Whether within the programmatic/project risk space or the technical risk space, these analyses can range from fully qualitative to fully quantitative. The degree of complexity selected for each project is driven by the level of detail and fidelity required of the insights as well as user expertise (e.g., if a non-risk expert is the ultimate user, a simplified approach may be more appropriate).

PNNL is equipped with a team of experts in various types of risk analysis and management. Our capabilities include, but are not limited to the following:

Cross-Cutting Capabilities 

• Elicitation Expertise: Best-in-class capability to lead risk elicitations with subject matter experts to identify potential threats and opportunities to a project or program, capture risk characterization including likelihood and potential impacts if realized, and identify risk handling plans as needed.
• Facilitation Expertise: Facilitation of process improvement activities, rapid prototype modeling, value stream mapping, etc.
• Bias Mitigation Techniques to Improve Forecasting and Planning: Qualified master planner available to support identification and implementation of techniques to reduce cognitive biases in predication that may impact cost, schedule, and risk estimates throughout the estimating process.

Programmatic and Project Risk Analysis

• Project and Program Risk Management: Supports activities necessary to implement a risk management program for a project/program (authoring a risk management plan, conducting training, eliciting risks, etc.).
• Integrated Cost and Schedule Risk Analysis: A Monte Carlo approach that propagates the cost and duration impacts of risks in a project’s resource-loaded, logically linked schedule. Provides the distribution of a project’s cost and finish dates given exposure to risks, and a quantitative ranking of risks.
• Independent Cost and Schedule Risk Analysis: Simplified quantitative risk analysis approach in which cost and duration impacts are decoupled. Supports rough order of merit schedule and budget baselining activities.
• Performance Risk Modeling: Integrated Monte Carlo simulation with discrete event simulation to quantify the risk to meeting production goals due to postulated scenarios and risk events.

Technical Risk Analysis

• Probabilistic Risk Assessment (PRA): A systematic method for quantifying risk from the design and operation (including human operations) of engineered systems. It quantifies the integrated risks by assessing three questions:   

   (1) What can go wrong (including environmental events)?
   (2) How likely it is to go wrong?
   (3) What are the potential consequences of that event?

In addition to examining a system’s potential risk, the science of PRA is used to identify the aspects of design and operation that could have the most impact on safety, and to determine whether improvements or administrative controls should be implemented to increase safety margins.

• Hazard and Safety Analysis: An integrated hazard and analysis provides a framework to systematically examine a facility’s processes, equipment, structures, etc., and evaluate the potential hazards and resulting consequences to ensure they are properly addressed.
• Nuclear Safety Program Infrastructure: Develops regulations and supporting programs including risk-informed nuclear safety criteria and transportation analysis.
• Cybersecurity Risk Management: Identifies cyber threat landscape and assesses vulnerability of digital assets to minimize cyber risk by implementing risk-based security controls to protect information technology and operational technology systems from adversaries.
• Resiliency of Critical Infrastructure: Supports several efforts to incorporate risk-informed decision making into the resilience planning processes for federal agencies to enhance their ability to adapt to, withstand, and recover from damaging events to critical infrastructure, including energy and water infrastructure.