Evaluating cyclic risk propagation through an organization

Many large organizations have risk that propagates because of the dependencies between their various major organizational components. This paper addresses when cycles of dependencies exist in an organization or system of systems. In a 2016 article, Gallagher, MacKenzie, Blum and Boerman proposed determining component risk assessment by evaluating against future plans with respect to performance, cost and schedules. Their method aggregated various risk evaluations to an expected component risk assessment between zero and one for each future scenario. In 2020, Hall, Gallagher and Fenn presented a networked risk assessment framework that evaluates components’ risks to assess the networked risk by components and the overall organizational expected risk. They included describing a maximum likelihood method to estimate dependencies between components based on expert assessments. They also proposed three risk propagation approaches across the networked components to produce networked risk assessments: (1) the linear program approach, which transfers risk based only on the worst support; (2) the reliability approach, which uses multiplicative probabilities; and (3) the Leontief approach, which adds all direct and indirect contributing risks. Here, we computationally investigate the sensitivities of those three risk propagation models and conclude the reliability formulation is the most robust to variance in model inputs. We apply this networked risk framework to evaluate the United States Air Force in future combat scenarios.