What to do instead than common practice Probability Impact Graphs and FMEA
Jan 23rd, 2014
What to do instead than common practice Probability Impact Graphs and FMEA
Consider this a summarized guide to introduce you to the procedure to avoid obsolete and flawed common practice approaches. What to do instead than common practice Probability Impact Graphs and FMEA?
In fact, you can find information on the “rules” for proper risk assessment here an interesting white paper entitled “What you need to know about Risk Management methods” here. The white paper presents the benefits and limitations of common risk management methods, including Risk Matrices, Probability Impact Graphs and Heat Maps (which we collectively refer to as “PIGs” risk matrix), as well as Optimum Risk Estimates (ORE) a methodology by Riskope, the result of twenty years of R&D and continuous development to avoid common practices pitfalls.

In fact, the white paper presents:
- A brief review of risk exposures, and the reasons that have lead to them;
- The liabilities brought to organizations by risk management approaches that use PIGs risk matrix;
- An overview of the ORE methodology, and how ORE can be applied to a wide range of risks to provide a clear, rational, defensible description of the organization’s risk environment and risk horizon, and finally,
- case studies that demonstrate how ORE has been applied. BTW, there is now an application you can use. Contact us for more details.
A step by step approach
These are the steps you will need to carry out:
1. Define the boundaries of your system, the context, the elements and links that constitute it.
2. Identify the Hazards performing “Threats to”, “Threats from” analyses.
3. Develop a hazard and risk register avoiding double counting, making it as logical and transparent as you can.
4. Once you’ve done that you need to define explicit probabilities. ISO 31010 give you an array of methodologies you can use, considering the level of the study you are at.
5. Finally you need to define holistic consequences and merge them into a single metric. Finally,
6. to conclude your study you need to define explicit risk tolerance criteria for the client/operation/system you have to study. As a matter of fact, a tolerance threshold is a curve that links a series of points defined by maximum tolerable loss (expressed in the same single metric you used for holistic consequences) and their related probability. Actually, you can build it point by point, or ask Riskope to facilitate its definition by deploying their proprietary application. In fact, they will want to talk with key stake-holders to develop the tolerance threshold for your client/operation/ system.
7. Prioritize your risks comparing them to the tolerance threshold. Here Riskope can help you by deploying their proprietary ORE algorithm and delivering a Risk Management dashboard.

Optimum Risk Estimates is deployed to enable the comparison of Management and Corporate decision making at ERM (Entreprise Risk Management) level.
ORE deployments
To date, ORE have been applied by Riskope to mining waste systems, supplies ingress & products egress studies, and even cyber-defense programs. ORE prioritization is consistent, unambiguous, and provides context for better understanding of an organization’s risks.
You will see, bringing clarity and transparency into risk assessments is not that complicated. You need to be methodical, consistent in the design of your hazard and risk register, avoid simplistic solutions, use reasonable simplifications!
Tagged with: Heat Maps, ISO 31010, methodology, Optimum Risk Estimates, Probability Impact Graphs, risk exposures, Risk Management dashboard, Threats from, Threats to
Category: Consequences, Crisis management, Hazard, Mitigations, Optimum Risk Estimates, Probabilities, Probability Impact Graphs, Risk analysis, Risk management, Tolerance/Acceptability
[…] the required information cannot be brought forward in the best possible way. Thanks to a rational ORE Enterprise Risk Management (ERM) plan it is possible to prioritize and sustainably mitigate hazards and their resulting […]
[…] a convergent ERM approach deployment is a Risk Management Functions Audit, the second being a full ORE implementation to replace obsolete siloed […]