Interesting article - Analysis of Risk: Are Current Methods Theoretically Sound?

[Marcelo]

There´s an interesting article in the October edition of MDDI - Analysis of Risk: Are Current Methods Theoretically Sound?.

I´ve read it once but will need a second read to fully have an opinion...meanwhile, if anyone has an opinion, please put it here for some discussion.

 

[icare2much]

I can't argue with the article's premise that the risk analysis quantification techniques are inherently weak. But I disagree that anyone who has actually used any of these techniques is dependent on them to the exclusion of anything else. The arbitrariness of the scales is a huge tipoff to anyone who has actually used them - I think its pretty obvious risk analysis tools are simply "aids".

Perhaps that is why the 14971 focus is on the risk management process instead of an analysis technique!

 

[Marcelo]

The arbitrariness of the scales is a huge tipoff to anyone who has actually used them - I think its pretty obvious risk analysis tools are simply "aids".

Perhaps that is why the 14971 focus is on the risk management process instead of an analysis technique!

Well, in my experience it´s not too obvious that risk analysis tools are simply aids..what generally happens is that people this, for example, that FMEA equals risk management (for a lot of reasons, for example, for historically using FMEA only before ISO 14971 came out). Here in Brazil, where there´s not even a risk analysis culture, this is problems is worse, but still happens in a lot of manufacturers abroad (i remember reading about an informal querysome two years ago of notified bodies to clients, where 90 % of the clients said that they believed they complied with ISO 14971; the notified bodies, having accessed these manufacturers, estimated that only 10-15 % in fact complied with ISo 14971).

 

[icare2much]

From a "company" perspective I agree - management is generally only too happy to get that pesky risk stuff out of the way, and if they believe that an FMEA will do it then its handled that way.

I was speaking from the perspective of an engineer who actually develops the FMEA. Since engineers typically like working with facts and some degree of precision (yeah, I know, this is sure to invite some engineer bashing) an FMEA with arbitray probabilities or hazard estimations will be viewed as simply a tool to help but is not in itself the "answer".

 

[Jim Wynne]

Well, in my experience it´s not too obvious that risk analysis tools are simply aids..what generally happens is that people this, for example, that FMEA equals risk management (for a lot of reasons, for example, for historically using FMEA only before ISO 14971 came out). Here in Brazil, where there´s not even a risk analysis culture, this is problems is worse, but still happens in a lot of manufacturers abroad (i remember reading about an informal querysome two years ago of notified bodies to clients, where 90 % of the clients said that they believed they complied with ISO 14971; the notified bodies, having accessed these manufacturers, estimated that only 10-15 % in fact complied with ISo 14971).

I agree. The problem is one that I've been harping on for a long time, which is conflation of the container with the thing it contains. FMEA is a container, but what's important is what it contains (or should contain) which is risk management.

 

[Richard Pike]

The arbitrariness of the scales is a huge tip-off to anyone who has actually used them--should possibly read "rip-off". AIAG make numerous references that Scales are for guidance and yet we still get auditors who imply that they are fixed and rigid. As an Auditor myself, if an organization is not using experience to adapt these scales to their needs, and then using a liberal dose of common sense in applying those scales, then i certainly would be looking into the effectiveness of that organizations FMEA process.

 

[yodon]

Well since the authors are from my alma mater, clearly, the article is brilliant!

Seriously, I heard the talk probably 5 years ago. I don't disagree with the premise that it can easily be abused and that there's often too much reliance on the numbers over the process. But what's the alternative?

We (my company) facilitates a number of risk assessments and we use this method. It's a good aid, IMO, if used right, to identify the biggest risks and to articulate a mostly visceral consideration of risks and mitigations.

Has anyone used any alternative methods? Quite frankly, I'd expect some pushback from exteral assessors ("it's not what we're used to seeing").

Good discussion topic. Hopefully someone will post some interesting approaches - even if only theoretical.

 

[Jim Wynne]

Seriously, I heard the talk probably 5 years ago. I don't disagree with the premise that it can easily be abused and that there's often too much reliance on the numbers over the process. But what's the alternative?

We (my company) facilitates a number of risk assessments and we use this method. It's a good aid, IMO, if used right, to identify the biggest risks and to articulate a mostly visceral consideration of risks and mitigations.

Has anyone used any alternative methods? Quite frankly, I'd expect some pushback from exteral assessors ("it's not what we're used to seeing").

Good discussion topic. Hopefully someone will post some interesting approaches - even if only theoretical.

I don't think the authors are advising against using relative scales; they're just warning about the inherent dangers of using arbitrary values and thinking that a 10 is always more risky than an 8. At some point we have to put things in order of priority, and it's often obvious when one or two possibilities deserve priority, so in that sense assigning values can be fairly useless. The idea (imo) should be to get the best information available before making decisions, and if numerical scales are helpful, that's fine.