Crusader
Im with you relating to risk approaching.
I created a procedure and a format to manage risks.
In the procedure , explained my method to rank risks by using Risk value = PxI (probability x impact), p and I value start with 1 thru 5.
but these values are gotten from an approximate idea of responsible of the risk, that
in most of the times, is not precise nor an exact value.
When I got the risk value , I assign them a type (A;B;c,D) according to the value, and according the type, a timeframe is given to apply mitigation plans.
Additionaly, every risk is analyzed by using an ishikawa format to determine the causes
for which risk is present.
Finally I think , Im over thinking this issue, and dont know what to do.
My idea was to implement something (procedures, formats) more seriously and obviously to be of benefit for the people.
But, really I find my effort is not adequate and nor effective.
Im thinking seriously to adapt it a very simple way.
Just what the standards is requiring.
To address risk and opportunities.
to do a scan of risk, and according to the risk, to apply mitigation plans, without ranking the severity of the risk, something very easy to manage, but I dont see the light as how to do it..
Any Ideas?
My business has few processes and is not risky.
Thanks
Any ideas
You are overthinking it. There was an excellent article about RBT Prove It posted here a few months back that you should read.