A key innovation in SARM is its use of a standard risk model in the trade-off analysis. Whereas other architecture review methods adopt the concept of utility and explore how different solution options represent alternative trade-offs of utility with respect to different quality characteristics, SARM looks at the trade-off of risk. One reason for adopting this approach came from practical experience – we found that stakeholder participants in workshops found the concept of utility somewhat abstract, whereas the language of risk was well understood, and was to be found in everyday use in the corporation.
SARM has adopted a widely used formula for expressing risk:
Risk Exposure = Risk Impact x Risk Likelihood
This approach was developed first by the Dutch mathematician David van Dantzig for use in 1953 in the Delta Works civil engineering project – the construction of dams and levees in The Netherlands to protect the country from flood risk. The formula has been widely adopted by those wishing to describe and quantify risks. If you are interested in learning more about the topic of Risk Management, we recommend Management of Risk, originally published by the UK Government’s Office of Government Commerce.
The default risk model used in SARM is shown below:
Note that the Impact dimension is not a simple linear scale – the scores for Major and Catastrophic are strengthened. Perhaps a more common version is to use two simple linear scales, giving the overall risk exposure score a range of 1 to 25 (instead of 1 to 30 here).
If you would like to change the default SARM Risk Model, you can do so easily by updating the ‘References’ tab of the SARM spreadsheet tool. You can find more details on how to do this here.