The course aims at teaching how to analyse, engineer and manage risk(s) in a holistic, integrated, systemic and systematic way (i.e., analyse, engineer and manage risk(s) throughout an organisation).

Lectures and labs will allow students to: 

• Understand the need to analyse risk(s) in a systemic way (i.e., accounting simultaneously for the Human, the Technological and the Organizational sources of risk), and learn how to do it in practice for whatever type of risk thanks to the functional abstraction approach 
• Learn and practice how to quantifying and engineering risk(s) by means of a new and innovative cloud-based software (patent pending)
• Understand what are the factors (organisational, technological, human) to account for and how to use them to efficiently manage risk(s) within an organization 
• Understand what are the (mandatory and voluntary) frameworks for managing risk(s)
• Understand the importance and improve the following soft skills: teamwork, public speaking, technical negotiation, technical writing  

The course is divided into 3 (three) main streams: integrated risk analysis, integrated risk management, and, finally, ERM frameworks and emerging risks. In the first stream specific emphasis is given to the importance of identifying and analysing risks in a systemic and functional way (i.e., making the system analysis a transversal skill independent from the system/process being analysed). The second stream stresses the importance of managing risk in an integrated way (i.e., without compartmentalising strategic risks from operational ones). In the third, last stream particular attention is paid to the most used international frameworks for Enterprise Risk Management.

Part 1 – Integrated Risk Analysis

• Notions and concepts of safety- and security-related risks (hazards vs. threats)
• Risks categories (pure vs. speculative – strategic, operational, financial, compliance, market, innovation…) and risk appetite
• Open Source Intelligence (OSINT) and Business Intelligence (BUSINT)
• Integrated functional analysis and business processes representation (Task Analysis, Decision-Action Diagram, C3 Diagrams)
• The Utility Factor (UF) in the risk analysis process
• Inductive and deductive logic (and reasoning)
• Logic algebra (sums and products)
• ALBA method (Artificial Logic Bayesian Algorithm) to quantifying risk (risk spectrum, critical paths, and critical components identification and characterisation)
• DISCA method (Discrete Sampling and Condensation Approach) to estimating probabilities (values, strength and costs)
• GANTT and PERT methods to identifying execution risk in project management
• Sensitivity analysis (on risk estimate) and decision-making

Part 2 – Integrated Risk Management

• Organisational forms for risk prevention (by function vs. by process)
• Culture & Leadership to anticipate and manage risk (the High Reliability Organization model)
• Risk perception
• Sanctions and rewards in organisation risk management
• Risk management strategies (avoidance, reduction, transfer, sharing, retention)
• Decision-making models

Part 3 – ERM Frameworks and Emerging Risks

• Managerial perspective of risk prevention and management laws (European Directives and Italian laws)
• The COSO approach and the ISO 31000 for Enterprise Risk Management
• Emerging risks (Business Social Networks, Bring Your Own Device…)

The topics are addressed in a practial way by involving every year a different company and allowing students to practicing what they have learnt on a specific use case defined by the company. 

Students are required to know the basic concepts of safety and reliability. Given its transversality (as the emphasys of the course, for the technical part, is on the use of logic and the functional abtraction) the course can be followed by students with (substantially) different background.   

The student is guided through the notions and concepts using a mixed approach of teaching methods: the “traditional lesson” and the “use case” method.

Students will get acquired with teamwork by working (in teams) on the specific use case provided by the company. They will analyse and quantify the risk level (by means of the cloud-based platform) and propose solutions to mitigate the risk.  

To pass the exam, each team will be required both to produce a final report (explaining the results achieved and the proposed solutions to improve the risk level) and to present the results to the company. Each student will have the opportunity to go through an oral exam (not mandatory) to improve the report's grade gained with the teamwork (the report grade and the presentation to the company will weigh 2/3 on the overall exam grade, while the oral part will weigh the remaing 1/3).