An introduction to dependency modelling

And some dependencies are simple, short chains of events, but most, especially in business, are more complex. Some of the dependencies are not immediately obvious, and need working through – i.e. modelling – to understand all the dependencies.


The main benefit of dependency modelling in business is to mitigate risk by having a better understanding of where the risk might lie.

The modelling process generally works on two parameters:

  • How does the business currently work, what are the interdependencies
  • Scenario planning – “what if” – to plan for business continuity management and disaster recovery

It is a business judgment to determine what level of risk is attached to each aspect of the dependency model, as well as at what point the level of risk will change from low to mid or high – green, amber, red as we use at Riskenomics.

People – the unpredictable element

A thorough dependency model takes into account systems and people, as well as infrastructure, in other words soft systems as well as hard.

The soft systems will be as relevant in all aspects of dependency modelling, be it for critical engineering, business continuity or compliance for example.

How it’s done

  • The process starts with a detailed analysis of every aspect of the area to be modelled.
  • The interdependencies are identified and set out in the model. As each interdependency is shown in the model it will be evaluated for its own dependencies which are again modelled. This process is repeated until an agreed level of detail is reached.
  • This way, looking at any item in the model you can see what it is dependent upon.
  • All models can be linked to each other
  • Red, Amber and Green status or definition can be agreed and set to suit the model type with explanatory information.
  • The model is thoroughly tested
  • Management reporting is developed.

A good model will provide a simple means of recording original status and issues as well as current status and owners and will highlight where elements of risk or non-compliance, or actions are required, or planning needed to close out business related issues.

Why do it

The benefits are multiple and provide a means of managing issues that could include preventable incidents:

  • Easy identification of issues at all levels
  • Speedy visibility and management reporting
  • Ease of presenting and understanding complex issues
  • Highlights potential critical system failures
  • If fully managed, avoids non-compliance and penalties arising as a result
  • Identifies impact of failure or change
  • Records actions and outcomes to create audit trails in case of investigation

However, there is also a huge benefit in terms of management control, more efficient use of resources and being better prepared for the unexpected.

As I said, a simple concept, but a little more challenging to execute!