The risk of an event is the product of the event's likelihood and impact. However, the computed likelihood of an event may depend on the event being caused by more than one threat. If these threats are not mutually exclusive, then the computed likelihood, based on the occurrence of the event from several can exceed the actual likelihood. If in the real world an event takes place due to one threat, it is irrelevant that it would have also occurred due to another threat had the first one not caused the event. This 'if' condition is a non-linearity in computation. To arrive at the actual likelihood of an event, we can use simulations that will avoid the 'double counting'.
Similarly, an objective that suffers consequences from one event, may also suffer consequences from other events. The consequences can be cumulative but they cannot exceed the entire value of the objective so that this is another non-linearity that can be addressed with simulation.
Riskion has an option to show computed and simulated results.
Calculated results are displayed by default, checking the Simulated checkbox displays the simulated results.
If all events have at most one threat, or all threats are mutually exclusive, then the computed and simulated event likelihoods will be the same -- but this is rarely the case.
If each objective has losses due to only one event, then the computed and simulated impacts will be the same -- but this is rarely the case.
