D
df_df
I have a question that's been bugging me for a long time on risk management - should you include planned mitigations when doing your initial risk assessment, or do the initial assessment assuming there are no mitigations? Here's an crude example of what I mean using power tools.
Suppose I'm doing a hazard analysis on a circular saw that I am designing. The kind you can buy at a hardware store for cutting plywood.
First, let's assume that the spreadsheet I'm using has the following columns (based on the ISO standard) - hazardous situation, harm, severity, probability, risk (SxP), risk control method, final probability (assuming the risk control method works), final risk. The first 6 columns (through risk control method) are filled out in the first pass of the spreadsheet. The last two are done at the end of the project, after verification testing shows the mitigation is effective.
I'd put the following in the first few columns. The hazardous situation would be the sharp spinning blade. The harm would be cutting off my finger. The severity is high. :mg: Now, what is the probability? There are two ways to do this - should I assume that the movable guard (the one that is on all saws) is on the sytem when I do the initial assessment, or should I assume it's not there and put that in the risk control column?
If I did the former, the probability would be high, and the risk would be "intolerable". I'd then put "add a blade guard" in the risk control method column. The updated probability would be "low" and thus the risk would be "acceptable".
If I did the latter, the probability would be low, the risk would be low and therefore I wouldn't need to implement any other risk control method. The path seems a bit easier and more realistic. But that doesn't document the fact that there is a guard in place and its inclusion in the system may be subsequently overlooked. It also doesn't highlight the fact that you need to "verify the effectiveness" of the mitigation in order to take credit for it.
The end result is the same, there's just two roads to get there.
I know this is a trivial example, but it illustrates a very common situation - how much knowledge of the final system do you assume when you do the initial risk assessment - which should theoretically be done very early in the project.
What would you do?
- Dave
Suppose I'm doing a hazard analysis on a circular saw that I am designing. The kind you can buy at a hardware store for cutting plywood.
First, let's assume that the spreadsheet I'm using has the following columns (based on the ISO standard) - hazardous situation, harm, severity, probability, risk (SxP), risk control method, final probability (assuming the risk control method works), final risk. The first 6 columns (through risk control method) are filled out in the first pass of the spreadsheet. The last two are done at the end of the project, after verification testing shows the mitigation is effective.
I'd put the following in the first few columns. The hazardous situation would be the sharp spinning blade. The harm would be cutting off my finger. The severity is high. :mg: Now, what is the probability? There are two ways to do this - should I assume that the movable guard (the one that is on all saws) is on the sytem when I do the initial assessment, or should I assume it's not there and put that in the risk control column?
If I did the former, the probability would be high, and the risk would be "intolerable". I'd then put "add a blade guard" in the risk control method column. The updated probability would be "low" and thus the risk would be "acceptable".
If I did the latter, the probability would be low, the risk would be low and therefore I wouldn't need to implement any other risk control method. The path seems a bit easier and more realistic. But that doesn't document the fact that there is a guard in place and its inclusion in the system may be subsequently overlooked. It also doesn't highlight the fact that you need to "verify the effectiveness" of the mitigation in order to take credit for it.
The end result is the same, there's just two roads to get there.
I know this is a trivial example, but it illustrates a very common situation - how much knowledge of the final system do you assume when you do the initial risk assessment - which should theoretically be done very early in the project.
What would you do?
- Dave