Risk
A Risk models a project risk: its RASCI responsibility matrix, its assessment before and after mitigation, and the RiskControl measures that move it from one to the other.
See Domain Model — Risks for a conceptual overview and Merging — Risk merging for merge semantics.
Risk
Risk
Bases: MergeableModel
A project risk, its assessments before and after controls, and its controls.
Attributes:
| Name | Type | Description |
|---|---|---|
id |
int
|
Integer identifier, unique within the enclosing Scope's risks. |
description |
str
|
Non-empty description of the risk. |
rasci |
frozenset[RasciAssignment]
|
RASCI responsibility bindings for managing this risk overall (not for executing any single control measure). Each role name must appear at most once. Defaults to an empty frozenset. |
potential_assessment |
RiskAssessment
|
The assessment of the risk before any controls are applied. |
residual_assessment |
RiskAssessment
|
The assessment of the risk after its controls are applied. |
risk_controls |
frozenset[RiskControl]
|
The measures taken to move from the potential to the residual assessment. Defaults to an empty frozenset. |
RiskAssessment
RiskAssessment
Bases: MergeableModel
A scored and categorized evaluation of a Risk's impact, probability, and threat.
Attributes:
| Name | Type | Description |
|---|---|---|
impact |
float
|
Index in |
probability |
float
|
Index in |
threat |
float
|
Index in |
impact_category |
str
|
Non-empty label categorizing |
probability_category |
str
|
Non-empty label categorizing |
threat_category |
str
|
Non-empty label categorizing |
strategy |
RiskAssessmentStrategy
|
The strategy instance that produced the three categories above. |
strategy_name
property
The concrete strategy's class name, for identifying it once serialized.
Returns:
| Type | Description |
|---|---|
str
|
|
assess(impact, probability, threat, *, strategy=DEFAULT_RISK_ASSESSMENT_STRATEGY)
classmethod
Build a RiskAssessment by categorizing the three indexes with strategy.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
impact
|
float
|
Index in |
required |
probability
|
float
|
Index in |
required |
threat
|
float
|
Index in |
required |
strategy
|
RiskAssessmentStrategy
|
The categorization policy to apply. Defaults to
:data: |
DEFAULT_RISK_ASSESSMENT_STRATEGY
|
Returns:
| Type | Description |
|---|---|
RiskAssessment
|
A new RiskAssessment with categories computed by |
RiskLevel
RiskLevel
Bases: SemanticallyOrderedEnum['RiskLevel'], Enum
Orderable classification of a risk's threat index.
Attributes:
| Name | Type | Description |
|---|---|---|
LOW |
Minimal threat; unlikely to warrant dedicated controls. |
|
MODERATE |
Noticeable threat; worth monitoring and controlling. |
|
HIGH |
Significant threat; requires active controls. |
|
CRITICAL |
Severe threat; requires immediate and thorough controls. |
semantic_order()
classmethod
Define the threat ranking from lowest to highest.
Returns:
| Type | Description |
|---|---|
tuple['RiskLevel', ...]
|
Members ascending from |
ImpactLevel
ImpactLevel
Bases: SemanticallyOrderedEnum['ImpactLevel'], Enum
Orderable classification of a risk's impact index.
Attributes:
| Name | Type | Description |
|---|---|---|
NEGLIGIBLE |
Little to no consequence if the risk materialises. |
|
MINOR |
Limited, easily absorbed consequence. |
|
MAJOR |
Substantial consequence requiring recovery effort. |
|
SEVERE |
Consequence threatening the project's or organisation's goals. |
semantic_order()
classmethod
Define the impact ranking from lowest to highest.
Returns:
| Type | Description |
|---|---|
tuple['ImpactLevel', ...]
|
Members ascending from |
ProbabilityLevel
ProbabilityLevel
Bases: SemanticallyOrderedEnum['ProbabilityLevel'], Enum
Orderable classification of a risk's probability index.
Attributes:
| Name | Type | Description |
|---|---|---|
RARE |
Very unlikely to occur. |
|
UNLIKELY |
Occurrence is possible but not expected. |
|
LIKELY |
Occurrence is expected under normal circumstances. |
|
ALMOST_CERTAIN |
Occurrence is expected to happen. |
semantic_order()
classmethod
Define the probability ranking from lowest to highest.
Returns:
| Type | Description |
|---|---|
tuple['ProbabilityLevel', ...]
|
Members ascending from |
RiskAssessmentStrategy
RiskAssessmentStrategy
Bases: BaseModel, ABC
A pluggable policy that categorizes raw [0.0, 1.0] risk indexes into labels.
Each index has its own default vocabulary (:class:ImpactLevel,
:class:ProbabilityLevel, :class:RiskLevel), but a strategy is free to
return any non-empty label; :class:RiskAssessment stores categories as
plain strings rather than being bound to these enums.
categorize_impact(value)
abstractmethod
Categorize an impact index value.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
value
|
float
|
The raw impact index, within |
required |
Returns:
| Type | Description |
|---|---|
str
|
A non-empty label for the impact category. |
categorize_probability(value)
abstractmethod
Categorize a probability index value.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
value
|
float
|
The raw probability index, within |
required |
Returns:
| Type | Description |
|---|---|
str
|
A non-empty label for the probability category. |
categorize_threat(value)
abstractmethod
Categorize a threat index value.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
value
|
float
|
The raw threat index, within |
required |
Returns:
| Type | Description |
|---|---|
str
|
A non-empty label for the threat category. |
ThresholdRiskAssessmentStrategy
ThresholdRiskAssessmentStrategy
Bases: RiskAssessmentStrategy
The default strategy: splits [0.0, 1.0] into four quartile buckets.
Attributes:
| Name | Type | Description |
|---|---|---|
low_max |
float
|
Upper (exclusive) bound of the lowest bucket. Defaults to |
medium_max |
float
|
Upper (exclusive) bound of the second bucket. Defaults to |
high_max |
float
|
Upper (exclusive) bound of the third bucket. Defaults to |
RiskControl
RiskControl
Bases: MergeableModel
A measure taken to reduce a Risk from its potential to its residual assessment.
Attributes:
| Name | Type | Description |
|---|---|---|
description |
str
|
Non-empty description of the control measure. |
procedure |
Procedure | None
|
An optional, self-contained flowchart to follow when
carrying out this control. Defaults to |