Hello,
The company I work for constructs a risk matrix in order to define its risk acceptability criteria. Severities and probabilities are defined and the matrix is broken down into regions of unacceptable and acceptable risk. In order to document the regions that are acceptable the project team is supposed to consider the following:
-what risks will a device have after implementation of standards. These are assumed to broadly acceptable.
-given the benefit of the proposed device what are the accepted risks. This effectively embeds a risk vs benefit within the matrix.
There are numerous reasons why I disagree with this approach but I would be interested in other people thoughts...
Thanks
The company I work for constructs a risk matrix in order to define its risk acceptability criteria. Severities and probabilities are defined and the matrix is broken down into regions of unacceptable and acceptable risk. In order to document the regions that are acceptable the project team is supposed to consider the following:
-what risks will a device have after implementation of standards. These are assumed to broadly acceptable.
-given the benefit of the proposed device what are the accepted risks. This effectively embeds a risk vs benefit within the matrix.
There are numerous reasons why I disagree with this approach but I would be interested in other people thoughts...
Thanks