D
Dan Johnson
While educating myself on risk management in preparation to write a risk procedure (some years ago), I had come to the conclusion that the criteria, probability and severity, needed to be quantified. I remember determining this was a requirement rather then a "best practice" but can no longer find any reference.
Am I off track on this or can someone please point me in the right direction?
Am I off track on this or can someone please point me in the right direction?