Risk Management Process Research Articles

Minimising cybersecurity risk exposures in industrial control system environments: a techno-human vulnerability analysis approach

ABSTRACT Organisations operating IoT-enabled industrial control systems (ICSs) are concerned about growing cybersecurity risks and impacts to their systems. Cyber-attacks on ICSs demonstrate that technology alone is neither a problem nor a solution to the growing cybersecurity issues affecting these systems. As socio-technical systems, ICSs encompass the functions and interactions of social and technological system elements to enable and/or sustain industrial processes. Thus, a more effective cybersecurity risk management process needs to consider human and technology factors, especially for high-value industrial process targets. Combining critical reviews and gap analysis of existing vulnerability assessment methods with conceptual modelling, a Vulnerability Analysis Critical Impact Point Process (VACIP) methodology is proposed which considers both human and technological vulnerabilities within a cyber-physical system environment to inform an improved insight about attack criticality and impacts. VACIP is validated using a simulated industrial mini testbed; showing that it can enable practicable support for security vulnerability discovery, impact criticality analysis, weak link identification, and prioritised controls. Its novelty is demonstrated in its combination of technology and human vulnerability evaluations in the minimisation of system security exposures. It provides a useful guide for adopting effective cybersecurity risk assessment and exposure reduction strategies.

KEY STAGES AND INNOVATIVE APPROACHES IN RISK MANAGEMENT UNDER UNCERTAINTY

The purpose of the article is to analyze in detail the process of risk management at enterprises, in particular, its key stages. In addition, the article aims at studying the current instruments of bankruptcy risk management which can be implemented in the modern economy. The relevance of the article is stipulated by the need to improve approaches to risk management in today's dynamic business environment, where enterprises are constantly facing financial and operational threats. Of particular importance is bankruptcy risk management, since economic instability and high level of competition require effective mechanisms to protect financial stability. The following methods are used in the study: the method of analysis and synthesis - for a structured consideration of the stages of the risk management process, identifying the relationships between them and forming a holistic picture of management actions at each stage; the method of logical generalization - for formulating general conclusions and recommendations on the stages and tools of risk management based on the analysis of literature and practical examples. The result of the study is to determine the essential characteristics of the main stages of the enterprise risk management process and the relevant tools for managing the bankruptcy risk. This includes: a structured description of the key stages of risk management – from risk identification and assessment to monitoring and control, which ensures a systematic approach to responding to threats; analysis of current tools for managing bankruptcy risk – identification of tools that facilitate early detection of risks and support the financial stability of the enterprise. The practical value of the article lies in providing enterprises with a clear description of the risk management process, which includes the main stages from identification to monitoring and control, allowing companies to take a more systematic approach to risk management and reducing the likelihood of negative financial consequences. The use of the current tools for managing bankruptcy risk described in the article provides an opportunity to quickly identify early signs of financial instability, which helps to maintain their financial stability. In addition, the proposed recommendations can be integrated into the enterprise management system, creating a flexible and adaptive model to maintain stable development in the face of economic uncertainty.

Identifying the Bundle/Care Development Process in Clinical Risk Management: A Systematic Review

Background: A bundle is a set of three to five evidence-based interventions designed to improve the quality and outcomes of care processes. Numerous international studies have evaluated the effectiveness of Bundles/Care Bundles (BCB) in reducing morbidity and mortality. The Institute for Healthcare Improvement (IHI) has defined the concept of a bundle but has not outlined the development process. Objective: To identify the BCB development process in clinical risk scenarios from September 2005 to September 2023. Methods: A systematic review was conducted following PRISMA guidelines to identify studies describing the BCB development process in managing clinical risk situations. The databases consulted included PubMed, Embase, and CINAHL, along with manual searches on institutional websites. Relevant studies concerning the BCB development process were included. Results: A total of 1372 studies were retrieved, of which 16 were included. Duplicates were removed, and titles and abstracts were analyzed. The identified methods for BCB development include IHI guidelines, expert opinions, international guidelines, and flowcharts. The most common BCBs relate to the prevention of ventilator-associated pneumonia, surgical site infections, catheter-associated infections, and sepsis. Conclusions: This study has identified the development processes of Care Bundles (BCBs) in clinical risk scenarios, highlighting how these tools facilitate compliance monitoring among members of the healthcare team. The review has revealed effective methods for designing evidence-based BCBs. However, the scarcity of studies on the methodology for developing BCBs is a limitation, suggesting the need for further research. In Italy, there is a growing interest in the use of care packages. It is essential to encourage research that optimizes the effectiveness of intervention strategies.

Personal Loan Default Prediction Analysis based on TabNet and Logistic Regression

Abstract. With the continuous development of the global economy, the demand for loans from individuals and enterprises is growing. However, loan defaults have gradually become a major challenge facing the financial industry. Loan defaults not only directly affect the profitability of financial institutions, but may also trigger systemic risks and pose a potential threat to the entire economic system. Therefore, improving the accuracy of loan default prediction is crucial for financial institutions to effectively manage credit risks. This study built a system for personal loan default prediction by combining TabNet with the Logistic regression model. Through feature engineering, this study extracts potential credit risk features by utilizing datasets from personal and Internet loans. The accuracy of default prediction is improved by combining TabNet's feature learning capabilities with Logistic Regression's interpretability. An AUC value of 0.89 was achieved by the integrated model, which achieved a notable performance. The results indicate that a system that relies on machine learning to predict defaults can significantly enhance the quality of credit approval decisions and lower the likelihood of bad debts for financial institutions. Future studies could aim to optimize the feature selection process, experiment with more advanced machine learning algorithms, or apply the model to diverse loan datasets, thereby enhancing both its generalization and accuracy. In conclusion, this study offers a novel approach to loan default prediction, demonstrating significant practical value and providing substantial support for the risk management and decision-making processes of financial institutions.

NASA’s Top Human System Research and Technology Needs for Mars

NASA is working with industry and international partners to return humans to the Moon and to eventually enable humans to explore Mars. Within NASA, several organizations work together to identify, prioritize, fund, execute, and operationalize the research and technology development (R&TD) that will be necessary to enable crew health and performance (CHP) during these future missions. These organizations include flight programs, the Health and Medical Technical Authority (HMTA), the Human Research Program, the Space Technology Mission Directorate, System Capability Leadership Teams, and other organizations, many of which existed for several years prior to the creation of the Moon-to-Mars (M2M) Program Office in 2023. A variety of constructs, vocabularies, and processes exist for managing risks and supporting strategic planning across these organizations. For example, M2M objectives, program risks, human system risks, human research gaps, capability gaps, and envisioned futures are all constructs currently used within NASA to identify and prioritize R&TD needs. These strategic planning constructs are evolving to allow M2M objectives and R&TD investments to be aligned and traced at a detailed level. A recognized need exists among stakeholder organizations to identify and communicate the highest CHP R&TD priorities in a unified and digestible way that addresses the perspectives of NASA’s CHP community. To achieve this, the HMTA arranged a series of discussions with representatives of NASA’s CHP community, during which the 8 highest priority CHP capabilities that will enable human missions to Mars, referred to as the “top human system capability needs for Mars”, were identified. The list includes Earth-independent human operations; Mars-duration food system; Mars-duration effects on human physiology; risk mitigations for vehicle atmospheres; computational injury and anthropometric models; exploration exercise countermeasures; individual variability in responses to spaceflight; and sensorimotor countermeasures. Existing tools and processes for strategic planning and risk management were evaluated, as well as the technical practicalities, cost, and schedule feasibility associated with potential R&TD investments in different capability need areas. This capability needs report is not owned by any one NASA organization and does not replace existing strategic or program planning processes; rather it aims to complement and inform them with a unified set of community generated priorities. These top capability needs will be re-evaluated periodically based on R&TD progress and the evolving M2M architecture.

The role of data governance in enhancing cybersecurity resilience for global enterprises

Data governance plays a critical role in enhancing cybersecurity resilience for global enterprises. In the face of increasingly sophisticated cyber threats, coupled with rising regulatory demands such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), enterprises must implement robust data governance frameworks to safeguard data integrity, availability, and confidentiality (Ramirez et al., 2008). Effective data governance involves a combination of policies, procedures, and technologies that align with an organization’s overall cybersecurity strategy (Khatri & Brown, 2010). This paper provides a comprehensive analysis of the critical intersection between data governance and cybersecurity, emphasizing the link between governance structures, risk management processes, and technological innovations in mitigating evolving cyber threats (Weber et al., 2009). Additionally, we explore the essential role of data stewardship, stakeholder responsibilities, and the deployment of advanced technologies, such as artificial intelligence (AI) and machine learning (ML), in fostering organizational resilience (Arora & Pedersen, 2017). Through case studies and best practices, the study presents a conceptual framework that enables global enterprises to adapt to the fast-changing cybersecurity landscape while maintaining compliance with international data regulations. By addressing key elements such as access control, data classification, and real-time monitoring, this research underscores how comprehensive data governance frameworks serve as a foundation for enhanced cybersecurity resilience in today’s digital economy (Da Veiga & Eloff, 2007).

PENDAMPINGAN PEMBUATAN PETA JALUR EVAKUASI BENCANA BERBASIS SIG DI DESA PEMENANG TIMUR, KABUPATEN LOMBOK UTARA

East Pemenang Village is one of the tourist destination villages in North Lombok district, with coastal and hilly areas. There are also religious tourism such as the Vanna Sabha Loka Vihara in Jeliman Ireng district and the Jaya Wijaya Vihara in Tebango district (Anwar et al, 2023). However, the 2018 earthquake caused damage to the tourist location. The purpose of the service activity to assist in the preparation of Disaster Evacuation Route Maps using the Geographic Information System (GIS) Application is to compile data and create disaster information media in the form of a map. Information in the maps related to disaster evacuation routes need to be prepared to make it easier for the community and tourists in the East Pemenang Village to know the evacuation routes and assembly points when a disaster are coming. The method used in this activity was FGD with the community and the East Pemenang village officials. The result of this activity is that there is a GIS-based disaster evacuation route map and the community and village officials understand the importance of digital maps in the disaster risk management process.

Call for Action for a Disaster Literacy Course for Disaster Risk Management Process.

There is a need to utilise formal education to ensure and support the effective participation of communities in the disaster risk management process. The negative outcomes of disasters occurring as a result of various disasters in Turkiye show that the society is inadequately prepared. Therefore, the best fight against disasters can be carried out within the scope of formal education activities. In this study, the content and infrastructure of a curriculum for the management of disaster risks at the university level is presented at the conceptual level. Disaster literacy curriculum can contribute to the management of current and future disaster risks. However, there is a need to expand the implementation and measurement of the effectiveness and feasibility of the curriculum as a public health intervention tool. Finally, the support of the national education system needs to be ensured.

ORGANIZATION OF COUNTERMEASURES AGAINST THE NEGATIVE IMPACT OF RISKS IN LOGISTICS TRANSPORT SYSTEMS

The article is devoted to the issue of effective management decision-making in the organization of counteracting the negative consequences of the impact of risks in logistics transport systems. The purpose of the article is to identify risks in the logistics transport system and provide adaptive information on risk management strategies and recommendations. Modernization of the management mechanism based on risk management tools is relevant to ensure the efficiency and reliability of the logistics transport system at all its levels. The study established the fundamental characteristics of the risk management process and developed a set of management measures to reduce transport risks for logistics transport systems. This set of measures significantly affects the reduction of the negative impact of risks on each of the components of the transport and logistics system at different levels of management and is the basis for the integration of management methods, models and tools into a single mechanism, which is a systematic approach to risk management of the logistics transport system. The results of this study create a comprehensive basis for risk management of the logistics transport system. The results of this study indicate that the proposed systematic approach to risk management of the logistics transport system can be defined as an integrated management of business processes related to the promotion of products and the corresponding flows from their source to the final consumer. The effectiveness of this approach has been demonstrated in achieving optimal efficiency of transport enterprises. In the light of the above considerations, the implementation of this systemic approach serves to create an appropriate organizational basis for the implementation of countermeasures against the negative consequences of the impact of risks in logistics transport systems. In essence, it is a risk management tool.

Cybersecurity Transformation: Cyber-Resilient IT Project Management Framework

In response to the escalating threats of cybersecurity attacks and breaches, ensuring the development and deployment of secure IT products has become paramount for organizations in their cybersecurity transformation. This work emphasizes the critical need for a comprehensive and secure IT project management life cycle that safeguards products from their initial development stages through decommissioning. The primary objective is to seamlessly integrate security considerations into every facet of IT project management life cycles. This work embraces a cyber-resilient IT project management framework and advocates the inclusion of cybersecurity measures in IT projects and their strategic, organized, continuous, and systematic integration throughout the entire product life cycle. It introduces a pioneering framework that harmonizes the cybersecurity risk management process with the IT project management life cycle. This framework delineates a methodical sequence of steps, each encompassing a distinct set of activities. The effectiveness and practical applicability of the proposed framework were validated through a comprehensive case study focused on the Personal Health Record (PHR) system. The PHR case study served as a real-world scenario to assess the framework’s ability to address cybersecurity challenges in a specific domain. The results of the experiment demonstrated the framework’s efficacy in enhancing the security posture of IT projects, showcasing its adaptability and scalability across diverse applications.

Exploring AI's Role in Enhancing Risk Assessment Models in Financial Quantitative Trading

The application of Artificial Intelligence (AI) algorithms to financial risk management has fundamentally transformed the nature of risk and the tools being used to control and manage it. This paper examines how AI is deployed to manage market risk, including volatility forecasting, portfolio optimisation, stress testing, and sentiment analysis. While many of these models are well-accepted across the industry and underpin many front-office and risk-management processes, they are often limited in dynamic market environments where traditional linearity doesnt exist and real-time data is king. AI has brought advanced tools that can be applied to large and complex data sets, and that adapt quickly as market conditions change. Reinforcement learning algorithms are now deployed to optimise portfolio weights dynamically. Natural-language processing is also used to augment sentiment analysis, which can be leveraged to assess potential risk. Other forms of AI can be deployed to address challenges that come with more advanced AI models. Explainable AI models provide the opportunity to produce financial outcomes that are more transparent and less opaque while also helping to validate regulatory compliance. Analyzing the applications of AI case studies sheds light on why financial professionals must continue to embrace AI tools, many of which are designed to help them manage risk in an increasingly volatile market environment.

Frontier AI developers need an internal audit function.

This article argues that frontier artificial intelligence (AI) developers need an internal audit function. First, it describes the role of internal audit in corporate governance: internal audit evaluates the adequacy and effectiveness of a company's risk management, control, and governance processes. It is organizationally independent from senior management and reports directly to the board of directors, typically its audit committee. In the Institute of Internal Auditors' Three Lines Model, internal audit serves as the third line and is responsible for providing assurance to the board, whereas the combined assurance framework highlights the need to coordinate the activities of internal and external assurance providers. Next, the article provides an overview of key governance challenges in frontier AI development: Dangerous capabilities can arise unpredictably and undetected; it is difficult to prevent a deployed model from causing harm; frontier models can proliferate rapidly; it is inherently difficult to assess frontier AI risks; and frontier AI developers do not seem to follow best practices in risk governance. Finally, the article discusses how an internal audit function could address some of these challenges: Internal audit could identify ineffective risk management practices; it could ensure that the board of directors has a more accurate understanding of the current level of risk and the adequacy of the developer's risk management practices; and it could serve as a contact point for whistleblowers. But frontier AI developers should also be aware of key limitations: Internal audit adds friction; it can be captured by senior management; and the benefits depend on the ability of individuals to identify ineffective practices. In light of rapid progress in AI research and development, frontier AI developers need to strengthen their risk governance. Instead of reinventing the wheel, they should follow existing best practices. Although this might not be sufficient, they should not skip this obvious first step.

Review of Causes, Prediction, and Prevention of Systemic Risk

In financial market, people always ignore or underestimate the potential risk of systemic risk until black swan events emerged as an irretrievable crisis. In order to analyze and prevent from crisis that generated by systemic risk, this paper collates and presents detailed review of the causes, prediction, and mitigation of systemic risk by gathering and sifting current theoretical and empirical research. It explores the complexity and interdependence of financial systems and emphasizes how systemic risk is created via endogenous risk generation via the investment decisions of financial institutions and regulatory and market failures. Moreover, it underlines the strong demand of through legislative changes, the importance of enhanced market discipline, and well-crafted government interventions. Deliberative risk governance is presented as a practical and necessary strategy when it comes to addressing stakeholders in the risk management process to achieve legitimacy and consensus. The research ends by advocating for a comprehensive strategy for risk management to strengthen the resilience of the global financial system and reduce the probability of future potential crisis.

The Impact of Risk Management on Project Success: A Field Study at Humanitarian Organizations in Yemen

The study aimed to determine the impact of risk management (risk identification, risk analysis, risk response and risk monitoring and control) on project success (scope, schedule, cost and quality) at humanitarian organizations operating in Yemen (HOY). The study followed the analytical descriptive approach to meet its objectives. It utilized the simple random technique to select 15 organizations representing 127 HOY and the disproportional stratified random sampling technique to target the respondents. Data was collected through a printed questionnaire from 185 respondents who have roles in managing projects at the targeted organizations. The findings showed that risk management has a significant positive impact on project success. The findings also revealed that among 4 dimensions of risk management process, risk identification and risk monitoring and control were found as the most significant influencers that impact project success at HOY. The study recommends HOY to pay more attention to project risk management to attain higher project success level that ultimately contributes to the performance improvement and sustainability of their organizations. The study also recommends conducting more studies for further confirmations to the hypothesis of the study through testing the study’s variables at industries other than HOY such as banking industries and telecommunications companies.

Intelligent identification of risks in construction contract clauses based on semantic reasoning

Purpose The number of construction dispute cases has surged in recent years. The effective exploration and management of risks associated with construction contracts helps to directly enhance the overall project performance. The existing approaches to identify the risks associated with construction project contracts have a heavy reliance on manual review techniques, which are inefficient and highly restricted by personnel experience. The existing intelligent approaches only work for the contract query and storage. Hence, it is necessary to improve the intelligence level for contract risk management. This study aims to propose a novel method for the intelligent identification of risks in construction contract clauses based on natural language processing.Design/methodology/approach This proposed method can formalize the linguistic logic and semantic information of contract clauses into multiple triples and transform the structural processing results of general clauses in a construction contract into rights and interests rules for risk review. In addition, the core semantic information of special clauses in a construction contract, rights and interests rules are used for semantic conflict detection. Finally, this study achieves the intelligent risk identification of construction contract clauses.Findings The method is verified by selecting several construction contracts that had been applied in engineering contracting as a corpus. The results showed a high level of accuracy and applicability of the proposed method.Originality/value This novel method can identify the risks in contract clauses with complex syntactic structures and realize rule extension according to the semantic relation network of the ontology. It can support efficient contract review and assist the decision-making process in contract risk management.

Evaluating the impact of risk management and risk-based internal audit on fraud detection in local governments

One of the leading indicators for improving fraud detection capability is the evaluation of the implementation of risk management and risk-based internal audit and information technology systems. This study aims to evaluate how risk management and risk-based internal audits influence fraud detection capabilities in local government when integrated with information technology systems. SPSS 26 was utilized for data analysis. The paper uses a quantitative approach, collecting primary data with questionnaires distributed among 200 auditors and 70 supervisors across four districts in West Java. A purposive sampling approach based on self-selection was used. The findings show that the ability to detect fraud is significantly and positively influenced by the implementation of a risk-based internal audit (sig 0.000 < 0.05) and risk management process (sig 0.000 < 0.05). On the other hand, the risk management framework (sig 0.107 > 0.05) has a negative and insignificant effect on improving fraud detection capability. In addition, the relationships between the risk management process (sig 0.006 < 0.05) and fraud detection capability were found to be moderated by information technology systems. However, information technology systems are unable to moderate the relationship between risk-based internal audit (sig 0.563 > 0.05) and risk management framework (sig 0.115 > 0.05) on fraud detection capability. Therefore, risk management and risk-based internal audits are able to detect fraud, and information technology systems can strengthen the risk management process with the ability to detect fraud. AcknowledgmentThe authors would like to thank the University of North Sumatra, especially the Research Institute, for its support and the Ministry of Education and Research through the Directorate of Research, Technology, and Community Service program for providing intellectual assistance and funding for this project in the PMDSU grant (number: 91/UN5.4.10.S/PPM/KP-DRTPM/2024).

Risk management technology in the public sector: challenges and opportunities

The paper examines the importance of using effective risk management methods in the public sector, emphasizing the need for an integrated approach to this problem. The author emphasizes that public management mechanisms must be supported by appropriate technologies to ensure sustainable functioning. The use of ISO 31000 and ISSAI 9100 standards helps structure the risk management process and increase its effectiveness. Risk management should be based on the identification, assessment and response to risks and take into account the influence of various factors on the risk management process. The author also notes that risk management in the public sector is complicated by certain factors (frequent management changes, division of operating budgets and programs, lack of clear risk indicators, etc.). The analysis of the issue demonstrates that the system of assessment, management and risk reduction should play a key role in public administration. The main task of risk management as an element of public management is to make effective decisions, create the necessary conditions and plan actions taking risks into account to minimize their negative impact on planned results. As a result of the use of risk management technologies, it is possible to identify risks, determine factors and sources of risk, assess the degree and probability of occurrence of hazards and, ultimately, develop an optimal plan of management actions. The results of the study demonstrate that the issue of forming a risk management mechanism in the public sector requires further scientific research on the application of theoretical developments in the practical activities of public management and administration bodies of Ukraine. The paper also focuses on the issue of risk management in public sector organizations, and concludes that in order to assess the value, type and impact of risk, it is necessary to review the internal part of the organization and its management processes, as well as its environment. Such a review of risks should be complemented by increased risk awareness at each level of the management hierarchy and in the day-to-day activities of all employees of the organization. Thus, the need to use modern risk management technologies in the public sector is outlined in order to increase the effectiveness of the decisions made and minimize the negative impact of potential risks on the results of the work of management bodies.

Risk Management Analysis Based on ISO 31000:2018 at Andi Djemma Masamba Airport, Luwu Regency

The density of activities that take place around the operating facilities at Andi Djemma Masamba Airport so that the Management of the Andi Jemma Airport Operator Unit (UPBU) Office has launched the development of Andi Djemma Masamba Airport as an aviation company so that it continues to carry out various facility improvements, especially in risk prevention with potential activities with high losses, therefore it is necessary to conduct research to find out how to map, risk assessment and design a risk control and mitigation system at the Operations facility at Andi Djemma Masamba Airport caused by activities that have the potential to cause risk. The stages of the risk management process refer to ISO 31000: 2018 including risk identification, risk analysis and risk evaluation. Expected impact and likelihood of occurrence are mapped through the risk matrix from the Federation Aviation Administration (FAA). The results showed that at the andi djemma masamba airport there were 6 events that fell into the red category, namely Aircraft accidents during take off/landing, Aircraft accidents in the apron area, Escape of dangerous goods into the aircraft, Fuel Spills on the Apron/Taxiway, Lack of building maintenance, The security inspection process is less than optimal.

The process of dangerous event management taking into account economic, environmental and occupational losses

Aim of the research is in risk management process development of a dangerous event taking into account economic, environmental and professional losses.Materials and methods. To develop the process of risks management from various dangers through the integration of their losses (economic, environmental, life and health of employees), we take the most common model "bow tie", which allows to establish a cause and effect relationship between danger – a dangerous event and the severity of the consequences.Results. As a result of the research, it was found that each hazard must be considered based on three different types of damage. This makes it possible to implement another mechanism for identifying the most significant dangerous factors that lead to significant general economic losses. In the case of risk acceptability from each individual dangerous factor, there is an additional opportunity to analyze them based on the relationship between financial activity, economic and professional losses. The second consists in determining the limits of the acceptability of risks, which are formed not only based on the total acceptable economic losses, but also taking into account the stability of the enterprise's work. This implies the need to actively invest in new technologies based on short-term and long-term perspectives. The main types of dangers are defined in the risk register, which is developed by the organization to determine the integration of dangers consisting of natural, technogenic, environmental, occupational and economic groups of dangers and dangerous factors. The authors develop the model and algorithm of risk management based on the combination of different consequences of dangers in economic, environmental character, life loss and health.Scientific relevance. The article determines the relationship between the probability of a dangerous event and the severity of different types of consequences – economic, environmental and occupational dangers through the analysis of Euler-Venn diagrams.Practical relevance. The authors develop the basic principles of risk management of different types of losses: economic, environmental ones, loss of life and health of employees.

УПРАВЛЕНИЕ НАДЕЖНОСТЬЮ И РИСКОМ В ХОЗЯЙСТВЕ АВТОМАТИКИ И ТЕЛЕМЕХАНИКИ

the article is devoted to the research of dependability and risk management systems at JSCo “Russian Railways” taking into account the specifics in signaling and interlocking division. On this topic the author reviews the current regulatory framework (domestic and foreign), addressing to the problems of its harmonization and proper adaptation within the company. The state of affairs in automation of dependability and risk management processes is considered, which is implemented in several corporate automated systems: “AS URRAN”, “AS ANSh”, “EKP URRAN-Sh”, “AS ANPSh”, “EK ASUI FA”, “AS FA”. A comparative analysis of these systems made it possible to determine the main directions for their improvement in order to maintain the authenticity, relevance and importance of the information contained in them. Despite many ways to model events that may lead to a violation of the transportation process safety, the article discusses one of them: the creation of the tree structure of probable events that have a sequential connection with each other. The author believes that the application of this method in practice will allow to establish typical trends in the occurrence of such cases. It will have a positive impact on the quality of predictive analytics in the company and will improve the existing risk-based approach. In addition, a rethought way to determine and visually present the level of train delays risk caused by failures in signaling and interlocking division is proposed. The central place here is occupied by heat maps of risk and its components.