115: Risk Acceptance Issue

Node Risk Acceptance Issue

Definition/Typical Issues

Were the risk acceptance criteria used during the reactive analysis set inappropriately? Were the risk acceptance criteria improperly applied? Were risks deemed acceptable that should have been reduced?

Examples

Example 1

  • A root cause analysis team identified four recommendations to address a root cause of an incident. According to the risk acceptance criteria the organization used, no action was required. As a result, resources were inappropriately diverted to implement the team's four recommendations.

Example 2

  • A root cause analysis team presented its recommendations to the senior management review board. However, the board rejected the team's recommendations and they were not implemented. When a subsequent error occurred and unacceptable product was shipped to the same customer, and the customer discovered that no recommendations were implemented following the incident because senior management rejected them, the customer took its business elsewhere.

Typical Recommendations

  • Ensure that a diverse team (able to reasonably assess the appropriate risks) is involved in the reactive analysis.
  • Develop more objective criteria for judging risk levels (e.g., a simplified risk scoring scheme or listing required safeguards for specific situations).
  • Provide guidance to team members to help ensure that the analyses are conducted properly.
  • Develop the appropriate risk tolerance criteria or guidance for use in risk-based decision-making situations.

Back to top