I know it's a lot of work (and some people claim it's pointless because there's a lot of uncertainty in determining some of the probabilities) but that's what ISO 14971 essentially prescribes.
The detailed probability evaluation should in practice be required only for specific non-trivial or very high risk hazardous situations (we may solve this in the ISO 14971 revision). And in my opinion it should also require QRA (we won't solve this one, unfortunately :-()
Regarding uncertainty, it's curious how ISO 14971 says nothing about uncertainty in risk analysis/management, it's one of the crucial points in several implementations (NASA, for example). But please note that the real concerns of uncertainties in risk analysis/management are not only in uncertainties in probability estimates, there's are several other sources of uncertainty, some even more problematic (some of these also goes back to decision theory, this is another link that ISO 14971 also fails to mention, but which is one of the basis for the need of risk management). A interesting read on this topic is this doc: UNCERTAINTY CHARACTERIZATION IN RISK ANALYSIS FOR DECISION-MAKING PRACTICE.