We've got a 14971 compliant risk management procedure in place that's been working pretty well for us.
...that being said, there's always been one element that has bothered me: Probability. It seems to me that a single number (e.g. 1-5) is lacking... perhaps there is a better way?
Take a simplified example: A window.
It seems like a more refined probability structure would be prudent if we wanted to effectively evaluate this risk. Namely:
This would certainly complicate the risk-management process, but it'd provide a better understanding of probability break-down...
Thoughts? I'd be curious how others would assign a probability value in this example...
...that being said, there's always been one element that has bothered me: Probability. It seems to me that a single number (e.g. 1-5) is lacking... perhaps there is a better way?
Take a simplified example: A window.
- (E) Event: Window is impacted.
- (HS) Hazardous Situation: Window shatters into sharp shards.
- (H) Harm: Cuts
- (S) Worst-Case Severity: An artery is cut.
It seems like a more refined probability structure would be prudent if we wanted to effectively evaluate this risk. Namely:
- What is the probability of the event?
- What is the probability that, given the event, it results in a hazardous situation?
- What is the probability that, given the hazardous situation, it results in harm?
- What is the probability that, given harm, it is the worst-case harm?
This would certainly complicate the risk-management process, but it'd provide a better understanding of probability break-down...
Thoughts? I'd be curious how others would assign a probability value in this example...