Наши популярные онлайн курсы
В проекте нового ИСО31010 (зачем они решили не убивать, а обновить этот стандарт я вообще не понимаю) описаны следующие недостатки карт рисков. Это даже не вершина айсберга к сожалению:
Limitations include:
• it requires good expertise to design a valid matrix;
• it can be difficult to define common scales that apply across a range of circumstances relevant to an organization;
• it is difficult to define the scales unambiguously to enable users to weight consequence and likelihood consistently;
• the validity of risk ratings depends on how well the scales were developed and calibrated;
• it requires a single indicative value for consequence to be defined, whereas in many situations a range of consequence values are possible and the ranking for the risk depends on which is chosen;
• a properly calibrated matrix will involve very low likelihood levels for many individual risks which are difficult to conceptualise;
• its use is very subjective and different people often allocate very different ratings to the same risk;
• risks cannot be aggregated (e.g. one cannot define whether a particular number of low risks, or a low risk identified a particular number of times, is equivalent to a medium risk);
• it is difficult to combine or compare the level of risk for different categories of consequences;
• a valid ranking requires a consistent formulation of risks (which is difficult to achieve);
• each rating will depend on the way a risk is described and the level of detail given; (I.e. the more detailed the identification, the higher the number of scenarios recorded, each with a lower likelihood). The way in which scenarios are grouped together in describing risk should be consistent and defined prior to ranking.