Risk / benefit Analysis in Risk Management Report

FoGia

Involved In Discussions
#3
Hello, it makes no sense to perform risk/benefit analysis for each risk, you rather need to analyse the overall risks compared to the overall benefits.
 

yodon

Forum Moderator
Staff member
Moderator
#5
Hello, it makes no sense to perform risk/benefit analysis for each risk, you rather need to analyse the overall risks compared to the overall benefits.
While I agree, it's not necessarily the position taken by 14971:2012. This is a rather well-debated subject. I've had a several reviewers (test labs, tech file, etc.) insist that, if we want to claim compliance to 14971:2012 then we have to do a risk-benefit analysis on each risk. I've seen literature from some organization that says this is not how that is supposed to be interpreted. If you don't do it, you may well get push-back from whomever is reviewing. To me, it's rather silly to do on a risk-by-risk basis and ends up watering down the concept.
 

yodon

Forum Moderator
Staff member
Moderator
#7
Agreed.

What I've done in the past is to consider how individual (residual) risks compare to what's on the market. Admittedly, it's forced, it's ugly, it's often mostly boilerplate, and it's low added value.
 

Edward Reesor

Involved In Discussions
#8
I agree that its mostly boilerplate but at our latest MDSAP audit, that's what they were looking for: An analysis for each and every defined risk.
 
Top