About the New Methodology and XAI-Based Software Toolkit for Risk Assessment

Abstract

There are different approaches in different areas of what the risk is. ISO 31000 risk management standards describe risk as the effect of uncertainty on objectives. Many existing risk assessment procedures are based on the assumption that risk is the amount of any damage or loss multiplied by the probability of an event that could cause the damage. We are proposing a new risk approach, based on Hillson’s positive risk philosophy, that risk is not just a threat but also a composition of new opportunities, efforts that need to be put in, and uncertainty. For this approach, we composed a risk formula and a methodology based on that formula. A prototypical software tool was developed, and an experiment was performed using this tool to evaluate the risk of several interconnected projects and validate the developed risk assessment methodology. It should be mentioned that, in the methodology, the decision-making process is performed traceably; therefore, it can be stated that it has explainable artificial intelligence (XAI) traits.

1. Introduction

Society, collectively or individually, living in conditions of constant change is exposed to various risks arising from the many threats that can occur and affect people, buildings, property, and the environment. Risk is an integral part of life, affecting all people without exception; it is constantly accompanied by challenges and potential opportunities, and there will always be factors that can affect the individual or society that are underestimated or overlooked [1]. Risk management is a systematic application of management policies, procedures, and practices to the tasks of communication, consultation, establishing the context, identifying, analyzing, evaluating, treating, monitoring, and reviewing risks [2].

Research to generalize the concept of risk and to find a common approach for risk assessments in different fields has been conducted for many years, but different authors have different approaches to this phenomenon. There are subjective approaches to risk that depend on the available knowledge and objective approaches that depend on specific parameters. Risk itself is perceived as an impact, outcome, or uncertainty—there is no common agreement. Risk is a contextual concept, the meaning of which varies in different situations, perspectives, or attitudes. Although the most obvious differences in the interpretation of risk are noticeable following the technical–social sciences divide, in related disciplines, the term risk and its analysis are also not understood unambiguously.

Specific methods, procedures, models, and tools are required to assess risks in specific fields, indicating that risk is an area-dependent derivative category that cannot be assessed directly. On this basis, the general risk research aim is to purify the general concept, which would not be dependent on the particular field and describe the results of the activity that differs from the expected outcomes.

The structure of this paper: the second section reviews the existing risk approaches and proposes a new approach, the third section describes the risk assessment methodology based on the proposed approach, the fourth section describes the implementation of the risk evaluation system based on the proposed methodology, the fifth section describes the experimental study using the developed software tool, and the aggregated conclusions together with drawbacks and future works are presented in the sixth section.

2. Risk Approach

The diversity of existing risk management methods and procedures induces to find a common approach applicable to multiple fields, but due to the distinct nature of the problems in different fields, this has not been achieved yet. Additionally, no general definition of risk has been accepted by the scientific community in a sufficiently broad and precise manner and therefore remains a field of research. Different risk interpretations are noticeable not only between different paradigms of science but also within them. This confirms that the concept of risk is contextual and applied to the given situation. An economist, politician, manager, psychologist, or sociologist acting in their field of science formulates different risk-related questions that emerge from different epistemological assumptions of risk understanding. However, despite differences in risk conceptualization, different risk approaches also have commonalities. According to Ortwin Renn, all risk concepts have one element in common: the difference between a possible and a chosen action [3]. Philosophers call this difference uncertainty. Irrespective of scientific discipline, the risk is not perceived as a constant condition but as a phenomenon with different outcomes. Scientists perceive risk as an activity, as a process, or a characteristic of a situation, but in all cases, the dimension of uncertainty remains. In this case, risk can be referred to as a complex phenomenon. Thus, given the complexity of the risk, several existing risk approaches are provided:

• Risk is the measure of probability and the weight of undesired consequences [4].
• Risk equals the triplet (si, pi, ci), where si is the set of scenarios, pi is the likelihood of that scenario, and ci is the consequence of the scenario, i = 1, 2, …, N [5].
• Risk equals the product of probability and severity [6].
• According to critics, risk means different things to different people [7].
• Risk is the likelihood of adverse effects predicting the possible consequences of exposure to a particular threat in a particular hazardous area over time [8].
• Risk is a combination of five primitives: outcome, likelihood, significance, causal scenario, and population affected [9].
• Risk is a situation or event where something of human value (including humans themselves) has been put at stake and where the outcome is uncertain [10].
• A “risk triangle” consists of three components: threat, openness, and vulnerability [11].
• Risk is the expression of influence and possibility of an accident in the sense of the severity of the potential accident and the probability of the event [12].
• Risk is a combination of the probability and scope of the consequences [13].
• Risk equals expected damage [14].
• The concept of risk is incorporated into so many different disciplines, starting with engineering and ending with portfolio theory, so it should come as no surprise that it is defined in different ways [15].
• Risk refers to uncertainty about and severity of the events and consequences (or outcomes) of an activity with respect to something that humans value [16].
• Risk is the effect of uncertainty on objectives [2].
• The simplest, most widely used definition of risk, used by many risk managers, is described by the equation: risk is the probability of an event occurring multiplied by the consequences of an event that has already occurred [17].
• Risk is an important concept in a number of scientific fields, yet there is no consensus on how it is to be defined and interpreted [18].
• The concept of risk is used in various fields of science. In each of them, the risk concept has topics, directions, and methods used [19].
• Risk is a word that causes the feeling of urgency, because it addresses detrimental, sometimes catastrophic, outcomes. If you asked ten different people what they imply by the word risk, you would probably get ten different answers [20].
• The risk concept indicates a complex state that, at least in modern society, is a normal aspect of life [21].
• The Oxford English Dictionary definition of risk is as follows: “a chance or possibility of danger, loss, injury or other adverse consequences”, and the definition of at risk is “exposed to danger”. In this context, risk is used to signify negative consequences. However, taking a risk can also result in a positive outcome. A third possibility is that risk is related to the uncertainty of an outcome [22].
• The community needs to take risks, all forms of human activity carry risks, and there is no such thing as “risk-free” [23].
• In general, there are two basic approaches to risk assessment: [24].

  a.

  Objective risk assessment, where all factors influencing its occurrence are measurable and can be identified and quantified.

  b.

  Subjective risk assessment, where the factors that lead to the occurrence of risk can be difficult to quantify and measure with exact mathematical methods.

Risk standardization can be expressed in layers, as presented in Figure 1.

After reviewing existing risk approaches, we introduce our new approach for a field-independent risk assessment methodology (experts should formally express field-specific knowledge, and the methodology itself is only responsible for risk assessment calculations). We propose that risk is a normalized to the subjective level of uncertainty about the consequences of the state of the entity system in question in complex environments, consisting of four overlapping entities:

• Opportunities (OP)—profit, achievements, and positive results.
• Threats (TH)—losses, damage, and negative results.
• Efforts (EFF)—investment, labor cost, and contributions.
• Hesitancies (HES)—uncertainties, randomness, possibilities, probabilities, and level of doubts related to incomplete or inaccurate information or its probabilistic nature.

We propose that a measurable level of risk R can be calculated as a value of a certain function R (.), depending on OP, TH, EFF, and HES parameters as presented in (1):

R = R (OP↓; TH↑; EFF↑; HES ↑)

(1)

In this formula, the upward arrows indicate which member of the formula increases, and the downward arrows indicate which member decreases the magnitude of the calculated risk. The estimation of the formula members (as well as the calculation of the function R itself) is based on a mathematical apparatus fuzzy computing with words (FCWW) [25] that is adequate for the task, user-friendly, and convenient for experts.

Risk management requires information technology solutions, which implementation requires the definition of risk, its formal model, understanding of the environment, and the integration and monitoring of ongoing processes in real time. Risk assessment is the first step towards risk management. It provides mechanisms to assess which risks present opportunities and which present traps [26]. Risk assessment is the most important and time-consuming step in the risk management process [27].

3. Functional Organization

Any situation under investigation originates in its environment. There are numerous ways to define the situation, i.e., brainstorming, diagrams, surveys, etc., but we chose to apply a well-known method of SWOT analysis, because it is time-tested and has good potential for expansion. By using a SWOT analysis, the situation is characterized by the following vectors, indicating strengths $\overrightarrow{S{T}_e}$, weaknesses $\overrightarrow{W{K}_e}$, opportunities $\overrightarrow{O{P}_e}$, and threats $\overrightarrow{T{H}_e}$ as presented in (2):

$$\{\begin{array}{c}\overrightarrow{S{T}_e}=\left(S{T}_{e1}, \dots ,S{T}_{es}, \dots ,S{T}_{eS}\right), es=\left(1, \dots ,es, \dots ,eS\right)\hfill \\ \overrightarrow{W{K}_e}=\left(W{K}_{e1}, \dots ,W{K}_{ew}, \dots ,W{K}_{eW}\right), ew=\left(1, \dots ,ew, \dots ,eW\right)\hfill \\ \overrightarrow{O{P}_e}=\left(O{P}_{e1}, \dots ,O{P}_{eo}, \dots ,O{P}_{eO}\right), eo=\left(1, \dots ,eo, \dots ,eO\right)\hfill \\ \overrightarrow{T{H}_e}=\left(T{H}_{e1}, \dots ,T{H}_{et}, \dots ,T{H}_{eT}\right), et=\left(1, \dots ,et, \dots ,eT\right)\hfill \end{array}$$

(2)

The SWOT descriptors of the situation in its defined environment are shown in Figure 2.

In the case of the classical SWOT analysis, each descriptor needs to be evaluated quantitatively. Evaluating SWOT descriptors of projects by using numerical estimates is a complex, tedious, and often not accurate enough procedure for experts. For this reason, in the previous stage of the risk assessment methodology research, we proposed an extension of the classical SWOT analysis method that allows experts to use words from the selected vocabulary for the verbal evaluation of all possible entities during the SWOT analysis [28]. Research for the extension of the classical SWOT analysis was performed in Reference [29], together with classical SWOT analysis calculations. When the extended SWOT analysis was proposed in [28], calculations on the same project were performed, which allowed to validate the results and to prove the effectiveness, along with the accuracy of the proposed SWOT method extension.

The extended SWOT analysis used the input words vector vocabulary $\left\{\overrightarrow{\alpha }\right\}$, consisting of verbal descriptors as presented in (3):

$$\left\{\overrightarrow{\alpha }\right\}=\left(\left\{{\alpha }_1\right\}, \dots ,\left\{{\alpha }_a\right\},\dots ,\left\{{\alpha }_A\right\}\right)$$

(3)

According to Miller’s law [30], humans can differentiate up to six verbal descriptors, so we chose to use six different words in our vocabulary, as presented in (4):

$$\{\begin{array}{c}\left\{Z\right\}-None/Zero\hfill \\ \left\{VS\right\}-Very small\hfill \\ \left\{S\right\}-Small\hfill \\ \left\{M\right\}-Medium\hfill \\ \left\{L\right\}-Large\hfill \\ \left\{VL\right\}-Very large\hfill \end{array}$$

(4)

The functions of these six fuzzy terms are arranged according to the law of squares parabola (x-axis is divided into equal parts by the number of terms and each coordinate obtained after the division is squared—squared X coordinates are the vertices of fuzzy terms).

In this extended methodology, the SWOT questionnaire estimates are entered in verbal form, along with the certainties in the numerical (type 1 fuzzy relation) or verbal (type 2 fuzzy relation) form. The verbal terms are translated into numbers according to the specified certainty. If the certainty is given in verbal form, the first step is to convert the certainty value to the numeric form (the X coordinate point of the term vertex is taken). By a numerical certainty value, a horizontal line is drawn at that height, and the points of intersection with the given term are marked. If the certainty is at the maximum, such a point will be one; otherwise, there will be two points (called the left and right shoulders). The coordinates on the x-axis at these intersections are a numerical expression of the term with a given certainty. Since there may be several values, the value of the left shoulder is considered a pessimistic variant, and the value of the right shoulder is considered optimistic. The third (medium) value is averaged from them. An example of the numerical estimate obtained from a term by a given certainty in all three cases is presented in Figure 3, Figure 4 and Figure 5.

The inverse logic applies to the transformation from a numerical value to a fuzzy term with its certainty. A vertical line is drawn from the x-axis coordinate, and the points of intersection with the terms are marked. The resultant terms are considered those in which the vertical line intersects, and the certainty of these terms are at the points of the intersection of the y-axis coordinates. An example of a term with this certainty obtained from a numerical value is presented in Figure 6.

After the experts provide all the necessary data for the SWOT questionnaire, the total values of OP and TH are calculated by [28]. Further research of this method included an analysis of several interconnected situations under investigation, forming a SWOT network (called FSM—fuzzy SWOT maps) [31], in which the total OP and TH of one situation can influence the total OP and TH of another situation. A single SWOT analysis of the situation in the environment e becomes a SWOT-engine_e node in the network. A graphical scheme of a SWOT engine node is presented in Figure 7.

The single SWOT analysis can be called stage 1, the interconnected multiple SWOT analyses network stage 2, and now, we move onto stage 3, the risk assessment based on the SWOT analysis.

Functional organization of all the subsystems, described in Section 3, are implemented in the structure, presented in Figure 8.

According to the formed risk Formula (1), we already have OP and TH values from the SWOT analysis (first two stages), so, in addition, using the same verbal situation description methodology, experts must evaluate the EFF and HES parameters and, most importantly, construct a block of rules (IF… THEN type list or fuzzy rules (LoR)) to determine the risk. The fuzzy risk rules list is presented in

Table 1. List of fuzzy risk rules.

OP	TH	EFF	HES	RISK
αOP1	αTH1	αEFF1	αHES1	αR1
…	…	…	…	…
αOPn	αTHn	αEFFn	αHESn	αRn

.

α—fuzzy term from the vocabulary of (4). Since our vocabulary consists of six terms and we have four risk parameters, the rule block consists of a total of 6⁴ = 1296 rules. Rule blocks and rule counts are described more in [32]. The rule block contains information about the risk values under certain conditions (OP, TH, EFF, and HES values). Based on the OP and TH values obtained in the first two steps of the SWOT analysis, as well as the EFF and TH values evaluated by experts, it is determined which risk-specific rules from the formed rules block are covered. Since the OP, TH, EFF, and HES values in the rules block are in verbal form, each has its own certainty. For each selected rule, a minimum certainty is selected from these four risk parameters and assigned to the estimated risk value from that rule, as shown in (5):

$$\begin{array}{c}\forall i\in \left\{1,\dots ,n\right\}. \left[RISK,cert\right]=\min \_cert\left(OP\left[i\right], TH\left[i\right], EFF\left[i\right], HES\left[i\right]\right)\\ where i-row number of the rule block\end{array}$$

(5)

An array of the risk terms and their certainties are calculated, from which the highest certainty for each risk term needs to be selected, as shown in (6):

$$\begin{gathered} \forall j\in \left\{1,\dots ,r\right\}. \left[Final\_RISK,cert\right]=\max \_cert\left(RISK\left[j\right]\right), \\ where j-Final\_RISK index\min \_cert\left(OP\left[i\right], TH\left[i\right], EFF\left[i\right], HES\left[i\right]\right) \end{gathered}$$

(6)

After this step, we have the final risk terms with their certainties, as presented in Figure 9.

The final output Rr can be aggregated using different strategies, but the CoG (center of gravity) method [33] is used throughout this paper for its simplicity and effectiveness. The final risk evaluation is calculation according to CoG method by using geometry of the fuzzy terms as presented in (7):

$$CoG=\frac{{{\displaystyle \sum }}_{i=1}^{R}are{a}_i\ast midpointX\left(top\_bas{e}_i\right)}{{{\displaystyle \sum }}_{i=1}^{R}are{a}_i}$$

(7)

The risk results are presented in both numerical and verbal form and from three perspectives: optimistic, pessimistic, and medium, as in the first two stages of risk estimation methodology (SWOT analysis stages). It is worth emphasizing that some parts of Figure 8 may not be present to calculate the results (modular structure), e.g., calculated threats from the SWOT analysis can be considered a risk measurement, as in [34].

4. Implementation of Risk Assessment System

Following the extension of the FSM methodology [31], the existing prototype software tool has also been extended with a module for the risk assessment. The extended tool added the possibility for the expert to evaluate the efforts (EFF) and hesitancies (HES) values for the risk assessment of each situation or project under investigation. An example of the hesitancies input window is presented in Figure 10.

The input windows for the effort and hesitancy values are the same. As in the previous steps of the SWOT analysis, the evaluation is entered verbally and can certainty be expressed in three ways: absolute, digital, and verbal. After the EFF and HES values are entered, all four components required for the risk assessment are available, and the expert can proceed by expressing the risk rules.

An example of entering a block of risk rules is shown in Figure 11.

The final risk is calculated according to this block of rules. The entire rule block (all possible combinations of OP, TH, EFF, and HES) would consist of 1296 rule block lines, which would be an overwhelming task for the expert to enter them all. For this purpose, a possibility has been created to mark several values, so that more combinations can be covered, for which a certain risk value is obtained. The user can select multiple values or leave the box blank (this option is treated as all value selections). Using this mechanism, an expert can describe a situation by entering several combinations of essential rules. Since combined rules can overlap, they are listed in descending order of priority, and there are also specially made arrow and cross buttons in the right side to move or remove rules. Additionally, when the expert enters the rules, the program shows what part of the whole block they cover, and there is a choice from three options of how to fill in the uncovered rules:

• Default fill—The entire rule block is already filled with default precalculated risk values, and only those that are specified will be overridden.
• Interpolation—Missing rules in the block are interpolated according to the entered values.
• Specific value—User enters a specific risk value for the undefined rules.

The risk is calculated based on the following Algorithmic 1 pseudocode:

Algorithmic 1. Risk estimation

Load OP∑, TH∑, HES, EFF and RulesBlock Calculate two times (pessimistic and optimistic): Get fuzzy terms and certainties for OP∑, TH∑, EFF, HES according to defined vocabulary (set OPTermsAndCert, ThTermsAndCert, EffTermsAndCert, HesTermsAndCert) Set leftSideRules to [] for each OPTermCert in OPTermsAndCert do   for each THTermCert in THTermsAndCert do     for each EFFTermCert in EFFTermsAndCert do       for each HESTermCert in HESTermsAndCert do         set minCert to Min(OPTermCert.cert, THTermCert.cert, EFFTermCert.cert, HESTermCert.cert)         leftSideRules add minCert and rulesRow from RulesBlock according to OPTermCert.term, THTermCert.term, EFFTermCert.term and HESTermCert.term Set riskTermsAndCertainties to [] for each rule in leftSideRules do   if riskTermsAndCertainties contains term from rule then     set index = index of riskTermsAndCertainties.term is equal to rule.term     if rule.cert > riskTermsAndCertainties[index].cert then       riskTermsAndCertainties[index].cert = rule.cert     else       riskTermsAndCertainties add rule     end if set dividentSum to 0 set divisorSum to 0 for each riskTermCert in riskTermsAndCertainties do   set area to riskTermCert polygon area   set midpointX to riskTermCert polygon upper hizontal midpoint on X axis   dividentSum = dividentSum + midpointX * area   divisorSum = divisorSum + area set CoG = dividentSum/divisorSum set Risk[pes] to smaller CoM value set Risk[opt] to greater CoM value set Risk[med] to (Risk[pes]+Risk[opt])/2 Additionally, convert the risk results to verbal values.

Once the final risk has been calculated, as in the previous stages, it is represented graphically and textually in numerical and verbal formats.

5. Experimental Simulation

To test the validity of the idea, a scenario of three interconnected situations in Palanga City was used to evaluate the risk by using the extended prototypical software tool. These situations have already been analyzed until stage 2 in previous articles [28,31], so the work continues with the stage 3 risk assessment, and we evaluated the required risk factors. The values of the efforts and hesitancies evaluated for each project are presented in

Table 2. Efforts and hesitancies values.

Project Acronym	Efforts		Hesitancies
	Verbal Evaluation	Degree of Certainty	Verbal Evaluation	Degree of Certainty
GAS STATION	Medium	Large	Small	0.8
HOTEL	Large	Very Large	Small	0.6
LOBBY	Large	Very Large	Medium	Large

.

Achieving the OP and TH values obtained from the second step of the methodology together with the EFF and HES values assessed in the third step of the methodology, the experts must create a fuzzy IF… THEN… type rule block according to Table 1 for each project, using the instruments provided by the tool, as shown in the Figure 11. The tool allows experts to create a block of rules by entering only important rules (others filling automatically) and also provides the possibility to enter multiple rule combinations. The rules in the block indicate the values of the OP, TH, EFF, and HES components that determine the specified risk value. Since the tool allows multiple combinations to be entered in a single row, conditions may arise under which the transformation of several such complex rows into the risk rules will result in an overlap. In this case, the risk block rules obtained after the transformation from the rows in the list above take precedence and overwrite those in the lower positions.

Risk rules for the GAS STATION project are presented in

Table 3. GAS STATION risk rules.

OP	TH	EFF	HES	RISK
VL	Z, VS	Z, VS	Z	Z
L, VL	Z, VS	Z, VS, S	Z, VS	VS
M, L, VL	VS, S	VS, S, M	Z, VS, S	S
M, L	S, M	S, M	VS, S	M
VS, S, M	S, M, L	S, M, L	S, M	L
Z, VS, S	M, L, VL	M, L, VL	M, L, VL	VL
L, VL			L, VL	M
M, L, VL	L, VL	L, VL	Z, VS	L

.

Risk rules for the HOTEL project are presented in

Table 4. HOTEL risk rules.

OP	TH	EFF	HES	RISK
VL	Z, VS	Z, VS, S	Z, VS	VS
L, VL	VS, S	VS, S	VS	S
M, L	VS, S, M	VS, S, M	VS, S	M
S, M	S, M, L	S, M, L	S, M	L
Z, VS, S	M, L, VL	M, L, VL	M, L, VL	VL
L, VL			L, VL	L
M, L	L, VL	L, VL	Z, VS	L

.

Risk rules for the LOBBY project are presented in

Table 5. LOBBY risk rules.

OP	TH	EFF	HES	RISK
VL	Z, VS	Z, VS, S	Z	Z
L, VL	Z, VS, S	VS, S	Z, VS	VS
M, L, VL	VS, S, M	S, M	Z, VS	S
M, L	S, M, L	S, M, L	VS, S	M
VS, S, M	M, L	M, L	VS, S, M	L
Z, VS	L, VL	L, VL	M, L, VL	VL
M, L, VL			M, L, VL	L
M, L, VL	M, L, VL	L, VL	Z, VS	L
M, L	Z, VS	M, L, VL	Z, VS	L

.

The risk rules entered into the tool are transmitted to the fuzzy IF… THEN… type rule blocks for each project, filling the unspecified rules with the default filler (precalculated averages). Using the proposed risk assessment methodology, the risk values of each project are calculated from pessimistic, medium, and optimistic perspectives in numerical expressions and additionally translated into verbal descriptions for the presentation of the results.

The GAS STATION project risk results are presented in Figure 12.

The HOTEL project risk results are presented in Figure 13.

The LOBBY project risk results are presented in Figure 14.

Figure 12, Figure 13 and Figure 14 show the numerical risk estimation results as bar charts and the verbal results in text format, providing verbal evaluation with a degree of certainty. Using numerical values corresponding to the bar charts, together with verbal evaluations, a summary of all the projects risk results is presented in

Table 6. All the project risk results.

	GAS STATION	HOTEL	LOBBY
Pessimistic
Numerical	0.251	0.419	0.654
Verbal	S:0.55,M:0.45	M:0.79,L:0.21	L:0.96,VL:0.04
Medium
Numerical	0.213	0.338	0.596
Verbal	S:0.74,M:0.26	S:0.11,M:0.89	M:0.16,L:0.84
Optimistic
Numerical	0.174	0.257	0.538
Verbal	S:0.93,M:0.07	S:0.52,M:0.48	M:0.36,L:0.64

.

The final results interpretations could be as follows:

• The estimated risk for project LOBBY is relatively high, but the decision-maker may accept the risk due to the dynamics of the field.
• In the case of the HOTEL project, the risk varies between pessimistic and optimistic perspectives. The decision-maker must assess whether such an outcome is more indicative of the potential value through risk or whether the project is too risky to implement.
• In the case of GAS STATION, the risk is relatively low in all three perspectives, so it is likely that the decision-maker will be more inclined to implement the project based on this result.

6. Concluding Remarks

In this paper, a brand-new concept of risk assessment based on SWOT analysis was proposed. The first two steps of the analysis have already been implemented [28,31], and at this stage, the risk assessment has been connected. To check the validity of the idea, the prototype software tool was expanded, and a risk analysis of three interrelated situations was performed. The obtained results indicate the applicability and extensibility of the methodology. The whole approach is supported by the opinion of Francisco Herrera, who wrote “In the future, more priority deriving methods will be done and we will adapt the IFANP to solve other MCDM problems, such as R&D project selection, strengths, weaknesses, opportunities, and threats (SWOT) analysis, logistics service provider selection, production planning and so forth.” [35].

Explainable artificial intelligence (XAI) elements were used in this methodology, such as the process of imitating human reasoning, verbal information processing, accumulation of expert knowledge in rules, fuzzy logic, traceability of the reasoning process, partially verbal explanation of results, and verbal assessment and its certainty.

The main weakness of the proposed approach is that the input data rely solely on expert knowledge, and there is no other way to assess the specific dynamics of the field. Future works include research for solutions to this problem by additionally connecting separate modules for the input data to the methodology collected from the real environment and transformed to be suitable for processing. Another weakness is the lack of an interaction estimation between separate project risks, which may have a significant impact on the results, and the lack of an overall risk calculation for all projects, which is also left for a future work. Further research also has to focus on the optimization of the assessed risks by introducing a feedback loop to find the parameters for which the risk would be minimal or acceptable.