A System-Theoretic Approach to Risk Analysis

Traditional safety risk assessment methods focus on component failures instead of the hazards present before the failure occurs. A widespread assessment tool is a risk matrix that measures the probability and severity of a particular risk, focusing heavily on qualitatively assessing the problem and determining its impact categorically through a matrix. The problem with this methodology is that any underlying system components or hazards that somebody cannot quantify are overlooked and may not appear until an accident or performance issue occurs. As a result, most analysis and reporting is conducted after an undesirable event happens, and the lessons-learned are used to prevent future losses. However, a newer analysis method can identify the hazards and possible scenarios that lead to those losses before they occur. The technique is called System-Theoretic Process Analysis (STPA). STPA utilizes a qualitative approach to analyze the emergent properties of a system by finding unsafe control actions and determining their resultant loss scenarios. This thesis examines the DoD risk matrix's current use and then leverages STPA to improve the outputs. The authors’ research is also widely applicable outside of the DoD. The thesis provides two approaches to apply STPA in risk assessment, but both use a measure of mitigation effectiveness as a proxy for probability. A new STPA-Informed Risk Matrix (SRM) is introduced as an alternative for the MIL-STD-882E risk matrix. By combining the strengths of STPA and traditional risk assessment methods, decision-makers will be more equipped to determine risk levels associated with their projects, specifically concerning system safety. New DoD developmental programs are incredibly complex systems that require risk mitigation at each phase, from design to operation. STPA is applicable and scalable in any phase and yields actionable results that will prevent losses from occurring.