chief Editors that have skillful and
ATI will, as always, be available and willing to cooper-
dedicatedly led the journal along these eleven years (the
ate.
same François Louis Nicolet, Rafael Fernández Calvo and
Llorenç Pagés-Casas); professionals in Spain, Belgium and
Dídac López-Viñas
Switzerland (in special Fiona Fanning, Jorge Llácer, Carol-
President of ATI
Ann Kogelman, Pascale Schürman and Steve Turpin). Plus
<http://www.ati.es>
the Chief Editors of the nine publications making part of
© CEPIS Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 3
Risk Management
Presentation
1 Introduction
Risks can be found in most human endeavours. They The Guest Editor
come from many sources and influence most participants.
Increasingly, they play a part in defining and shaping ac- Darren Dalcher – PhD (Lond) HonFAPM, FBCS, CITP, FCMI
tivities, intentions and interpretations, and thereby directly – is a Professor of Software Project Management at Middlesex
influencing the future. Accomplishing anything inevitably University, UK, and Visiting Professor in Computer Science in
implies addressing risks. Within organisations and society the University of Iceland. He is the founder and Director of the
National Centre for Project Management. He has been named
at large, learning to deal with risk is therefore progressively
by the Association for Project Management, APM, as one of
viewed as a key competence expected at all levels. the top 10 "movers and shapers" in project management and
Practitioners in computing and information technology has also been voted Project Magazine’s Academic of the Year
are at the forefront of many new developments. Modern so- for his contribution in "integrating and weaving academic work
ciety is characterised by powerful technology, instantane- with practice". Following industrial and consultancy experience
ous communication, rising complexity, tangled networks and in managing IT projects, Professor Dalcher gained his PhD in
unprecedented levels of interaction and participation. De- Software Engineering from King’s College, University of
vising new ways of integrating with modern society inevi- London, UK. Professor Dalcher is active in numerous
tably imply learning to co-exist with higher levels of risk, international committees, steering groups and editorial boards.
uncertainty and ignorance. Moreover, society engages in He is heavily involved in organising international conferences,
more demanding ventures whilst continuously requiring and has delivered many keynote addresses and tutorials. He
has written over 150 papers and book chapters on project
performance and delivery levels that are better, faster and
management and software engineering.
cheaper. Developers, managers, sponsors, senior executives
and stakeholders are thus faced with escalating levels of risk. He is Editor-in-Chief of Software Process Improvement and
In order to accommodate and address risk we have built Practice, an international journal focusing on capability,
a variety of mechanisms, approaches and structures that we maturity, growth and improvement. He is the editor of a major
utilise in different levels and situations. This special issue new book series, Advances in Project Management, published
brings together a collection of reflections, insights and ex- by Gower Publishing. His research interests are wide and include
periences from leading experts working at the forefront of many aspects of project management. He works with many
risk assessment, analysis, evaluation, management and com- major industrial and commercial organisations and government
munication. The contributions come from a variety of do- bodies in the UK and beyond. Professor Dalcher is an invited
mains addressing a myriad of tools, perspectives and new Honorary Fellow of the Association for Project Management
(APM), a Chartered Fellow of the British Computer Society
approaches required for making sense of risk at different
(BCS), a Fellow of the Chartered Management Institute, and a
levels within organisations. Many of the papers report on Member of the Project Management Institute, the Academy of
new ideas and advances thereby offering novel perspectives Management, the IEEE and the ACM. He has received an
and approaches for improving the management of risk. The Honorary Fellowship of the APM, "a prestigious honour
papers are grounded in both research and practice and there- bestowed only on those who have made outstanding
fore deliver insights that summarise the state of the disci- contributions to project management", at the 2011 APM Awards
pline whilst indicating avenues for improvement and plac- Evening. <d.dalcher@mdx.ac.uk>
ing new trends in the context of risk management and lead-
ership in an organisational setting.
agement and the development of new perspectives and
2 Structure and Contents of the Monograph lenses for addressing uncertainty and the emergence of risk
The thirteen papers selected for the issue showcase four leadership, thereby encouraging a new understanding of
perspectives in terms of the trends identified within the risk the concept of risk. The next two papers report on results
management domain. The first three papers report on new from empirical studies related to differences in the percep-
tools and approaches that can be used to identify complex tion of decisions between managers of projects and pro-
dependencies, support decision making and develop im- grammes and on the difference that risk management can
proved capability for uncertainty modelling. The following make in avoiding IT project failures. The final four papers
four papers look at new ways of interacting with risk man- look at the development of decision making and risk man-
4 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © Novática
Risk Management
© Novática Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 5
Risk Management
“
instead displaying chaotic, messy and wicked characteris-
This special edition brings tics. Behavioural and dynamic complexities co-exist and
interact confounding decision makers. Applying simplis-
together a collection tic, sequential resolution processes is simply inadequate for
of reflections, insights messy problems. Problems cannot be solved in isolation
require conceptual, systemic and social resolution. Moreo-
and experiences from leading ver, solutions are likely to be good enough at best and will
require stakeholder participation and engagement. The di-
experts working at the forefront
”
rect implication for tackling uncertainty and addressing
of risk issues complexity is that the managing risks mindset needs to be
evolved into a risk leadership perspective. Such perspec-
tive would look to guide, learn and adapt to new situations.
attitudes, perceptions, expectations, preferences, influences, Different events, outcomes and behaviours would require
biases, stakeholders and perspectives. The paper by Hillson adjustments and the risk process needs to adapt in order to
looks at how risk is managed in projects. Focusing on risks overcome major political issues. To address the new uncer-
in a project, may ignore the risk that the overall project poses tainties requires a move away from controlling risk towards
to the organisation, perhaps at a portfolio or programme a negotiated flexibility that accommodates the disorder and
level. The actual process of managing risks is often flawed unpredictability inherent in many complex project environ-
as some of the links and review points are missing. Moreo- ments.
ver, insufficient attention has been paid to the human com- Risk management is often proposed as a solution to the
ponent in risk assessment. Overall the process required for high failure rate in IT projects. However, the literature is at
managing risks requires a more dynamic approach respon- best inconclusive about the contributions of risk manage-
sive to learning and change. Revisiting our current proc- ment to project success. The paper by de Bakker reports on
esses and rethinking our approach can serve to improve our a detailed literature review which only identified anecdotal
engagement with risk, thereby improving the outcomes of evidence to this effect. A further analysis confirms that risk
projects. management needs to be considered in social terms given
The management of uncertainty, as opposed to risk, of- the interactive nature of the process and the limited knowl-
fers new challenges. The impact of uncertainty often defers edge that exists about the project and the desired outcomes.
decisions and delays actions as managers attempt to figure In the following stage, a collection of case studies identi-
out their options. While risks can be viewed as the known fied the activity of risk identification as a crucial step con-
unknowns, uncertainty is concerned with the unknown un- tributing to success, as viewed by all involved stakeholders.
knowns that are not susceptible to analysis and assessment. It would appear that the action, understanding and reflec-
Increasingly, organisations allocate additional contingency tion generated during that phase make recognisable contri-
resources for other things that we do not know about. The butions as identified by the relevant stakeholders. Risk re-
paper by Cleden contends that the management of uncer- porting is likewise credited with generating an impact. An
tainty requires a completely different approach. Uncertain- experiment with 53 project groups suggests that those that
ties cannot be analysed and formulated. Managing project carried out a risk identification and discussed the results
uncertainty depends on developing an understanding of the performed significantly better than those who did not. These
life cycle of uncertainty. Projects exist in a continual state groups also seemed to be more positive about their project
of dynamic tension with the accumulation of uncertainties and the result. The research suggests that it is the exchange
contributing to pushing the project away from its expected and interaction that make people more aware of the issues.
trajectory. Managers endeavour to act swiftly to correct the It also helps in forming the expectations of the different
deviations and must therefore apply a range of strategies stakeholders groups. The discussion also has inevitable side
required to stabilise the project. Uncertainties result from effects, such as changing people’s views about probabili-
complex dynamics which will often defy organised attempts ties and values. Nonetheless, the act of sharing, discussing
at careful planning. The solution is to adapt and restructure and deliberating appear to be crucial in forming a better
in a flexible and resilient fashion that will allow the project
to benefit from the uncertainty. Small adjustments will
“
thereby allow projects to improve and adjust whilst respond-
ing favourably to the conditions of uncertainty. Many of the papers report on
Project managers often have to deal with novel, one of a
kind, unfocused and complex situations that can be charac- new ideas and advances thereby
terised as ill structured. To reflect the open-ended, intercon- offering novel perspectives and
nected, social perspective, planners and designers talk of
wicked problems. Such problems tend to be ill-defined and approaches for improving the
rely upon much elusive political judgement for resolution.
The paper by Hancock points out that projects are not tame,
management of risk
”
6 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © Novática
Risk Management
© Novática Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 7
Risk Management
In addition to the materials referenced by the authors D. Cleden. Managing Project Uncertainty, Gower,
in their articles, we offer the following ones for those who 2009.
wish to dig deeper into the topics covered by the mono- D. Cooper, S. Grey, G. Raymond, P. Walker. Man-
graph. aging Risk in Large Projects and Complex Procurements,
Wiley, 2005.
Books T. DeMarco. Waltzing with Bears, Dorset House,
J. Adams, J. (1995). Risk, UCL Press, 1995. 2003.
D. Apgar. Risk Intelligence, Harvard Business N. Fenton, M. Neil. Risk Assessment and Decision
School Press, 2006. Analysis with Bayesian Networks, CRC Press, 2012.
P.L. Bernstein. Against the Gods: The remarkable G. Gigerenzer. Reckoning with Risk, Penguin
Story of Risk, Wiley, 1998. Books, 2003.
B.W. Boehm. Software Risk Management, IEEE E. Hall. Managing Risks: Methods for Software
Computer Society Press, 1989. Systems Development, Addison Wesley, 1998.
R.N. Charette. Software Engineering Risk Analysis D. Hancock. Tame, Messy and Wicked Risk Lead-
and Management, McGraw Hill, 1989. ership, Gower, 2010.
8 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © Novática
Risk Management
E. Harris. Strategic Project Risk Appraisal and Man- nal of Systems and Software, 82 (5,) 801-808, 2009.
agement, Gower, 2009. M. Kajko-Mattsson, J. Nyfjord. State of Software
D. Hillson, P. Simon. Practical Project Risk Man- Risk Management Practice, IAENG International Journal
agement: The ATOM Methodology, Management Con- of Computer Science, 35(4), 451-462, 2008.
cepts, 2007. M. Keil, L. Wallace, D. Turk, G. Dixon-Randall, U.
D. Hillson. Managing Risk in Projects, Gower, 2009. Nulden. An Investigation of Risk Perception and Risk Pro-
C. Jones. Assessment and Control of Software Risks, pensity on the Decision to Continue a Software Develop-
Prentice Hall, 1994. ment Project, The Journal of Systems and Software,
M. Modarres. RiskAnalysis in Engineering: Tech- 53(2)145-157, 2000.
niques, Tools and Trends, Taylor and Francis, 2006, T.A. Longstaff, C. Chittister, R. Pethia, Y.Y. Haimes.
R. Müller. Project Governance, Gower, 2009. Are We Forgetting the Risks of Information Technology?
M. Ould. Managing Software Quality and Business IEEE Computer, 33(12) 43-51, 2000.
Risk, Wiley, 1999. S. Pender. Managing Incomplete Knowledge: Why
P.G. Smith, G.M. Merritt. Proactive Risk Manage- Risk Management is not Sufficient, 19(1), 79-87, 2001.
ment: Controlling Uncertainty in Product Development, O. Perminova, M. Gustaffson, K. Wikstrom. Defin-
Productivity Press, 2002. ing Uncertainty in Projects: A New Perspective, Interna-
N.N. Taleb. The Black Swan: The Impact of the tional Journal of Project Management, 26(1), 73-79, 2008.
Highly Improbable, Randon House, 2007. S. Pfleeger. Risky Business: What we have Yet to
S. Ward, C. Chapman. How to Manage Project Op- Learn About Risk Management, Journal of Systems and
portunity and Risk, 3rd edition, John Wiley, 2011. Software, 53(3), 265-273, 2000.
G. Westerman, R. Hunter. IT Risk: Turning Busi- J. Ropponen, K. Lyytinen. Components of Software
ness threats into Competitive Advantage, Harvard Busi- Development Risk: How to Address Them? A Project Man-
ness School Press, 2007. ager Survey, IEEE Transactions on Software Engineering,
26 (2),2000, 98-112.
Articles and Papers L. Sarigiannidis, P. Chatzoglou. Software Develop-
H. Barki, S. Rivard, J. Talbot. Toward an Assess- ment Project Risk Management: A New Conceptual Frame-
ment of Software Development Risk, Journal of Man- work, Journal of Software Engineering and Applications
agement Information Systems, 10 (2) 203-225, 1993. (JSEA), 4 (5) 293 – 305, 2011.
C.B. Chapman. Key Points of Contention in Fram- R. Schmidt, K. Lyytinen, M. Keil, P. Cule. Identify-
ing Assumptions for Risk and Uncertainty Management, ing Software Project Risks: An International Delphi Study,
International Journal for Project Management, 24(4), 303- Journal of Management Information Systems, 17(4), 5-
313, 2006. 36, 2001.
F.M. Dedolph. The Neglected Management Activ- L. Wallace, M. Keil. Software Project Risks and their
ity: Software Risk Management, Bell Labs Technical Jour- Effects on Project Outcomes, Communications of the
nal, 8(3), 91-95, 2003. ACM, 47(4), 68-73, 2004.
A. De Meyer, C.H. Loch, M.T. Pich. Managing L. Wallace, M. Keil, A. Rai. Understanding Soft-
Project Uncertainty: From Variation to Chaos, MIT Sloan ware Project Risk: A Cluster Analysis, Journal of Infor-
Management Review, 59-67, 2002. mation and Management, 42 (1), 115-125, 2004.
R.E. Fairley. Risk Management for Software
Projects, IEEE Software, 11(3), 57-67, 1994. Web Sites
R.E. Fairley. Software Risk Management Glossary, <http://www.best-management-practice.com/Risk-
IEEE Software, 22(3), 101, 2005. Management-MoR/>.
D. Gotterbarn S. Rogerson. Responsible Risk Analy- <http://www.computerweekly.com/feature/Risk-
sis for Software Development: Creating the Software De- Management-Software-Essential-Guide>
velopment Impact Statement, Communications of the As- <http://www.riskworld.com/>
sociation for Information Systems, 15, 730-750, 2005. <http://www.riskworld.com/websites/webfiles/
S.J. Huang, W.M. Han. Exploring the Relationship ws5aa015.htm>
between Software Project Duration and Risk Exposure: A Directory of risk management websites: <http://
Cluster Analysis, Journal of Information and Management, www.riskworld.com/websites/webfiles/ws00aa009.htm>
45 (3,) 175-182, 2008. Risk management journals: <http://www.
J. Jiang, G. Klein. Risks to Different Aspects of Sys- riskworld.com/software/sw5sw001.htm>
Tem Success, Information and Management, 36 (5) 264-
272, 1999.
J.J. Jiang, G. Klein, S.P.J. Wu, T.P. Liang. The Rela-
tion of Requirements Uncertainty and Stakeholder Percep-
tion Gaps to Project Management Performance, The Jour-
© Novática Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 9
Risk Management
The most sophisticated commonly used methods of risk assessment (used especially in the financial sector) involve build-
ing statistical models from historical data. Yet such approaches are inadequate when risks are rare or novel because there
is insufficient relevant data. Less sophisticated commonly used methods of risk assessment, such as risk registers, make
better use of expert judgement but fail to provide adequate quantification of risk. Neither the data-driven nor the risk
register approaches are able to model dependencies between different risk factors. Causal probabilistic models (called
Bayesian networks) that are based on Bayesian inference provide a potential solution to all of these problems. Such
models can capture the complex interdependencies between risk factors and can effectively combine data with expert
judgement. The resulting models provide rigorous risk quantification as well as genuine decision support for risk manage-
ment.
“
Bayesian probability is a rigorous method
of quantifying uncertainty that enables us to combine data
with expert judgement
”
E (for example, depending on the outcome of a test our Indeed, in a classic study [3] when Harvard Medical School
belief about H being true might increase or decrease). This staff and students were asked to calculate the probability of
updating takes account of the likelihood of the evidence, the patient having the disease (using the exact assumptions
which is the chance of seeing the evidence E if H is true. stated in Example 1) most gave the wildly incorrect answer
When done formally this type of reasoning is called of 95% instead of the correct answer of less than 2%. The
Bayesian inference, named after Thomas Bayes who deter- potential implications of such incorrect ‘probabilistic risk
mined the necessary calculations for it in 1763. Formally, assessment’ are frightening. In many cases, lay people only
we start with a prior probability P(H) for the hypothesis H. accept Bayes theorem as being ‘correct’ and are able to rea-
The likelihood, for which we also have prior knowledge, is son correctly, when the information is presented in alterna-
formally the conditional probability of E given H, which tive graphical ways, such as using event trees and frequen-
we write as P(E|H). cies (see [4] and [5] for a comprehensive investigation of
Bayes’s theorem provides the correct formula for up- these issues). But these alternative presentation techniques
dating our prior belief about H in the light of observing E. do not scale up to more complex problems.
In other words Bayes calculates P(H|E) in terms of P(H) If Bayes theorem is difficult for lay people to compute
and P(E|H). Specifically: and understand in the case of a single hypothesis and piece
of evidence (as in Figure 1), the difficulties are obviously
P( E | H ) P( H ) P( E | H ) P( H ) compounded when there are multiple related hypotheses
P( H | E ) = = and evidence as in the example of Figure 2.
P( E ) P( E | H ) P( H ) + ( E | notH ) P(notH )
As in Figure 1 the nodes in Figure 2 represent variables
(which may be known or unknown) and the arcs represent
Example 1: Assume one in a thousand people has a par-
causal (or influential) relationships. Once we have relevant
ticular disease H. Then:
prior and conditional probabilities associated with each vari-
P(H) = 0.001, so P(not H) = 0.999
able (such as the examples shown in Figure 3) the model is
Also assume a test to detect the disease has 100% sensi-
called a Bayesian network (BN).
tivity (i.e. no false negatives) and 95% specificity (mean-
The BN in Figure 2 is intended to model the problem of
ing 5% false positives). Then if E represents the Boolean
diagnosing diseases (TB, Cancer, Bronchitis) in patients
variable "Test positive for the disease", we have:
attending a chest clinic. Patients may have symptoms (like
P(E | not H) = 0.05
dyspnoea – shortness of breath) and can be sent for diag-
P(E | H) = 1
nostic tests (X-ray); there may be also underlying causal
Now suppose a randomly selected person tests positive.
What is the probability that the person actually has the dis-
ease? By Bayes Theorem this is:
P ( E | H ) P( H ) 1× 0.001
P( H | E ) = = = 0.01963
P( E | H ) P ( H ) + ( E | notH ) P(notH ) 1× 0.001 + 0.05 × 0.999
12 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © Novática
Risk Management
factors that influence certain diseases more than others (such tunately, due to breakthroughs in the late 1980s that pro-
as smoking, visit to Asia). duced efficient calculations algorithms 13 [2][6], there are
To use Bayesian inference properly in this type of net- now widely available tools such as [7] that enable anybody
work necessarily involves multiple applications of Bayes to do the Bayesian calculations without ever having to un-
Theorem in which evidence is ‘propagated’ throughout. This derstand, or even look at, a mathematical formula. These
process is complex and quickly becomes infeasible when developments were the catalyst for an explosion of interest
there are many nodes and/or nodes with multiple states. This in BNs. Using such a tool we can do the kind of powerful
complexity is the reason why, despite its known benefits, reasoning shown in Figure 4.
there was for many years little appetite to use Bayesian in- Specifically:
ference to solve real-world decision and risk problems. For- With the prior assumptions alone (Figure 4a) Bayes
a) Prior beliefs point to bronchitis as most likely b) Patient is ‘non-smoker’ experiencing dyspnoea
(shortness of breath): strengthens belief in bronchitis
c) Positive x-ray result increases probability of TB and d) Visit to Asia makes TB most likely now
cancer but bronchitis still most likely
© Novática Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 13
Risk Management
14 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © Novática
Risk Management
Figure 5: Scatterplot of Temperature against Road Fatalities (each Dot represents a Month).
to establish hypotheses from relationships discovered in We plot the fatalities and temperature data in a scatterplot
data. Suppose we are interested, for example, in the risk of graph as shown in Figure 5.
fatal automobile crashes. Table 1 gives the number of crashes There seems to be a clear relationship between tempera-
resulting in fatalities in the USA in 2008 broken down by ture and fatalities – fatalities increase as the temperature
month (source: US National Highways Traffic Safety Ad- increases. Indeed, using the standard statistical tools of cor-
ministration). It also gives the average monthly tempera- relation and p-values, statisticians would accept the hypoth-
ture. esis of a relationship as ‘highly significant’ (the correlation
© Novática Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 15
Risk Management
coefficient here is approximately 0.869 and it comfortably tion to drive slower when faced with poor road conditions,
passes the criteria for a p-value of 0.01). leads to lower accident rates (people are known to adapt to
However, in addition to serious concerns about the use the perception of risk by tuning the risk to tolerable levels.
of p-values generally (as described comprehensively in [6]), - this is formally referred to as risk homeostasis). Con-
there is an inevitable temptation arising from such results versely, if we insist on driving fast in poor road conditions
to infer causal links such as, in this case, higher tempera- then, irrespective of the temperature, the risk of an acci-
tures cause more fatalities. Even though any introductory sta- dent increases and so the model is able to capture our intui-
tistics course teaches that correlation is not causation, the re- tive beliefs that were contradicted by the counterintuitive
gression equation is typically used for prediction (e.g. in this results from the simple regression model.
case the equation relating N to T is used to predict that at 80F The role played in the causal model by driving speed
we might expect to see 415 fatal crashes per month). reflects human behaviour. The fact that the data on the av-
But there is a grave danger of confusing prediction with erage speed of automobile drivers was not available in a
risk assessment. For risk assessment and management the database explains why this variable, despite its apparent
regression model is useless, because it provides no explana- obviousness, did not appear in the statistical regression
tory power at all. In fact, from a risk perspective this model model. The situation whereby a statistical model is based
would provide irrational, and potentially dangerous, infor- only on available data, rather than on reality, is called "con-
mation: it would suggest that if you want to minimise your ditioning on the data". This enhances convenience but at
chances of dying in an automobile crash you should do your the cost of accuracy.
driving when the highways are at their most dangerous, in By accepting the statistical model we are asked to defy
winter. our senses and experience and actively ignore the role un-
One obvious improvement to the model, if the data is observed factors play. In fact, we cannot even explain the
available, is to factor in the number of miles travelled (i.e. results without recourse to factors that do not appear in the
journeys made). But there are other underlying causal and database. This is a key point: with causal models we seek
influential factors that might do much to explain the appar- to dig deeper behind and underneath the data to explore
ently strange statistical observations and provide better richer relationships missing from over-simplistic statistical
insights into risk. With some common sense and careful models. In doing so we gain insights into how best to con-
reflection we can recognise the following: trol risk and uncertainty. The regression model, based on
Temperature influences the highway conditions the idea that we can predict automobile crash fatalities based
(which will be worse as temperature decreases). on temperature, fails to answer the substantial question: how
Temperature also influences the number of journeys can we control or influence behaviour to reduce fatalities.
made; people generally make more journeys in spring and This at least is achievable; control of weather is not.
summer and will generally drive less when weather condi-
tions are bad. 3.2 Risk Registers do not help quantify Risk
When the highway conditions are bad people tend While statistical models based on historical data repre-
to reduce their speed and drive more slowly. So highway sent one end of a spectrum of sophistication for risk assess-
conditions influence speed. ment, at the other end is the commonly used idea of a ‘risk
The actual number of crashes is influenced not just by register’. In this approach, there is no need for past data; in
the number of journeys, but also the speed. If relatively few considering the risks of a new project risk managers typi-
people are driving, and taking more care, we might expect fewer cally prepare a list of ‘risks’ that could be things like:
fatal crashes than we would otherwise experience. Some key people you were depending on become
The influence of these factors is shown in Figure 6: unavailable
The crucial message here is that the model no longer A piece of technology you were depending on fails.
involves a simple single causal explanation; instead it com- You run out of funds or time
bines the statistical information available in a database (the The very act of listing and then prioritising risks, means
‘objective’ factors) with other causal ‘subjective’ factors de- that mentally at least risk managers are making a decision
rived from careful reflection. These factors now interact in about which risks are the biggest. Most standard texts on
a non-linear way that helps us to arrive at an explanation risk propose decomposing each risk into two components:
for the observed results. Behaviour, such as our natural cau- ‘Probability’ (or likelihood) of the risk
16 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © Novática
Risk Management
By destroying the meteor in the film "Armageddon" Bruce Willis saved the world. Both the chance of the meteor strike
and the consequences of such a strike were so high, that nothing much else mattered except to try to prevent the strike.
In popular terminology what the world was confronting was a truly massive ‘risk’. But if the NASA scientists in the film
had measured the size of the risk using the formula in Figure 7 they would have discovered such a measure was
irrational, and it certainly would not have explained to Bruce Willis and his crew why their mission made sense. Specifi-
cally:
Cannot get the Probability number (for meteor strikes earth). According to the NASA scientists in the film the
meteor was on a direct collision course with earth. Does that make it a certainty (i.e. a 100% chance) of it striking Earth?
Clearly not, because if it was then there would have been no point in sending Bruce Willis and his crew up in the space
shuttle. The probability of the meteor striking Earth is conditional on a number of control events (like intervening to
destroy the meteor) and trigger events (like being on a collision course with Earth). It makes no sense to assign a direct
probability without considering the events it is conditional on. In general it makes no sense (and would in any case be
too difficult) for a risk manager to give the unconditional probability of every ‘risk’ irrespective of relevant
controls and triggers. This is especially significant when there are, for example, controls that have never been used
before (like destroying the meteor with a nuclear explosion).
Cannot get the Impact number (for meteor striking earth). Just as it makes little sense to attempt to assign an
(unconditional) probability to the event "Meteor strikes Earth’, so it makes little sense to assign an (unconditional)
number to the impact of the meteor striking. Apart from the obvious question "impact on what?", we cannot say what the
impact is without considering the possible mitigating events such as getting people underground and as far away as
possible from the impact zone.
Risk score is meaningless. Even if we could get round the two problems above what exactly does the resulting
number mean? Suppose the (conditional) probability of the strike is 0.95 and, on a scale of 1 to 10, the impact of the
strike is 10 (even accounting for mitigants). The meteor ‘risk’ is 9.5, which is a number close to the highest possible 10.
But it does not measure anything in a meaningful sense
It does not tell us what we really need to know. What we really need to know is the probability, given our current
state of knowledge, that there will be massive loss of life.
“
there is a paradox involved in such an approach: the more
By destroying carefully you think about risk (and hence the more indi-
vidual risks you record in the risk register) the higher the
the meteor in the film overall risk score becomes. Since higher risk scores are as-
sumed to indicate greater risk of failure it seems to follow
'Armageddon' Bruce Willis
”
that your best chance of a new project succeeding is to sim-
saved the world ply ignore, or under-report, any risks.
© Novática Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 17
Risk Management
Different projects or business divisions will assess 1) extensive defaults on subprime loans, 2) growth in nov-
risk differently and tend to take a localised view of their elty and complexity of financial products and 3) failure of
own risks and ignore that of others. This "externalisation" AIG (American International Group Inc.) to provide insur-
of risk to others is especially easy to ignore if their interests ance to banks when customers default. Individually these
are not represented when constructing the register. For ex- risks were assessed as ‘small’. However, when they occurred
ample the IT department may be forced to accept the dead- together the total risk was much larger than the individual
lines imposed by the marketing department. risks. In fact, it never made sense to consider the risks indi-
A risk register does not record "opportunities" or "ser- vidually at all.
endipity" and so does not deal with upside uncertainty, only Hence, risk analysis needs to be coupled with an as-
downside. sessment of the impact of the underlying events, one on
Risks are not independent. For example, in most cir- another, and in terms of their effect on the ultimate out-
cumstances cost, time and quality will be inextricably linked; comes being considered. The accuracy of the risk assessment
you might be able to deliver faster but only by sacrificing is crucially dependent on the fidelity of the underlying model;
quality. Yet "poor quality" and "missed delivery" will ap- the simple formulation of Figure 7 is insufficient. Instead of
pear as separate risks on the register giving the illusion that going through the motions to assign numbers without actually
we can control or mitigate one independently of the other. doing much thinking, we need to consider what lies under the
In the subprime loan crisis of 2008 there were three risks: bonnet.
18 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © Novática
Risk Management
Figure 12: The Potential Difference made by Bruce Willis and Crew.
Risk is a function of how closely connected events, sys- This is shown in the example of Figure 8.
tems and actors in those systems might be. Proper risk as- With this causal perspective, a risk is therefore actually
sessment requires a holistic outlook that embraces a causal characterised not by a single event, but by a set of events.
view of interconnected events. Specifically to get rational These events each have a number of possible outcomes (to
measures of risk you need a causal model, as we describe keep things as simple as possible in the example here we
next. Once you do this measuring risk starts to make sense, will assume each has just two outcomes true and false so
but it requires an investment in time and thought. we can assume "Loss of life" here means something like
‘loss of at least 80% of the world population’).
3.2.1 Thinking about Risk using Causal Analysis The ‘uncertainty’ associated with a risk is not a sepa-
It is possible to avoid all the above problems and ambigui- rate notion (as assumed in the classic approach). Every event
ties surrounding the term risk by considering the causal con- (and hence every object associated with risk) has uncer-
text in which risks happen (in fact everything we present here tainty that is characterised by the event’s probability distri-
applies equally to opportunities but we will try to keep it as bution. Triggers, controls, and mitigants are all inherently
simple as possible). The key thing is that a risk is an event that uncertain. The sensible risk measures that we are propos-
can be characterised by a causal chain involving (at least): ing are simply the probabilities you get from running the
the event itself BN model. Of course, before you can run it you still have
at least one consequence event that characterises the to provide the prior probability values. But, in contrast to
impact the classic approach, the probability values you need to sup-
one or more trigger (i.e. initiating) events ply are relatively simple and they make sense. And you
one or more control events which may stop the trig- never have to define vague numbers for ‘impact’.
ger event from causing the risk event Example. To give you a feel of what you would need to
one or more mitigating events which help avoid the do, in the Armageddon BN example of Figure 8 for the
consequence event uncertain event "Meteor strikes Earth" we still have to as-
sign some probabilities. But instead of second guessing what exploded and one where it is not. The results of both sce-
this event actually means in terms of other conditional narios are shown together in Figure 12.
events, the model now makes it explicit and it becomes much Reading off the values for the probability of "loss of
easier to define the necessary conditional probability. What life" being false we find that we jump from just over 4%
we need to do is define the probability of the meteor strike (when the meteor is not exploded) to 81% (when the me-
given each combination of parent states as shown in Figure teor is exploded). This massive increase in the chance of
9. saving the world clearly explains why it merited an attempt.
For example, if the meteor is on a collision course then Clearly risks in this sense depend on stakeholders and
the probability of it striking the earth is 1, if it is not de- perspectives, but these perspectives can be easily combined
stroyed, and 0.2, if it is. In completing such a table we no as shown in Figure 13 for ‘flood risk’ in some town.
longer have to try to ‘factor in’ any implicit conditioning The types of events are all completely interchangeable
events like the meteor trajectory. depending on the perspective. From the perspective of the
There are some events in the BN for which we do need local authority the risk event is ‘Flood’ whose trigger is ‘dam
to assign unconditional probability values. These are repre- bursts upstream’ and which has ‘flood barrier’ as a control.
sented by the nodes in the BN that have no parents; it makes Its consequences include ‘loss of life’ and also ‘house
sense to get unconditional probabilities for these because, floods’. But the latter is a trigger for flood risk from a House-
by definition, they are not conditioned on anything (this is holder perspective. From the perspective of the Local Au-
obviously a choice we make during our analysis). Such thority Solicitor the main risk event is ‘Loss of life’ for
nodes can generally be only triggers, controls or mitigants. which ‘Flood’ is the trigger and ‘Rapid emergency response’
An example, based on dialogue from the film, is shown in becomes a control rather than a mitigant.
Figure 10. This ability to decompose a risk problem into chains of
Once we have supplied the priors probability values a interrelated events and variables should make risk analysis
BN tool will run the model and generate all the measures of more meaningful, practical and coherent. The BN tells a
risk that you need. For example, when you run the model story that makes sense. This is in stark contrast with the
using only the initial probabilities the model (as shown in "risk equals probability times impact" approach where not
Figure 11) computes the probability of the meteor striking one of the concepts has a clear unambiguous interpretation.
Earth as 99.1% and the probability of loss of life (meaning Uncertainty is quantified and at any stage we can simply
at least 80% of the world population) is about 94%. read off the current probability values associated with any
In terms of the difference that Bruce Willis and his crew event.
could make we run two scenarios: One where the meteor is The causal approach can accommodate decision-mak-
20 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © Novática
Risk Management
ing as well as measures of utility. It provides a visual and is useful and which is accurate enough for the purpose re-
formal mechanism for recording and testing subjective prob- quired. This is why causal modelling is as much an art (but
abilities. This is especially important for a risky event for an art based on insight and analysis) as a science.
which you do not have much or any relevant data. The time spent analysing risks must be balanced by the
short term need to take action and the magnitude of the
4 Conclusions risks involved. Therefore, we must make judgements about
We have addressed some of the core limitations of both how deeply we model some risks and how quickly we use
a) the data-driven statistical approaches and b) risk regis- this analysis to inform our actions.
ters, for effective risk management and assessment. We have
demonstrated how these limitations are addressed by using References
BNs. The BN approach helps to identify, understand and [1] S.L. Lauritzen, D.J. Spiegelhalter. Local computations
quantify the complex interrelationships (underlying even with probabilities on graphical structures and their
seemingly simple situations) and can help us make sense of application to expert systems (with discussion). Jour-
how risks emerge, are connected and how we might repre- nal of the Royal Statistical Society Series 50(2), 157-
sent our control and mitigation of them. By thinking about 224 (1988).
the hypothetical causal relations between events we can in- [2] I.B. Hossack, J. H. Pollard, B. Zehnwirth. Introduc-
vestigate alternative explanations, weigh up the conse- tory statistics with applications in general insurance,
quences of our actions and identify unintended or Cambridge University Press, 1999.
(un)desirable side effects. [3] W. Casscells, A. Schoenberger, T.B. Graboys. "Inter-
Of course it takes effort to produce a sensible BN model: pretation by physicians of clinical laboratory results."
Special care has to be taken to identify cause and New England Journal of Medicine 299 999-1001,
effect: in general, a significant correlation between two fac- 1978.
tors A and B (where, for example A is ‘yellow teeth’ and B [4] L. Cosmides, J. Tooby. "Are humans good intuitive
is ‘cancer’) could be due to pure coincidence or a causal statisticians after all? Rethinking some conclusions
mechanism, such that: from the literature on judgment under uncertainty."
- A causes B Cognition 58 1-73, 1996.
- B causes A [5] N. Fenton, M. Neil (2010). "Comparing risks of alter-
- Both A and B are caused by C (where in our example native medical diagnosis using Bayesian arguments."
C might be ‘smoking’) or some other set of factors Journal of Biomedical Informatics 43: 485-495.
The difference between these possible mechanisms is [6] J. Pearl. "Fusion, propagation, and structuring in be-
crucial in interpreting the data, assessing the risks to the lief networks." Artificial Intelligence 29(3): 241-288,
individual and society, and setting policy based on the analy- 1986.
sis of these risks. In practice causal interpretation may col- [7] Agena 2010, <http://www.agenarisk.com>.
lide with our personal view of the world and the prevailing [8] N.E. Fenton, M. Neil. Managing Risk in the Modern
ideology of the organisation and social group, of which we World: Bayesian Networks and the Applications. Lon-
will be a part. Explanations consistent with the ideological don Mathematical Society, Knowledge Transfer Re-
viewpoint of the group may be deemed more worthy and port. 1, 2007. <http://www.lms.ac.uk/activities/
valid than others irrespective of the evidence. Hence sim- comp_sci_com/KTR/apps_bayesian_networks.pdf>.
plistic causal explanations (e.g. ‘poverty’ causes ‘violence’)
are sometimes favoured by the media and reported unchal-
lenged. This is especially so when the explanation fits the
established ideology helping to reinforce ingrained beliefs.
Picking apart over-simplistic causal claims and reconstruct-
ing them into a richer, more realistic causal model helps
separate ideology from reality and determine whether the
model explains reality. The richer model may then also help
identify more realistic possible policy interventions.
The states of variables need to be carefully defined
and probabilities need to be assigned that reflect our best
knowledge.
It requires an analytical mindset to decompose the
problem into "classes" of event and relationships that are
granular enough to be meaningful, but not too detailed that
they are overwhelming.
If we were omniscient we would have no need of prob-
abilities; the fact that we are not gives rise to our need to
model uncertainty at a level of detail that we can grasp, that
© Novática Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 21
Risk Management
Risk management has become a critical component of project management processes. Quantitative schedule risk analy-
sis methods enable project managers to assess how risks and uncertainties will affect project schedules and increase the
effectiveness of their project planning. Event chain methodology is an uncertainty modeling and schedule network analy-
sis technique that focuses on identifying and managing the events and event chains that affect projects. Event chain
methodology improves the accuracy of project planning by simplifying the modeling and analysis of risks and uncertain-
ties in the project schedules. As a result, it helps to mitigate the negative impact of cognitive and motivational biases
related to project planning. Event chain methodology is currently used in many organizations as part of their project risk
management process.
22 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © Novática
Risk Management
“
Risk management has become
a critical component of project management processes
Problems with estimation are also related to selective
”
certainties can be improved by applying a process or
perception - the tendency for expectations to affect percep- workflow tailored to the particular project or set of projects
tion [12]. Sometimes selective perception is referred, as "I (portfolio) rather than using one particular analytical tech-
only see what I want to see". One of the biases related to nique. According to the PMBOK® Guide of the Project
selective perception is the confirmation bias. This is the ten- Management Institute [16] such processes can include meth-
dency of decision makers to actively seek out and assign ods of identification of uncertainties, qualitative and quan-
more weight to evidence that confirms their hypothesis, and titative analysis, risk response planning, and risk monitor-
to ignore or underweight evidence that could discount their ing and control. The actual processes may involve various
hypothesis [13][14]. tools and visualization techniques.
Another problem related to improving the accuracy of One of the fundamental issues associated with manag-
project schedules is the complex relationship between dif- ing project schedules lies in the identification of uncertain-
ferent uncertainties. Events can occur in the middle of an ties. If the estimates for input uncertainties are inaccurate,
activity, they can be correlated with each other, one event this will lead to inaccurate results regardless of the analysis
can cause other events, the same event may have different methodology. The accuracy of project planning can be sig-
impacts depending upon circumstances, and different miti- nificantly improved by applying advanced techniques for
gation plans can be executed under different conditions. identification risks and uncertainties. Extensive sets of tech-
These complex systems of uncertainties must be identified niques and tools which can be used by individuals as well
and visualized to improve the accuracy of project sched- as in groups are available to simplify the process of uncer-
ules. tainty modeling [17][18].
Finally, the accuracy of project scheduling can be im- The PMBOK® Guide recommends creating risk tem-
proved by constantly refining the original plan using actual plates based on historical data. There are no universal, ex-
project performance measurement [15]. This can be achieved haustive risk templates for all industries and all types of
through analysis of uncertainties during different phases of projects. Project management literature includes many ex-
the project and incorporating new knowledge into the project amples of different risk lists which can be used as templates
schedule. In addition, a number scheduling techniques such [19]. A more advanced type of template is proposed in [20]:
as resource leveling and the incorporation of mitigation risk questionnaires. They provide three choices for each risk
plans, and the presence of repeated activities are difficult where the project manager can select when the risk can
to model in project schedules with risks and uncertainties. manifest itself during the project: a) at anytime b) about
Therefore, the objective is to identify an simpler process, half the time, and c) less than half the time. One of the most
which includes project performance measurement and other comprehensive analyses of risk sources and categories was
analytical techniques. performed by Scheinin and Hefner [21]. Each risk in their
Event chain methodology has been proposed as an at- risk breakdown structure includes what they call a "fre-
tempt to satisfy the following objectives related to project quency" or rank property.
scheduling and forecasting by: PMBOK® Guide recommends a number of quantita-
1. Mitigating the effects negative of motivational and tive analysis techniques, such as Monte Carlo analysis, de-
cognitive biases and improve the accuracy of estimating and cision trees and sensitivity analysis. Monte Carlo analysis
forecasting. is used to approximate the distribution of potential results
2. Simplifying the process of modeling risks and un- based on probabilistic inputs [22][23][24][25]. Each trial is
certainties in project schedules, in particular, by improving generated by randomly pulling a sample value for each in-
the ability to visualize multiple events that affect project put variable from its defined probability distribution. These
schedules and perform reality checks. input sample values are then used to calculate the results.
3. Performing more accurate quantitative analysis while This procedure is then repeated until the probability distri-
accounting for such factors as the relationships between
different events and the actual moment of events.
4. Providing a flexible framework for scheduling which
includes project performance measurement, resource
“ Event chain methodology is
currently used in many
leveling, execution of migration plans, correlations between
risks, repeated activities, and other types of analysis. organizations as part of
their project risk
”
2 Existing Techniques as Foundations for Event
Chain Methodology management process
The accuracy of project scheduling with risks and un-
© Novática Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 23
Risk Management
24 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © Novática
Risk Management
Figure 1: Events cause Activity to move to transform from Ground States to Excited States.
tical distributions of the main project parameters (cost, du- 5 Basic Principles of Event Chain Methodology
ration, and finish time), as well as similar parameters asso- Event chain methodology is based on six major princi-
ciated with particular activities. Based on such statistical ples. The first principle deals with single events, the second
distributions, it is possible to determine the chance the principle focuses on multiple related events or event chains,
project or activity will be completed on a certain date and the third principle defines rules for visualization of the events
within a certain cost. The results of Monte Carlo analysis or event chains, the fourth and fifth principles deals with
can be expressed on a project schedule as percentiles of the analysis of the schedule with event chains, and the sixth
start and finish times for activities. principle defines project performance measurement tech-
4. Perform a sensitivity analysis as part of the quanti- niques with events or event chains. Event chain methodol-
tative analysis. Sensitivity analysis helps identify the cru- ogy is not a completely new technique as it is based on
cial activities and critical events and event chains. Crucial existing quantitative methods such Monte Carlo simulation
activities and critical events and event chains have the most and Bayesian theorem.
affect on the main project parameters. Reality checks may Principle 1: Moment of Event and Excitation States
be used to validate whether the probability of the events are An activity in most real life processes is not a continu-
defined properly. ous and uniform procedure. Activities are affected by ex-
5. Repeat the analysis on a regular basis during the ternal events that transform them from one state to another.
course of a project based on actual project data and include The notion of state means that activity will be performed
the actual occurrence of certain risks. The probability and differently as a response to the event. This process of chang-
impact of risks can be reassessed based on actual project ing the state of an activity is called excitation. In quantum
performance measurement. It helps to provide up to date mechanics, the notion of excitation is used to describe el-
forecasts of project duration, cost, or other parameters. evation in energy level above an arbitrary baseline energy
state. In Event chain methodology, excitation indicates that
4 Foundations of Event Chain Methodology something has changed the manner in which an activity is
Event chain methodology expands on the Monte Carlo performed. For example, an activity may require different
simulations of project schedules and particularly risk driver resources, take a longer time, or must be performed under
(events) approach. Event chain methodology focuses on the different conditions. As a result, this may alter the activity’s
relationship between risks, conditions for risk occurrence,
“
and visualization of the risks events.
Some of the terminology used in event chain methodol- One of the fundamental
ogy comes from the field of quantum mechanics. In par-
ticular, quantum mechanics introduces the notions of exci- issues associated with
tation and entanglement, as well as grounded and excited managing project schedules
states [37][38]. The notion of event subscription and
multicasting is used in object oriented software develop- lies in the identification
ment as one of the types of interactions between objects
[39][40].
of uncertainties
”
© Novática Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 25
Risk Management
Risk most likely occurs at Equal probability of the Risk occurs only ay the
the end of the activity risk occurrence during end of activity
(triangular distribution for the course of activity
moment of risk)
Risk Risk Risk
Mean activity duration with the 5.9 days 6.3 days 7.5 days
event occurred
th
90 percentile 7.9 days 9.14 days 10 days
Table 2: Event Chain leads to Higher Project Duration compared to the Series of Independent
Events with the Same Probability.
curs. For example, the moment of the event can affect total The impacts of events are characterised by some addi-
duration of activity if it is restarted or cancelled. Below is tional parameters. For example, a parameter associated with
an example how one event (restart activity) with a prob- the impact "Fixed delay of activity" is the actual duration
ability of 50% can affect one activity (Table 1). Monte Carlo of the delay.
simulation was used to perform the analysis. Original ac- The impact of events associated with resources is simi-
tivity duration is 5 days: lar to the impact of activity events. Resource events will
Events can have negative (risks) and positive (opportu- affect all activities this resource is assigned to. If a resource
nities) impacts on projects. Mitigation efforts are consid- is only partially involved in the activity, the probability of
ered to be events, which are executed if an activity is in an event will be proportionally reduced. The impact of events
excited state. Mitigation events may attempt to transform associated with a calendar changes working and non-work-
the activity to the ground state. ing times.
Impacts of an event affecting activities, a group of ac- One event can have multiple impacts at the same time.
tivities, or lags can be: For example, a "Bad weather" event can cause an increase
Delay activity, split activity, or start activity later; of cost and duration at the same time. Event can be local,
delays can be defined as fixed (fixed period of time) and affecting a particular activity, group of activities, lags, re-
relative (in percent of activity duration); delay also can be sources, and calendars, or global affecting all activities in
negative the project.
Restart activity
Stop activity and restart it later if required Principle 2: Event Chains
End activity Some events can cause other events. These series of
Cancel activity or cancel activity with all successors, events form event chains, which may significantly affect
which is similar to end activity except activity will be marked the course of the project by creating a ripple effect through
as canceled to future calculation of activity’s success rate the project (Figure 2). Here is an example of an event chain
Fixed or relative increase or reduction of the cost ripple effect:
Redeploy resources associated with activity; for ex- 1. Requirement changes cause a delay of an activity.
ample a resource can be moved to another activity 2. To accelerate the activity, the project manager di-
Execute events affecting another activity, group of verts resources from another activity.
activities, change resource, or update a calendar. For exam- 3. Diversion of resources causes deadlines to be missed
ple, this event can start another activity such as mitigation on the other activity
plan, change the excited state of another activity, or update 4. Cumulatively, this reaction leads to the failure of the
event subscriptions for the excited state of another activity whole project.
Event chains are defined using event impacts called "Ex-
ecute event affecting another activity, group of activities,
change resources or update calendar". Here is how the afore-
mentioned example can be defined using Event chain meth-
odology:
Event 1 Event chain
1. The event "Requirement change" will transform the
Event 2 activity to an excited state which is subscribed to the event
"Redeploy resources".
Activity 1 2. Execute the event "Redeploy resources" to transfer
resources from another activity. Other activities should be
Activity 2 Event 3 in a state subscribed to the "Redeploy resources" event. Oth-
erwise resources will be not available.
Activity 3 3. As soon as the resources are redeployed, the activity
with reduced resources will move to an excited state and
the duration of the activity in this state will increase.
Figure 2: Example of Event Chain. 4. Successors of the activity with the increased dura-
© Novática Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 27
Risk Management
28 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © Novática
Risk Management
2. Events with negative impacts (threads) are repre- particularly during brainstorming meetings. Members of
sented by down arrows; events with positive impacts (op- project teams can draw arrows between associated activi-
portunities) are represented by up arrows. ties on the Gantt chart. Event chain diagrams can be used
3. Individual events are connected by lines represent- together with other diagramming tools.
ing the event chain. Another tool that can be used to simplify the definition
4. A sender event with multiple connecting lines to re- of events is a state table. Columns in the state table repre-
ceivers represents multicasting. sent events; rows represent states of activity. Information
5. Events affecting all activities (global events) are for each event in each state includes four properties of event
shown outside the Gantt chart. Threats are shown at the top subscription: probability, moment of event, excited state,
of the diagram. Opportunities are shown at the bottom of and impact of the event. State table helps to depict an ac-
the diagram. tivity’s subscription to the events: if a cell is empty the state
Often event chain diagrams can become very complex. is not subscribed to the event.
In these cases, some details of the diagram do not need to An example of state table for a software development
be shown. Here is a list of optional rules for event chain activity is shown on Table 3. The ground state of the activ-
diagrams: ity is subscribed to two events: "architectural changes" and
1. Horizontal positions of the event arrows on the Gantt "development tools issue". If either of these events occur,
bar correspond with the mean moment of the event. they transform the activity to a new excited state called
2. Probability of an event can be shown next to the event "refactoring". "Refactoring" is subscribed to another event:
arrow. "minor requirement change". Two previous events are not
3. Size of the arrow represents relative probability of subscribed to the refactoring state and therefore cannot
an event. If the arrow is small, the probability of the event reoccur while the activity is in this state.
is correspondingly small.
4. Excited states are represented by elevating the asso- Principle 4: Monte Carlo Schedule Risk Analysis
ciated section of the bar on the Gantt chart (see Figure 1). Once events, event chains, and event subscriptions are
The height of the state’s rectangle represents the relative defined, Monte Carlo analysis of the project schedule can
impact of the event. be performed to quantify the cumulative impact of the
5. Statistical distributions for the moment of event can events. Probabilities and impacts of events are used as an
be shown together with the event arrow (see Figure 1). input data for analysis.
6. Multiple diagrams may be required to represent dif- In most real life projects, even if all the possible risks
ferent event chains for the same schedule. are defined, there are always some uncertainties or fluctua-
7. Different colors can be use to represent different tions or noise in duration and cost. To take these fluctua-
events (arrows) and connecting lines associated with dif- tions into account, distributions related to activity duration,
ferent chains. start time, cost, and other parameters should be defined in
The central purpose of event chain diagrams is not to addition to the list of events. These statistical distributions
show all possible individual events. Rather, event chain dia- must not have the same root cause as the defined events, as
grams can be used to understand the relationship between this will cause a double-count of the project’s risk.
events. Therefore, it is recommended that event chain dia- Monte Carlo simulation process for Event chain meth-
grams be used only for the most significant events during odology has a number of specific features. Before the sam-
the event identification and analysis stage. Event chain dia- pling process starts all event chains should be identified.
grams can be used as part of the risk identification process, Particularly, all sender and receiver events should be iden-
© Novática Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 29
Risk Management
tified through an analysis of state tables for each activity. sis: by analyzing the correlations between the main project
Also, if events are assigned to resources, they need to be parameters, such as project duration or cost, and event chains.
reassigned to activities based on resource usage for each Critical event chains based on cost and duration may
particular activity. For example, if a manager is equally in- differ. Because the same event may affect different activi-
volved in two activities, a risk "Manager is not familiar with ties and have different impact of these activities, the goal is
technology" with a probability 6% will be transferred to both to measure a cumulative impact of the event on the project
activities with probability of 3% for each activity. Events schedule. Critical event chains based on duration are cal-
assigned to summary activities will be assigned to each ac- culated using the following approach. For each event and
tivity in the group. Events assigned to lags are treated the event chain on each trial the cumulative impact of event on
same way as activities. project duration (Dcum) is calculated based on the formula:
Each trial of the Monte Carlo simulation includes the
n
∑
following steps specific to Event chain methodology:
1. Moments of events are calculated based of statistical Dcum = (Di’ - Di)*ki
distribution for moment of event on each state. i =1
2. Determines if sender events have actually occurred at where n is number of activities in which this event or
this particular trial based on probability of the sender. event chain occurs, Di is the original duration of activity i
3. Determines if probabilities of receiver events are up- and Di’is the duration of activity i with this particular event
dated based on sender event. For example, if a sender event taken into an account, ki is the Spearman rank order corre-
unconditionally causes a receiver event, probability of a re- lation coefficient between total project duration and dura-
ceiver event will equal 100%. tion of activity i. If events are assigned to calendars, Di’ is
4. Determines if receiver events have actually occurred; if the duration of activity with the calendar used as a result of
a receiver event is a sender event at the same time, the process the event.
of determining probabilities of receiver events will continue. Cumulative impact of event on cost (Ccum) is calculated
5. The process will repeat for all ground and excited states based on formula:
for all activities and lags.
n
∑
6. If an event that causes the cancellation of an activity
occurs, this activity will be identified as canceled and the ac-
Ccum = (Ci’ - Ci)
tivity’s duration and cost will be adjusted.
i =1
7. If an event that causes the start of another activity oc-
curs, such as execution of mitigation plan, the project schedule where Ci is the original cost of activity and Ci’is the ac-
will be updated for the particular trial. Number of trials where tivity cost taking into account the this particular event.
the particular activity is started will be counted. Spearman rank order correlation coefficient is calcu-
8. The cumulative impact of the all events on the activi- lated based on the cumulative effect of the event on cost
ty’s duration and cost will be augmented by accounting for and duration (Ccum and Dcum ) and total project cost and du-
fluctuations of duration and cost. ration.
The results of the analysis are similar to the results of One of the useful measures of the impact of the event is
classic Monte Carlo simulations of project schedules. These event cost or additional expected cost, which would be added
results include statistical distributions for duration, cost, and to project as a result of the event. Event cost is not a mitiga-
success rate of the complete project and each activity or tion cost. Event cost can be used as decision criteria for
group of activities. Success rates are calculated based on selection of risk mitigation strategies. Mean event cost Cevent
the number of simulations where the event "Cancel activ- is normalized cumulative effect of the event on cost and
ity" or "Cancel group of activities" occurred. Probabilistic calculated according to the following formula:
and conditional branching, calculating the chance that project
n
∑
will be completed before deadline, probabilistic cashflow
and other types of analysis are performed in the same man- Cevent = (Cproject’ - Cproject) * kevent / ki
ner as with a classic Monte Carlo analysis of the project i=1
schedules. Probability of activity existence is calculated
based on to two types of inputs: probabilistic and condi- where Cproject’ is the mean total project cost with risks
tional branching and number of trials where an activity is and uncertainties, Cproject is the mean total project cost with-
executed as a result of a "Start activity" event. out taking into account events, but with accounting for fluc-
tuations defined by statistical distributions, kevent is the cor-
Principle 5: Critical Event Chains and Event Cost relation coefficient between total project cost and cumula-
Single events or event chains that have the most poten- tive impact of the event on cost on the particular activity, ki
tial to affect the projects are the critical events or critical is correlation coefficient between total cost and cumulative
event chains. By identifying critical events or critical event impact of the event on the activity i. Event cost can be cal-
chains, it is possible mitigate their negative effects. These culated based on any percentile associated with statistical
critical event chains can be identified through sensitivity analy- distribution of project cost.
30 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © Novática
Risk Management
Figure 6: Critical Events and Event Chains. 0 0.2 0.4 0.6 0.8
Critical events or critical event chains can be visualized half year, the event could still occur 5 times. This approach
using a sensitivity chart, as shown on Figure 6. This chart is related to psychological effect called "gambler’s fallacy"
represents events affecting cost in the schedule shown on or belief that a successful outcome is due after a run of bad
Figure 2. Event 1 occurs in Task 1 (probability 47%) and luck [42].
Task 3 (probability 41%). Event 3 occurs in Task 3 (prob- 2. Probabilities of events in a partially completed ac-
ability 50%) and Event 2 occurs in Task 2 (probability 10%). tivity depend on the moment of the event. If the moment of
All events are independent. The impact of all these events risk is earlier than the moment when actual measurement is
is "restart task". All activities have the same variable cost performed, this event will not affect the activity. For exam-
$6,667; therefore, the total project cost without risks and ple, activity "software user interface development" takes
uncertainties equals $20,000. Total project cost with risks 10 days. Event "change of requirements" can occur any time
as a result of analysis equals $30,120. Cost of Event 1 will during a course of activity and can cause a delay (a uni-
be $5,300, Event 2 will be $3,440, and Event 3 will be form distribution of the moment of event). 50% of work is
$1,380. Because this schedule model does not include fluc- completed within 5 days. If the probabilistic moment of
tuations for the activity cost, sum of event costs equals dif- event happens to be between the start of the activity and 5
ference between original cost and cost with risks and un- days, this event will be ignored (not cause any delay). In
certainties ($10,120). this case, the probability that the event will occur will be
Critical events and events chains can be used to per- reduced and eventually become zero, when the activity
form a reality check. If the probability and outcome of events approaches the completion.
are properly defined, the most important risks, based on 3. Probabilities of events need to be defined by the sub-
subjective expert judgment, should be critical risks as a re- jective judgment of project managers or other experts at
sult of quantitative analysis. any stage of an activity. For example, the event "change of
requirements" has occurred. It may occur again depending
Principle 6: Project Performance Measurement on many factors, such as how well these requirements are
with Event and Event Chains defined and interpreted and the particular business situa-
Monitoring the progress of activities ensures that up- tion. To implement this approach excited state activities
dated information is used to perform the analysis. While should be explicitly subscribed or not subscribed to certain
this is true for all types of analysis, it is a critical principle events. For example, a new excited state after the event
of event chain methodology. During the course of the "change of requirements" may not be subscribed to this
project, using actual performance data it is possible to re- event again, and as a result this event will not affect the
calculate the probability of occurrence and moment of the activity a second time.
events. The analysis can be repeated to generate a new The chance that the project will meet a specific dead-
project schedule with updated costs or durations. line can be monitored and presented on the chart shown on
But what should one do if the activity is partially com- Figure 7. The chance changes constantly as a result of vari-
pleted and certain events are assigned to the activity? If the ous events and event chains. In most cases, this chance is
event has already occurred, will it occur again? Or vice versa, reducing over time. However, risk response efforts, such
if nothing has occurred yet, will it happen? as risk mitigations, can increase the chance of successfully
There are three distinct approaches to this problem: meeting a project deadline. The chance of the project meet-
1. Probabilities of a random event in partially completed ing the deadline is constantly updated as a result of the quan-
activity stay the same regardless of the outcome of previ- titative analysis based on the original assessment of the
ous events. This is mostly related to external events, which project uncertainties and the actual project performance
cannot be affected by project stakeholders. It was originally data.
determined that "bad weather" event during a course of one- In the critical chain method, the constant change in the
year construction project can occur 10 times. After a half size of the project buffer is monitored to ensure that project
year, bad weather has occurred 8 times. For the remaining is on track. In event chain methodology, the chance of the
© Novática Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 31
Risk Management
project meeting a certain deadline during different phases Event chain methodology allows taking into an account
of the project serves a similar purpose: it is an important factors which were not analyzed by other schedule network
indicator of project health. Monitoring the chance of the analysis techniques: moment of event, chains of events, de-
project meeting a certain deadline does not require a project lays in events, execution of mitigation plans and others.
buffer. It is always possible to attribute particular changes Complex relationship between different events can be visu-
in the chance of meeting a deadline to actual and forecasted alized using event chain diagrams and state tables, which
events and event chains, and as a result, mitigate their nega- simplifies event and event chain identification.
tive impact. Finally, Event chain methodology includes techniques
designed to incorporate new information about actual
6 Conclusions project performance to original project schedule and there-
Event chain methodology is designed to mitigate the fore constantly improve accuracy of the schedule during a
negative impact of cognitive and motivational biases related course of a project. Event chain methodology offers practi-
to the estimation of project uncertainties: cal solution for resource leveling, managing mitigation
The task duration, start and finish time, cost, and other plans, correlations between events and other activities.
project input parameters are influenced by motivational fac- Event chain methodology is a practical approach to
tors such as total project duration to much greater extent scheduling software projects that contain multiple uncer-
than events and event chains. This occurs because events tainties. A process that utilizes this methodology can be eas-
cannot be easily translated into duration, finish time, etc. ily used in different projects, regardless of size and com-
Therefore, Event chain methodology can help to overcome plexity. Scheduling using Event chain methodology is an
negative affects of selective perception, in particular the easy to use process, which can be can be performed using
confirmation bias and, within a certain extent, the planning off-the-shelf software tools. Although Event chain meth-
fallacy and overconfidence. odology is a relatively new approach, it is actively used in
Event chain methodology relies on the estimation of many organizations, including large corporations and gov-
duration based on best-case scenario estimates and does not ernment agencies.
necessarily require low, base, and high estimations or sta-
tistical distribution and, therefore, mitigates the negative References
effect of anchoring. [1] B. Flyvbjerg, M.K.S. Holm, S.L. Buhl. Underestimat-
The probability of events can be easily calculated ing costs in public works projects: Error or Lie? Jour-
based on historical data, which can mitigate the effect of the nal of the American Planning Association, vol. 68, no.
availability heuristic. Compound events can be easy broken 3, pp. 279-295, 2002.
into smaller events. The probability of events can be calcu- [2] B. Flyvbjerg, M.K.S. Holm, S.L. Buhl.. What causes
lated using relative frequency approach where probability cost overrun in transport infrastructure projects? Trans-
equals the number an event occurs divided by the total port Reviews, 24(1), pp. 3-18, 2004.
number of possible outcomes. In classic Monte Carlo [3] B. Flyvbjerg, M.K.S. Holm. How inaccurate are de-
simulations, the statistical distribution of input parameters mand forecasts in public works projects? Journal of
can also be obtained from the historical data; however, the the American Planning Association, vol. 78, no. 2, pp.
procedure is more complicated and is often not used in prac- 131-146, 2005.
tice. [4] L. Virine, L. Trumper. Project Decisions. The Art and
32 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © Novática
Risk Management
Science. Management Concepts. Vienna.VA, 2007, [22] D.T. Hulett. Schedule risk analysis simplified, PM
[5] R. Buehler, D. Griffin, M. Ross. Exploring the "plan- Network, July 1996, 23-30, 1996.
ning fallacy": Why people underestimate their task [23] D.T. Hulett. Project Schedule Risk Analysis: Monte
completion times. Journal of Personality and Social Carlo Simulation or PERT?"PM Network, February
Psychology, 67, 366-381, 1994. 2000, p. 43, 2000.
[6] D. Lovallo, D. Kahneman. Delusions of success: how [24] J. Goodpasture. Quantitative Methods in Project Man-
optimism undermines executives’ decisions, Harvard agement, J.Ross Publishing, Boca Raton, FL, 2004.
Business Review, July Issue, pp. 56-63, 2003. [25] J. Schuyler. Risk and Decision Analysis in Projects,
[7] A. Tversky, D. Kahneman. Judgment Under Uncer- 2nd Edition, Project Management Institute, Newton
tainty: Heuristics and biases. Science, 185, 1124-1130, Square, PA, 2001.
74. [26] T. Williams. Why Monte Carlo simulations of project
[8] G.E. McCray, R.L. Purvis, C.G. McCray. Project Man- networks can mislead. Project Management Journal,
agement Under Uncertainties: The Impact of Heuris- September 2004, 53-61, 2004.
tics and Biases. Project Management Journal. Vol. 33, [27] G.A. Quattrone, C.P. Lawrence, D.L. Warren, K.
No. 1. 49-57, 2002. Souze-Silva, S.E. Finkel, D.E. Andrus. Explorations
[9] A. Tversky, D. Kahneman. Availability: A heuristic for in anchoring: The effects of prior range, anchor ex-
judging frequency and probability. Cognitive Physiol- tremity, and suggestive hints. Unpublished manuscript.
ogy, 5, 207-232, 1973. Stanford University, Stanford, 1984.
[10] J.S. Carroll. The effect of imagining an event on ex- [28] D.T. Hulett. Practical Schedule Risk Analysis. Gower
pectations for the event: An interpretation in terms of Publishing, 2009.
availability heuristic. Journal of Experimental Psychol- [29] D.T. Hulett. Integrated Cost-Schedule Risk Analysis.
ogy, 17, 88-96, 1978. Gower Publishing, 2011.
[11] D. Cervone, P.K. Peake. Anchoring, efficacy, and ac- [30] E. Goldratt. Critical Chain. Great Barrington, MA:
tion: The influence of judgmental heuristics of self- North River Press, 1997.
efficacy judgments. Journal of Personality and Social [31] M. Srinivasan, W. Best, S. Chandrasekaran. Warner
Psychology, 50, 492-501, 1986. Robins Air Logistics Center Streamlines Aircraft Re-
[12] S. Plous. The Psychology of Judgment and Decision pair and Overhaul. Interfaces, 37(1). 7-21, 2007.
Making, McGraw-Hill, 1993. [32] P. Wilson, S. Holt. Lean and Six Sigma — A Continu-
[13] P.C. Watson. On the failure to eliminate hypotheses in ous Improvement Framework: Applying Lean, Six
a conceptual task. Quarterly Journal of Experimental Sigma, and the Theory of Constraints to Improve
Psychology, 12, 129-140, 1960. Project Management Performance. In Proceedings of
[14] J. St. B. T. Evans, J.L. Barston, P. Pollard. On the con- the 2007 PMI College of Scheduling Conference, April
flict between logic and belief in syllogistic reasoning. 15-18, Vancouver, BC, 2007.
Memory and Cognition, 11, 295-306, 1983. [33] D.T. Hulett, D. Hillson. Branching out: decision trees
[15] R.K. Wysocki, R. McGary. Effective Project Manage- offer a realistic approach to risk analysis, PM Network,
ment: Traditional, Adaptive, Extreme, 3rd Edition, John May 2006, pp 36-40, 2006.
Wiley & Sons Canada, Ltd., 2003. [34] J. Arlow, I. Neustadt. Enterprise Patterns and MDA:
[16] Project Management Institute. A Guide to the Project Building Better Software with Archetype Patterns and
Management Body of Knowledge (PMBOK® Guide), UML. Addison –Wesley Professional, 2003.
Fourth Edition, Newtown Square, PA: Project Man- [35] G. Booch, J. Rumbaugh , I. Jacobson. The Unified
agement Institute, 2008. Modeling Language User Guide, Addison –Wesley
[17] Clemen, R. T., (1996). Making Hard Decisions, Brooks/ Professional; 2nd edition, 2005
Cole Publishing Company, 2nd ed., Pacific Grove, CA [36] B. Flyvbjerg. From Nobel Prize to project manage-
[18] G.W. Hill. Group versus individual performance: Are ment: getting risks right. Project Management Jour-
N + 1 heads better than one? Psychological Bulletin, nal, August 2006, pp 5-15, 2006.
91, 517-539, 1982. [37] R. Shankar. Principles of Quantum Mechanics, Sec-
[19] D. Hillson. Use a risk breakdown structure (RBS) to ond Edition, New York: Springer, 1994.
understand your risks. In Proceedings of the Project [38] E.B. Manoukian. Quantum Theory: A Wide Spectrum.
Management Institute Annual Seminars & Symposium, New York: Springer, 2006.
October 3-10, 2002, San Antonio, TX, 2002. [39] M. Fowler. Patterns of Enterprise Application Archi-
[20] T. Kendrick. Identifying and Managing Project Risk: tecture, Addison-Wesley Professional, 2002.
Essential Tools For Failure-Proofing Your Project, [40] R.C. Martin. Agile Software Development, Principles,
AMACOM, a division of American Management As- Patterns, and Practices. Prentice Hall, 2002.
sociation, 2nd revised Edition. New York, 2009. [41] Project Management Institute. A Guide to the project
[21] W. Scheinin, R. Hefner. A Comprehensive Survey of management body of knowledge (PMBOK). Newtown
Risk Sources and Categories, In Proceedings of Space Square, PA. Project Management Institute, Inc., 2004.
Systems Engineering and Risk Management Sympo- [42] A. Tversky, D. Kahneman. Belief in the law of small
siums. Los Angeles, CA: pp. 337-350, 2005. numbers. Psychological Bulletin, 76, 105-110, 1971.
© Novática Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 33
Risk Management
The fast changing environment and the complexity of projects has increased the exposure to risk. The PMBOK (Project
Management Body of Knowledge) standard from the Project Management Institute (PMI) proposes a structured risk
management process, integrated within the overall project management framework. However, unresolved difficulties call
for further developments in the field. In projects, risks occur within a complex web of numerous interconnected causes and
effects, which generate closed chains of feedback. Project risk dynamics are difficult to understand and control and hence
not all types of tools and techniques are appropriate to address their systemic nature. As a proven approach to project
management, System Dynamics (SD) provides this alternative view. A methodology to integrate the use of SD within the
established project management process has been proposed by the author. In this paper, this is further extended to inte-
grate the use of SD modelling within the PMBOK risk management process, providing a useful framework for the effective
management project risk dynamics.
34 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © Novática
Risk Management
and effects which generate closed chains of causal feedback. decisions). The arrows indicate cause-effect relationships,
Risk dynamics are generated by the various feedback loops and have an "o" when the cause and the direct effect change
that take place within the project system. in the opposite direction. The arrows in red identify the
The feedback perspective is particularly relevant to un- cause-effect relationships likely to generate risks. This type
derstand, explain, and act upon the behaviour of complex of diagram is referred to as "Influence Diagram" (ID).
social systems. Its added value for risk management is that If we ask the question: what caused quality problems
it sheds light on the systemic nature of risks. No single fac- and delays? the right answer is not "staff fatigue", "poor
tor can be blamed for generating a risk nor can management QA implementation" or "schedule pressure". It is the whole
find effective solutions by acting only upon individual fac- feedback structure that, over-time and under certain condi-
tors. To understand why risks emerge and to devise effec- tions, generated the quality problems and delays. In other
tive solutions, management needs to look at the whole. As words, the feedback structure causes problems to unfold
an example of this analysis, Figure 1 shows the feedback over-time. To manage systemic risks effectively, it is nec-
structure of a project, focused on the dynamics that can gen- essary to act upon this structure. This type of action con-
erate risks related to requirements changes imposed by the sists of eliminating problematic feedback loops and creat-
client. This understanding of risks is crucial for identifying, ing beneficial ones.
assessing, monitoring and controlling them better (see [4] However, project risk dynamics are difficult to under-
for more details). stand and control. The major difficulties have to do with
Feedback loops identified as "R+" are reinforcing ef- the subjective, dynamic and multi-factor nature of systemic
fects (commonly referred to as "snowball effects"), and the risks. Feedback effects include time-delays, non-linear ef-
ones identified as "B-" are balancing effects (e.g. control fects and subjective factors. Not all types of tools and tech-
Schedule 2: Estimated Cost 3: Designs Completed 4: Cum Changes 5:Errors to rework 1: Actual Schedule 2: Estimated Cost 3: Designs Completed 4: Cum Changes 5:Errors to rework
00 1: 120.00
00 2: 500.00
00 3 3: 6000.00 3
4:
00 5: 500.00 1
1 1 1 3 1 1 1 1
1: 60.00 2
00 3
2: 250.00
00 3:
2 2 3000.00 2 2
00 2 4: 2
2 5: 250.00
00
3
3 4
4
5 5
1: 0.00
.00 2: 0.00 5
.00 3: 3
3
4: 0.00 5
.00 5 5: 0.00 4 4 5
.00 4 4 4 5 4 5
0.00 30.00 60.00 90.00 120.00
0.00 30.00 60.00 90.00 120.00
Time
Time
Time
36 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © Novática
Risk Management
traditional project management framework, and formally ment processes identified in the PMBOK. Given the lim-
integrated with the PERT/CPM models. An overview of the ited size of this paper, this is now briefly described sepa-
process logic is provided in Figure 3. The arrows in black rately for each risk process. A more detailed explanation is
identify the flows within the traditional project control proc- forthcoming in the literature.
ess. SYDPIM places the use of an SD project model at the Plan Risk Management
core of this process, enhancing both planning and monitor- The implementation of SYDPIM within risk manage-
ing and thereby the overall project control. ment planning allows for the definition of the appropriate
The use of the SD model adds new steps to the basic level of structuring for the risk management activity, and
control cycle (the numbers indicate the sequence of the for the planning of the use of SD models within this activ-
steps). In planning, the SD model is used to pro-actively ity.
test and improve the current project plan. This includes fore- Adjusting the level of structuring for the risk manage-
casting and diagnosing the likely outcome of the current ment activity is crucial for the practical implementation of
plan, uncover assumptions (e.g. expected productivity), test the risk management process. An SD project model can be
the plan’s sensitivity to risks, and test the effectiveness of used to analyse this problem. Various scenarios reflecting
mitigating actions. In monitoring, the SD model is used to different levels of structuring can be simulated and the full
explain the current project outcome and status, to enhance impacts are quantified. Typically, a "U-curve" will result
progress visibility by uncovering important intangible in- from the analysis of these scenarios, ranging from pure ad
formation (e.g. undiscovered rework), and to carry out ret- hoc to over-structuring. An example of the use of an SD
rospective "what-if" analysis for process improvement while model for this purpose can be found in [3].
the project is underway. Overall, the SD model works as a
test laboratory to assess the future plans and to diagnose the Identify Risks
project past. The model also works as an important reposi- An SD project model can support risk identification in
tory of project history and metrics. two ways: at the qualitative level, through the analysis of
influence diagrams, risks that result from feedback forces
4 Using SYDPIM to manage Risk Dynamics within can be identified; at the quantitative level, intangible project
the PMBOK Framework status information (e.g. undiscovered rework) and assump-
According to the SYDPIM framework, the SD model tions in the project plan can be uncovered (e.g. required
can be used in various ways to support the six risk manage- productivity).
“
System Dynamics modelling is a very
complete technique and tool that covers a wide range
of project management needs
”
© Novática Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 37
Risk Management
“
Quantifying the impact of a risk consists in calibrating
System Dynamics modelling the model for a scenario where the risk occurs (e.g. scope
changes), and then simulate the project. One can virtually
is proposed in the specialized analyse the impact of the risk occurrence in any project vari-
able, by comparing the produced behaviour pattern with
Practice Standard for
”
the one obtained when a risk-absent scenario is simulated.
Project Risk Management For example, figure 2(b) shows the behaviour patterns pro-
duced by an SD project model when scope changes are in-
troduced by the client over-time (curve 4). These patterns
can be compared with the ones of figure 2(a), which shows
Risks can be identified in an influence diagram as events the scenario where no scope changes are introduced. This
that result from: (i) balancing loops that limit a desired type of analysis allows the project manager to identify a
growth or decay (e.g. the lack of available resources leads risk’s impact on various aspects of the project (and over-
to a balancing loop that limits the potential growth of work time; not just the final value). In addition, the feedback na-
accomplishment); (ii) reinforcing loops that lead to unde- ture of the SD model ensures that both direct and indirect
sired growth or decay (e.g. schedule pressure leads to QA impacts of risks are quantified – ultimately, when a risk oc-
cuts, which in turn lead to more rework and delays, thereby curs it will affect everything in the project, and the SD model
reinforcing schedule pressure; see "R+" loop L3 in figure captures the full impacts.
1); (iii) external factors that exacerbate any of these two An SD project model generally includes variables re-
types of feedback loops (e.g. training delays exacerbate the lated to the various project objectives (cost, time, quality,
following reinforcing loop: "the more you hire in the later and scope). One can therefore assess the risk impacts on all
stages, the worst the slippage due to training overheads."). dimensions of the project objectives. The SD model also
This type of analysis also allows for risks to be managed as allows for scenarios combining several risks to be simu-
opportunities: feedback loops can be put to work in favour lated, whereby their cross impacts are also captured. Sensi-
of the project. tivity analysis can be carried out to analyse the project’s
SD simulation models allow the project manager to sensitivity to certain risks as well as to their intensity (e.g.
check whether and how certain feedback loops previously what is the critical productivity level below which prob-
identified as "risk generators" will affect the project. In this lems will escalate?).
way, irrelevant risks can be eliminated, preventing unnec-
essary mitigating efforts. Secondly, the calibration of the Plan Risk Responses
SD model uncovers important quantitative information Influence diagrams and SD simulation models are very
about the project status and past, which typically is not powerful tools to support the development of effective risk
measured because of its intangible and subjective nature. responses. They provide three main distinctive benefits: (i)
In this way, it forces planning assumptions to be made ex- support the definition and testing of complex risk-response
plicit and thereby identifying potential risks. scenarios, (ii) provide the feedback perspective for the iden-
tification of response opportunities, and (iii) they are very
Perform Qualitative Risk Analysis effective for diagnosing and understanding better the multi-
Influence diagrams can help to assess risk probability factor causes of risks; these causes can be traced back the
and impacts through feedback loop analysis. Given a spe- through the chains of cause-and-effect, with counter-intui-
cific risk, it is possible to identify in the diagram which tive solutions often being identified.
feedback loops favour or counter the occurrence of the risk. Influence diagrams provide the complementary feedback
Each feedback loop can be seen as a dynamic force that perspective. Therefore, the power to influence, change and
pushes the project outcome towards (or away) from the risk improve results rests on acting on the project feedback struc-
occurrence. The likelihood and the impact of each risk can ture. Risk responses can be identified as actions that elimi-
be qualitatively inferred from this feedback loop analysis. nate vicious loops, or attenuate or reverse their influence
An SD simulation model can be used to identify the spe- on the project behaviour. By looking at the feedback loops
cific scenarios in which a risk would occur (i.e. likelihood). and external factors identified as risks, the project manager
Regarding impact, with simple models and preliminary cali- can devise effective responses.
brations, quantitative estimates can be taken as qualitative
“
indications of the order of magnitude of the risk impacts.
PMI’s Project Management
Perform Quantitative Risk Analysis
In quantifying risks, an SD project model provides two Body of Knowledge
additional benefits over traditional models: first, it delivers considers six risk
”
a wide range of estimates, and secondly these estimates re-
flect the full impacts of risk occurrence, including both di- management processes
rect and indirect effects.
38 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © Novática
Risk Management
© Novática Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 39
Risk Management
40 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © Novática
Risk Management
The management of risk has gradually emerged as a normal activity that is now a constituent part of many professions.
The concept of risk has become so ubiquitous that we continually search for risk-based explanations of the world around
us. Decisions and projects are often viewed through the lens of risk to determine progress, value and utility. But risk can
have more than one face depending on the stance that we adopt. The article looks at the implications of adopting different
positions regarding risk thereby opening a wider discussion about the links to danger and safety. In rethinking our posi-
tion, we are able to appraise the different strategies that are available and reason about the need to adopt a more bal-
anced position as an essential step towards developing a better informed perspective for managing risk and potential.
Old-world thinking supports the adoption of precaution- old world, the ability to know how to reduce risks inevita-
ary measures even when some cause and effect relationships bly grows out of historical interaction with risk. Solutions
are not fully understood. In others words, the principle links are shaped by past problems. Without taking risk to know
hazards or threats with (scientific) uncertainty to demand how to reduce risks, you would not know which solutions
defensive measures. Following the lead offered by the legal are safe or useful.
systems of Germany, Sweden and Denmark, the precaution-
ary principle is likely to be fully embraced in guiding Euro- What happens when a risk is actually reduced? Experi-
pean Commission policy (such as the White Paper on Food ence reveals that safety also comes with a price. As we feel
Safety published by the Commission in 2000). When fol- safe, we tend to take more chances and attract new dan-
lowed to the extreme, this policy leads to the pursuit of a gers. Research shows that the generation of added safety,
zero-risk approach, which like zero defects will remain elu- through safety belts in cars or helmets in sport, encourages
sive. danger-courting behaviour, leading often to a net increase
Amassed opposite is the new world, where risks convey in overall risk taking. This may be explained by the re-
potential, opportunity and innovation. Risk offers the po- duced incentive to avoid a risk, once protection against it
tential for gains, and occasionally creative chances and op- has been obtained.
portunities to discover new patterns of behaviour that can Adding safety measures also adds to the overall com-
lead to serious advantage over the competition. Risk thus plexity of the design process and the designed system, and
offers a key source of innovation. This can be viewed as the to the number of interactions, thereby increasing the diffi-
aggressive entrepreneurial approach to business. culty of understanding them and the likelihood of accidents
and errors. In some computer systems, adding safety de-
Who would you bet your Money on? vices may likewise decrease the overall level of safety. The
In the old-world camp, risk management is a disciplined more interconnected the technology and the greater the
way of analysing risk and safety problems in well defined number of components, the greater the potential for com-
domains. The difficulty lies in the mix of complexity, ambi- ponents to affect each other unexpectedly and to spread
guity and uncertainty with human values where problems problems, and the greater the number of potential ways for
are not amenable to old-world technical solutions. New- something to go wrong.
world problems manifest themselves as human interactions So far we have observed that risk and danger maintain
with systems. They are complex, vexing socio-technical di- a paradoxical relationship, where risks can improve safety
lemmas involving multiple participants with competing in- and safety measures can increase risks. Danger and ben-
terests and conflicting values (read that as opportunities) efits are intertwined in complex ways ensuring that safety
A ground rule for the clash is that total elimination of always comes at a price. Safety, like risk, depends on the
risk is both impossible and undesirable. It is a natural hu- perception of participants.
man tendency to try to eliminate a given risk; however that
may increase other risks or introduce new ones. Further- Predicting Danger
more, the risks one is likely to attempt to eliminate are the The mitigation of risk, as practised in the old world, is
better-known risks that must have occurred in the past and typically predicated on the assumption of anticipation. It
about which more is known. Given that elimination is not thus assumes that risks can be identified, characterised,
an option, we are forced into a more visible coexistence with quantified and addressed in advance of their occurrence.
risks and their implications. The rest of this article will fo- The separation of cause and effect, implied by these ac-
cus on the dynamic relationship between safety, risk and tions, depends on stability and equilibrium within the sys-
danger as an alternative way of viewing the risk–opportu- tem. The purpose of intended action is to return the system
nity spectrum. It will therefore help to map, and potentially to the status quo following temporary disturbances. The
resolve, the roots of the clash from an alternative perspec- old world equates danger with deviation from the status
tive. quo, which must be reversed. The purpose of risk manage-
ment is to apply resources to eliminate such disturbances.
Away with Danger? The old-world is thus busy projecting past experience into
The old world equates risk with danger, in an attempt to the future. It is thus perfectly placed to address previous
achieve a safer environment. If only it were that simple! battles but not new engagements.
Safety may result from the experience of danger. Early pro- The assumption of anticipation offers a bad bet in an
grammes, models and inventions are fraught with problems. uncertain and unpredictable environment. An alternative
Experience accumulates through interaction with and reso- strategy is resilience, which represents the way an organ-
lution of these problems. Trial and error leads to the ability ism or a system adapts itself to new circumstances in a more
to reduce error. Eliminate all errors and you reduce the op- active and agile search for safety. The type of approach
portunity for true reflective learning. applied by new-world practitioners calls for an ability to
Safety, be it in air traffic control systems, business envi- absorb change and disruption, keep options open, and deal
ronments, manufacturing or elsewhere, is normally achieved with the unexpected by conserving energy and utilising sur-
through the accumulated experience of taking risks. In the
42 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © Novática
Risk Management
© Novática Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 43
Risk Management
44 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © Novática
Risk Management
Project Risk Management has continued to evolve into what many organisations consider to be a largely mature disci-
pline. Given this evolution we can ask if there are still new ideas that need to be considered in the context of managing
project risks. In this article we consider the state of project risk management and reflect on whether there is still a
mismatch between project risk management theory and practice. We also look for gaps in the available practice and
suggest some areas where further improvement may be needed, thereby offering insights into new approaches and per-
spectives.
© Novática Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 45
Risk Management
“
The continued failure of projects to deliver
consistent benefits suggests that the problem of risk in projects
has not been completely solved
”
1. Principles formal process step to "Implement Risk Responses" rein-
2. Process forces this failing. It is also important to make a clear link
3. People between the project plan and risk responses that have been
4. Persistence agreed and authorised. Risk responses need to be treated in
the same way as all other project tasks, with an agreed
Problems with Principles owner, a budget and timeline, included in the project plan,
There are two potential shortfalls in the way most project reported on and reviewed. If risk responses are seen as "op-
teams understand the concept of risk. It is common for the tional extras" they may not receive the degree of attention
scope of project risk management processes to be focused they deserve.
on managing possible future events which might pose threats A second equally vital omission is the lack of a "post-
to project cost and schedule. While these are undoubtedly project review" step in most risk processes. This is linked
important, they are by no means the full story. The broad to the wider malaise of failure to identify lessons to be
proto-definition of risk as "uncertainty that matters" encom- learned at the end of each project, denying the organisation
passes the idea that some risks might be positive, with po- the chance to learn from its experience and improve per-
tential upside impacts, mattering because they could enhance formance on future projects. There are many risk-related
performance, save time or money, or increase value. And lessons to be learned in each project, and the inclusion of a
risks to objectives other than cost and schedule are also im- formal "Post-project Risk Review" will help to capture
portant and must be managed proactively. This leads to the these, either as part of a more generic project meeting or as
use of an integrated project risk process to manage both a separate event. Such lessons include identifying which
threats and opportunities alongside each other. This is more threats and opportunities arise frequently on typical projects,
than a theoretical nicety: it maximises a project’s chances finding which risk responses work and which do not, and
of success by intentionally seeking out potential upsides and understanding the level of effort typically required to man-
capturing as many as possible, as well as finding and avoid- age risk effectively.
ing downsides.
Another conceptual limitation which is common in the Problems with People
understanding of project risk is to think only about detailed It is common for project risk management to be viewed
events or conditions within the project when considering as a collection of tools and techniques supporting a struc-
risk. This ignores the fact that the project itself poses a risk tured system or a process, with a range of standard reports
to the organisation at a higher level, perhaps within a pro- and outputs that feed into project meetings and reviews.
gramme or portfolio, or perhaps in terms of delivering stra- This perspective often takes no account of the human as-
tegic value. The distinction between "overall project risk" pects of managing risk. Risk is managed by people, not by
and "individual project risks" is important, leading to a rec- machines, computers, robots, processes or techniques. As
ognition that risk exists at various levels reflecting the con- a result we need to recognise the influence of human psy-
text of the project. It is therefore necessary to manage over- chology on the risk process, particularly in the way risk
all project risk (risk of the project) as well as addressing attitudes affect judgement and behaviour. There are many
individual risk events and conditions (risks in the project). sources of bias, both outward and hidden, affecting indi-
This higher level connection is often missing in the way project viduals and groups, and these need to be understood and
risk management is understood or implemented, limiting the managed proactively where possible.
value that the project risk process can deliver. Setting project The use of approaches based on emotional literacy to
risk management in the context of an integrated Enterprise Risk address the human behavioural aspects of managing risk in
Management (ERM) approach can remedy this lack. projects is in its infancy. However some good progress has
been made in this area, laying out the main principles and
Problems with Process boundaries of the topic and developing practical methods
The project risk process as implemented by many or- for understanding and managing risk attitude. Without tak-
ganisations is often flawed in a couple of important respects. ing this into account, the project risk management process
The most significant of these is a failure to turn analysis as typically implemented is fatally flawed, relying on judge-
into action, with Risk Registers and risk reports being pro- ments made by people who are subject to a wide range of
duced and filed, but with these having little or no effect on unseen influences, and whose perceptions may be unreli-
how the project is actually undertaken. The absence of a able with unforeseeable consequences.
46 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © Novática
Risk Management
© Novática Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 47
Risk Management
Risk arises from uncertainty but it is difficult to express all types of uncertainty in terms of risks. Therefore managing
uncertainty often requires an approach which differs from conventional risk management. A knowledge of the lifecycle of
uncertainty (latency, trigger points, early warning signs, escalation into crisis) helps to inform the different strategies
which can be used at different stages of the lifecycle. This paper identifies five tenets to help project teams deal more
effectively with uncertainty, combining pragmatism (e.g. settle for containing uncertainty, don’t try to eliminate it com-
pletely), an emphasis on informed decision-making, and the need for projects to be structured in an agile fashion to
increase their resilience in the face of uncertainty.
© Novática Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 49
Risk Management
Figure 3: The Uncertainty Lifecycle and the Strategies Best Suited to addressing Uncertainty.
An alert project manager may be able to respond swiftly different sets of strategies are effective at different points:
and contain the problem even without prior knowledge of Knowledge-centric strategies: These help to reveal
the uncertainty, either by recognising the warning signs or the sources of uncertainty, resolve them where possible or
removing the source of uncertainty before it has a chance to prepare appropriately, for example through mitigation plan-
develop. ning and risk management.
It is also worth remembering that many kinds of uncer- Anticipation strategies: These offer a more holis-
tainty will never undergo the transition which results in an tic approach than the knowledge-centred view of uncer-
unexpected outcome. Uncertainty which doesn’t manifest tainty. By looking at a project from different perspectives,
as a problem is ultimately no threat to a project. Once again, for example by visualising future scenarios and examining
the economic argument (that it is neither desirable nor pos- causal relationships, previously hidden uncertainties are
sible to eliminate all uncertainty from a project) is a power- revealed.
ful one. The goal is to focus sufficient effort on the areas of Resilience strategies: Trying to contain uncertainty
uncertainty that represent the greatest threat and have the at source will never be 100 percent successful. Therefore, a
highest chance of developing into serious problems. project needs resilience and must be able to detect and re-
Based on this understanding of the uncertainty lifecycle, spond rapidly to unexpected events. Whilst it is impossible
to predict the nature of the problems in advance, a project It may be helpful to visualise the project as existing in a
manager can employ strategies which will imbue their continual state of dynamic tension (see Figure 4). The ac-
projects with much greater resilience. cumulation of uncertainties continually tries to push the
Learning strategies: These give the project man- project off its planned path. If left unchecked, the problems
ager and the organisation as a whole the ability to improve may grow so severe that there is no possibility of recover-
and benefit from experience over time. No two projects face ing back to the original plan.
exactly the same uncertainty, so it is important to be able to The project manager’s role is to act swiftly to correct
adapt and learn lessons. the deviations, setting actions to resolve issues, implement-
ing contingency plans or nipping problems in the bud. This
3 Five Tenets for Dealing Effectively with Project requires mindfulness and agility: mindfulness to be able to
Uncertainty spot things going wrong at the earliest possible stage, and
3.1 Aim to contain Uncertainty, not eliminate it agility in being able to react swiftly and effectively to damp
No individual can bring order to the universe, and nei- down the problems and bring the project back on track.
ther can the project manager protect his or her project from
every conceivable threat. Managers who try to do this la- 3.2 Uncertainty is an Attribute not an Entity in its
bour under unworkable risk management regimes, construct- Own Right
ing unwieldy risk logs and impossibly costly mitigation We often talk about uncertainties as if they are discrete
plans. Amidst all the effort being poured into managing objects when in fact uncertainty is an attribute of every as-
small, hypothetical risks (the ‘ghost risks’), a project man- pect of the project. The ‘object’ model of uncertainty is
ager may be too busy to notice that the nuts and bolts of the unhelpful because it suggests that there are clusters of un-
project – where the real focus of attention should be – have certainties hiding away in the darker corners of the project.
come loose. It is much better to concentrate on detecting If only we could find them, we could dispose of them and
and reacting swiftly to early signs of problems. Whilst un- our project would be free of uncertainty.
certainty can never be entirely eliminated, it can mostly cer- This is a flawed point of view. Uncertainty attaches to
tainly be contained, and that should be good enough. Ulti- every action or decision much like smell or colour does to
mately this is a far more effective use of resources. a flower. The level of uncertainty may be strong or weak
“
but collectively we can never completely eliminate uncer-
Managing uncertainty often tainty because the only project with no uncertainty is the
project that does nothing.
requires an approach which Once this is accepted, it becomes pointless to attempt to
manage uncertainty in isolation from everything else. A
differs from conventional
”
project manager cannot set aside a certain number of hours
risk management each week to manage uncertainty, it is inherent in every
decision taken. Uncertainty cannot be compartmentalised.
© Novática Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 51
Risk Management
Figure 5: Collective Team Responsibility to react rapidly during the Transition Period is
Key to minimising the Impact of Uncertainty.
52 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © Novática
Risk Management
© Novática Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 53
Risk Management
able, or the avoidance measures are too costly. Consider have stepped back far enough to be within touching dis-
the example of a subcontractor who, it later transpires, may tance of the current project status. (See Figure 7).
be incapable of delivering a critical input on time. We could This approach focuses on positive attributes (what are
detour around this uncertainty by dismissing the subcon- the project’s success criteria?) not the negative aspects of
tractor in favour of some competitor who can provide a bet- the risks to be avoided. Both are important, but many project
ter service. This will mean cancelling existing contracts, managers forget to pay sufficient attention to nurturing the
researching the marketplace and renegotiating commercial positive aspects. By ‘thinking backwards’ from a future sce-
terms with an alternative supplier – all time-consuming and nario, the desired path often becomes much clearer. It is
potentially costly activities – and with the risk of being no ironic that ‘backward thinking’ is often just what is needed
better off with the alternative supplier. to lead a project forward to successful completion.
Secondly, detouring only works for quantifiable uncer-
tainty (the ‘known unknowns’). Unfathomable uncertainty 3.5 Meet Uncertainty with Agility
may well strike too rapidly to permit a detour. Perhaps the best defence against uncertainty is to or-
Our final option is reorientation. This is a more dra- ganise and structure a project in a sufficiently agile fashion
matic form of detour where we aim for a modified set of to be resilient to the problems that uncertainty inevitably
objectives in the face of insurmountable uncertainty. Highly brings. This manifests in two ways: how fast can the project
novel projects sometimes have to do this. To plough on in adapt and cope with the unexpected, and how flexible is
the face of extreme uncertainty risks total failure. The only the project in identifying either new objectives or new ways
alternative is to redefine the goals, that is, reorient the project to achieve the same goals?
in a way that negates the worst of the uncertainty. This is not a One approach is to ensure that the project only ever takes
tactic for the faint-hearted. Convincing the client that a project small steps. Small steps are easier to conceptualise, plan
cannot be delivered as originally conceived is no easy task. for and manage. They can be retraced more easily if they
But it is worth asking the question, "Is it better to deliver some- haven’t delivered the required results or if it becomes clear
thing different (but broadly equivalent) than nothing at all?" they are leading in the wrong direction. Small steps also
support the idea of fast learning loops. For instance, a
3.4 Uncertainty encompasses both Opportunity lengthy project phase reduces the opportunity to quickly
and Threat feedback lessons learned. If the project is too slow to re-
It is important to seize opportunities when they arise. If spond, it may fail under the accumulated weight of uncer-
some aspects of a project are uncertain, it means there are tainty.
still choices to be made, so we must choose well. Too often, More iterative ways of working are becoming increas-
the negative consequences dominate the discussion, but ingly common and do much to increase the agility of a
perhaps the project can achieve more than was planned, or project. A feature of monolithic projects (i.e. those which
achieve the same thing by taking a different path. Is there a do not follow an iterative strategy) is the assumption that
chance to be innovative? Project managers must always be everything proceeds more or less as a sequence of tasks
open to creative solutions. As Einstein said, "We can’t solve executed on a ‘right first time’ basis. Generally speaking,
problems by using the same kind of thinking we used when more effort is directed at protecting this assumption (for
we created them." example, by analysing and mitigating risks which may
All approaches to dealing with uncertainty depend to a threaten the task sequence) than on planning for a certain
greater or lesser extent on being able to forecast future level of rework. In contrast, by planning to tackle tasks it-
events. The classic approach is sequential: extrapolating eratively, two benefits are gained: firstly, early sight of un-
from one logical situation to the next, extending out to some fathomable issues which wouldn’t otherwise surface until
point in the future. But with each step, cumulative errors much later in the schedule, and secondly, greater opportu-
build up until we are no longer forecasting but merely enu- nity to make controlled changes.
merating the possibilities. Finally, an agile project is continuously looking for ways
Suppose instead we don’t try to forecast what will hap- to improve. A project which is unable (or unwilling) to learn
pen, but focus on what we want to happen? This means lessons is destined to repeat its early mistakes because it
visualising a desired outcome and examining which at- ignores opportunities to learn from the unexpected. Some
tributes of that scenario are most valuable. Working back- lessons are obvious, some require much soul-searching,
wards from this point, it becomes possible to see what cir- brainstorming or independent analysis. What matters above
cumstances will naturally lead to this scenario. Take an- all else is that the improvements are captured and dissemi-
other step back, and we see what precursors need to be in nated and the changes implemented, either in the latter project
place to lead to the penultimate step – and so on until we stages or in the next project the organisation undertakes.
David Hancock
The type of problems that need to be solved in organizations are very variable in terms of their complexity ranging from
‘tame’ problems to ‘wicked messes’. We state that projects tend to have the characteristics of wicked messes where deci-
sion making gets confused by behavioural and dynamic complexities which coexist and interact. To address the situation
we cannot continue to rely on sequential resolution processes, quantitative assessments and simple qualitative estimates.
We propose instead to develop the concept of risk leadership which is intended to capture the activities and knowledge
necessary for project managers to accommodate the disorder and unpredictability inherent in project environments through
flexible practices leading to negotiated solutions.
© Novática Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 55
Risk Management
Figure: Two pendulums with an initial starting difference of only 1 arcsec (1/3600 of a
degree).
“
To address the situation we cannot continue to rely
on sequential resolution processes, quantitative assessments
and simple qualitative estimates
”
Monte Carlo simulations are used when data is thin, espe- Tame problems are problems which have straight-for-
cially to answer how much should I apply questions. ward simple linear causal relationships and can be solved
Probabilistic and quantitative risk assessments are used for by analytical methods, sometimes called the cascade or
toxicity estimates for drugs and chemicals, and to support waterfall method. Here lessons can be learnt from past
public policy decisions. For political risks, managers rely events and behaviours and applied to future problems, so
on qualitative analyses of ‘experts’. When it comes to fi- that best practices and procedures can be identified. In con-
nancial risks (credit, currency, interest rate and market), we trast ‘messes’ have high levels of system complexity and
are inundated with Greek letters (betas, thetas, and so on) are clusters of interrelated or interdependent problems. Here
and complex econometric models that are comprehensible the elements of the system are normally simple, where the
only to the trained and initiated. The quantitative tools are complexity lies in the nature of the interaction of its ele-
often too abstract for laymen, whereas the qualitative tools lack ments. The principle characteristic of which is that they can-
mathematical rigour. Organisations need a combination of both not be solved in isolation but need to be considered holistically.
tools, so that they can deliver sensible and practical assess- Here the solutions lie in the realm of systems thinking. Project
ments of their risks to their stakeholders. Finally it is important management has introduced the concepts of Programme and
to remember that the result of quantitative risk assessment de- Portfolio management to attempt to deal with this type of com-
velopment should be continuously checked against one’s own plexity and address the issues of interdependencies. Using strat-
intuition about what constitutes reasonable qualitative behav- egies for dealing with messes is fine as long as most of us
iour. When such a check reveals disagreement, then the fol- share an overriding social theory or social ethic; if we don’t
lowing possibilities must be considered: we face ‘wickedness’. Wicked problems are termed as ‘di-
1. A mistake has been made in the formal mathemati- vergent’, as opposed to ‘convergent’ problems. Wicked
cal development; problems are characterised by high levels of behavioural
2. The starting assumptions are incorrect and/or con- complexity. What confuses real decision-making is that be-
stitute too drastic oversimplification; havioural and dynamic complexities co-exist and interact
3. One’s own intuition about the field is inadequately in what we call wicked messes. Dynamic complexity re-
developed; quires high level conceptual and systems thinking skills;
4. A penetrating new principle has been discovered. behavioural complexity requires high levels of relationship
and facilitative skills. The fact that problems cannot be
Tame Messes and Wicked Problems solved in isolation from one another makes it even more
One of the first areas to be investigated is whether our cur- difficult to deal with people’s differing assumptions and
rent single classification of projects is a correct assumption. values; people who think differently must learn about and
The general view at present appears to treat them as linear, create a common reality, one which none of them initially
deterministic predictable systems, where a complex system or understands adequately. The main thrust to the resolution
problem can be reduced into simple forms for the purpose of of these types of problems is stakeholder participation and
analysis. It is then believed that the analysis of those individual ‘satisficing’. Many risk planning and forecasting exercises
parts will give an accurate insight into the working of the whole are still being undertaken on the basis of tame problems
system. The strongly held feeling that science will explain eve- that assume the variables on which they are based are few,
rything. The use of Gant charts with their critical paths and that they are fully understood and able to be controlled.
quantitative risk models with their corresponding risk correla- However uncertainties in the economy, politics and society
tions would support this view. However this type of problem have become so great as to render counterproductive, if not
which can be termed tame appears to be the only part of the futile, this kind of risk management that many projects and
story when it comes to defining our projects. organisations still practise.
“
Guiding rather than prescribing
Project managers Adapting rather than formalising
Learning to live with complexity rather than simpli-
must accommodate fying
Inclusion rather than exclusion
the disorder Leading rather than managing
and unpredictability inherent The implications of the new concept of risk leader-
ship are described in Table 1.
in project environments What does this all mean? At the least it means we must
through flexible practices apply a new approach for project and risk management for
problems which are not tame. That we should look to en-
leading to negotiated hance our understanding of the behavioural aspects of the
solutions
” profession and move away from a blind application of proc-
ess and generic standards towards an informed implemen-
tation of guidance. That project and risk management is
more of an art than a science and that this truly is the best
Chaos and Projects time to be alive and being in project and risk management.
At best I believe projects should be considered as deter-
ministic chaotic systems rather than tame problems. Here I References
am not using the term Chaos as defined in the English lan- [1] J. Gleick. Chaos: Making A New Science. Penguin,
guage which tends to be associated with absolute random- 1987.
ness and anarchy (Oxford English Dictionary describes
chaos as "complete disorder and confusion") but based on
the Chaos theory developed in the 1960’s. This theory
showed that systems which have a degree of feedback in-
corporated in them, that tiny differences in input could pro-
duce overwhelming differences in output. (The so called
Butterfly effect see Box 1[1]). Here chaos is defined as ape-
riodic (never repeating twice) banded dynamics (a finite
range) of a deterministic system (definite rules) that is sen-
sitive on initial conditions. This appears to describe projects
much better than the linear deterministic and predictable
view. In which both randomness and order could exist si-
multaneously within those systems. The characteristics of
these types of problem are that they are not held in equilib-
rium either amongst its parts or with its environment but are
far from being held in equilibrium and the system operates
‘at the edge of chaos’ where small changes in input can cause
the project to either settle into a pattern or just as easily veer
into total discord. For those who are sceptical consider the
failing project that receives new leadership it can just as
easily move into abject failure as settle into successful de-
livery and at the outset we cannot predict with any certainty
which one will prevail. At worst they are wicked messes.
Conclusion
How should the project and risk professional exist in
this world of future uncertainly? Not by returning to a reli-
ance on quantitative assessments and statistics where none
exists. We need to embrace its complexities and understand
the type of problem we face before deploying our armoury
of tools and techniques to uncover a solution, be they the
application of quantitative data or qualitative estimates. To
address risk in the future tense we need to develop the con-
cept of ‘risk leadership’ which consists of:
58 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © Novática
Risk Management
Karel de Bakker
Project management practitioners and scientists assume that risk management contributes to project success through
better planning of time, money and requirements. However, current literature on the relation between risk management
and IT project success provides hardly any evidence for this assumption. Nevertheless, risk management is used frequently
on IT projects. Findings from new research provide evidence that individual risk management activities are able to con-
tribute to project success through "communicative effects". Risk management triggers or stimulates action taking, it
influences and synchronizes stakeholders’ perceptions and expectations and it shapes inter-stakeholder relationships.
These effects contribute to the success of the project.
© Novática Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 59
Risk Management
influence
Risk management PROJECT
Figure 1: Traditional View on Risk Management and its Relation to the Project.
presence of risk; they avoid it, ignore it or delay their ac- erature ignore the results from research which indicate the
tions [5]. This behaviour is not in line with the assumed assumptions and mechanisms that underpin project risk
rational behaviour of actors. Thirdly, project stakeholders management only work in specific situations, or do not work
in general deliberately overestimate the benefits of the at all. This should at least lead to a discussion about the
project and at the same time they underestimate the project validity of certain elements of the Bodies of Knowledge,
risks at the start of the project [6]). Finally, various authors and to the adjustment of the project risk management proc-
(e.g. [7]) indicate that the complete sequence of risk man- ess, which is claimed to be founded on good practice [8] or
agement activities is often not followed in projects, conse- even Best Practice [10].
quently the assumption of rational problem solving is in-
correct. 3 An Additional View to Project Risk Management
Not only is there very little evidence from recent litera- An important assumption in the current literature un-
ture that risk management contributes to IT project success, derpinning both project management and the way risk man-
empirical findings thus far indicate it is also unlikely that agement influences the project and consequently project
risk management is able to contribute to IT project success. success, is the assumption that projects are taking place in a
Taking into consideration the remarks made by various au- reality that is known, and that reality is responding accord-
thors about the limitations of IT projects, risk management ing to the laws of nature the project stakeholders either know
is able to contribute to IT project success if the project: (1) or may be able to know (see e.g. [11]). This so called
has clear and fixed requirements, (2) uses a strict method of instrumentalism assumption defines project risk manage-
system development, and (3) has historical and applicable ment, its effects, and the object on which project risk man-
data available, collected from previous projects. The com- agement works, i.e. the project, in instrumental terms. Fig-
bination of the three mentioned criteria will only occasion- ure 1 depicts the relation between risk management and the
ally be met in IT projects. As an example we can consider project in traditional terms, in other words under the as-
the development of a software module of known function- sumption of instrumentalism.
ality and function points by a software development organi- Risk management may work well in situations in which
sation, certified on CMM level 4 or 5. the object of risk management can be described in terms of
It remains remarkable that there is such a large gap be- predictable behaviour (the instrumental context), for instance
tween project risk management in theory and project risk controlling an airplane or a nuclear power plant, or a piece
management in practice. Findings from research indicate of well defined software that must be created as part of an
that the complete risk management process as described for IT project. Risk management is then an analytical process
instance in the PMI Body of Knowledge [8], is often not in which information is collected and analysed on events
followed [9], or even that practitioners do not see the value that may negatively influence the behaviour of the object
of executing particular steps of the risk management proc- of risk management. However, projects, and particularly IT
ess [7]. In addition, it is remarkable that both project man- projects, generally consist of a combination of elements that
agement Bodies of Knowledge and established current lit- contain both predictable and human behaviour; the latter of
influence
Risk management PROJECT
Figure 2: Adjusted (or New) View on Risk Management and its Relation to the Project.
60 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © Novática
Risk Management
Risk Management
Activities, e.g.:
Identification Communicative
effects
Success of the
Registration project
(an individual
stakeholder
opinion)
Analysis
Allocation Instrumental
effects
Reporting
which is not always predictable. The presence of human project success criteria, may play an important role in this
behaviour makes a project a social object, an object which stakeholder evaluation process, but they are no longer the
does not behave completely predictably. only outcomes that together determine if the project can be
Furthermore, human behaviour, together with human considered a success. Therefore, project success becomes
interaction, plays a role in the risk management process it- opinionated project success, and is no longer considered as
self. During the various activities of the risk management something that can be determined and measured only in
process, participants in these activities interact with each objective terms.
other. Risk management can then no longer be considered The adjusted view, considering risk management in
instrumental action, but should be considered social action terms of social action, implies that risk management is a
instead. These interactions between participants in the risk process in which participants interact with each other. In
management process may be able to create effects in addi- addition to the traditional view, which considers risk man-
tion to the assumed instrumental effects of risk management. agement only in terms of instrumental action and instru-
Figure 2 presents this adjusted view on the relationship be- mental effects, the additional view assumes that interaction
tween risk management and the project. between participants or social interaction exists, which may
This adjusted view, which considers risk management lead to additional effects on the project and its success (see
as being social action working on a social object, instead of Figure 3). This research refers to these effects resulting from
instrumental action working on an instrumental object, leads interaction as “communicative effects”, and the research
to various changes in model definitions and assumptions assumes that each risk management activity individually
compared to the traditional view. may be able to generate communicative effects and may
The adjusted view considers project success to be the therefore individually contribute to project success.
result of a personal evaluation of project outcome charac- Generally speaking, this additional view on risk man-
teristics by each stakeholder individually (see e.g. [12]). agement creates an environment in which human behav-
Timely delivery, delivery within budget limits and delivery iour and perception play central roles in terms of describ-
according to requirements, being the traditional objective ing the effect of risk management and the success of the
62 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © Novática
Risk Management
project. The additional view acknowledges the influence of Considering project success, two projects score low on
stakeholders interacting with each other, and influencing objective project success because of serious issues with
each other through communication. By doing so, this addi- time, budget and requirements; both projects had a restart.
tional view positions itself outside the strict instrumental or Four projects score medium on objective project success,
“traditional” project management approach that can be found all having minor issues with one or more of the objective
in project management Bodies of Knowledge. However, the success criteria. One project scores high on objective project
additional view does not deny the fact that risk manage- success. Variation on opinionated project success is low.
ment may influence project success in an instrumental Stakeholders from the two low objective success projects
way; it only states that in addition to the potential instru- score lower on opinionated project success than
mental effect of risk management, there is a communica- stakeholders from the other five projects, but based on the
tive effect. Given the limitations of the effectiveness of objective success scores, the difference is less than expected.
the instrumental effect, the influence of the communica- ERP implementation projects that participated in the re-
tive effect of risk management on project success may search were selected based on the criterion that they had
probably be larger than the influence of the instrumental done “something” on risk management. The sample of
effect. projects therefore does not include projects that performed
no risk management at all. Risk identification is conducted
4 Results from Case Studies on all projects, in various formats including brainstorm ses-
Seven ERP implementation projects were investigated sions, moderated sessions and expert sessions. Risk analy-
for the presence of communicative effects as a result of the sis was carried out in five projects, but only in a rather ba-
project risk management process. Presented here is a table sic way; none of the projects used techniques for quantita-
(Table 1) with an overview of all investigated ERP imple- tive risk analysis. Other risk management activities, the use
mentation projects. A total number of 19 stakeholders from of which were investigated in the projects are: the planning
the various projects were interviewed. Data collection took place of the risk management process, the registration of risks,
between one and two months after project completion. the allocation of risks to groups or individuals, the report-
© Novática Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 63
Risk Management
“
four effects mentioned with risk identification and report-
Risks in IT projects ing. The research data demonstrate a positive relation (both
in quantity and in quality) between the effects generated
cannot be managed through risk management activities and project success.
by means of the risk
”
5 Results from an Experiment
management process The conclusion that individual risk management activi-
ties contribute to project success is based upon the opinions
of individual stakeholders, meaning that the effect of risk
ing of risks to stakeholders or stakeholder groups and the management on project success is directly attributable to
control of risks. Actual use and format of these practices those effects as perceived by project stakeholders. Given
vary over the projects. the case study research setting, the possibilities for “objec-
The case studies’ results demonstrate that, according to tive” validation of these perceptions are limited. In order to
stakeholders, project risk management activities contribute create additional information on the effect of a specific risk
to the perceived success of the project. Risk identification management practice on project success, independently of
is, by all stakeholders, considered to be the risk manage- various stakeholders’ perceptions, an experiment was de-
ment activity that contributes most to project success. Fur- veloped with the aim to answer to the following sub-ques-
thermore, stakeholders provide a large number of indica- tion: Does the use of a specific risk management practice
tions on how risk identification, in their view, contributes influence objective project success and project success as
to project success. Finally, risk identification is, by perceived by project members?
stakeholders, considered to be able to contribute to project Building on the results of the case studies, risk identifi-
success through a number of different effects; Action, Per- cation was chosen as the risk management activity for the
ception, Expectation and Relation effects1 . experiment. Risk identification is the activity which, accord-
Risk identification triggers, initiates or stimulates ac- ing to the results from the case studies, has the most impact
tion taking or making actions more effective (Action ef- on project success. Furthermore, a project generally starts
fect). It influences the perception of an individual with a risk identification session, which makes risk identi-
stakeholder and synchronizes various stakeholders’ percep- fication relatively easy to implement in an experimental set-
tions (Perception effect). It influences the expectations of ting. The experiment was conducted with 212 participants
stakeholders towards the final project result or the expecta- in 53 project groups. All participants were members of a
tions on stakeholder behaviour during project execution project group where, in the project, each member had the
(Expectation effect). Finally, it contributes to the process of same role. The project team had a common goal, which fur-
building and maintaining a work and interpersonal relation- ther diminished the chances for strategic behaviour of par-
ship between project stakeholders (Relation effect). Risk ticipants. The common goal situation provided the condi-
reporting is another risk management activity that influences tions for open communication and therefore for communi-
project success through these four effects. Other risk man- cative effects, generated by the risk management activity.
agement activities also generate effects, but less than the All project groups that performed risk identification be-
fore project execution used a risk prompt list to support the
risk identification process. 17 groups did risk identification
by discussing the risks with team members (type 3 groups);
18 groups that did risk identification did not discuss risks
with team members (type 2 groups). The control group
projects (type 1 groups, 18 groups) conducted no risk iden-
tification at all before project execution. All project groups
had to execute the same project, consisting of 20 tasks.
Results from the experiment demonstrate that project
groups that conducted risk identification plus discussion
64 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © Novática
Risk Management
66 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © Novática
Risk Management
Decision-Making:
A Dialogue between Project and Programme Environments
Manon Deguire
This paper proposes to revisit and examine the underlying thought processes which have led to our present state of DM
knowledge at project and programme levels. The paper presents an overview of the Decision Making literature, observa-
tions and comments from practitioners and proposes a DM framework which may lead to empowering project and pro-
gramme managers in the future.
© Novática Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 67
Risk Management
“
act with an ever-expanding pool of stakeholders and other
The paper presents tools, such as meetings, reports and electronic networks
which are also important. Intuition, judgment and vision
an overview of the have become essential for successful strategic project and
Decision Making literature, programme management.
Without an appropriate framework, some authors have
observations and comments suggested that managers do not characteristically solve
from practitioners
” problems but only apply rules and copy solutions from oth-
ers [6]. Managers do not seem to use new decision-support
tools that address potential all-encompassing sector-based
elements, such as flexibility, organizational impact, com-
the registers of long-term memory and re-access them in munication and adaptability, nor technological and em-
the course of assessing and choosing options. Many authors ployee developments. There is therefore a potential for
refer to this mechanism as "intuitive DM" a term that has managerial application of new, value creation decision-sup-
not gained much credibility in the business environment and port tools. Because these are not mature tools, in the first
is still looked down upon by many decision analysts. instance they might be introduced in a more qualitative way
Given the years during which modern Project Manage- – ‘a way of thinking’, as suggested in [7], to reduce the
ment was developed (as well as other management trends), managerial skepticism. Recent decision-support tools might
it is not surprising to find that the more controlled, linear be fruitfully combined with traditional tools to address criti-
mechanistic approach to DM permeates its literature and cal elements and systematize strategic project management.
the project context seems to have neglected the importance It is now a well-accepted fact that traditional problem-
of the softer and/or more qualitative aspects of the manage- solving techniques are no longer sufficient as they lead to
ment domain that are now being recognized as essential for restrictive, linear Cartesian conclusions on which decisions
good business to develop. Therefore, in the new context of were usually based in the past. Instead, practitioners need
projects and programmes, quantitative aspects of the DM to be able to construct and reconstruct the body of knowl-
process are progressively becoming secondary issues to such edge according to the demands and needs of their ongoing
qualitative issues as the meaningfulness of a decision for practice [8]. Reflecting, questioning and creating processes
different stakeholders and for the overall organization. must gain formal status in the workplace [9].
Project managers are repetitively expected to listen to In [10] it is implied that management is a series of DM
different stakeholders’ needs and account for the numerous processes and assert that DM is at the heart of executive
qualitative and quantitative variables when making deci- activity in business. In the new business world, decisions
sions, however, both information overload and organiza- need to be made fast and most often will need to evolve in
tional constraints usually make this difficult to implement time. However, most of the research is based on a tradi-
and very little guidance can be found in the project litera- tional linear understanding of the DM process. In this lin-
ture. If anything, the overwhelming importance of the DM ear model, predictions are made about a known future and
issue seems rather accepted as common knowledge for decisions are made at the start of a project, taking for
project managers as it is not mentioned or explored in the granted that the future will remain an extension of the past.
PMBOK® Guide [5] or in other popular project approaches
despite the bulk of recent research and growing interest in 2 DM at Project Level
this domain. In spite of the increasing importance placed on The commonly accepted definition of a project as a
DM knowledge and skills, many project and programme unique interrelated set of tasks with a beginning, an end
managers continue to struggle with the concept that can stand and a well defined outcome [5] assumes that everyone can
in the way of career progression and may be one of the pri- identify the tasks at the outset, provide contingency alter-
mary factors preventing project and programme success. natives, and maintain a consistent project vision through-
Project management practice is permeated with the out the course of the project [11]. The ‘performance para-
thought that in order to facilitate DM in the project context, digm’ [12][13] used to guide project management holds true
simple (linear) evaluation tools should be widely used. How- only under stable conditions or in a time-limited, change-
ever, it has now long been documented that these decision- limited, context [14][15]. This is acceptable as long as, by
support tools are no longer sufficient when project manag- definition, the project is a time-limited activity, and for the
ers’ roles have grown to accommodate the ever-changing sake of theoretical integrity, is restricted to "the foresee-
complexity of the business environment. This situation has able future."
added considerably to the number of variables and the di- The traditional DM model has provided project manag-
mensions of an already complex web of relationships brought ers with a logical step-by-step sequence for making a deci-
about by the stakeholder focus. With such changes as the sion. This is typical of models proposed in the decision-
implementation of Project Management Offices, Portfolio making literature of corporate planning and management
Management, Program Management and Project-Based Or- science of the past. It describes how decisions should be
68 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © Novática
Risk Management
made, rather than how they are made. The ability of this lose any resemblance to linearity [23]. This has been raised
process to deliver best decisions rests upon the activities by many authors in reference to strategic issues such as the
that make up the process and the order in which they are organization’s competitive position, the achievement of the
attended to. In this framework, the process of defining a programme’s benefits and the effects of changes on the pro-
problem is similar to making a medical diagnosis, the per- gramme business case [24][25]. These same issues have tra-
formance gap becomes a symptom of problems in the or- ditionally been processed through a project view of change
ganization’s health and identification of the problem is fol- control rather than a strategic view of change management
lowed by a search for alternative solutions. The purpose of with one of the main drawbacks being that these standard
this phase of the decision-making process is to seek the best approaches focus on a linear programme lifecycle [26][27].
solution [16, Ch. 1]. Several authors have identified a basic According to these authors, focus on early definition and
structure, or shared logic, underlying how organizations and control of scope severely restricts flexibility thus negating
decision-makers handle decisions. Three main decision- the value of having a programme. Furthermore, insistence
making phases can be defined: Identification by which situ- on a rigid life cycle intrinsically limits the ability of the
ations that require a decision-making response come to be programme to adapt in response to evolving business strat-
recognized, Development involving two basic routines (a egy [26].
search routine for locating ready-made solutions and a de- When studying the implementation of strategic projects,
sign routine to modify or develop custom made solutions) Grundy [25] found that cognitive, emotional and territorial
and Selection with its three routines (screening, evaluation- themes were so intrinsically interwoven to the decision-
choice and authorization) [17]. making process that he suggested using the concept of "mud-
dling through" originally introduced by Lindblom in 1959
3 DM at Programme Level [28]. Similarly unsatisfied with the rational model of deci-
More recently, many organizations have felt a need to sion-making at top management levels, Isenberg stated in
further develop towards a fully projectised structure, which [29] that managers "rely heavily on a mix of intuition and
goes beyond a simple portfolio approach and involves the disciplined analysis" and "might improve their thinking by
management of strategic decisions through programmes combining rational analysis with intuition, imagination and
[18][19]. This move has somewhat shifted the responsibili- rules of thumb" (p.105).
ties and decision-making roles of project and programmes Much of the literature concerning decision-making at
managers. At this level, several projects needs to be man- higher management levels seems to manifest perplexity and
aged together in order to create synergies and deliver ben- more questions than answers. By increasing our knowledge
efits to the organization rather than delivering a specific in this domain and providing an appropriate framework,
product or service in isolation and in most organizations project and programme managers might find material to
programme managers are actively working within a para- reflect and possibly enhance their skills to better fit each
dox. They have an official role in a legitimate control sys- environment.
tem (project level), facilitating an integrated transactional
change process, and simultaneously participate in a shadow 4 Discovering Project and Programme Level
system in which no one is in control [20]. Views
A mechanistic style of management warranting a more Beer [30] felt that most organizational research was ir-
rational and linear approach to DM is appropriate when goals relevant to practitioners because practitioners worked in a
are clear and little uncertainty exists in the prevailing envi- world of chaos and complex systems, whereas research was
ronment [11][21]. programme management practice is not still about simple and equilibrated systems operated by re-
meant to replace this management focus; rather, it encom- searchers who maintain their objectivity. In order to respond
passes it in a larger context. Here, managers cannot control to such concerns, this research project was set in a partici-
their organization to the degree that the mechanistic per- patory paradigm [31] and uses a mix of observation and
spective implies, but they can see the direction of its evolu- semi-structured interviews. The interview questions are
tion [22]. When several variables are added to a system or based on the theoretical framework that was developed from
when the environment is changed, the relationships quickly the literature review and designed to capture the complex
web of thought processes leading to decisions. The main
objective was to uncover characteristics of linear and non-
© Novática Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 69
Risk Management
again look at the symptoms. So, in a way, in the decision tance. The importance of this aspect ranges from at least
making process we breakdown the problem to something equal to out-weighting the technical aspect. Together with
that we can observe or measure." This description could the traditional DM breakdown process, experience is usu-
have been taken from a number of DM texts that are con- ally mentioned as a key factor of the DM process.
cerned with the way decisions should be made. In fact, for Contrary to the discourse held by project managers, there
project managers, most purely technical decisions seem to are no such straightforward textbook answers from pro-
follow the traditional DM model, breaking down into more gramme managers. This could be simply symptomatic of
manageable small decisions and exploring alternatives the sample; however, programme managers describe an it-
against each other. However, even in this group, many state erative ongoing process of information gathering in order
that few decisions are purely technical and say that most to make sense of holistic situations. One programme man-
decisions involve a human component that varies in impor- ager saw herself as constantly gathering information in or-
© Novática Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 71
Risk Management
“
dictions they stimulate. A good example is the story of Ar-
Three main istotle who is said to have told of how Thales used predic-
tive logic to deduct, from accumulated historical data, that
decision-making phases the next season’s olive crop would be a very large one and
bought all the olive presses, making a fortune in the proc-
can be defined: Identification,
”
ess. However, given that deductive reasoning is dependent
Development and Selection on its premises, a false premise can lead to a false result. In
the best circumstances, results from deductive reasoning
are typically qualified as non-false conclusions such as: "All
der to organize it in a cohesive way. Talking about the pro- humans are mortal. Paul is a human è Paul is mortal".
gramme she is presently involved in, she described the proc- From the project managers’ perspective, the project’s
ess in the following words: "It involves many different peo- basic assumptions and constraints are the starting premises
ple at different levels and I need to set time aside to under- for all further decisional processes. In fact, these initial con-
stand exactly what is going on. Then, I will need to get back ditions of the project environment act as limits or bounda-
to them and formulate how it all fits in together, but I need ries, necessary for this type of DM process to be effective.
to give myself some time to get my head around it." Project managers generally feel that most large decisions
are actually made during the first phases of the project, be-
5 Discussion fore and during the planning stage. Project management
The data analysis shows that project managers seem to typically delivers outputs in the form of products and serv-
have a natural predisposition toward using a more tradi- ices and most project decisions are made to commit to the
tional and structured approach to DM. This observation can achievement of these specific outputs [32]. This perspec-
be accounted for in more than one way and the research tive infers that a series of small decisions that amount to
method employed does not enable the establishment of the project plan, are made during the planning phase and
causal relationships. The difference could be caused by the finally add up to what is referred to as a large decision: the
nature of their roles and responsibilities or that people who approved project plan. All these decisions, that shape the
have personal affinities for this type of DM approach tend project, are made at the onset of the project. All later deci-
to be attracted to this type of work. Further psychological sions are considered less important, more specific, and
testing would be necessary to establish this second type of aimed at problem solving; often limited to one domain of
relationship. Nevertheless, project managers have described knowledge at a time (i.e. technical, human relations…).
logical step-by-step sequences that could actually have been Because most large decisions have been made at the onset,
used as examples for the typical models proposed in the once the scope is defined, it limits the number of possible
DM literature such as those described in [16] and [17]. Al- dependant variables in the DM process. The number of sig-
though critics of this approach have outlined the fact that nificant stakeholders involved is also limited and the over-
the ability of this process to deliver best decisions rests upon all situation is described as limited to the project’s immedi-
the activities that make up the process and the order in which ate environment. Much of the DM follows a relatively tra-
they are attended to, the project managers interviewed seem ditional structured model to which the deductive thought
comfortable with, and skilled at, using this method to re- process seems to adapt readily. Figure 1 illustrates this DM
solve problems. model for projects.
Within this DM model, project managers also tend to
use a process of deductive reasoning more often than pro- 6 Programme Management Framework
gramme managers that have described processes of induc- A particularly interesting finding is the fact that deduc-
tive reasoning as a preferential thought process when en- tive reasoning does not seem quite as popular or as univer-
gaged in DM activities. Aristotle, Thales and Pythagoras sally called for in the DM processes of the programme man-
first described deductive reasoning around 600 to 300 B.C. agers we interviewed. However, the use of inductive rea-
This is the type of reasoning that proceeds from general soning seems more popular than for project managers. De-
principles or premises to derive particular information
(Merriam-Webster). It is characteristic of most linear DM
tools used in the context of high certainty. These tools are
aimed at achieving an optimal solution to a problem that
has been modeled with two essential requirements:
“ Contrary to the discourse
held by project managers,
a) Each of the variables involved in the decision-mak- there are no such
ing process behaves in a linear fashion and
b) The number of feasible solutions is limited by con-
straightforward textbook
straints on the solution. answers from
These tools rely almost entirely on the logic and basic
underlying assumptions of statistical analysis, regression
analysis, past examples and the linear expectations and pre-
programme managers
”
72 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © Novática
Risk Management
“
fact that deductive thought processes are less suited than
DM processes at project inductive ones in the DM processes of programme manag-
ers.
and programme level differ
7 Conclusion
significantly in the timing, Both project and programme managers were unanimous
pacing and number of major in recognizing the importance and the amount of time spent
in decision-making activities and that further knowledge is
decisions, as well as the needed in this domain.
nature of the DM It would seem that a more mechanistic style of manage-
processes employed ” ment warranting a more rational and linear approach to de-
cision making is appropriate when goals are clear and little
uncertainty exists in the prevailing environment. The time-
limited definition of projects makes them well adapted to
ductive reasoning applies general principles to reach spe- this performance paradigm.
cific conclusions, whereas inductive reasoning examines These observations do not aim to lessen the require-
specific information, perhaps many pieces of specific infor- ments for traditional DM, but highlight the fact that pro-
mation, to derive a general principle. gramme management DM practice encompasses a larger
A well known example of this type of thought process is context. Here, managers cannot control their organizations
found in the story of Isaac Newton. By observation and think- to the degree that the mechanistic perspective implies, but
ing about phenomena such as how apples fall and how the have to develop an awareness of their future evolution. The
planets move, he induced the theory of gravity. In much the implications are readily felt at the decisional level; when
same way, programme managers relate stories about having several variables are added to a system or when the envi-
to collect information through observation, questions and ronment is changed and relationships quickly lose any sem-
numerous exchanges in order to put the pieces together into blance of linearity.
a cohesive story to manage the programme. The use of Anal- Finally, this dialog has highlighted the fact that the DM
ogy (plausible conclusion) is often apparent in the pro- processes at project and programme level differ significantly
gramme managers’ discourse. This process uses compari- in the timing, pacing and number of major decisions, as
sons such as between the atom and the solar system and the well as the nature of the DM processes employed. Most
DM process is then based on the solutions of similar past large or important project decisions are bound by the
problems, intuition or what is often referred to as experi- project’s basic assumptions and project managers tend to
ence. Contrary to project management where most decisions have a preference for deductive mental processes when
are taken to commit to the achievement of specific outputs, making decisions. The occurrence of large or important pro-
programme management typically delivers outcomes in the gramme decisions seems to persist throughout the pro-
form of benefits and business case decisions are taken over gramme life cycle as they are prompted by setting the as-
longer periods of time depending on the number of projects sumptions for each project when these kick off. Because
that are progressively integrated to the programme and to the programme delivers benefits and that these cannot be
the timing scale of these different projects [32]. as clearly defined as products or services its environment
These decisions increasingly commit an organization to is not as clearly defined or bound by set basic assumptions
the achievement of the outcomes or benefits and the DM and inductive reasoning seems more suited to meet the pro-
period, although important at the beginning continues pro- gramme managers’ decision making needs.
gressively as the situation evolves to accommodate the
changes in this larger environment. Typical responses from References
programme managers tend to converge toward an ongoing [1] T. Spradlin. A Lexicon of Decision Making,
series of large decisions (affecting the totality of entire DSSResources.COM, 03/05/2004. Extracted from:
projects) as the programme evolves over time. This can be <http://dssresources.com/papers/features/spradlin/
compared to the project level discourse that described large spradlin03052004.html> on 12 Jan 2007.
decisions at the onset and smaller ones (not affecting the [2] R.B. Sambharya. Organizational decisions in multi-
overall business case of the project) as the project evolved. national corporations: An empirical study. International
This is in keeping with the fact that, since programmes de- Journal of Management, 11, 827-838, 1994.
liver benefits as opposed to specific products or services, [3] J. von Neuman, O. Morgenstein. Theory of games and
the limits of the programme environment are not as specific economic behavior. Princeton, NJ: Princeton Univer-
or as clearly defined as those for the project. Organizational sity Press, 1947.
benefits are inherently linked to organizational strategy, value [4] R. Hastie, M. Dawes. Rational Choice in an Uncertain
systems, culture, vision and mission. This creates an un- World. Thousand Oaks: CA: Sage Publications, Inc.,
bounded environment and basic assumptions are not as clear 2001.
as for the project environment. This could account for the [5] PMI. A Guide to the Project Management Body of
© Novática Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 73
Risk Management
Knowledge (PMBOK® Guide) – 4th ed., 2008. tions: consulting from a complexity perspective. Jour-
[6] James G. March. How decisions happen in organiza- nal of Organizational Change Management, 10(3),
tion. Human-Computer Interaction, 6(2), 95-117, 1991. 235-250, 1997.
[7] M. Amram, N.. Real Options: Managing Strategic In- [20] P. Shaw. Intervening in the shadow systems of organi-
vestment in an Uncertain World (1st ed.). Boston, Mas- zations: consulting from a complexity perspective.
sachusetts: Harvard Business School Press, 1999. Journal of Organizational Change Management, 10(3),
[8] D.A. Schön. Educating the Reflective Practitioner. Lon- 235-250, 1997.
don: Jossey-Bass, 1987. [21] PMCC. A Guidebook of Project and Program Man-
[9] C. Bredillet. Knowledge management and organiza- agement for Enterprise Innovation (P2M)-Summary
tional learning. In P.W.G. Morris & J.K. Pinto (Eds.), Translation, Revised Edition. Project Management
The Wiley project management resource book. New Professionals Certification Center, Japan, 2002.
York, NY: John Wiley and Sons, 2004. [22] M. Santosus. Simple, Yet Complex, CIO Entreprise
[10] R.M. Cyert, H.A. Simon, D.B. Trow,. Observations of Magazine, April 15, 1998. Retrieved 20 Jan. 2004 from
a business decision. The Journal of Business, 29(4), <http://www.cio.com/archive/enterprise/041598_
237-248, 1956. [23] M. Beer. Why management re- qanda.html>. Interview of R. Lewin and B. Regine
search findings are unimplementable: An action sci- based on their book "Soul at Work: Complexity Theory
ence perspective. Reflections, The SoL MIT Press-So- and Business" (published in 2000 by Simon &
ciety for Organizational Learning Journal on Knowl- Schuster).
edge, Learning and Change, 2(3), 58-65, 2001. [23] J.W. Begun. Chaos and complexity frontiers of organi-
[11] M.T. Pich, C.H. Loch, A. de Meyer. On Uncertainty, zation science. Journal of Management Inquiry, 3(4),
Ambiguity, and Complexity in Project Management. 329-335, 1994.
Management Science, Vol. 48, No. 8 (Aug., 2002), [24] M. Görög, N. Smith. Project Management for Manag-
1008-1023. ers, Project Management Institute, Sylva, NC, 1999.
[12] M. Thiry. Combining value and project management [25] T. Grundy. Strategic project management and strate-
into an effective programme management model. In- gic behaviour. International Journal of Project Man-
ternational Journal of Project Management, (Special agement, 18, 93-103, 2000.
Issue April 2002; 20-3, 221-228, and Proceedings of [26] M. Lycett, A. Rassau, J. Danson. Programme manage-
the 4th Annual Project Management Institute-Europe ment: a critical review. International Journal of project
Conference [CD ROM]. Management, 22:289-299, 2004.
[13] M. Thiry. The development of a strategic decision man- [27] M. Thiry. FOrDAD: A Program Management Life-
agement model: An analytic induction research proc- Cycle Process. International Journal of Project Man-
ess based on the combination of project and value man- agement, Elseveir Science, Oxford (April, 2004) 22(3);
agement. Proceedings of the 2nd Project Management 245-252.
Institute Research Conference, 482-492, 2002. [28] C.E. Lindblom. The science of muddling through. Pub-
[14] Standish Group International. The CHAOS Report , lic Administration Review, 19, 79-88, 1959.
1994. Retrieved 25 Feb 2000 from <http://www. [29] D.J. Isenberg. How senior managers think. Havard
standishgroup.com/sample_research/chaos_1994_ Business Review, Nov/Dec, 80, 1984.
1.php>. [30] M. Beer. Why management research findings are
[15] KPMG. "What went wrong? Unsuccessful information unimplementable: An action science perspective. Re-
technology projects", 1997. Retrieved 10 Mar. 2000 flections, The SoL MIT Press-Society for Organiza-
from <http://audit.kpmg.ca/vl/surveys/it_wrong.htm>. tional Learning Journal on Knowledge, Learning and
[16] D. Jennings. Strategic decision making. In D. Jennings Change, 2(3), 58-65, 2001.
& S. Wattam (Eds.), Decision making An integrated [31] J. Heron, P. Reason. A participatory inquiry paradigm.
approach (2nd ed, pp. 251-282). Harlow, UK: Prentice Qualitative Inquiry, 3: 274-294, 1997.
Hall Pearson, 1998. [32] OGC. Managing Successful Programmes. Eighth Im-
[17] H. Mintzberg, D. Rasinghani, A. Theoret. The struc- pression. The Stationery Office. London, 2003.
ture of "unstructured" decision processes, Administra-
tive Science Quarterly, June 1976, 246-275.
[18] T.J. Moore. An evolving program management matu-
rity model: Integrating program and project manage-
ment. Proceedings of the Project Management Insti-
tute’s 31st Annual Seminars & Symposium Proceed-
ings, 2000 [CD-ROM].
[19] D. Richards. Implementing a corporate programme
office. Proceedings of the 4th Project Management In-
stitute-Europe Conference, 2001 [CD-ROM]. [20] P.
Shaw. Intervening in the shadow systems of organiza-
74 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © Novática
Risk Management
This article is developed from the author’s book on strategic project risk appraisal [1] and her special report on project
management for the ICAEW [2]. The book is based on over eight years of research in the area of risk and uncertainty in
strategic decision making, including a project funded by CIMA [3] and explores the strategic level risks encountered by
managers involved in different types of project. The special report classifies these using the suits from a pack of cards. This
article illustrates the key risks for three types of project including IT projects and suggests how managers can deal with
these risks. It makes a link between strategic analysis, risk assessment and project management, offering a new approach
to thinking about project risk management.
1 Investing in Projects in an Uncertain World Elaine Harris is Professor of Accounting and Management and
Projects are often thought of as a sequence of activities Director of the Business School at the University of Roehampton
with a life cycle from start to finish. One of the biggest in London, United Kingdom. She is author of Gower Publishing’s
problems at or before the start is being able to foresee the Strategic Project Risk Appraisal and Management and Managing
Editor of Emerald’s Journal of Applied Accounting Research
end, at some time in the future. Uncertainty poses a range
(JAAR). She chairs the Management Control Association
of issues for project planning and risk assessment. If we (MCA), a network of researchers working in the area of control
think of projects as temporary endeavours, not all outcomes systems and human behaviour in organisations. <Elaine.Harris@
may be measurable by the end, where lasting benefits may roehampton.ac.uk>
be desirable. This provides the problem of how we judge
projects to be successful. Performance of projects has typi-
cally been measured by the three constraints of time, money project will be. Faced with this uncertainty, we can attempt
and quality. Whilst it may be easy to ascertain whether a to predict the factors that can impact on a project. Once we
project is delivered on time and within budget, it is harder can identify these factors and their possible impacts we can
to assess quality, especially when a project is first deliv- call them risks and attempt to analyse and respond to them.
ered. Many projects, even those that were famously late and Risks can be both positive, such as embedded opportuni-
well over budget like the Sydney Opera House, can become ties, perhaps to do more business with a new client or cus-
icons in society and be perceived as very successful after a tomer in future, or negative, things that can go wrong, and
longer period of time. The classic issue in project manage- those indeed require more focus in most risk management
ment is that only a small minority of projects achieve suc- processes. Project risk assessment should begin before the
cess in all three measures, so academics have been search- organisation makes its decision about whether to under-
ing for better ways to measure the success of projects, which take a project, or if faced with several options, which alter-
involves unpicking ‘quality’, and in whose eyes projects native to choose.
are perceived to succeed or fail [2]. One common weakness in the approach that organisa-
All strategic decisions that select which projects an or- tions take to project risk management is the failure to iden-
ganisation should invest in are taken without certain knowl- tify the sources of project risk early enough, before the or-
edge of what the future will hold and how successful the ganisation commits resources to the project (appraisal
stage). Another is not to share that risk assessment infor-
“
mation with project managers so that they can develop suit-
This article illustrates able risk management strategies. Through action research
in a large European logistics company, a new project risk
the key risks for three types of assessment technique (Pragmatix®) has been developed to
project including IT projects overcome these problems. It provides an alternative method
for risk identification, ongoing risk management, project
and suggests how managers
”
review and learning. This technique has been applied to
can deal with these risks eight of the most common types of projects that organisa-
tions experience.
© Novática Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 75
Risk Management
2 Project Typology sus (use of political lobbying and social practice to build
Whilst the definition of a project as a temporary activity support for a case). These behaviours can be positively en-
with a start and finish implies that each project will be dif- couraged to draw on the valuable knowledge and experi-
ferent in some way from previous projects, there are many ence of organisational members, or impact negatively, for
which share common characteristics. Table 1 shows the most example status quo bias creating barriers to change [3].
commonly experienced projects, informed by finance pro- In many organisations it is possible to observe bottom-
fessionals in a recent survey. Each is marked with a suit up ideas being translated into approved projects by a team
from a pack of cards which attempts to classify projects as at business unit level working up a business case to justify
follows: a proposal using standard capital budgeting templates and
Hearts – need to engage participants hearts and minds procedures for group board approval (Figure 1). There are
to succeed feedback loops and projects may be delayed while suffi-
Clubs – need to work to a fixed schedule of events cient information is gathered, analysed and presented. This
Diamonds – products need to capture the imagina- process can take days (for example corporate events),
tion and look attractive in the marketplace months (for example new client or business development)
Spades – physical structures e.g. buildings, roads, or even years (for example new products where health and
bridges, tunnels safety features in approval such as drugs or aeroplanes).
This article features three types of project (1, 2 and 6) Where delay is feasible, where the opportunity will not be
shown in Table 1 to give a flavour of the research findings. lost in competitive market situations, a real options approach
is possible. The use of the term real options here is an ap-
3 Project Appraisal and Selection proach or way of thinking, not a calculable risk as in de-
In order to generate a suitable project proposal for this rivatives. It simply means that there is an option to delay,
purpose, the project needs to be scoped and alternative op- disaggregate or redefine the project decision to maximise the
tions may need to be developed from which the most suit- benefit of options, for example to build in embedded opportu-
able option may be selected. The way the project is defined nities for further business. This may be more important in dif-
and described in presenting a business case for investment ficult economic times as capital may be rationed.
can influence decision makers. It is important for senior However, where projects are initiated by senior man-
managers, both financial and non-financial to understand agement in a top-down process, the usual steps in capital
the underlying psychological issues in managerial judge- investment appraisal may not be followed, as there may be
ment, such as heuristics (using mental models, personal bias external pressure brought to bear on a chief executive or
and rules of thumb), framing (use of positive, negative or finance director, for example in business acquisitions, stra-
emotive language in the presentation of data) and consen- tegic alliances etc. Appraisal procedures may be over-rid-
76 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © Novática
Risk Management
© Novática Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 77
Risk Management
CORPORATE FACTORS:
Strategic fit Potential contribution to strategy
Expertise Level of expertise available compared to need
Impact Potential impact on company/brand reputation
PROJECT OPPORTUNITY:
Size Scale of investment, time and volume of work
Complexity Number of and association between
Planning timescale assumptions
Quality of customer/supplier Time available to develop proposal pre-decision
Credit checking etc. added during version 4
updates
EXTERNAL FACTORS:
Cultural fit Matching set of values, beliefs & practices of
Quality of information parties
Demands of customer(s) Reliability, validity & sufficiency of base data
Environmental Challenge posed by specific customer
requirements
Likely impact of PEST factors, inc. TUPE
COMPETITIVE POSITION:
Market strength Power position of company in contract
Proposed contract terms negotiations
Likely contract terms and possible risk
transference
Table 2: Project Risk Attributes for Business Development Projects. (Source: adapted from [4].)
den or hi-jacked in such cases, with often negative conse- 4. Take action to manage risks (adopt risk management
quences in terms of shareholder value. The justification for strategies)
such projects is often argued on a financial basis, but evidence 5. Monitor and review risks (update risk assessment
shows that the target company shareholders make more money and evaluate risk strategies)
out of these than those in the bidding company. This is a key Linking these to the project life cycle, steps 1 and 2
risk that may be picked up by internal audit. form the risk analysis that should be undertaken during the
project initiation stage, step 3 links to the planning stage,
4 Risk Analysis and steps 4 and 5 should occur during project execution.
There is a common risk management framework in busi- Risks should also be reviewed as part of the project review
ness organisations that can be applied to projects as well as stage to improve project risk management knowledge and
continuing operations. The number and labelling of steps skills for the future [2].
might differ, but the process usually involves: Evidence from practice suggests that steps 1 and 2 are
1. Identify risks (where will the risk come from?) rarely carried out early enough in the project life cycle, step
2. Assess or evaluate risks (quantify and/or prioritise) 5 monitoring is often undertaken in a fairly mechanical way,
3. Respond to risks (take decisions e.g. avoid, mitigate and comprehensive review at project level is hardly found
or limit effect) to occur at all after the project has ended, especially in non-
project based organisations.
“ A new project
risk assessment technique
The difficulty in identifying the risks relating to projects,
especially at an early stage when the project may not be
well defined, is that no two projects are exactly the same.
However, using the project typology in box 1 it can be seen
(Pragmatix®) has been that headline or strategic risks are likely to be similar for projects
developed to overcome of a similar type. In [9] a range of qualitative methods for
these problems
” project risk identification is presented, including cognitive
mapping, and examples are given for several types of project.
78 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © Novática
Risk Management
Table 3: Mitigating Actions. (Source: adapted from unpublished MBA group coursework with permission.)
© Novática Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 79
Risk Management
“
These projects involve securing new customers and
markets for existing products or services. The strategic analy- The final section of this
sis of the organisational and environmental context for a
BDP can help to generate several possible risks. The analy- article shows the analysis
sis of strengths, weaknesses, opportunities and threats of 100 risk management
(SWOT) can identify risk areas for the organisation (corpo-
rate factors in table A), and help to analysis the strategic fit strategies into six
of the project. Then a more detailed analysis of the external
factors, political, economic, social, technical, legal and en-
vironmental (PESTLE) can identify further risk areas (ex-
ternal and market factors in Table 2). The invitation to ten-
categories
”
der might also help to identify risks in a BDP project, for 5 Risk Management Strategies
example the ‘demands of the customer’ in Table 2. For each type of project covered in the research a set of
risk management strategies like those shown in Table 3 were
Example 2: Systems Development or IT Projects identified. These totalled 100 and the following six catego-
For an IT project, which is essentially a supply problem, ries emerge from their analysis, in the order of frequency
the chain from software supplier to client (users) via spon- of observation:
sor (owner) can reveal at least half of the sources of risk. 1: Project Management (23%)
The functional requirements of the system are defined by This category includes the deployment of project man-
the client, and the risks here may determine whether the agement methodologies such as work breakdown structure,
client will be satisfied that the system does what it is sup- scheduling, critical path analysis etc. and the establishment
posed to do. Internal clients in IT projects may be more de- of a project leader and project team, as found in the PM
manding than external clients in BDP projects. body of knowledge. The most observations for this type of
Figure 2 shows a typical project risk map for an IT risk management strategy were in IT projects, relocation
project. The figure shows the high risk areas shaded darker and events management, where timing is critical.
and the lower risk areas lighter. The key to managing these 2: Human Resource Management (21%)
risks is understanding and responding to stakeholder This category includes recruitment, training and devel-
motivations and expectations. opment of personnel, including managers and the manage-
ment of change in work practices. This type of strategy fea-
Example 3: New Site or Relocation Projects tured most strongly in acquisitions, IT projects and reloca-
A new site may involve the choice of location, acquisi- tion.
tion, construction or refurbishment of buildings. In a relo- 3: Stakeholder Management (19%)
cation project, stakeholder analysis can reveal key groups This category includes stakeholder analysis and man-
of people who need managing closely. The employees are agement through consultation, relationship management and
the principal group, followed by management and custom- communications. It featured most strongly in systems de-
ers (continuity). Infrastructure risks (geographic factors) may velopment projects, NPD projects and events management,
be revealed by PESTLE analysis. Table 3 shows how risk which are necessarily customer-focussed. In IT projects and
management strategies can be developed to mitigate these events management there are many more stakeholder groups
risks. with diverse interests to manage.
The final section of this article shows the analysis of 4: Knowledge Management (18%)
100 risk management strategies into six categories, and draws This category includes searching for information, re-
conclusions for the use of a strategic approach to project cording, analysing, sharing and documenting information,
risk identification, assessment and management [1]. for example in market research and feasibility studies. It
features most strongly in BDP and NPD projects and in
acquisitions. It is closely related to training and develop-
“
ment, so overlaps with that aspect of human resource man-
Project reviews agement.
5: Financial Management (10%)
are recommended to evaluate This category includes credit checking of suppliers and
how well risk management customers, financial modelling and budget management as
80 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © Novática
Risk Management
References
[1] E. Harris. Strategic Project Risk Appraisal and Man-
agement, Farnham: Gower (Advances in Project Man-
agement series), 2009.
[2] E.P. Harris. Project Management, London: ICAEW Fi-
nance & Management special report SR33, 2011.
[3] E. Harris, C.R. Emmanuel, S. Komakech. "Manage-
rial Judgement and Strategic Investment Decisions",
Oxford: Elsevier, 2009.
[4] E.P. Harris. "Project Risk Assessment: A European
Field Study", British Accounting Review, Vol. 31, No.
3, pp.347-371, 1999.
© Novática Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 81
Risk Management
The selection of projects consists in choosing the most suitable out of a portfolio of projects, or the most fitting alternative
when there are constraints in regard to financing, commercial, environmental, technical, capacity, location, etc.. Unfortu-
nately the selection process does not place the same importance on the various risks inherent in any project. It is possible
however, to determine quantitative values of risk for each pair of alternative/threat in order to assess these risk con-
straints.
82 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © Novática
Risk Management
”
always available with the program. In addition, the exer-
in project management cise of these freedoms facilitates software evolution, ex-
posing it as much as possible to its use and change – be-
cause greater exposure means that the software receives
more testing – and by removing artificial constraints to the
2 Application Example evolution – being more subject to the environment.
2.1 Background
In the past decade, free software has exploded, even chal- 2.2 Background of the Case: Alternatives and
lenging the inertia that still exists in software engineering, Objective
mainly derived from proprietary software, resulting in new Considering the future commercialization of computer
business models and product offerings that enable real choice models with free software preinstalled, an entrepreneur, who
for consumers. plans to start a small business, analyzes the possibility of
To understand free software, let us begin by clarifying buying for his business computers with free software in-
that the fundamental characteristic of proprietary software stalled. Given this possibility, he needs to make a decision
is that all ownership rights therein are exclusively held by between both alternatives, that is, proprietary software or
the owner, as well as any possibility of improvement or ad- free software according to risk criteria, with the objective
aptation. The user merely pays for the right to use the prod- consisting in minimizing the total cost, taking into account
uct, rather than buyiong it outright. an estimated difference of 100• favoring a computer with
The problems associated with software, regardless of free software operating system.
whether free or proprietary, lie in its own nature. The key
problem addressed by free software is precisely the possi-
bility of reusing it, in the logical sense that you can use parts 1
Text written using the format and syntax of the programming lan-
already coded by others and create derivatives. For any trans- guage with instructions to be followed in order to implementthe
formation of a person´s work authorization of the copyright program.
holder is required. Instead of using the simple copyright of
the proprietary software licenses which means “all rights
reserved”, these other free software licenses only reserve
some rights, and report whether or not to allow the user to
make copies, create derivative works such as adaptations or
translations, or give commercial uses to the copies or de-
rivatives.
In contrast, the essential feature of free software is that
“ If risk management is not
performed along the
it is freely used [4]. Specifically, it allows the user to exer- whole project, the Project
cise four basic freedoms. These freedoms are:
The freedom to run the program for any purpose,
Manager probably will not
The freedom to study how the program works, and be able to take advantage
change it to make it do what you wish,
The freedom to redistribute copies,
of its full benefits
”
x1 (Free x2 (Proprietary B
Action Operator
software) software) Threshold
Resistance
0.85 0.15 MIN ≥ 0.15
to change
Dependency 0.16 0.64 MIN ≥ 0.16
Lack of
0.125 0.375 MIN ≥ 0.125
security
© Novática Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 83
Risk Management
84 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © Novática
Risk Management
© Novática Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 85
Risk Management
It turns out that the problem of lack of security is the Projects. In D. Avison et al., eds. Advances in Infor-
most decisive in the choice of the alternatives, while resist- mation Systems Research, Education and Practice.
ance to change comes in a second place, which intuitively Boston: Springer, pp. 113-124, 2008.
might be seen as the most decisive.The problem of depend- [4] R. M. Stallman. Free software, free society: Selected
ency does not affect the solution since its marginal value is Essays of Richard M. Stallman. GNU Press, 2002.
zero. [5] International Organization for Standardization. ISO
This powerful tool will allow, for example, a discussion 31000:2009 Risk management — Principles and guide-
of the cost difference that makes the solution change, and lines, International Organization for Standardization,
thus the selection, making the selection of computers with 2009.
free software operating system preinstalled more interest- [6] G.B. Dantzig. Maximization of a linear function of vari-
ing. Moreover, in this case we would observe that the com- ables subject to linear inequalities, 1947. Published
ponent of inertia fails to be key or even to influence the pp. 339-347 in T.C. Koopmans (ed.): Activity Analy-
selection process, and the real criteria for selecting the al- sis of Production and Allocation, New York-London
ternative is in this case the security issue first, and the prob- 1951 (Wiley & Chapman-Hall).
lem of dependency, second. [7] N. Munier. A strategy for using multicriteria analysis
in decision-making. Springer – Dordrecht, Heidelberg,
6 Conclusions London, New York, 2011.
The use of LP is a new application in the treatment of
risks in projects. Its main advantage is that it is possible to
represent real world scenarios with some degree of accu-
racy, as the number of constraints – and alternatives – can
be measured in the hundreds. On the other hand, when
analyzing the objective function for various scenarios it is
possible to infer which is the best option [7].
Another major advantage is that, if there is a solution,
this is optimal. i.e. the solution cannot be improved, thus
confirming the Pareto optimal.
References
[1] M. Fernández-Diego, N. Munier. Bases para la Gestión
de Riesgos en Proyectos 1st ed., Valencia, Spain:
Universitat Politècnica de València, 2010.
[2] Project Management Institute. Practice Standard for
Project Risk Management, Project Management Insti-
tute, 2009.
[3] M. Fernández-Diego, J. Marcelo-Cocho. Driving IS
86 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © Novática
Risk Management
Project Governance1
Ralf Müller
Having a governance structure in organizations provides a framework to guide managers in decision making and action
taking and helps to alleviate the risk of conflicts and inconsistencies between the various means of achieving organiza-
tional goals such as processes and resources. This article introduces project governance, a major area of interest in
organizations, which is intended to guide, direct and lead project work in a more successful setting. To that purpose a new
three step governance model is presented and described.
“
is more outcomes-focused requiring a careful selection of
This article introduces project management methodologies etc. in order to ensure
economic project delivery. Project managers in this para-
project governance,
a major area of
”
1 This article was previously published online in the “Advances in
interest in organizations Project Management” column of PM World Today (Vol. XII Issue III
- March 2010), <http://www.pmworldtoday.net/>. It is republished
with all permissions.
© Novática Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 87
Risk Management
Shareholder Stakeholder
e Control
Orientation Orientation
“ Governance provides a
framework to guide managers
Outcom
88 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © Novática
Risk Management
ernance along the behaviour control paradigms. Other PMOs project management. This determines what should be done;
are more strategic in nature and perform stewardship roles and,
in project portfolio management and foster project manage- c) control of project management execution. This
ment within the organization thereby supporting governance shows what is done in an organization in terms of project
along the outcome control paradigms. A further governance management.
task of the Board of Directors is the decision to adopt pro- Companies economize the investments in project man-
gramme and/or portfolio management as a way to manage agement by using a three step process to migrate from proc-
the many projects simultaneously going on in an organiza- ess orientation to project orientation. Depending on their
tion. Programme management is the governing body of the particular needs they stop migration at step 1, 2 or 3 when
projects within its programme, and portfolio management they have found the balance between investments in project
the governing body of the groups of projects and pro- management (and improved project results) in relation to
grammes that make up the organization. They select and the percentage of their business that is based on projects.
prioritize the projects and programmes and with it their staff- Organizations with only a small portion of their business
ing. based on projects should invest less, and project-based or-
ganizations invest more in order to gain higher returns from
How Much Project Management is enough for my their investments. The three steps are (see also Figure 2):
Organization? Step 1: Basic training in project management, use of
This is addressed through governance of project man- steering groups, and audits of troubled projects. This
agement. Research showed that project-oriented companies relativly small investment yields small returns and is ap-
balance investments and returns in project management propriate for businesses with very little activities in projects
through careful implementation of measures that address the Step 2: all of step 1 plus project manager certification,
three forces that make them successful. These forces are establishment of PMO, and mentor programs for project
(see also Figure 2): managers. This medium level of investment yields higher
a) educated project managers. This determines what can returns in terms of better project results and is appropriate
be done; for organizations with a reasonable amount of their busi-
b) higher management demanding professionalism in ness being dependent on projects.
90 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © Novática
Risk Management
Val Jonas
With the changing business environment brought on by events such as the global financial crisis, gone are the days of
focussing only on operational and tactical risk management. Enterprise Risk Management (ERM), a framework for a
business to assess its overall exposure to risk (both threats and opportunities), and hence its ability to make timely and
well informed decisions, is now increasingly becoming the norm. Ratings agencies, such as Standard & Poors, are rein-
forcing this shift towards ERM by rating the effectiveness of a company’s ERM strategy as part of their overall credit
assessment. This means that, aside from being best practice, not having an efficient ERM strategy in place will have a
detrimental effect on a company’s credit rating. Not only do large companies need to respond to this new focus, but also
the public sector needs to demonstrate efficiency going forward, by ensuring ERM is embedded not only vertically but also
horizontally across their organisations. This whitepaper provides help, in the form of five basic steps to implementing a
simple and effective ERM solution.
1
This is first of a series of whitepapers on Enterprise Risk Management. Future papers will expand on each of the steps in this white
paper as well as continuing to cover Governance and Compliance.
© Novática Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 91
Risk Management
92 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © Novática
Risk Management
Step 1 – Establish an Enterprise Risk Structure format. However, it is also important to retain existing work-
ERM requires the whole organisation to identify, com- ing practices based on localised risk management perspec-
municate and proactively manage risk, regardless of posi- tives as these reflect the focus of operational risk manage-
tion or perspective. Everyone needs to follow a common ment.
approach, which includes a consistent policy and process, a The corporate risk register will look different from the
single repository for their risks and a common reporting operational risk register, with a more strategic emphasis on
risks to business strategy, reputation and so on, rather than
more tactical product, contract and project focused risks.
The health and safety manager will identify different kinds
of risks from the finance manager, while asset risk man-
agement and business continuity are disciplines in their own
right. ERM brings together risk registers from different dis-
ciplines, allowing visibility, communication and central re-
porting, while maintaining distributed responsibility.
In addition to the usual vertical risk registers, such as
corporate, business units, departments, programmes and
projects, the enterprise also needs horizontal, or functional
risk registers. These registers allow function and business
managers, who are are responsible for identifying risks to
their own objectives, to identify risks arising from other
areas of the organisation.
The enterprise risk structure (Figure 2) should match
the organisation’s structure: the hierarchy represents verti-
cal (executive) as well as horizontal (functional and busi-
ness) aspects of the organisation. This challenges the con-
Figure 4: Global Categories. ventional assumption that risks can be rolled up automati-
94 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © Novática
Risk Management
cally, by placing horizontal structures side by side with ver- Horizontal managers take responsibility for their own
tical executive structures. Risks should be aggregated using functional or business Risk Management Clusters, but also
a combination of vertical structure and horizontal intelli- for gathering risks from other areas of the Enterprise Risk
gence. This is a key factor in establishing ERM. Structure related to their discipline. For example, the HR
functional manager will be responsible for identifying com-
Step 2 – Assign Responsibility mon skills shortfall risks to bring them under central man-
Once an appropriate enterprise risk structure is estab- agement. Similarly, the business continuity manager will
lished, assigning responsibility and ownership should be identify all local risks relating to use of a test facility and
straightforward. Selected nodes in the structure will have manage them under one site management plan. To assist in
specified objectives; each will have an associated manager this, we use an enterprise risk map – see Step 3.
(executive, functional or business), who will be responsible
for achieving those objectives and managing the associated Step 3 – Create an Enterprise Risk Map
risks. Each node containing a set of risks, along with its Risk budgeting and common sense dictates that risks
owner and leader, is a Risk Management Cluster. (See Fig- should reside at their local point of impact, because this is
ure 3.) where attention is naturally focused. However, the risk
Vertical managers take executive responsibility not only cause, mitigation or exploitation strategy may come from
for their cluster risk register, but also overall leadership re- elsewhere in the organisation and often common causes and
sponsibility for the Risk Management Clusters2 below. Re- actions can be identified. In this case, we take a systemic
sponsibility takes two forms: ownership at the higher level approach, where risks are managed more efficiently when
and leadership at the lower level. For example, a programme brought together at a higher level. To achieve this, we need
manager will manage his programme risks, but also have to be able to map risks to different parts of the risk manage-
responsibility for overseeing risk within each of the pro- ment structure.
gramme’s projects.
Budgetary authority (setting and using Management
“
Reserve), approval of risk response actions, communica-
tion of risk appetite, management reporting and risk per- ERM requires the whole
formance measures are defined as part of the Owner and
Leader roles as illustrated in Figure 3. This structure is also organisation to identify,
used to escalate and delegate risks.
communicate and proactively
2
Risk Management Clusters® are unique to the Predict! risk man-
agement software.
manage risk
”
© Novática Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 95
Risk Management
To create an enterprise risk map, you need: contract level will appear as Low at corporate level. Whereas
a set of global categories to communicate informa- a £5m risk at a project or contract level may appear as High
tion to the right place at the corporate level.
the facility to define the relationships between risks Typically, financial and reputation impacts will be com-
(parent, child, sibling etc) mon to all clusters, whereas local impacts, such as project
scoring systems with consistent common impact schedule, will not be visible higher up.
types
Step 4 – Decision Making through Enterprise Risk
Global Categories Reporting
Functional and business managers should use these glo- The most important aspect of risk management is car-
bal categories to map risks to common themes, such as stra- rying out appropriate actions to manage the risks. How-
tegic or business objectives, functional areas and so on. ever, you cannot manage every identified risk, so you need
These categories then provide ways to search and filter on to prioritise and make decisions on where to focus man-
these themes and to bring common risks together under a agement attention and resources. The decision making proc-
parent risk. (See Figure 4). ess is underpinned by establishing risk appetite against ob-
jectives and setting a baseline, both of which should be
Risk Relationships recorded against each Risk Management Cluster®.
For example, if skills shortage risks are associated with Enterprise-wide reporting allows senior managers to re-
HR, the HR manager can easily call up a register of all the view risk exposure and trends across the organisation. This
HR risks, regardless of project, contract, asset, etc. across is best achieved through metrics reports, such as the risk
the organisation and manage them collectively. histogram (see Figure 6). For example, you might want to
Similarly, the impact of a supplier failing on any one review the risk to key business objectives by cluster. Or
contract may be manageable. But across many contracts how exposed different contracts and projects are to various
could be a major business risk. In which case, the supply suppliers.
chain function needs to bring the risks against this supplier Furthermore, there is a need to use a common set of
together and to manage the problem centrally. reports across the organisation, to avoid time wasted inter-
Each Risk Management Cluster will include both glo- preting unfamiliar formats (Figure 7). Such common re-
bal and local categories in a Predict! Group, so that each ports ensure the risk is communicated and well understood
area of the organisation needs only to review relevant in- by all elements of the organisation, and hence provide timely
formation. information on the current risk position and trends, initially
Scoring systems are also applied by Risk Management top-down, then drilling down to the root cause.
Cluster, with locally meaningful High, Medium and Low
thresholds which map automatically when rolled up (Fig- Step 5 – Changing Culture from Local to Enterprise
ure 5). For example, a High impact of £150k at project or At all levels of an organisation, changing the emphasis
96 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © Novática
Risk Management
© Novática Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 97
Risk Management
Proactive Risk Response An action or set of actions to reduce the probability or impact of a (PRAM)
threat or increase the probability or impact of an opportunity. If
approved they are carried out in advance of the occurrence of the
risk. They are funded from the project budget.
Reactive Risk Response An action or set of actions to be taken after a risk has occurred in (PRAM)
order to reduce or recover from the effect of the threat or to
exploit the opportunity. They are funded from Management
Reserve.
Risk Appetite The amount of risk exposure an organisation is willing to accept APM EV/Risk
in connection with delivering a set of objectives. Working Group
Risk Event An uncertain event or set of circumstances, that should it or they PRAM
occur, would have an effect on the achievement of one or more
objectives.
Risk Exposure The difference between the total impact of risks should they all APM EV/Risk
occur and the Risk Provision. Working Group
Risk Management Clusters Functionality in Risk Decisions’ Predict! risk management Risk Decisions
software that enables users to organise different groups of risks
to form a single, enterprise-wide risk map.
Risk Provision The amount of budget / schedule / resources set aside to APM EV/Risk
manage the impact of risks Risk provision is a component part of Working Group
Management Reserve
Risk Response Activities Activities carried out to implement a Proactive Risk Response. APM EV/Risk
Working Group
Schedule Risk Analysis Assessment and synthesis of schedule risks and/or estimating (PRAM)
98 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © Novática
UPENET
Information Society
Steve Jobs
Dragana Stojkovic
© 2011 JISA
This paper was first published, in English, by inforeview, issue 5/2011, pp. 58-63. inforeview, a UPENET partner, is a publication
from the Serbian CEPIS society JISA (Jedinstveni informatièki savez Srbije – Serbian Information Technology Association). The 5/
2011 issue of inforeview can be accessed at <http://www.emagazine.inforeview.biz/si9/index.html>.
This paper offers a review of the role played by the late Steve Jobs in the development and commercialization of trendy and
innovative IT devices (Mac computer, iPod, iPhone, iPad) that have greatly influenced the daily lives of hundreds of
millions of people around the world.
”
by Apple’s iPad which borrowed the
of a rock star OS and interface from the iPhone. At
first observed with a dose of scepticism
100 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © CEPIS
UPENET
Surveillance Systems
© Informatica, 2011
This paper was first published, in English, by Informatica (Vol. 35, issue no. 3, 2011, pp. 383-390). Informatica, <http://
www.informatica.si/> is a quarterly journal published, in English, by the Slovenian CEPIS society SDI (Slovensko Drustvo
Informatika – Slovenian Society Informatika, <http://www.drustvo-informatika.si/>).
The development of commercial real-time location system (RTLS) enables new ICT solutions. This paper presents an
intelligent surveillance system for indoor high-security environments based on RTLS and artificial intelligence methods.
The system consists of several software modules each specialized for detection of specific security risks. The validation
shows that the system is capable of detecting a broad range of security risks with high accuracy.
© CEPIS Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 101
UPENET
102 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © CEPIS
UPENET
104 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © CEPIS
UPENET
© CEPIS Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 105
UPENET
106 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © CEPIS
UPENET
probability of event
oddity of events
lower cumulative
< 80 % events. A moving event is character-
ised by its location, direction, and the
speed of movement. A stationary event,
on the other hand, is characterised by
location, duration and posture (lying,
sitting, or standing). When an event is
characterised, fuzzy discretization [17]
> 20 % is used, hence the name of the module.
The location of an event in the floor
flow fhi frequency plane is determined using the RTLS
of events system and discretized in classes with
size 50 cm, therefore the module con-
siders the area under surveillance as a
Figure 4: Calculating the Oddity of Events. grid of 50 by 50 cm squares. The speed
of movement is estimated by the
Kalman filter. It is used to calculate the
Data about visible moving objects with embedded bounding boxes high- direction which is discretized in the 8
(with or without tags) is available as lighting the critical areas (Figure 3). classes (N, NE, E, SE, S, SW, W, and
the output of video pre-processing. The supervisor of the PDR system can NW). The scalar velocity is discretized
Moving objects are described with quickly determine whether the alarm in the following four classes: very
their 3D locations in the same coordi- is true or false by checking the sup- slow, slow, normal, and fast. The pos-
nate system as RTLS data, sizes of their plied video recording. ture is determined by a primitive rou-
bounding boxes, similarity of the mov- The video pre-processing algorithm tine (see Section 3.3). The duration of
ing object with a human, and a time is also capable of detecting if a certain an event is discretized in the follow-
stamp. The detailed description of the camera is blocked (e.g. covered with a ing classes: 1, 2, 4, 8, 15, 30, seconds,
algorithm that processes the video data piece of fabric). Such information is minutes or hours.
(developed at the Faculty of Electrical forwarded to the Video Module that The fuzzy discretization has four
Engineering, University of Ljubljana, triggers an alarm. major advantages. The first is a smaller
Slovenia) can be found in [9] and [10]. amount of memory needed to store the
The Video Module determines the 4.3Fuzzy Logic Module counters, as there is only one counter
pairing between the locations of tagged The Fuzzy Logic Module is based for a whole group of similar events.
personnel and the detected movement on the following presumption: frequent Note that the accuracy of the stored
locations. If it determines that there is behaviour is usual and therefore unin- knowledge is not significantly de-
movement in a location that is far teresting while rare behaviour is inter- creased because the discrete classes are
enough from all the tagged personnel, esting as it is highly possible that it is relatively small. The second advantage
it raises an alarm. In this case the mod- unwanted or at least unusual. There- is the time complexity of counting the
ule reports moving of an unauthorised fore the module counts the number of events that are similar to a given event,
person or an unknown object (e.g., a actions done by the object under sur- which is constant instead of being de-
robot) based on the similarity between veillance and reasons about oddity of pendent on the number of events seen
the moving object and a person. The the observed behaviour based on the in the past. The third advantage is the
probability of false alarms can be re- counters. If it detects a high number of linear interpolation implicitly intro-
duced if several cameras are used to odd events (i.e., events that rarely took duced by fuzzy discretization, which
monitor the area from various angles. place in the past) in a short period of enables a more accurate estimation of
It also enables more accurate localiza- time, it triggers an alarm. the rare events’ frequencies. The fourth
tion of moving objects. The knowledge of the module is advantage is the low time complexity
Whenever the Video Module trig- stored in two four- dimensional arrays of updating the counters’ values com-
gers an alarm it also offers an explana- of counters for each object under sur- pared to the time complexity of add-
tion for it in form of video recordings veillance (implemented as red-black ing a new counter with value 1 for each
“
The advantages of a RTLS are that people feel more
comfortable being tracked by it than being filmed by video cameras
”
© CEPIS Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 107
UPENET
108 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © CEPIS
UPENET
The system received the award for Laboratory, Faculty of Electrical Engineer- multiple interacting targets for in-
the best innovation among research ing, University of Ljubljana, Slovenia and door-sports applications", Compu-
groups in Slovenia for 2009 at the Fourth Spica International, d.o.o. for fruitful co- ter Vision and Image Understand-
Slovenian Forum of Innovations. operation on the project. Thanks also to ing, vol 113, 5, pp. 598-611, 2009.
Boštjan Kaluza, Mitja Lustrek, and Bogdan [10] M. Perše, M. Kristan, S. Kovaèiè,
6 Conclusion Pogorelc for help regarding the RTLS and G. Vuèkoviæ, J. Pers. "A trajectory-
This paper presents an intelligent discussions, and Anze Rode for discussions based analysis of coordinated team
surveillance system utilizing a real- about security systems, expert system rules activity in a basketball game", Com-
time location system (RTLS), video templates and specification of scenarios. puter Vision and Image Under-
cameras, and artificial intelligence standing, vol 113, 5, pp. 612-621,
methods. It is designed for surveillance References 2009.
of high security indoor environments [1] G. R. Arce. "Nonlinear Signal [11] R. Piltaver, G. Matjas. "Expert sys-
and is focused on internal security Processing: A Statistical Approach", tem as a part of intelligent surveil-
threats. The data about movement of Wiley: New Jersey, USA, 2005. lance system", Proceedings of the
personnel and important equipment is [2] R. Bayer. "Symmetric Binary B- 18th International Electrotechnical
gathered by RTLS and video cameras. Trees: Data Structures and Mainte- and Computer Science Conference
After basic pre-processing with filters nance Algorithms", Acta Informá- - ERK 2009, vol. B, pp. 191–194,
and primitive routines the data is sent tica, 1, pp. 290–306, 1972. 2009.
to the five independent software mod- [3] M. M. Breunig, H. P. Kriegel, R. T. [12] R. Piltaver. "Strojno uèenje pri
ules. Each of them is specialized for Ng, J. Sander. "LOF: Identifying naèrtovanju algoritmov za
detecting specific security risk. The densitybased local outliers," Pro- razpoznavanje tipov gibanja", Pro-
Expert System Module detects suspi- ceedings of the International Con- ceedings of the 11th International
cious situations that can be described ference on Management of Data – Multiconference Information Soci-
by location of a person or other tagged SIGMOD ’00, pp. 93–104, Dallas, ety - IS 2008, str. 13–17, 2008.
objects in space and time. It detects Texas, 2000. [13] V. Schwarz, A. Huber, M. Tüchler.
many different scenarios with high ac- [4] J. Demsar, B. Zupan, G. Leban. "Or- "Accuracy of a Commercial UWB
curacy. The Video Module automati- ange: From Experimental Machine 3D Location Tracking System and
cally detects movement of persons and Learning to Interactive Data Min- its Impact on LT Application Sce-
objects without tags, which is not al- ing," White Paper (www. ailab.si/ narios," Proceedings of the IEEE
lowed inside the surveillance area. orange), Faculty of computer and International Conference on Ultra-
Fuzzy Logic, Macro, and Statistics information science, University of Wideband, Zürich, Switzerland,
Modules automatically extract the Ljubljana, Slovenia, 2004. 2005.
usual movement patterns of personnel [5] M. Gams, T. Tusar. (2007), "Intel- [14] T. Tusar, M. Gams. "Odkrivanje
and equipment and detect deviations ligent High-Security Access Con- izjem na primeru inteligentnega
from the usual behaviour. Fuzzy Logic trol", Informatica, vol 31(4), pp. sistema za kontrolo pristopa," Pro-
is focused on short-term anomalous be- 469-477. ceedings of the 9th International
haviour such as entering an area for the [6] R.E. Kalman. "A new approach to Multiconference Information Soci-
first time, lying on the ground or walk- linear filtering and prediction prob- ety - IS 2006, Ljubljana, Slovenia,
ing on the table. Macro and Statistic lems". Journal of Basic Engineer- 2006, pp. 136-139.
Modules, on the other hand, are focused ing, 82 (1), pp. 35–45, 1960. [15] Ubisense: awailable at: http://
on mid- and long-term behaviour such [7] M. Kolbe, M. Gams. "Towards an www.ubisense.net/
as deviations in daily work routine. intelligent biometric system for ac- [16] H. Witten, E. Frank. Data Mining.
The validation of the system shows cess control," Proceedings of the "Practical Machine Learning Tools
that it is able to detect all the security 9th International Multiconference and Techniques" (2nd edition),
scenarios it was designed for and that Information Society - IS 2006, Morgan Kaufmann, 2005.
it does not raise too many false alarms Ljubljana, Slovenia, 2006, pp. 118- [17] L. A. Zadeh. "Fuzzy sets", Informa-
even in more challenging situations. In 122. tion and Control 8 (3), pp. 338–353,
addition, the system is customizable [8] B. Krausz, R. Herpers. ‘Event de- 1965.
and can be used in a range of security tection for video surveillance using [18] http://www.pervcomconsulting.
applications such as confidential data an expert system’, Proceedings of com/secure.html
archives and banks. the 1st ACM Workshop on Analy- [19] http://www.visonictech.com/Ac-
sis and Retrieval of Events/Actions tive-RFID-RTLS-Tracking-and-
Acknowledgement and Workflows in Video Streams - Mangement-Software-Eiris.html
Research presented in this paper was AREA 2008, Vancouver, Canada, [20] http://www.aeroscout.com/content/
financed by the Republic of Slovenia, Min- pp. 49-56. healthcare
istry of Defence. We would like to thank [9] M. Kristan, J. Pers, M. Perse, S. [21] http://www.telargo.com/solutions/
the colleges from the Machine Vision Kovaèiè. "Closed-world tracking of track_trace.asp
110 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © CEPIS
UPENET
Knowledge Representation
This paper was first published, in English, by Informatik-Spektrum (Volume 34, issue no. 5, October 2011, pp. 434-442). Informatik-
Spektrum (<http://www.springerlink.com/content/1432-122X/>), a UPENET partner, is a journal published, in German or English, by
Springer Verlag on behalf of the German CEPIS society GI (Gesellschaft für Informatik, <http://www.gi-ev.de/>) and the Swiss CEPIS
society SI (Schweizer Informatiker Gesellschaft - Société Suisse des Informaticiens, <http://www.s-i.ch/>)
Main stream research in Description Logics (DLs) until recently concentrated on increasing the expressive power of the
employed description language while keeping standard inference problems like subsumption and instance manageable in
the sense that highly-optimized reasoning procedure for them behave well in practice. One of the main successes of this
line of research was the adoption of OWL DL, which is based on an expressive DL, as the standard ontology language for
the Semantic Web. More recently, there has been a growing interest in more light-weight DLs, and in other kinds of
inference problems, mainly triggered by need in applications with large-scale ontologies. In this paper, we first review the
DL research leading to the very expressive DLs with practical inference procedures underlying OWL, and then sketch the
recent development of light-weight DLs and novel inference procedures.
Author
Keywords: Description Logics, Logic-based Knowl-
edge Representation Formalism, Ontology Languages, Franz Baader is Full Professor for Theoretical Computer
OWL, Practical Reasoning Tools. Science at TU Dresden, Germany. He has obtained his PhD in
Computer Science at the University of Erlangen, Germany. He
1 Mainstream DL research of the last 25 years: was Senior Researcher at the German Research Institute for
Artificial Intelligence (DFKI) for four years, and Associate
towards very expressive DLs with practical infer- Professor at RWTH Aachen, Germany, for eight years. His main
ence procedures research area is Logic in Computer Science, in particular
Description Logics [BCNMP03] are a well-investi- knowledge representation (description logics, modal logics,
gated family of logic-based knowledge representation nonmonotonic logics) and automated deduction (term rewriting,
formalisms, which can be used to represent the concep- unification theory, combination of decision procedures).
<baader@tcs.inf.tu-dresden.de>
tual knowledge of an application domain in a structured
and formally well-understood way. They are employed
in various application domains, such as natural language
processing, configuration, and databases, but their most viduals. For example, using the concept names Man,
notable success so far is the adoption of the DL-based Doctor, and Happy and the role names married and child,
language OWL 1 as standard ontology language for the the concept of "a man that is married to a doctor, and has
Semantic Web [HoPH03]. only happy children" can be expressed using the concept
The name Description Logics is motivated by the fact description
that, on the one hand, the important notions of the do-
main are described by concept descriptions, i.e., expres-
sions that are built from atomic concepts (unary predi- On the other hand, DLs differ from their predeces-
cates) and atomic roles (binary predicates) using con- sors in that they are equipped with a formal, logic-based
cept constructors. The expressivity of a particular DL is
determined by which concept constructors are available
“
in it. From a semantic point of view, concept names and
concept descriptions represent sets of individuals, In this paper we review
whereas roles represent binary relations between indi-
the Description Logics research
1
<http://www.w3.org/TR/owl-features/>.
and recent developments
”
© CEPIS Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 111
UPENET
semantics, which can, e.g., be given by a translation into first-order predicate logic. For example,
the above concept description can be translated into the following fifirst-order formula (with one
free variable x):
The motivation for introducing the early predecessors of DLs, such as semantic networks and
frames [Quil67, Mins81], actually was to develop means of representation that are closer to the
way humans represent knowledge than a representation in formal logics, like fifirst-order predicate
logic. Minsky [Mins81] even combined his introduction of the frame idea with a general rejection
of logic as an appropriate formalism for representing knowledge. However, once people tried to
equip these "formalisms" with a formal semantics, it turned out that they can be seen as syntactic
variants of (subclasses of) first-order predicate logic [Haye79, ScGC79]. Description Logics were
developed with the intention of keeping the advantages of the logic-based approach to knowledge
representation (like a formal model-theoretic semantics and well-defined inference problems), while
avoiding the disadvantages of using full first-order predicate logic (e.g., by using a variable-free
syntax that is easier to read, and by ensuring decidability of the important inference problems).
Concept descriptions can be used to define the terminology of the application domain, and to
make statements about a specific application situation in the assertional part of the knowledge
base. In its simplest form, a DL terminology (usually called TBox) can be used to introduce abbre-
viations for complex concept descriptions. For example, the concept definitions
define the concept of a man (woman) as a human that is not female (is female), and the concept
of a father as a man that has a child, where ┬ stands for the top concept (which is interpreted as the
universe of all individuals in the application domain). The above is a (very simple) example of an
acyclic TBox, which is a finite set of concept definitions that is unambiguous (i.e., every concept
name appears at most once on the left-hand side of a definition) and acyclic (i.e., there are no cyclic
dependencies between definitions). In general TBoxes, so-called general concept inclusions (GCIs)
can be used to state additional constraints on the interpretation of concepts and roles. In our exam-
ple, it makes sense to state domain and range restrictions for the role child. The GCIs
say that only human beings can have human children, and that the child of a human being must
be human.
In the assertional part (ABox) of a DL knowledge base, facts about a specific application situa-
tion can be stated by introducing named individuals and relating them to concepts and roles. For
example, the assertions
state that John is a man, who has the female child Mackenzie.
Knowledge representation systems based on DLs provide their users with various inference
services that allow them to deduce implicit knowledge from the explicitly represented knowledge.
For instance, the subsumption algorithm allows one to determine subconcept-superconcept relation-
ships. For example, w.r.t. the concept definitions from above, the concept Human subsumes the concept
Father since all instances of the second concept are necessarily instances of the first concept, i.e.,
whenever the above concept definitions are satisfied, then Father is interpreted as a subset of Hu-
man. With the help of the subsumption algorithm, one can compute the hierarchy of all concepts
defined in a TBox. This inference service is usually called classification. The instance algorithm
can be used to check whether an individual occurring in an ABox is necessarily an instance of a
given concept. For example, w.r.t. the above assertions, concept definitions, and GCIs, the indi-
vidual MACKENZIE is an instance of the concept Human. With the help of the instance algorithm,
one can compute answers to instance queries, i.e., all individuals occurring in the ABox that are
instances of the query concept C.
In order to ensure a reasonable and predictable behavior of a DL system, the underlying infer-
ence problems (like the subsumption and the instance problem) should at least be decidable for the
DL employed by the system, and preferably of low complexity. Consequently, the expressive power
of the DL in question must be restricted in an appropriate way. If the imposed restrictions are too
112 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © CEPIS
UPENET
severe, however, then the important notions of the appli- based approach was first introduced in the context of
cation domain can no longer be specified using concept DLs by Schmidt-Schau [Schm89] and Smolka [ScSm91],
descriptions. Investigating this trade-off between the though it had already been used for modal logics long
expressivity of DLs and the complexity of their infer- before that [Fitt72]. It has turned out that this approach
ence problems has been one of the most important issues can be used to handle a great variety of different DLs
in DL research. (see [BaSa01] for an overview and, e.g., [HoSa05,
The general opinion on the (worst-case) complexity HoKS06, LuMi07] for more recent results), and it yields
that is acceptable for a DL has changed dramatically over sound and complete inference algorithms also for very
time. Historically, in the early times of DL research peo- expressive DLs. Although the worst-case complexity of
ple have concentrated on identifying formalisms for these algorithms is quite high, the tableau-based approach
which reasoning is tractable, i.e. can be performed in nevertheless often yields practical procedures: optimized
polynomial time [Pate84]. The precursor of all DL sys- implementations of such procedures have turned out to
tems, KL-ONE [BrSc85], as well as its early successor behave quite well in applications [BFHN*94, Horr03,
systems, like KANDOR [Pate84], K-REP [MaDW91], HaMo08], even for expressive DLs with a high worst-
and BACK [Pelt91], indeed employed polynomial-time case complexity (ExpTime and beyond). The advent of
subsumption algorithms. Later on, however, it turned out tableau-based algorithms was the main reason why the
that subsumption in rather inexpressive DLs may be in- DL community basically abandoned the search for DLs
tractable [LeBr87], that subsumption in KL-ONE is even with tractable inference problems, and concentrated on
undecidable [Schm89], and that even for systems like the design of practical tableau-based algorithms for ex-
KANDOR and BACK, for which the expressiveness of pressive DLs. The most prominent modern DL systems,
the underlying DL had been carefully restricted with the FaCT++ [TSHo06], Racer [HaMo01b], and Pellet
goal of retaining tractability, the subsumption problem [SiPa04] support very expressive DLs and employ highly-
is in fact intractable [Nebe88]. The reason for the dis- optimized tableau-based algorithms. In addition to the
crepancy between the complexity of the subsumption al- fact that DLs are equipped with a well-defined formal
gorithms employed in the above mention early DL sys- semantics, the availability of mature systems that sup-
tems and the worst-case complexity of the subsumption port sound and complete reasoning in very expressive
problems these algorithms were supposed to solve was description formalisms was an important argument in
due to the fact that these systems employed sound, but favor of using DLs as the foundation of OWL, the stand-
incomplete subsumption algorithms, i.e., algorithms ard ontology language for the Semantic Web. In fact,
whose positive answers to subsumption queries are cor- OWL DL is based on the expressive DL ,
rect, but whose negative answers may be incorrect. The for which reasoning is in the worst-case NExpTime-com-
use of incomplete algorithms has since then largely been plete [HoPa04].
abandoned in the DL community, mainly because of the The research on how to extend the expressive power
problem that the behavior of the systems is no longer DLs has actually not stopped with the adoption of
determined by the semantics of the description language:
an incomplete algorithm may claim that a subsumption as the DL underlying OWL. In fact, the
relationship does not hold, although it should hold ac- new version of the OWL standard, OWL 2,3 is based on
cording to the semantics. All the intractability results the even more expressive DL , which is
mentioned above already hold for subsumption between 2NExpTime-complete [Kaza08]. The main new features
concept descriptions without a TBox. An even worse blow
of are the use of qualified number restric-
to the quest for a practically useful DL with a sound,
complete, and polynomial-time subsumption algorithm tions rather than simple number restrictions ,
was Nebel’s result [Nebe90] that subsumption w.r.t. an and the availability of (a restricted form of) role inclu-
acyclic TBox (i.e., an unambiguous set of concept defi- sion axioms . For example, with a simple number re-
nitions without cyclic dependencies) in a DL with con-
junction and value restriction is already in- striction we can describe the concept of a man that has
tractable. 2 three children
At about the time when these (negative) complexity
results were obtained, a new approach for solving infer- but we cannot specify properties of these children, as
ence problems in DLs, such as the subsumption and the in the qualified number restriction
instance problem, was introduced. This so-called tableau-
2
All the systems mentioned above supported these two concept
constructors, which were at that time viewed as being indispensa- 2 More recent developments: Light-weight DLs
ble for a DL. The DL with exactly these two concept constructors is and the need for novel inference tools
called [Baad90c]
3
<http://www.w3.org/TR/2009/REC-owl2-overview-20091027/>. In this section, we first discuss the and the DL-
© CEPIS Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 113
UPENET
and
.
Initially, we set
for all edges
for all nodes
. Obvi-
, “ Knowledge representation
systems based on DLs provide
ously, the above invariants are satisfied by these initial their users with various inference
label sets.
services that allow them to
”
The labels of nodes and edges are then extended by
applying the rules of Figure 1. Note that a rule is only deduce implicit knowledge
applied if it really extends a label set. It is easy to see
that these rules preserve the above invariants. The fact
that subsumption in w.r.t. TBoxes can be decided in and GCIs introduced in the previous section into account,
then JOHN turns out to be an answer to this query.
polynomial time is an immediate consequence of the facts
Query answering in expressive DLs such as the al-
that (i) rule application terminates after a polynomial
ready mentioned (i.e., without con-
number of steps, and (ii) if no more rules are applicable
then S(A) contains exactly those concept names B occur- crete domains) is 2ExpTime-complete regarding com-
bined complexity [Lutz08], i.e., the complexity w.r.t. the
ring in that are subsumers of A w.r.t. (see [Bran04, size of the TBox and the ABox. Thus, query answering
BaBL05] for more details and full proofs). in this logic is even harder than subsumption while at the
same time being much more time critical. Moreover,
Light-weight DLs: the DL-Lite family query answering in is coNP-complete [OrCE08]
Another problematic issue with expressive DLs is that regarding data complexity (i.e., in the size of the ABox),
query answering in such DLs does not scale too well to which is viewed as "unfeasible" in the database commu-
knowledge bases with a very large ABox. In this con- nity. These complexity hardness results for answering
text, queries are conjunctions of assertions that may also conjunctive queries in expressive DLs are dramatic since
contain variables, of which some can be existentially many DL applications, such as those that use ABoxes as
quantified. For example, the query web repositories, involve ABoxes with hundreds of thou-
sands of individuals. It is a commonly held opinion that,
in order to achieve truly scalable query answering in the
asks for all men that have a child that is a woman 6 ,
short term, it is essential to make use of conventional
but in general the use of variables allows the formula-
relational database systems for query answering in DLs.
tion of more complex queries than simple instance que-
Given this proviso, the question is what expressivity can
ries. In the database world, these kinds of queries are
a DL offer such that queries can be answered using rela-
called conjunctive queries [AbHV95]; the difference to
tional database technology while at the same time mean-
the pure database case is that, in addition to the instance
ingful concepts can be specified in the TBox. As an an-
data, we also have a TBox. As an example, consider the
swer to this, the DL-Lite family has been introduced in
ABox assertions stating facts about John and Mackenzie
[CGL+05, CDL+-KR06, CGL+07], designed to allow the
from the previous section. Without any additional infor-
implementation of conjunctive query answering "on top
mation about the meaning of the predicates Man, child,
of" a relational database system.
and Woman, the individual JOHN is not an answer to the
DL-Litecore is the basic member of the DL-Lite family
above query. However, if we take the concept definitions
[CGL+07]. Concept descriptions of this DL are of the
form where A is a concept name, r
-
6
This simple query could also be expressed as an instance query is a role name, and r denotes the inverse of the role
using the -concept description , but in name r. A DL-Lite core knowledge base (KB) consists of a
general the use of variables allows the formulation of more com- TBox and an ABox. The TBox formalism allows for GCIs
plex queries than simple instance queries. and disjointness axioms between DL-Litecore concept de-
scriptions C;D:
“
where disj(C,D) states that C,D must always be in-
DLs is used as terpreted as disjoint sets. A DL-Litecore-ABox is a finite
set of concept and role assertions: A(a) and r(a; b), where
the foundation of OWL, A is a concept name, r is a role name, and a; b are indi-
the standard ontology vidual names.
In contrast to , DL-Lite cannot express qualified
language for
”
existential restrictions such as in the
the Semantic Web TBox. Conversely, does not have inverse roles, which
© CEPIS Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 115
UPENET
“
on the subsumption and the instance problem, and the
The medical ontology same was true until recently for the developers of highly
optimized systems for expressive DLs. The development,
SNOMED CT comprises maintenance, and usage of large ontologies can, how-
ever, also be profit from the use of other inference pro-
380,000 concepts and cedures. Certain non-standard inference problems, like
is used as a standardized unification [BaNa00, BaMo09], matching [BKBM99,
BaKu00], and the problem of computing least common
health care terminology subsumers [BaKu98, BaKM99, BaST07, DCNS09] have
in the US, Canada, been investigated for quite a while [BaKu06]. Unifica-
”
tion and matching can, for example, help the ontology
and Australia engineer to find redundancies in large ontologies, and
least common subsumers and most specific concepts can
be used to generate concepts from examples.
are available (albeit in a limited way) in \dllite. Others non-standard inference problems have, how-
In principle, query answering in DL-Lite can be real- ever, come into the focus of mainstream DL research only
ized as follows: recently. One example is conjunctive query answering,
1. use the TBox to reformulate the given conjunc- which is not only investigated for light-weight DLs (see
above), but also for expressive DLs [GHLS07, Lutz08].
tive queries q into an first-order query and then dis- Another is identification and extraction of modules
card the TBox; inside an ontology. Intuitively, given an ontology and
2. view the ABox as a relational database ; a signature (i.e., a subset of the concept and role names
3. evaluate in the database using a relational occurring in ), a module is a subset of such that
query engine. the following holds for all concept descriptions C,D that
In practice, more work needs to be done to turn this can be built from symbols in is subsumed by D w.r.t.
into a scalable approach for query answering. For exam- if C is subsumed by D w.r.t. . Consequently, if one
ple, the queries generated by the reformulation step is only interested in subsumption between concepts built
are very different from the SQL queries usually formu- from symbols in , it is sufficient to use is instead of
lated by humans, and thus relational database engines the (possibly much larger) whole ontology . Similarly,
are not optimized for such queries. one can also introduce the notion of a module for other
Interestingly, also in it is possible to implement inference problems (such as query answering). An over-
view over different approaches for defining modules and
query answering using a relational database system
a guideline for when to use which notion of a module
[LuToWo-IJCAI-09]. In contrast to the approach for DL-
can be found in [SaSZ09]. Module identification and ex-
Lite, the TBox is incorporated into the ABox and not into
traction is computationally costly for expressive DLs, and
the query. In addition, some limited query reformulation
even undecidable for very expressive ones such as OWL
(independent of both the TBox and the ABox) is also re-
DL [LuWW07]. Both for the family [LuWo07,
quired.
Sunt08] and the DL-Lite family [KWZ-KR-08], the rea-
The relevance of the light-weight DLs discussed
soning problems that are relevant in this area are
above is underlined by the fact that both of them are cap-
decidable and usually of much lower complexity than for
tured in the official W3C profiles7 document for OWL
expressive DLs.
2. Each of the OWL 2 profiles are designed for specific
For a developer or user of a DL-based ontology, it is
application requirements. For applications that rely on
often quite hard to understand why a certain consequence
reasoning services for ontologies with a large number of
computed by the reasoner actually follows from the
concepts, the profile OWL 2 EL has been introduced,
knowledge base. For example, in the DL version of the
which is based on , a tractable extension of . medical ontology SNOMED CT, the concept Amputation-
For applications that deal with large sets of data and that of-Finger is classified as a subconcept of Amputation-
mainly use the reasoning service of query answering, the of-Arm. Finding the six axioms that are responsible for
profile OWL 2 QL has been defined. The DL underlying this error [BaSu08] among the more than 350,000 con-
this profile is a member of the DL-Lite.
© CEPIS Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 117
UPENET
References [BaKu06] Franz Baader and Ralf Küsters. putation, 2009. To appear.
[AbHV95] Serge Abiteboul, Richard Hull, and Nonstandard inferences in descrip- [BaSa01] Franz Baader and Ulrike Sattler. An
Victor Vianu. Foundations of tion logics: The story so far. In overview of tableau algorithms for
Databases. Addison Wesley Publ. D.M. Gabbay, S.S. Goncharov, and description logics. Studia Logica,
Co., Reading, Massachussetts, M. Zakharyaschev, editors, Math- 69:5-40, 2001.
1995. ematical Problems from Applied [BaST07] Franz Baader, Baris Sertkaya, and
[Baad90c] Franz Baader. Terminological cy- Logic I, volume 4 of International Anni-Yasmin Turhan. Computing
cles in KL-ONE-based knowledge Mathematical Series, pages 1-75. the least common subsumer w.r.t.
representation languages. In Proc. Springer-Verlag, 2006. a background terminology. J. of
of the 8th Nat. Conf. on Artificial [BKBM99] Franz Baader, Ralf Küsters, Applied Logic, 5(3):392-420,
Intelligence (AAAI’90), pages Alex Borgida, and Deborah L. 2007.
621-626, Boston (Ma, USA), 1990. McGuinness. Matching in descrip- [BaSu08] Franz Baader and Boontawee
[BaBL05] Franz Baader, Sebastian Brandt, tion logics. J. of Logic and Com- Suntisrivaraporn. Debugging
and Carsten Lutz. Pushing the EL putation, 9(3):411-447, 1999. SNOMED CT using axiom pin-
envelope. In Leslie Pack Kaelbling [BaKM99]Franz Baader, Ralf Küsters, and pointing in the description logic
and Alessandro Saffiotti, editors, Ralf Molitor. Computing least EL+. In Proceedings of the Inter-
Proc. of the 19th Int. Joint Conf. common subsumers in description national Conference on Represent-
on Artificial Intelligence (IJCAI logics with existential restrictions. ing and Sharing Knowledge Using
2005), pages 364-369, Edinburgh In Proc. of the 16th Int. Joint Conf. SNOMED (KR-MED’08), Phoe-
(UK), 2005. Morgan Kaufmann, on Artifucial Intelligence nix, Arizona, 2008.
Los Altos. (IJCAI’99), pages 96-101, 1999. [BaTo01] Franz Baader and Stephan Tobies.
[BaBL08] Franz Baader, Sebastian Brandt, [BaLS05] Franz Baader, Carsten Lutz, and The inverse method implements
and Carsten Lutz. Pushing the EL Boontawee Suntisrivaraporn. Is the automata approach for modal
envelope further. In Kendall Clark tractable reasoning in extensions of satisfiability. In Proc. of the Int.
and Peter F. Patel-Schneider, edi- the description logic EL useful in Joint Conf. on Automated Reason-
tors, In Proceedings of the Fifth In- practice? In Proceedings of the ing (IJCAR 2001), volume 2083 of
ternational Workshop on OWL: 2005 International Workshop on Lecture Notes in Artificial Intelli-
Experiences and Directions Methods for Modalities (M4M- gence, pages 92-106. Springer-
(OWLED’08), Karlsruhe, Ger- 05), 2005. Verlag, 2001.
many, 2008. [BaMo09] Franz Baader and Barbara [BrLe85] Ronald J. Brachman and Hector J.
[BCNMP03] Franz Baader, Diego Calvanese, Morawska. Unification in the de- Levesque, editors. Readings in
Deborah McGuinness, Daniele scription logic EL. In Ralf Treinen, Knowledge Representation.
Nardi, and Peter F. Patel-Schnei- editor, Proc. of the 20th Int. Conf. Morgan Kaufmann, Los Altos,
der, editors. The Description Logic on Rewriting Techniques and Ap- 1985.
Handbook: Theory, Implementa- plications (RTA 2009), volume [BrSc85] Ronald J. Brachman and James G.
tion, and Applications. Cambridge 5595 of Lecture Notes in Compu- Schmolze. An overview of the KL-
University Press, 2003. ter Science, pages 350-364. ONE knowledge representation
[BFHN*94] Franz Baader, Enrico Springer-Verlag, 2009. system. Cognitive Science,
Franconi, Bernhard Hollunder, [BaNa00] Franz Baader and Paliath 9(2):171-216, 1985.
Bernhard Nebel, and Hans-Jürgen Narendran. Unification of concepts [Bran04] Sebastian Brandt. Polynomial time
Protlich. An empirical analysis of terms in description logics. J. of reasoning in a description logic
optimization techniques for termi- Symbolic Computation, with existential restrictions, GCI
nological representation systems 31(3):277-305, 2001. axioms, and what else? In Ramon
or: Making KRIS get a move on. [BaPe07] Franz Baader and Rafael Peñaloza. López de Mántaras and Lorenza
Applied Artificial Intelligence. Axiom pinpointing in general tab- Saitta, editors, Proc. of the 16th
Special Issue on Knowledge Based leaux. In Proc. of the Int. Conf. on Eur. Conf. on Artificial Intelligence
Management, 4:109-132, 1994. Analytic Tableaux and Related (ECAI 2004), pages 298-302,
[BaKu98] Franz Baader and Ralf Küsters. Methods (TABLEAUX 2007), 2004.
Computing the least common volume 4548 of Lecture Notes in [CGL+05] Diego Calvanese, Giuseppe De
subsumer and the most specific Artificial Intelligence, pages 11-27. Giacomo, Domenico Lembo,
concept in the presence of cyclic Springer-Verlag, 2007. Maurizio Lenzerini, and Riccardo
ALN-concept descriptions. In [BaPe08] Franz Baader and Rafael Peñaloza. Rosati. DL-Lite: Tractable descrip-
Proc. of the 22nd German Annual Automata-based axiom pinpoint- tion logics for ontologies. In
Conf. on Articial Intelligence ing. In Alessandro Armando, Peter Manuela M. Veloso and Subbarao
(KI’98), volume 1504 of Lecture Baumgartner, and Gilles Dowek, Kambhampati, editors, Proc. of the
Notes in Computer Science, pages editors, Proc. of the Int. Joint Conf. 20th Nat. Conf. on Artificial Intel-
129-140. Springer-Verlag, 1998. on Automated Reasoning (IJCAR ligence (AAAI 2005), pages 602-
[BaKu00] Franz Baader and Ralf Küsters. 2008), volume 5195 of Lecture 607. AAAI Press/The MIT Press,
Matching in description logics with Notes in Artificial Intelligence, 2005.
existential restrictions. In Proc. of pages 226-241. Springer-Verlag, [CDL+-KR06] Diego Calvanese, Giuseppe de
the 7th Int. Conf. on Principles of 2008. Giacomo, Domenico Lembo,
Knowledge Representation and [BaPe09] Franz Baader and Rafael Peñaloza. Maurizio Lenzerini, and Riccardo
Reasoning (KR 2000), pages 261- Axiom pinpointing in general tab- Rosati. Data complexity of query
272, 2000. leaux. Journal of Logic and Com- answering in description logics. In
118 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © CEPIS
UPENET
Patrick Doherty, John Mylopoulos, lished in [BrLe85]. [LeMP06] Kevin Lee, Thomas Meyer, and
and Christopher A. Welty, editors, [Horr03] Ian Horrocks. Implementation and Jeff Z. Pan. Computing maximally
Proc. of the 10th Int. Conf. on Prin- optimization techniques. In satisfiable terminologies for the de-
ciples of Knowledge Representa- [BCNMP03], pages 306-346. scription logic ALC with GCIs. In
tion and Reasoning (KR 2006), 2003. Proc. of the 2006 Description
pages 260-270. AAAI Press/The [HoKS06] Ian Horrocks, Oliver Kutz, and Logic Workshop (DL 2006), vol-
MIT Press, 2006. Ulrike Sattler. The even more irre- ume 189 of CEUR Electronic
[CGL+07] Diego Calvanese, Giuseppe De sistible SROIQ. In Patrick Doherty, Workshop Proceedings, 2006.
Giacomo, Domenico Lembo, John Mylopoulos, and Christopher [LeBr87] Hector J. Levesque and Ron J.
Maurizio Lenzerini, and Riccardo A. Welty, editors, Proc. of the 10th Brachman. Expressiveness and
Rosati. Tractable reasoning and ef- Int. Conf. on Principles of Knowl- tractability in knowledge represen-
ficient query answering in descrip- edge Representation and Reason- tation and reasoning. Computa-
tion logics: The DL-Lite family. J. ing (KR 2006), pages 57-67, Lake tional Intelligence, 3:78-93, 1987.
of Automated Reasoning, District, UK, 2006. AAAI Press/ [Lutz08] Carsten Lutz. The complexity of
39(3):385-429, 2007. The MIT Press. conjunctive query answering in ex-
[CaGL02] Diego Calvanese, Giuseppe [HoPa04] Ian Horrocks and Peter F. Patel- pressive description logics. In
DeGiacomo, and Maurizio Schneider. Reducing OWL entail- Alessandro Armando, Peter
Lenzerini. 2ATAs make DLs easy. ment to description logic Baumgartner, and Gilles Dowek,
In Proc. of the 2002 Description satisfiability. J. Web Sem., editors, Proc. of the Int. Joint Conf.
Logic Workshop (DL 2002), pages 1(4):345-357, 2004. on Automated Reasoning (IJCAR
107-118. CEUR Electronic Work- [HoPH03] Ian Horrocks, Peter F. Patel-Sch- 2008), Lecture Notes in Artificial
shop Proceedings, http://ceur- neider, and Frank van Harmelen. Intelligence, pages 179-193.
ws.org/Vol-53/, 2002. From SHIQ and RDF to OWL: The Springer-Verlag, 2008.
[DCNS09] Francesco M. Donini, Simona making of a web ontology lan- [LuMi07] Carsten Lutz and Maja Milicic. A
Colucci, Tommaso Di Noia, and guage. Journal of Web Semantics, tableau algorithm for description
Eugenio Di Sciascio. A tableaux- 1(1):7-26, 2003. logics with concrete domains and
based method for computing least [HoSa05] Ian Horrocks and Ulrike Sattler. A general tboxes. J. of Automated
common subsumers for expressive tableaux decision procedure for Reasoning, 38(1-3):227-259,
description logics. In Craig SHOIQ. In Proc. of the 19th Int. 2007.
Boutilier, editor, Proc. of the 21st Joint Conf. on Artificial Intelli- [LuToWo-IJCAI-09] Carsten Lutz, David
Int. Joint Conf. on Artificial Intel- gence (IJCAI 2005), Edinburgh Toman, and Frank Wolter. Con-
ligence (IJCAI 2009), pages 739- (UK), 2005. Morgan Kaufmann, junctive query answering in the de-
745, 2009. Los Altos. scription logic EL using a relational
[Fitt72] Melvin Fitting. Tableau methods of [KPHS07] Aditya Kalyanpur, Bijan Parsia, database system. In Proceedings of
proof for modal logics. Notre Matthew Horridge, and Evren the 21st International Joint Confer-
Dame J. of Formal Logic, Sirin. Finding all justifications of ence on Artificial Intelligence
13(2):237-247, 1972. OWL DL entailments. In Proceed- IJCAI09. AAAI Press, 2009. To
[GHLS07] Birte Glimm, Ian Horrocks, ings of the 6th International Se- appear.
Carsten Lutz, and Ulrike Sattler. mantic Web Conference and 2nd [LuWW07] Carsten Lutz, Dirk Walther,
Conjunctive query answering for Asian Semantic Web Conference, and Frank Wolter. Conservative ex-
the description logic SHIQ. In ISWC 2007 + ASWC 2007, vol- tensions in expressive description
Manuela M. Veloso, editor, Proc. ume 4825 of Lecture Notes in logics. In Manuela M. Veloso, edi-
Of the 20th Int. Joint Conf. on Ar- Computer Science, pages 267-280, tor, Proc. of the 20th Int. Joint Conf.
tificial Intelligence (IJCAI 2007), Busan, Korea, 2007. Springer- on Artificial Intelligence (IJCAI
pages 399-404, Hyderabad, India, Verlag. 2007), pages 453-458, Hyderabad,
2007. [Kaza08] Yevgeny Kazakov. RIQ and India, 2007.
[HaMo01b] Volker Haarslev and Ralf SROIQ are harder than SHOIQ. In [LuWo07] Carsten Lutz and Frank Wolter.
Möller. RACER system descrip- Gerhard Brewka and Jérôme Lang, Conservative extensions in the
tion. In Proc. of the Int. Joint Conf. editors, Proc. of the 11th Int. Conf. lightweight description logic EL. In
on Automated Reasoning (IJCAR on Principles of Knowledge Rep- Frank Pfenning, editor, Proc. of the
2001), volume 2083 of Lecture resentation and Reasoning (KR 21st Int. Conf. on Automated De-
Notes in Artificial Intelligence, 2008), pages 274-284. AAAI duction (CADE 2007), volume
pages 701-706. Springer-Verlag, Press, 2008. 4603 of Lecture Notes in Compu-
2001. [KWZ-KR-08] Roman Kontchakov, Frank ter Science, pages 84-99, Bremen,
[HaMo08] Volker Haarslev and Ralf Möller. Wolter, and Michael Germany, 2007. Springer-Verlag.
On the scalability of description Zakharyaschev. Can you tell the [MaDW91] E. Mays, R. Dionne, and R.
logic instance retrieval. J. of Auto- difference between DL-Lite Weida. K-REP system overview.
mated Reasoning, 41(2):99-142, ontologies? In Gerhard Brewka SIGART Bull., 2(3), 1991.
2008. and Jérôme Lang, editors, Proc. of [Mins81] Marvin Minsky. A framework for
[Haye79] Patrick J. Hayes. The logic of the 11th Int. Conf. on Principles of representing knowledge. In John
frames. In D.Metzing, editor, Knowledge Representation and Haugeland, editor, Mind Design.
Frame Conceptions and Text Un- Reasoning (KR 2008), pages 285- The MIT Press, 1981. A longer ver-
derstanding, pages 46-61. Walter 295. Morgan Kaufmann, Los Al- sion appeared in The Psychology
de Gruyter and Co., 1979. Repub- tos, 2008. of Computer Vision (1975). Re-
© CEPIS Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 119
UPENET
120 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © CEPIS
UPENET
Computer Science
This paper was first published by ITNOW (Volume 53, num. 6, Winter 2011, pp. 10-11). ITNOW, a UPENET partner, is the
member magazine for the British Computer Society (BCS), a CEPIS member. It is published, in English, by Oxford University Press
on behalf of the BCS, <http://www.bcs.org/>. The Winter 2011 issue of ITNOW can be accessed at <http://itnow.oxfordjournals.org/
content/53/6.toc>. © Informatica, 2011
We all know that digital literacy is vital in the modern world, but are we making sure our next generation of research-
ers and academics, the innovators that will produce the UK’s valuable digital intellectual property of the future, are being
looked after too?
© CEPIS Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 123
UPENET
IT for Health
This paper was first published, in its original Italian version, under the title "Neuroscienze e ICT: Una Panoramica", by Mondo
Digitale (issue no. 2-3, June-September 2011, pp. 5-14, available at <http://www.mondodigitale.net/>). Mondo Digitale, a founding
member of UPENET, is the digital journal of the CEPIS Italian society AICA (Associazione Italiana per l’Informatica ed il Calcolo
Automatico, <http://www.aicanet.it/>.)
In the last couple of decades the study of human brain has made great advancements thanks to the powerful neuroimaging
devices such as the high resolution electroencephalography (hrEEG) or the functional magnetic resonance imaging (fMRI).
Such advancements have increased our understanding of basic cerebral mechanisms related to memory and sensory
processes. Recently, neuroscience results have attracted the attention of several researchers from the Information and
Communication Technologies (ICT) domain in order to generate new devices and services for disabled as well as normal
people. This paper reviews briefly the applications of Neuroscience in the ICT domain, based on the research actually
funded by the European Union in this field.
“
(hrEEG) is a brain imaging tool that
gathers the cerebral activity of human This paper reviews briefly the applications
beings "in vivo" by measuring the elec-
trical potential on the head surface [1,
2]. The hrEEG returns images of the
of Neuroscience in the ICT domain
”
124 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © CEPIS
UPENET
“ There are tools that provide images of the brain cerebral activity
of a subject while s/he is performing a given task
”
cerebral activity with a high temporal the cortical activity, related to the same in tasks always more similar to every-
resolution (a millisecond or less), and temporal instants represented in the day life conditions, have been meas-
a moderate spatial resolution (on the previous line, that is to say the super- ured and recognized.
order of fractions of centimeters). Fig- ficial part of the brain (the cortex)
ure 1 presents images of the cerebral which plays a key role in complex 2 Brain-computer Interfaces’
activity some milliseconds after per- mental mechanisms such as memory, Working Principle
forming a sensorial stimulation on the concentration, thought, and language. In the last years researchers have
right wrist of a healthy subject. The tri- In the last decades, the use of mod- observed, by means of hrEEG tech-
dimensional head model, on the left ern tools of brain imaging has allowed niques, how, in human beings, the act
side of the picture, is employed for the to clarify the main cerebral structures of evoking motion activities occurs in
estimation of the cerebral activity. The involved in cognitive and motor proc- the same cerebral areas related to the
cerebral cortex, dura mater (the me- esses of the human being. These tech- control of the real movement of the
ningeal membrane that envelopes the niques have highlighted the key role limbs. This important experimental
brain), the skull and the head surface of particular cerebral areas, such as the evidence is at the basis of a technol-
are represented. The spheres show the ones located just on the back of fore- ogy, known as "brain computer inter-
position of the electrodes employed for head and near the sockets (prefrontal face" (BCI), which aims at controlling
the recording of the hrEEG. In the same and orbitofrontal areas), in the planning electronic and mechanical devices only
picture, in the upper row we can ob- and generation of voluntary actions, as by means of the modulation of people’s
serve the sequence of the distribution well as in the short and medium term cerebral activity. Figure 2 presents the
of the cerebral activity during an elec- memorization of concepts and images scheme of a typical BCI system: on the
trical stimulation on the wrist, coded [3]. In the last years "signs" of the cer- left side a user is represented that with
with a color scale ranging from purple ebral activity related to variation of his/her own mental effort produces a
to red. In the second row we present memorization, attention and emotion, change of the electrical brain activity
Figure 1: Images of the Cerebral Activity some Milliseconds after a Sensorial Stimulation.
© CEPIS Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 125
UPENET
which can be detected by means of re- posterior direction (central-parietal ar- ready explained, the simple evocation
cording devices and analysis of the eas). It is known like such a rhythm is of motion acts generates patterns of
EEG signals. If such activity is gener- subjected to a strong diminution of its cerebral activity which are basically
ated periodically, an automatic system amplitude of oscillation (around 8-12 stable and repeatable in time whenever
can recognize the generation of such Hz) during limb movements. Such phe- the subject performs such an evocation
mental states by means of proper clas- nomenon is known in literature as de- [4, 5]. It is not obvious nor simple for
sification routines. Then, the system synchronization of the alpha rhythm. automatic systems to recognize volun-
can generate actions in the outside Through training, a subject can learn tary modification of the EEG trace with
world and give feedback to the user. how to achieve such a de-synchroni- low error rates such to safely drive me-
In particular, it can be observed zation of the EEG rhythm in absence chanical and electronic devices. The
experimentally that a subject can learn of a visible movement, simply by evok- main difficulties addressed in the rec-
to autonomously modify the frequency ing the movement of the same limb. In ognizing of the induced potential modi-
pattern of his/her own EEG signals, such a way it is possible to achieve the fication on the scalp are of manifold
without the need to recur to some ex- user’s voluntary control of a compo- nature. First, a proper learning tech-
ternal stimuli. The so called mu- nent of the own cerebral activity which nique is required to let the subject con-
rhythm, which is a particular EEG can be detected in a particular EEG fre- trol a specific pattern of his/her own
wave, can be recorded from the scalp quency band (8-12 Hz), preferentially EEG. Such a technique requires the use
by means of superficial electrodes lo- on electrodes overtop particular corti- of appropriate instrumentation that
cated near the top of one’s head and in cal areas (sensory-motor areas). As al- analyzes in real time the EEG signals
Figure 4: Two subjects playing electronic ping-pong without moving muscles, by means of a brain-
computer interface installed at Fondazione Santa Lucia in Rome, Italy. (Panels run from A) to D).)
© CEPIS Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 127
UPENET
Figure 5: The Figure presents several moments related to the control of some electronic devices
in a room by using the modulation of the cerebral activity. (Experiments performed in the
laboratories of Prof. Babiloni at Fondazione Santa Lucia, Rome, Italy.)
tronic or mechanical device in the sur- 3 Examples of Use of the BCI parts of the home instead of having to
rounding environment. This physical Technology in the ICT Domains of use ubiquitous videocameras in every
action is therefore an answer to a purely Robotic and Device Control room, which harm the privacy of the
mental event generated by the user, In Figure 5 some existing caregivers.
acquired by the hrEEG device and later functionalities available for the control In the area of assisted living there
classified by the BCI software. In Fig- of simple electronic devices in a room are companies working at the creation
ure 3 it is shown like a user can di- are presented. In frames A and B it can of a prototype of a motorized wheel-
rectly move a cursor in two dimensions be noticed how the subject switches a chair controlled by using the brain
by recognition of mental states. The light on through the selection of an ap- computer interface technology. A pos-
command that triggers the movement propriate icon on the screen just by us- sible example of such device is shown
to the right corresponds to evoking the ing mental activity. In the C and D frames in Figure 7, as recently demonstrated
right hand movement, and vice versa of the same figure it can be observed how by Toyota [6]
for evoking the left hand. The evoca- the same user can control the movement Figure 6 presents how a robotic
tion of right and left foot movements of a simple robot by using the modula- device is controlled by using cerebral
slides the cursor towards upper or tion of cerebral activity. The possibility activity that could be used also in con-
lower positions. All the experiments of controlling the robot, equipped with a texts beyond tele-presence or
have been performed at IRCCS camera on its head, allows the disabled domotics, for example in entertainment
Fondazione Santa Lucia in collabora- user to showing his/her presence in other applications.
tion with the Physiology and Pharma-
cology Department of Università di
Roma La Sapienza, Italy.
In Figure 4 the image of two sub-
jects playing ping-pong by means of a
“ The ‘brain computer interface’ (BCI)
aims at controlling electronic and
BCI is shown. In such a case the modu- mechanical devices only by means
lation of the mental activity translates
of the modulation
”
into the movement of a cursor on the
screen towards upper and lower posi-
tions for both subjects.
of people’s cerebral activity
128 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © CEPIS
UPENET
“ A subject can
learn to
autonomously modify
the frequency pattern
Figure 6: Robotic device (Aibo from Sony) driven by the modulation of EEG of his/her own EEG
brainwaves as gathered by the EEG cap visible in some frames at the bottom
right corner (frames have to be read from left to right and from the upper to the signals, without the
lower part). These pictures show the possibility of sending mental commands
via wireless technology to the Sony Aibo robot.
need to recur
to some
external stimuli
”
4 About the Use of BCI Sys-
tems in the Next Future
BCI systems are studied currently
to improve the quality of life of patients
affected by severe motor disabilities,
in order to provide them with some
degree of autonomous movement au-
tonomy or decision. The next step for
such systems it is to make those sys-
tems available to non disabled people,
in normal daily life situations. For in-
stance, a videogame could be control-
led just by thoughts (see Section 5) or
messages could be sent to other users
that could be constantly connected to
us by modulating our mental activity.
Such activity will be gathered by few
subtle, invisible sensors disposed on
the scalp, and the computational unit
will be not greater than a watch and
easily wearable. Although such kind of
scenario seems taken from a science-fic-
tion book or movie, a description like this
about our future comes from a study from
the European Union about new life styles
in 2030, fruit of several days of debate
between scientists in different disciplines,
including ICT and health [7]. Figure 7: Motorized Wheelchair driven by BCI Technology, from Toyota.
© CEPIS Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 129
UPENET
130 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © CEPIS
UPENET
Figure 11: An experimental setup related to an experiment of synthetic telepathy at the laboratory
of the Fondazione Santa Lucia and the Università di Roma La Sapienza, Italy, led by Prof. Babiloni.
The two subjects are exchanging simple information bits (the cursor is moving up or down) just by
modulating their cerebral activity through a brain computer interface system linking them.
medicine as a treatment for disorders ple’s reactions to advertising stimuli on which a minimun of 10 electrodes
such as ADD (Attention Deficit Dis- with indirect techniques (observation, should be applied, that are sufficient
order), and in training of profession- interviews and questionnaires) whilst to acquire indicators for levels of at-
als, students, and athletes as to improve Neuromarketing investigates the direct tention, memory and emotion.
their concentration, attention and learn- physiological response caused by ad- The obvious advantage with this
ing performances. vertising stimuli (electrical response of approach is that the results can be di-
At CES 2011, the most important the brain) and from this it infers the rectly related to scientific evidence, but
exhibition for consumer electronics cognitive implications (levels of atten- there are limits to the practicality and
worldwide, a BCI-based prototype sys- tion, memory and pleasure). scalability of the test since often meas-
tem for ADD treatment, BrainPal, has Neuromarketing does not assess urement devices are required that are
been unveiled [11]. In Sweden, behaviors but tries to find out how ad- uncomfortable to wear and time-con-
Mindball, a therapeutic toy used to vertising stimuli "leave their mark" in suming in terms of the subject’s prepa-
train the brain to relax or concentrate, the brain of people. Two approaches ration.
is available from ProductLine Interac- based on cortical EEG measures have The other approach is the heuristic
tive. Some top level soccer teams like mainly been adopted in the market. one, which has its strength in the use
AC Milan and Chelsea have been un- One is the scientific approach, which of proprietary EEG equipments that
dertaking neurofeedback training. starts from the neuroscience evidence have a reduced number of electrodes
to infer the effectiveness of a given (it could be just an electrode centrally
6 Applied Neuroscience can stimulus by measuring with a high den- positioned on top of the head or two
support Marketing and Advertis- sity EEG (>60 electrodes) the cortical on the frontal lobes) with which you
ing of Products and Services electrical activity in all the areas of the measure the parameters of interest in
Business people are looking into brain. This approach can be simplified neuromarketing. The simplified ar-
neuroscience in order to understand by limiting the area of the neural sig- rangements encourage portability by
and predict the human buying mecha- nal measurements to the frontal lobes, reducing discomfort and preparation
nisms. Neuromarketing is a discipline
born from the combination of these two
scientific fields, aiming at knowing
why a buyer chooses a product or serv-
ice. Much attention is now directed to
“ Neuromarketing is a discipline born
from the combination of these
the analysis of advertising, notoriously two scientific fields,
one of the most effective stimuli for
purchases.
Traditional marketing assesses peo-
Neuroscience and Marketing
”
© CEPIS Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 131
UPENET
Focus on Neuromarketing
In this section we report the application areas that neuromarketing companies are addressing today, associated with
some examples of studies promoted by well-known international companies.
Advertising: Neuromarketing is widely used to measure the effectiveness of print ads or videos (commercials) and
their enhancement as a function of communication campaigns. Case Studies: we report an analysis produced by BrainSigns,
spin-off of "La Sapienza" University of Rome. Figure A in this box presents two diagrams obtained for a population of viewers
watching a TV commercial. The spot featured a flirt scene (a girl’s message immediately interrupted) that literally "catalysed"
the attention of the viewers and the memorization at the expense of attention and memorization of the brand advertised and
its message. The viewers liked the spot, but they did not get the intended message from it. As a second example, Coca-Cola
commissioned EmSense [13] to perform a study using neuromarketing techniques to choose, between several possibilities,
the most effective commercial to air on television during the Superbowl, the final game of the USA National Footnall League
. Finally on Google’s behalf, NeuroFocus used neuromarketing techniques [14] to assess the impact on users of the introduc-
tion on Youtube of Invideo Ads, which are semitransparent banner ads superimposed on YouTube videos streamed over the
Internet.
Multimedia: Neuromarketing can evaluate a movie trailer, an entire movie or a television show with the aim of under-
standing how the engagement level of the audience changes in time and identify the points of a movie where, for example,
there are high levels of suspense or surprise in the audience. Case Studies: 20-th Century Fox has commissioned Innerscope
[15] to evaluate the movie trailers for the films "28Weeks Later" and "Live Free or Die Hard". NBC has commissioned Innerscope
as well [15] to study the viewers’ perception of advertising during the fast forward of a recorded TV content.
Ergonomics: Neuroscience can improve the design process of device interfaces and improve the user experience,
assessing the cognitive workload that is required to learn how to use the device, and the engagement, satisfaction or stress
levels generated by its use. Case study: in 2006 Microsoft [16] decided to apply EEG to experimentally investigate how to
perform a user task classification using a low-cost electroencephalograph.
Packaging: Neuromarketing can be used to obtain a more appealing package design, so that, for example, a customer
can recognize the product more easily on a shelf in a supermarket, chosen among others like it.
Videogames: Neuromarketing can evaluate the players’ engagement, identify the most interesting features of the
games and optimize their details. During all phases of the game, the difficulty level can be calibrated properly so that a game
is challenging, but not excessively difficult. Case Study: EmSense conducted a study [17] on the "first person shooting" genre
of videogames in which, during the game, they evaluated the levels of positive emotion, engagement and cognitive activation
of the players in function of time.
Product Placement: Neuromarketing studies can support the identification of the best positioning of a product on the
shelf of a supermarket and the optimal placement of advertising for a product or a brand in a scene during a TV show.
Politics: Neuromarketing techniques can be applied to carry out studies in the political sphere, for example by meas-
uring the reactions of voters to candidates at rallies and speeches. Case Study: during the elections of the UK Prime Minister
in 2010 [18] NeuroFocus conducted and published a study about the measured prospective voters’ neurological reactions,
highlighting the subconscious scores evoked by the candidates on a sample of subjects.
Figure A: Mean changes of attention (left) and memorization (right) of a given audience while watching a commercial. The higher
the signal, the more active processes of attention and memory toward the spot. (Courtesy BrainSigns Ltd.)
132 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © CEPIS
UPENET
“
from the ICT area for the results of-
Neuromarketing is extremely fered by neuroscience in terms of a new
generation of ICT devices and tools
suitable for supporting the design
”
"powered" by the ability of being
of advertising spots guided by mental activity. Although the
state of the art is still far from every-
day technological implementations like
those shown in the modern science-fic-
time, with the aim of make the testing feels. Another interesting area of re- tion movies, there are thousands of re-
process as equivalent as possible to the search in which EU supported scien- searchers that are nowadays engaged
actual experience of the subject. How- tific studies is the on-line monitoring in the area of brain computer interfaces
ever today it is not possible to com- of the cerebral workload of drivers of researching about next generation elec-
pare the obtained results with the sci- public vehicles, such as aircrafts, or tronic devices, while 10 years ago there
entific literature. trains as well as cars. were very few. As the eminent neuro-
Neuromarketing is extremely suit- Recently a research line related to scientist Martha Farah said recently
able for supporting the design of ad- the field of the so called "synthetic te- [12] the question is not "if" but rather
vertising spots, and it allows to increase lepathy" is being developed in the "when" and "how" our future will be
the ability to stimulate attention and USA, where the capability of two com- shaped by neuroscience. At that time
memory retention, and placing the ad- mon persons to exchange information it will be better to be ready to ride the
vertisement in a manner consistent between them just by using the modu- "neuro-ICT revolution".
with the brand. In the TV spot post- lation of their cerebral activity is be-
creative phase, it is useful to measure ing tested. This is made possible by References
comparative efficacy and to select and using the concepts developed in the [1] Babiloni F., Babiloni C., Carducci
optimize the existing spots, reducing field of the BCI. In particular, Figure F., Fattorini L., Onorati P., Urbano
their time format. Finally, in the spot 11 presents an experimental setup of A., Spline Laplacian estimate of
programming phase it allows to "synthetic telepathy" developed at the EEG potentials over a realistic mag-
optimize the frequency in a given joint laboratories of the Fondazione netic resonance-constructed ,scalp
broadcasting timeframe, checking in Santa Lucia and the Università di surface model. Electroenceph.clin.
lab how long subjects have to be ex- Roma La Sapienza, Italy. In the pic- Neurophysiol, 98(4):363-373,
posed for the commercial to be memo- ture two subjects are exchanging in- 1996.
rized. formation about the position of an elec- [2] Nunez P., Neocortical Dynamics
Today, most companies operating tronic cursor on the screen that they and Human EEG Rhythms, Ox-
in neuromarketing are located in the are able to move by using a modula- ford University Press, 1995
USA where they were founded in the tion of their cerebral activity. [3] Damasio A. R., L’ errore di
last five years. Many of these employ Although in this moment the speed Cartesio. Emozione, ragione e
devices for neurophysiological meas- transmission is really limited to few cervello umano, Adelphi, 1995.
ures (EEG and sensors) developed in- bits per minute, the proof of concept [4] Wolpaw J. R., Birbaumer N.,
house, while others adopt technologi- of such devices has been already dem- McFarland D. J., Pfurtscheller G.,
cal solutions from third parties (see the onstrated. Vaughan T. M., Brain computer
box section "Focus on Neuromarketing"). interfaces for communication and
8 Conclusions control. Clinical Neurophysiol-
7 What is going on in Research In this paper it has the main re- ogy, 113:767-791, 2002.
about ICT and Neuroscience search streams involving both neuro- [5] Babiloni F., Cincotti F., Marciani
During the years 2007-2011 the science and ICT have been described M.Salinari S., Astolfi L., Aloise
European Union has supported with
more than 30 million of Euros research
“
projects linked to the use of BCI sys-
tems for the control of videogames, The capability of two common persons
domestic appliances, and
mechanotronic prosthesis for hands
to exchange information between them
and limbs. In addition, EU funding has just by using the modulation of
been directed also for the evaluation
of the mental state of passengers of their cerebral activity
aircrafts during transoceanic flights, in
order to provide them with board serv-
ices in agreement with their emotional
is being tested
”
© CEPIS Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 133
UPENET
134 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © CEPIS
UPENET
IT for Music
© Novática, 2011
This paper will be published, in Spanish, by Novática. Novática <http://www.ati.es/novatica>, a founding member of UPENET, is
a bimonthly journal published by the Spanish CEPIS society ATI (Asociación de Técnicos de Informática – Association of Computer
Professionals).
In recent years, computers have become an essential part of music production. Thus, versatile music composition software
which is well mapped to the underlying process of producing music is essential to the professional and novice practitioner
alike. The demand for computer music software covers the full spectrum of music production tasks, including software for
synthesizers, notation editors, digital audio sequencers, automatic transcription, accompaniment, and educational use.
Since different music composition tasks are quite diverse, there is no single application that is well suited to all application
domains and so each application has a particular focus. In this paper, we describe a novel software package, called
Katmus, whose design philosophy accurately captures the specific manual process of transcribing complex musical pas-
sages from audio to musical scores. A novel concept, introduced within Katmus, is the synchronization between the audio
waveform and the notation editor, intimately linking the time segments of the music recording to be transcribed to the
measures of the sheet music score. Together with playback, frequency domain analysis of the input signal and a complete
project management system for handling multiple scores per audio file, this system greatly aids the manual transcription
process and represents a unique contribution to the present music software toolset.
© CEPIS Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 135
UPENET
Figure 1: Relationship between an Audio Segment and its corresponding Musical Notation.
ferred time signature and rhythm [2]. traditional manual transcription, how- Motivated by the shortcomings of
Given this definition, Figure 1 shows ever, is a time intensive task that presently available software in this
a short audio signal waveform seg- strongly depends on the training, mu- domain, the work described in this pa-
ment, where different measures with sical knowledge, and experience of the per grew out of the need to create a
corresponding notes have been identi- person undertaking the process. In- new software application that could aid
fied from the well defined beats or deed, transcription consist of an itera- the process of transcribing music from
rhythm extracted from the signal. This tive process: listening to (and normally recorded digital music that would
schematic mapping from the audio sig- repeating) short time segments of an merge the strengths of editing software
nal to the musical notation is referred audio recording, transcribing the notes and those of audio signal analysis. The
to as musical transcription. in this segments, and then moving on novelty of our software application and
In the field of music analysis [3], to the next short segment, and often re- fundamental design criteria is based on
the automatic transcription of mono- turning to transcribed sections in or- the inter-reaction between the notation
phonic melodies has been widely stud- der to qualitatively evaluate the over- editor and the audio signal being
ied [4] and essentially is considered to all consistency. For those not possess- analyzed, which we directly linked in
be a solved problem. Although more ing nearly perfect musical memory and time. For the user, the present working
sophisticated machine learning based pitch this involves tedious and repetitive measure in the note editor is high-
methods may be applied, simple algo- interaction with the input audio signal as lighted in a different color on the ren-
rithms for extracting monophonic well as some music notation editor. dered audio waveform to show this
melodies based on peak-tracking tech- While not directly providing auto- direct correspondence. Not only does
niques [5] have been shown to be quite matic transcription, several software this provide for an intuitive user expe-
effective. This success, however, is not tools exist whose purpose is to assist rience, but it really helps transcription,
true for the general polyphonic music the task of transcription. Some of these since the user always knows which part
transcription problem [6]. Indeed, even tools, such as Noteedit [7], focus more of the audio signal corresponds to parts
for the case of a single polyphony in- upon facilitating a notational that have been transcribed and which
strument such as the piano, automatic WYSIWYG editor and provide no to those parts that are yet to be tran-
transcription methods still perform tools for directly interacting with the scribed.
poorly. For the more general po- audio signal while transcribing. Other
lyphony case, consisting of several dif- systems, such as Transcribe [8], pro- 2 State of the Art
ferent instruments (for example in an vide direct frequency analysis from the As described in the previous sec-
orchestra) recorded in the same chan- segments of the time domain audio sig- tion, other music transcription software
nel, it is far beyond the capabilities of nal, thereby indicating fundamental is focused either on music score edit-
present transcription systems or, at tones, yet offer no facilities for simul- ing or on the implementation of differ-
best, success is limited to special cases. taneously writing the musical score. ent analysis tools, but not both together.
Thus, while automatic transcription
“
may help in certain situations, manual
transcription remains the gold stand- In recent years, computers have become
ard for music practitioners wishing to
document their own performances or
transcribe performances of others. This
an essential part of music production
”
136 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © CEPIS
UPENET
“
quency analysis or connection with an
external audio file. Musical transcription can be defined
Finale [10] is another proprietary
software tool which is quite complete as the act of listening to a melody,
and widely used by musicians. Like
Sibelius, it does not provide the abil-
or polyphony arrangement,
ity to simultaneously interact with the and translating it into its corresponding
time-domain signal and the notion edi-
tor at the same time, nor does it pro-
vide frequency analysis of the time-
musical notation
”
© CEPIS Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 137
UPENET
Once again, there is no provision for with all the other software tools de- there is a well defined conceptual gap
annotation of the notes identified, so scribed, the audio file is not directly in the way software tools have ap-
external editing software must be used. linked to the notation editor, so the user proached the problem of transcribing
AudioScore [13] is another com- does not know which time domain seg- musical pieces, since they ignore the
mercial transcription tool that displays ment corresponds to a particular meas- manner in which transcription is nor-
the signal in the time domain together ure in the score. mally accomplished. We believe the
with the frequency domain analysis for Thus, despite the wide array of soft- key concept for a useful transcription
note identification. This software does ware tools for music composition and software tool is to provide an explicit
provide an editing environment but, as transcription described, we believe that correspondence between the time
138 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © CEPIS
UPENET
points in audio input waveform with plete measure in the note editor is repre- a later time. Sections that are complex
the associated measures in the sheet sented on the corresponding segment of can be marked as unfinished, indicat-
music score. Our open source software the waveform with a different color from ing to the user that these are points
tool, Katmus [14], bridges this gap. a measure that is completely transcribed. which must be revised and/or require
Moreover, Katmus not only combines Another important difference be- further effort. Project creation in
time-frequency analysis of the audio tween Katmus and other similar soft- Katmus is flexible, allowing for mul-
waveform with a powerful WYSIWYG ware is our emphasis on a project man- tiple scores per audio file, as well as
score editor, but also introduces a agement workflow approach. In this selecting scores based upon single or
project based workflow in the process way, a user can save Katmus sessions, multiple staves. As with other full fea-
of music transcription. In the Katmus thereby saving the present state of all ture notation editors, Katmus provides
environment, having synchronization parameters in XML format. With this score playback with sound synthesis
between the audio waveform and the state persistence, a user can return at a support and allows for exporting scores
note editor means that updates to the later time to an unfinished transcrip- to PDF or MIDI (Musical Instrument
score have a corresponding update to tion and continue at the point of the Digital Interface).
the state of the associated time segment last session with all the previous pa- Perhaps one of the most powerful
of the waveform. In particular, the state rameters restored. Thus, there is no software architecture features is the
of being transcribed or not is repre- reason for the transcription to proceed plugin management infrastructure,
sented on the rendered waveform as a in a linear order; large sections can be which allows for smaller software
color-coded highlight. Thus, an incom- left untranscribed to be returned to at modules to be hot-plugged without the
need for recompilation of the entire ing the most relevant parameters for the audio signal. Also integral to this
application. This has the advantage that specific task of transcription. graphical interface is the ability to lis-
experimental audio analysis and other Table 1 provides a comparison ten and apply various analysis algo-
additional features can be inserted which helps describe the advantages of rithms to transcribe the musical ar-
without affecting the underlying soft- Katmus, our application for musical rangement, displaying at all times the
ware kernel of the application. Several transcription, showing strengths and correspondence between what is writ-
modules have been written using this weaknesses of other applications with ten, where it appears in the audio sig-
plugin system, including the time- respect to this problem domain. nal and score, and playback.
stretching features found in other simi- Figure 2 shows the main window
lar tools, frequency spectral analysis 3 Environmental Features of of the Katmus application. The top
and filters, and experimental automatic Katmus panel displays the representation of the
transcription that can provide sugges- As described in the previous sec- frequency domain audio signal, the
tions to the user. In this way, Katmus tion, the novel aspect of Katmus is the middle panel the time domain signal,
can act as a powerful workbench for tailored workflow for helping users and the bottom panel is the correspond-
researchers developing different audio transcribe complex musical composi- ing score. The representation in the fre-
applications related to musical analy- tions. This workflow consists of project quency domain helps to identify the
sis. management, and a graphical interface notes present in the audio segment. In
Table 1 shows a comparative sum- that exposes a WYSIWYG notation the plot representing the audio wave-
mary of the different tools that have editor coupled to a graphical represen- form, it is possible to manually mark
been described in this section, includ- tation of the time domain signal of the the limits of the measures, thus link-
“
Katmus is a software platform
designed to help musicians, professionals, teachers and students
with complex music transcription tasks
”
140 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © CEPIS
UPENET
Usage Case Background Sequence of Events
Open Request opening an existing Katmus project 1. If the source file is correct, the application
that contains different scores containing should properly load the project with all
various notes, chords, ties and other stylistic source elements.
symbols, and/or an audio file with format 2. If the source file has errors, the application
wav, mp3 and/or ogg. This project may not should display a dialog box indicating that
contain errors, be corrupt or have the file is corrupt or not found.
associated audio files.
P Close A request is made to close a project. 1. Confirms or cancels the closure of a project.
r 2. Asks the user whether to open or create a
o new project.
j Create A request is made to create a new project. 1. This opens the project creation wizard.
e 2. Features are introduced into the new
c project.
t 3. The option is available to return and update
previously entered element values.
4. Loading an invalid file will display an error
message.
Save Create a new score in the project with 1. The project is saved with the original
different elements (time signature, notes, elements and the updated score.
and other symbols). 2. If the project has been previously saved, the
name can be changed.
Delete A score can be selected and removed from 1. It shows the dialog box for confirmation and
the project tree. removal.
2. If cancelled, the process is aborted.
3. If the score is the only one associated with
the project, it cannot be removed.
Export The user wants to export a score to be 1. The user can choose the format in which to
rendered. export the score.
2. If the file exists, it can be overwritten.
S
New The user wants to add a new score to the 1. A dialog box is displayed for confirmation.
c
project. 2. The name and score type is entered.
o
Rename The user wants to change the name of a 1. The score is selected from the project tree.
r
score in the project. 2. The rename option is chosen and the new
e
name entered.
3. If confirmed, the score is renamed,
otherwise the current name is retained.
Playback The user wants to play back a selected 1. An instrument is chosen.
score. 2. The score is reproduced with the chosen
instrument.
3. The user can choose the same controls as
with the reproduction of the audio signal.
Delete The user selects one or more notes of a 1. The selected notes are deleted.
measure, or several measures, to be
deleted.
Copy The user wants to select one or more notes 1. All selected notes are copied and pasted
of a measure, or several measures, to be into the desired measures.
copied to another measure.
Cut The user wants to select one or more notes 1. The cut notes are removed and pasted in
of a measure, or several measures, to be cut the desired measure.
and pasted into another measure.
Insert The user wants to select a note or a stylistic 1. If the score does not have any measures,
symbol to be inserted in the score. then nothing happens.
2. If measures exist, the selected elements are
N
inserted into the desired measure.
o
t Paste The user wants to paste one or more notes 1. An empty space is selected and the notes
e previously copied. are copied.
s 2. If the user tries to paste over an existing note
or outside the present measure, then the
process is aborted.
Select The user wants to select one or more notes 1. The user selects the note and the
in one or more measures. background color changes.
2. If an empty zone is pressed, the present
selection is undone.
3. Selection of multiple notes is performed by
selecting the first and dragging the cursor to
the last note desired.
4. All notes of a measure or pentagram are
selected by selecting an empty zone prior
to notes desired and dragging the cursor to
© CEPIS Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 141
UPENET
ing the original signal with the note the original melody with the tune of event callback handling with the use of
editor. the current work. the signals and slots paradigm, charac-
The application can import audio Export scores. Supporting for- teristic of the Qt framework.
files that can be played and will be used mats are PDF, MIDI, Lilypond, SVG Project management in Katmus is
for analysis during the transcription or PNG. implemented with the use of XML
process. The interface also allows you through a DOM implementation of-
to incorporate Katmus imported audio 4 System Description and fered explicitly in the Qt4 library. In
files corresponding to transcriptions in Technical Specifications order to produce high quality score ren-
the form of scores. The major features One of the fundamental aspects of dering, scores are exported using a
that Katmus provides the user with are the Katmus development and philoso- Lilypond based file generator [15]
the following: phy has been the use of open source which produces the specific language
Import and associate an audio software for its implementation, syntax for post-processing by the
file to be transcribed within the project. thereby encouraging future contribu- Lilypond compiler that produces the
Several audio file formats are sup- tions from a wider community of de- desired output format (PS, PDF or
ported, including uncompressed wav, velopers. The application is written in MIDI). Within the application, the au-
mp3 and ogg vorbis. C++ and makes extensive use of the dio signal is played by invoking the
Associate different transcrip- open source Qt4 graphical interface libao library [16]. This library is cross-
tions to the same audio file within a platform and provides a simple API for
“
single project. This feature allows the audio playback that can be used inter-
nally or through different standard au-
user to save and maintain several tran- The novel aspect dio drivers such as ALSA or OSS.
scriptions of the same audio file or to
have individual transcriptions for dif- of Katmus is the tai- Playback of scores is done with the use
of the Lilypond syntax generator to
ferent instruments. lored workflow for generate MIDI files and uses Timid-
Zoom capability in both the au-
dio waveform and notation editor, helping users tran- ity++ [17] for sound synthesis. The
slow motion playback is programmed
which allows the positioning of pre- scribe complex musi- using the Rubberband library [18],
”
cise selections of audio segments for which implements a phase-vocoder
fast musical passages. cal compositions that can change the speed of original
Synchronization of the audio musical audio in real time without af-
waveform with the measures in the fecting the pitch. Finally, to obtain the
score, thereby associating each audio library (originally developed by frequency domain from the time do-
segment with a compass. Combined Trolltech and now owned by Nokia). main of the audio signal, the popular
with a color coding, this provides a The significant advantages of the Qt4 open source Fourier transform library,
powerful functional advantage since library are that it is cross-platform, fftw3 [19], is used.
completed and uncompleted parts of object-oriented, and provides extensive Figure 3 shows the typical workflow
the audio file and/or score are indi- technical documentation. of Katmus, which is a standalone appli-
cated, saved and restored for multi-ses- Since Qt provides a complete frame- cation with a complete user interface. The
sion work. work for developing applications, the first action when launching the applica-
Playback of the audio signal. core capabilities and functionality of tion is either to create a new a project,
The user can replay the entire signal Katmus rely heavily upon the standard select an existing project saved on disk,
or certain segments, selected by drag- and advanced features of the library. or start a default project by directly im-
ging the mouse over the graphical rep- Some noteworthy features provided by porting an audio file.
resentation of the audio signal. A pow- Qt in the Katmus application are: (i) the Since many different options can
erful feature for transcription is pitch use of the Plugin Manager API for de- be used to instantiate a new project, a
invariant time-stretching, where time veloping shared modules, which extends graphical wizard guides the user
domain segments can be slowed down the basic functionality of an application through the process of creating a new
without effecting the pitch. This fea- and encourage third party contributions project. The information queried dur-
ture is especially interesting for rapid and experimentation, (ii) the use of the ing this process includes: (i) the type
musical segments or in cases where specialized Qt thread classes, which can of audio file to be imported, (ii) the
complicated chords (polyphony) need greatly accelerate the applications per- channel (if stereo), (iii) the type of
to be resolved. formance on computer architectures that score (one or two staves) and (iv) the
Edit scores. The integrated nota- can take advantage of multi-threading, name of the project. Once the project
tion editor provides basic functionality (iii) the use of interoperability with the is successfully created, the standard
for the editing of musical symbols. use of XML document exchange through work area of the application is instan-
Play back the score. This func- standard SAX and DOM technology, and tiated, which consists of three discrete
tionality makes it possible to compare (iv) a clean implementation of object parts, shown in Figure 2, and described
142 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © CEPIS
UPENET
as follows:
1. Display window for audio sig-
nal: Provides zoom capability to
change both the time as well as ampli-
tude scale of the audio waveform,
“ Katmus is available at SourceForge
since July 2009. Since then, hundreds of
which is an important feature for tran-
users have successfully downloaded and
”
scription. Thus, the user can focus upon
short time scale segments of the audio installed the application
waveform. An important feature is the
ability to select the time intervals cor-
responding to the different measures ation tests were performed. There are dents with complex music transcription
of the score, which are marked in the numerous methods of evaluation in the tasks. For the expert musician, the
display window by vertical lines. Since literature that ensure the quality of soft- Katmus philosophy and implementa-
there can be variability of time meters ware development based upon the tion provides a natural mapping of the
within a musical composition, Katmus product type and metrics [20]. For transcription process which is a great
offers two different ways of making the Katmus, both functional and structural aid to producing the final arrangement.
correspondence between measures and tests were performed focusing specifi- For the more novice users, Katmus pro-
the times in the audio signal: (i) manual cally on object-oriented systems. vides facilities that reinforce the rec-
selecting the limits of each measure in The method chosen for these tests ognition of musical notes and chords
the signal display window by mouse is based upon scenarios, since it fo- and may serve as an educational tool.
point/click events, or (ii) assigning a cuses upon actions that the user per- The end result is open source tran-
constant time duration for all measures, forms in order to discover interaction scription software that is both intuitive
and then making small tweaks to the errors. This means that tasks performed and easy to use. Moreover, the appli-
duration of individual measures where by users must be captured in a series cation is easily extendible with the use
necessary. The user may also interacts of user cases and any possible variants of a plugin architecture that simplifies
with the waveform display window by which may arise. Tests are then per- the addition of enhancements or ex-
selecting small segments with mouse formed on this set of cases. perimental algorithms. By taking ad-
drag events. In this way, all the points Table 2 shows set of tests based on vantage of open source philosophy,
included in the selected waveform seg- usage scenarios of the application. future code enhancements and extend-
ment can be used for subsequent analy- Applying each of these scenarios to the ible modules could be provided by
sis with built-in functions, plugin func- Katmus software system resulted in a community contributions in the follow-
tions, or repetitive playbacks. thorough method for debugging the ing areas:
2. Intelligent Score Editor: Once application. Extending the capabilities of the
the measures and the time signature are Functional, or black box testing, notation editor.
defined, the user can insert the various was applied to the user interface for Using beat detection algorithms
musical notes and symbols correspond- testing usage cases. The evaluation was for accurately associating measures.
ing to the transcription. An important based on informal handling tests fol- Extending the support for
feature of the editor is that the time lowing the evaluation cycle of the in- sequencing MIDI to handle more com-
computation is automatically validated terface [21] during which users evalu- plex polyphony output.
so that only measures with the correct ated beta versions of the software in Extending the labeling system
time signature can be marked as com- order to provide informal feedback for for measures.
plete. debugging the final design. Providing support for multi
3. Project tree: Displays the dif- Once extensive usage tests and bug channel audio analysis.
ferent elements, such as scores, meas- fixes were performed, Katmus was Module development for audio
ures and audio file, which are part of made available to the wider user com- signal editing.
the complete transcription project. As munity at SourceForge in July 2009.
described previously, an advantage of Since then, hundreds of users have suc- References
the project paradigm is that it provides cessfully downloaded and installed the [1] R. Bennett. Elementos básicos de
an intuitive way of allowing Katmus application without significant inci- la música. Ed. Jorge Zahar, 1998.
to contain many transcription scores dence. [2] K.D. Martin. Automatic transcrip-
for a single audio file, thereby contain- tion of simple polyphonic music:
ing different versions of a transcription 5 Conclusions and future work a robust front end processing.
or assigning different musical instru- This paper presents the architec- MIT Media Laboratory Percep-
ments to each separate score. ture, implementation, and philosophy tual Computing Section. Techni-
In order to ensure the proper func- of Katmus, which is an easy to use soft- cal Report No. 385, 1996.
tioning of the system described and the ware platform designed to help musi- [3] M. Pizczalski. A computational
quality of the software, several evalu- cians, professionals, teachers and stu- model of music transcription.
© CEPIS Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 143
UPENET
144 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © CEPIS
UPENET
IT Security
© 2011 Pliroforiki
This paper was first published, in English, by Pliroforiki (issue no. 21, July 2011, pp. 30-38). Pliroforiki, ("Informatics" in
Greek), a founding member of UPENET, is a journal published, in Greek or English, by the Cyprus CEPIS society CCS (Cyprus
Computer Society, <http://www.ccs.org.cy/about/>) . The July 2011 issue is available at <http://www.pliroforiki.org/>.
The rapid burst of Internet usage and the corresponding growth of security risks and online attacks for the everyday user
or the enterprise employee have emerged the terms Awareness Creation and Information Security Culture. Nevertheless,
security education has remained widely an academic issue. Teaching system security or network security on the basis of
practical experience inherits a great challenge for the teaching environment, which is traditionally solved using a compu-
ter laboratory at a university campus. The Tele-Lab project offers a system for hands-on IT security training in a remote
virtual lab environment – on the web, accessible at any time.
The classical approach requires a Teleteaching for security education capabilities of the Tele-Lab training en-
dedicated computer lab for IT security mostly consists of multimedia vironment: a simple learning unit on
training. Such labs are exposed to a courseware or demonstration software, password security, an exercise on
number of drawbacks: they are immo- which do not offer real practical exer- eavesdropping, and the practical appli-
bile, expensive to purchase and main- cises. In simulation systems users do cation of a Man-in-the-Middle attack.
tain and must be isolated from all other have a kind of hands-on experience,
networks on the site. Of course, stu- but a simulator doesn’t behave like a Tele-Lab: A Remote Virtual Se-
dents are not allowed to have Internet realistic environment and the simula- curity Laboratory
access on the lab computers. Hands- tion of complex systems is very diffi- Tele-Lab, accessible at <http://
on exercises on network security top- cult – especially when it comes to in- www.tele-lab.org>, was first proposed
ics even demand to provide more than teracting hosts on a network. The Tele- as a standalone system [4], later en-
one machine to each student, which Lab project builds on a different ap- hanced to a live DVD system introduc-
have to be interconnected (i.e. a Man- proach for a Web-based teleteaching sys- ing virtual machines for the hands-on
in-the-Middle attack needs three com- tem (explained in detail in section 2). training [3], and then emerged to the
puters: one for the attacker and two Furthermore, we will describe a set Tele-Lab server [2, 6]. The Tele-Lab
other machines as victims). of exercise scenarios to illustrate the server provides a novel e-learning sys-
“
The classical approach requires a
dedicated computer lab for IT security training
”
tem for practical security training in the since the recovery to the original state knowledge such as definition, classi-
WWW and inherits all positive char- can be performed quicker, more often fication, and history of malware
acteristics from offline security labs. and without any manual maintenance (worms, viruses, and Trojan horses).
It basically consists of a web-based efforts. Methods to avoid becoming a victim
system (see Fig. 1) and a training en- With the release of the current Tele- and relevant software solutions against
vironment built of virtual machines. Lab 2.0, the platform introduced the malware (e.g. scanners, firewalls) are
The tutoring system provides learning dynamic assignment of several virtual also presented. Afterwards, various ex-
units with three types of content: in- machines to a single user at the same isting malware kits and ways for dis-
formation chapters, introductions to time. Those machines are connected tribution are described in order to pre-
security- and hacker tools and finally within a virtual network (known as pare the hands-on exercise. Following
practical exercises. Students perform team, see also in [1]) providing the an offensive teaching approach1 , the
those exercises on virtual machines possibility to perform complex net- user is asked to take the attacker’s per-
(VM) on the server, which they oper- work attacks such as Man-in-the-Mid- spective – and hence is able to lively
ate via remote desktop access. A vir- dle or interaction with a virtual experience possible threats to his/her
tual machine is a software system that (scripted) victim (see exemplary de- personal security objectives, as if
provides a runtime environment for scription of a learning unit below). physical live systems were used. The
operating systems. Such software- A short overview of the Tele-Lab closing exercise for this learning unit
emulated computer systems allow easy architecture is given later in this sec- on malware is to plant a Trojan horse
deployment and recovery in case of tion. on a scripted victim called Alice – in
failure. Tele-Lab uses this feature to particular, the Trojan horse is the out-
revert the virtual machines to the origi- A Learning Unit in Tele-Lab
nal state after each usage. This is a sig- An exemplary Tele-Lab learning
nificant advantage over the traditional unit on malware (described in more
1
detail in [5]) starts off with academic See [9] for different teaching approaches.
setting of a physical dedicated lab,
© CEPIS Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 147
UPENET
“
was translated for Lithuanian language
localization. For the future, the project Students perform those exercises
consortium plans to add more learning
units and expand localization for the
on virtual machines (VM) on the server,
Greek language. which they operate via remote
Architecture of the Tele-Lab Server
The current architecture of the Tele-
desktop access
”
148 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © CEPIS
UPENET
For the network connections within mote desktop connection is generated, lated laboratories) is the ability to pro-
the teams, Tele-Lab uses the Virtual whenever a user requests a virtual ma- vide secure training environments for
Distributed Ethernet (VDE)5 package. chine team for performing an exercise. exercises, where the student takes the
VDE emulates all physical aspects of Using TLS ensures the confidentiality perspective of an attacker. Next to the
Ethernet LANs, in software. The Tele- of the token. learning unit on Trojan horses pre-
Lab Control Services launch virtual Administration Interface: The Tele- sented in chapter 2, we introduce a set
switches or hubs for each virtual net- Lab server comes with a sophisticated of additional exercise scenarios to il-
work defined for a team of VMs and web-based administration interface lustrate this approach: Attacks on Ac-
connect the machines to the appropri- that is also implemented as a Grails counts and Passwords, Eavesdropping
ate network infrastructure. For the dis- application (not depicted in Fig. 2). On of Network Traffic, and a Man-in-the-
tribution of IP addresses in the virtual the one hand, this interface is made for Middle Attack.
networks, a DHCP server is attached content management in the web-based
to every network. After sending out all training environment and on the other, Exercise Scenario A: Attacks on
leases, the DHCP server is killed due for user management. Additionally, the Accounts and Passwords
to security constraints. [7] admin interface can be used for manual Gaining valid user credentials for
Database: The Tele-Lab database virtual machine control, monitoring a computer system is obviously major
holds all user information, the content and for registering a new virtual ma- objective for any attacker. Hackers can
for web-based training and learning chine or team templates. get access to personal and confiden-
unit structure as well as the informa- Tele-Lab Control Services: The tial data or use a valid login as a start-
tion on virtual machine and team tem- purpose of the central Tele-Lab con- ing point for numerous further attacks,
plates. A VM template is the descrip- trol services is bringing all the above such as gaining privileged access to
tion of a VM disk image that can be components together. To realize an their target system.
cloned in order to get more VMs of that abstraction layer for encapsulation of It is well known that one should set
type. Team templates are models for the virtual machine monitor (or a password consisting of letters (up-
connected VMs that are used to per- hypervisor) and the remote desktop per and lower case), numbers and spe-
form certain exercises. The database proxy, the system implements a cial characters. Moreover, the longer a
also persists current virtual machine number of lightweight XML-RPC web password is, the harder it is to crack.
states. services. The vmService is for control- Thus, it is inherently important for a
Remote Desktop Access Proxy: The ling virtual machines – start, stop or user to choose strong credentials – even
Tele-Lab server must handle concur- recover them, grouping teams or as- though passwords of high complexity
rent remote desktop connections for signing machines or teams to a user. are harder to memorize.
users performing exercises. This is re- The remoteDesktopService is used to Studies 7 show, that users still
alized using the open-source project initialize, start, control and terminate choose very weak passwords, if al-
noVNC6 , a client for the Virtual Net- remote desktop connections to as- lowed so. In December 2009, a hacker
work Computing Protocol based on signed machines. The above-men- stole passwords from the popular
HTML5 Canvas and WebSockets. The tioned Grails applications (portal, tu- online platform rockyou.com and re-
noVNC package comes with the toring environment, and web admin) leased a dataset of 32 million pass-
HTML5 client and a WebSockets allow the user to control the whole sys- words to the Internet8 . An analysis of
proxy which connects the clients to the tem using the web services. those passwords revealed several in-
VNC servers provided by QEMU. En- On the client side, the user only needs teresting findings:
suring a protected environment for a web browser supporting SSL/TLS. The 30% of the users chose pass-
both the Tele-Lab users and system is current implementation of the noVNC words with a length of 6 characters or
a challenge that is important to thor- client does not even need an HTML5- less, 50% had a password not longer
oughly implement at all levels, as the capable browser: for older browsers, than 7 characters
issue of network security for virtual HTML5 Canvas and/or the WebSockets Almost 60% of the users chose
machines in a Cloud Computing set- are emulated using Adobe Flash. their password from a limited set of
ting (such as the case of Tele-Lab) alphanumeric characters
poses special requirements. [8] The IT Security Exercises Nearly 50% used names, slang
system uses a token-based authentica- As stated before, one of the words, dictionary words or trivial pass-
tion system: an access token for a re- strengths of Tele-Lab (and other iso- words (consecutive digits, adjacent
keyboard keys, and so on)
The learning unit on Password Se-
5
See <http://vde.sourceforge.net/>. curity explains how passwords are
6
See <http://kanaka.github.com/noVNC/>. stored within computer systems (i.e.
7
See i.e. <http://www.rsa.com/solutions/consumer_authentication/reports/9381_
Aberdeen_Strong_User_Authentication.pdf>. password hashes in Linux), and how
8
See <http://techcrunch.com/2009/12/14/rockyou-hack-security-myspace-facebook-pass- tools like Password Sniffers, Dumpers
words/>. and Crackers work.
© CEPIS Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 149
UPENET
© CEPIS Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 151
UPENET
152 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © CEPIS
CEPIS News
CEPIS Projects
Fiona Fanning
e-Skills and ICT Professional- Scoreboard shows only a Third Funding will be focused towards
ism Interim Report Now Published of World’s Top 50 R&D Investors three main objectives:
The interim report of the e-Skills are European Support Europe’s position as a
and ICT Professionalism project has The 2011 EU Industrial R&D In- world leader in science
been published. This project is con- vestment Scoreboard which ranks the Help source industrial leader-
ducted by CEPIS and the Innovation world’s top 1,400 companies by their ship in innovation
Value Institute (IVI) on behalf of the R&D investment during 2010 has just Address major concerns across
European Commission. The synthesis been published by the European Com- several themes such as energy effi-
report marks the halfway point of the mission. Overall, R&D investment by ciency and inclusive, innovative and
research which is due to be completed European companies has increased by secure societies
in 2012 and also signifies the end of 6.1% following the post-economic cri- The proposal and overall budget of
phase 1 of the project. CEPIS and IVI sis decrease of 2.6% in 2009. However Horizon 2020 is currently under nego-
aim to provide detailed proposals for a US companies reported an even higher tiation with the European Parliament
European Framework for ICT Profes- rate of R&D investment at 10% dur- and the Council of Europe, and by
sionalism, and a European Training ing 2010. January 2014 the first calls for propos-
Programme for ICT Managers in the European companies continue to lag als are expected to be launched. Hori-
final report. behind other global R&D investors es- zon 2020 is the financial instrument of
Phase 1 combined desktop re- pecially since only 15 of the top 50 com- the flagship initiative Innovation Un-
search, analysis, and hundreds of in- panies in the world to invest in R&D ion and forms part of the drive to cre-
terviews with ICT experts from across during 2010 are European. Most of the ate new growth and jobs in Europe. To
Europe, North America and Asia Pa- non-EU companies in the top 50 with the find out more about Horizon 2020,
cific through the ICT Professionalism largest increases were in the pharmaceu- please click here: <http://ec.europa. eu/
Survey. The research analysis so far tical and ICT sector, yet for those Euro- research/horizon2020/index_en.cfm?
suggests that the following four key pean companies only four companies pg=home>.
areas act as building blocks for an ICT were in ICT. You can access the 2011
profession: EU Industrial R&D Investment Score- CEPIS Research shows Gender
a common body of knowledge board at: <http://iri.jrc.ec.europa.eu/re- Imbalance in the IT Profession
competences search/docs/2011/SB2011.pdf>. Risks Europe’s Growth Potential
certification, standards and quali- Less than one fifth of European IT
fications European Commission Pro- professionals are women according to
professionals ethics/codes of poses s80 Billion Horizon 2020 Pro- new research that calls for Europe to
conduct gramme for Research and Innova- urgently redress the gender imbalance.
CEPIS would like to thank all of tion Highly skilled roles and enough human
their Members who participated in the The European Commission re- capital to fill these jobs will be vital
ICT Professionalism Survey and who cently announced a new programme for the smart growth economy that
provided essential expert information for investment in research and inno- Europe aspires to create by 2020. Yet
about their attitudes to structures of vation called Horizon 2020. Horizon a recent European report as announced
professionalism within ICT. We also 2020 will bring together all EU re- in the last issue of CEPIS UPGRADE
welcome any further comments. search and innovation funding together by the Council of European Profes-
The European ICT Professionalism under one programme, and in doing so sional Informatics Societies (CEPIS)
Project Interim Report can be aims to simplify rules, procedures and shows that women represent only 8%
downloaded at: <http://www.cepis.org/ greatly reduce the amount of time-con- of IT professionals in some countries.
media/EU_ICT_Prof_interim_report_ suming bureaucracy associated with With few women entering the IT pro-
PublishedVersion1.pdf>. funding programmes until now. fession as the demand for skilled IT
© CEPIS Farewell Edition CEPIS UPGRADE Vol. XII, No. 5, December 2011 153
CEPIS News
154 CEPIS UPGRADE Vol. XII, No. 5, December 2011 Farewell Edition © CEPIS