Talk:Risk management/Archives/2017

Project Management
The Project Management Body of Knowledge (PMBOK) from the Project Management International (PMI) organization talks about risk responses using a different set of terminology. Given the 1.5 million certified project managers from that organization there may be value in including them: Avoid, Transfer, Mitigate, and Accept. Likewise, a "positive" risk aka an opportunity is not well addressed either: Explot, Enhance, Share, Accept.

--Uncleharpoon (talk) 20:18, 4 February 2017 (UTC)

Medical Device
Interpretations of the EN ISO 14971:2012 revision that interpret it to require reduction of risk to 0 or to prohibit the use of Information for Safety exhibit a common failure (even among those within the Medical Device Industry) to actually read the words of the relevant documents. When the MDD, ISO 14971:2007, and EN ISO 14971:2012 are actually read and understood, neither of these interpretations are valid. I have made several edits that have included very specific references into these documents with clear and detailed explanations of their language and intent. I have also referenced the Consensus Paper for the Interpretation and Application of Annexes Z in EN ISO 14971: 2012, version 1.1 (dated October 13th, 2014) from the Notified Bodies Recommendation Group. My corrections continue to be reverted without what I understand to be an appropriate justification. I am not sure how to contact or message the person doing the reversion to inquire with them what there counter arguments are. John Walters (talk) 21:42, 9 March 2017 (UTC)
 * Thanks for posting! As I noted your edits contained a bunch of interpretation of the various ISOs and their differences.  Those interpretations are what we call WP:OR. Please read WP:OR.  If you still don't understand, please ask.   I also posted an explanation of how to edit, on your Talk page.  Jytdog (talk) 23:08, 9 March 2017 (UTC)

I understand the assertion that my "edits contained a bunch of interpretation of the various ISOs and their differences" but I disagree. I also understand the concept of WP:OR but until someone can provide the explanation/justification/rationale as to how the existing content does not represent a greater example of WP:OR than the content I have proposed, I have to disagree with this as well.John Walters (talk) 01:02, 10 March 2017 (UTC); edited 16:02, 27 March 2017 (UTC)


 * It does not matter that the text was bad. You cannot continue editing in a bad way. This article became very horrible because of the attitude you suggested. In November I simply deleted big chunks of unreferenced and poorly referenced stuff. It looks like it deserves more decimation. Staszek Lem (talk) 02:29, 10 March 2017 (UTC)


 * I summarized (directly quoted or referenced) the actual text of the sources. Any remaining significant interpretation is being done by either the sources themselves or by the unsupported prejudices that some may bring to these sources or the topic generally, with or without realizing it. The act of editing an article (which includes both making edits and rejecting/deleting the edits of others) is itself an example of where Risk Management can be applied.  In this context, the reduction of risk (risk in this case being the inaccuracy of the "summarizing" of relevant sources) is better than not reducing the risk.  The "perfect" should not be the enemy of the "good", let alone the "better".  If it is, then perhaps there is indeed much more content (by many more editors) that is edited "in a bad way" or in a manner that makes content "very horrible", and perhaps all of this content should be "decimated".John Walters (talk) 16:02, 27 March 2017 (UTC)

Replied to your comments on my user talk page. Not sure how you get notified of my responses on various pages. John Walters (talk) 02:19, 10 March 2017 (UTC)
 * Please see template:ping. Staszek Lem (talk) 02:29, 10 March 2017 (UTC)

Support of MDD interpretation corrections from clarifications in the MDR (an additional source):
Changes in the text of the final European Medical Device Regulation (MDR) clarify that the intent of "as far as possible" is not to reduce risk to 0 (which is impossible), but to "reduce it as far as possible without adversely affecting the benefit-risk ratio." Reference MDR, Annex I, Chapter 1, Section 2.

Changes in the text of the final European Medical Device Regulation (MDR) also clarify the intent of the requirements relative to Information for Safety and Information on Residual Risk. Information for Safety (a specific type of labeling content) can indeed be used (and is required to be used) as the lowest order risk reduction solution. Separately (and not as a risk reduction solution), manufacturers "shall inform users of any residual risks." Reference MDR, Annex I, Chapter 1, Section 4, Subsection (c) and text immediately below Subsection (c).John Walters (talk) 16:02, 27 March 2017 (UTC)

Citation search for Identification section
I spent a little time searching for citation for "Source analysis" and "Problem analysis" (also coming across "Objectives-based risk analysis" and "Common-risk Checking"). My interpretation is that the person placing the tags did not recognize the terms from their practice and wanted the terms cited.

On the Way I noted that circa 2008 content of Risk Management appears to have been lifted in toto here, illustrating how hard it can be to be certain you are avoid citing sources that were influenced by WP.

Much of the present WP wording for "Source analysis" and "Problem analysis" is found in a 2008 publication, but the relevant WP content of 2007 is also the same. This same source goes on to list Objectives-based risk / Scenario-based risk analysis, Taxonomy-based risk analysis, Common-risk Checking. So, I think much of the original content for this section was potentially lifted from some authoritative source, but unfortunately not cited at the time. I have stolen too much time for this already, so please forgive if I do not complete this task personally at this time. IveGoneAway (talk) 14:13, 5 April 2017 (UTC)


 * Objectives-based risk analysis: FWIW, I would suggest AS9100 as an example of Objectives-based risk analysis and management, insomuch as establishing quality objectives is a basis of the QMS that embodies a risk management process.
 * Common-risk Checking: FWIW, the FAA Job Aid Conducting Software Reviews prior to Certification embodies lists of common project and software safety risks (for 1990's software) that are checked at stages in a project to minimize hazards and risk of delays in Type certification. IveGoneAway (talk) 15:06, 5 April 2017 (UTC)


 * re: the person placing the tags did not recognize - this has nothing to do whether an editor "recognize" or not something. This is the major rule of wikipedia: information in articles must be verifiable by an average person, not by experts in the field. Staszek Lem (talk) 17:33, 5 April 2017 (UTC)


 * I think you misrepresent me. I was not questioning the need to tag the article, I was trying to figure out why certain items were tagged but not the whole section. For example I should think the tag on the phrase objective-based analysis should be on the whole paragraph rather than just the phrase. Why didn't the original author place citations on every paragraph? Why didn't the original reviewers place citation tags (or copyright tags ) on every paragraph? Why didn't the later tagger only tag specific terms and not all of the terms or paragraphs? I wonder if the original reviewers were from the same practice and too familiar to the subject and did not sense a need to cite reference. It is unclear to me whether the later tagger had issue with just the terms or the associated text as well; but perhaps that really doesn't matter anyway. But then my underlying thesis with respect to this article is that we have multiple practices trying to use a single article. ("That's not my taxonomy!")


 * (the history of this is muddled. The tags have come and gone, but were first applied on 2009.)


 * I am also suggesting that this smells like there is a single source out there for most of that section that predates the article, but I don't have to be the one that finds it just now.


 * BTW Good edit on the ISS caption. I wonder what a good RM image would be? Any modern aircraft? IveGoneAway (talk) 19:24, 5 April 2017 (UTC)
 * Tagging often depends on the level of attention and expertise of the tagger. There is no hard rules. First of all, the article has citation tag at the very top. However quite often it is ignored, therefore people may put more tags inside at their likes. Personally, I tag things it three cases: (a) highly specialized pieces of info, even if I have no doubts; (b) moderately specialized pieces written sloppily or smelling original research or bias, so that later I can come back and verify (c) dubious pieces which I am almost sure is nonsense, but still give a benefit of doubt, so that if nobody cares for a couple of weeks, I come back and chop it out. Staszek Lem (talk) 21:58, 5 April 2017 (UTC)

External links modified
Hello fellow Wikipedians,

I have just modified 2 external links on Risk management. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
 * Added archive https://web.archive.org/web/20090325160441/http://www.nsai.ie/uploads/file/N047_Committee_Draft_of_ISO_31000.pdf to http://www.nsai.ie/uploads/file/N047_Committee_Draft_of_ISO_31000.pdf
 * Added archive https://web.archive.org/web/20131203133515/http://www.asce.org/Product.aspx?id=2147485887&productid=5260 to http://www.asce.org/Product.aspx?id=2147485887&productid=5260

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

Cheers.— InternetArchiveBot  (Report bug) 03:10, 2 December 2017 (UTC)

Merger proposal: Risk analysis to Risk management
I propose that Risk analysis be merged into Risk management. I think that the content in the Risk analysis article can easily be explained in the context of Risk management, and the latter article is of a reasonable size that the merging of Risk analysis will not cause any problems as far as article size or undue weight is concerned. Hamburg-1982 (talk) 20:01, 14 November 2016 (UTC)
 * Support. Analysis is an integral part of management. Merging would eliminate content forking and I agree later the article may be split if becomes necessary. Staszek Lem (talk) 20:31, 14 November 2016 (UTC)
 * Support. I see no reason to object. bd2412  T 20:38, 14 November 2016 (UTC)
 * Opposed Concerned . I haven't the time to fully assess this, but I am concerned about how to merge it. How much does Risk analysis overlap Identification ("Identification" itself being Practice area-specific)? At present, Method and Process appear both partially overlapping and partially inconsistent.  Again, I think this is an effect of multiple use areas/vocabularies contributing to a single article.   IveGoneAway (talk) 15:44, 15 November 2016 (UTC)
 * With further study, the content of the present article is no more appropriate for merger with Risk Management than Risk assessment. The first issue with this article is the single source lead; that source fully states that there are two subjects with the same name, but by the lead only cites the Risk management part of that definition, but the article then discusses only the lower-level process part of that definition, i.e., that Risk analysis is a part of Risk management that is also commonly (as presently written) a part of one of the definitions of Risk assessment, and so, it would be maybe a candidate for merger with a clarified or practice-split revision of Risk assessment, and should not be merged with Risk management for that reason. At the very least, though, the Society for Risk Analysis reference should be replaced with a reference that supports the present body of the article, if the later should be kept. We could integrate Risk analysis/Risk assessment, but it has to be agreed what the Main definitions will be, but that is a topic for the Project. See also ISO/IEC 31010. IveGoneAway (talk) 23:41, 4 December 2017 (UTC)
 * Strongly Oppose. Some people define risk management as the process of risk analysis (identifying and measuring risks) and risk mitigation. Others define risk analysis as the process of risk assessment and risk management. For example, see Society for Risk Analysis's page on how risk analysis is defined http://www.sra.org/about-society-risk-analysis. Since there is no consensus on which is the broader term, these pages should NOT be combined. They can be different concepts. There should be links between the two pages, so that interested people can see the different perspectives on risk analysis vs risk management. mackca01
 * Delete Risk analysis. Merging would be problematic per the comments of But I don't see a coherent subject for Risk analysis. I think it is better off gone.&thinsp;&mdash; Mr. Guye (talk) (contribs)&thinsp; 20:26, 26 November 2017 (UTC)
 * See discussion of deletion for Risk analysis here. IveGoneAway (talk) 17:10, 29 November 2017 (UTC)
 * The result was no consensus for delete. IveGoneAway (talk) 23:29, 4 December 2017 (UTC)

ISO (and AS, etc.)
An updated response to What's the use of all these ISO references? Advertising? — Preceding unsigned comment added by 178.199.188.222 (talk) 22:03, 21 November 2015 (UTC) under the section, to put a finer point on it. For some practitioners, such as manufacturing and aviation, certification to certain ISO or AS can be a customer-imposed requirement, some of the customers being contributors to the definition of the standards. Certainly, the risk-relevant ISO/AS standards are not relevant to all practices, but they are essential to some. In comparison, (hazard-specific) risk-related ARPs and DOs, while not legal requirements (in the U.S. airspace), are acceptable means of compliance with Federal Regulations. So, IMO, it is just as important that the ISO standards be referenced in the broad subject as it is that they not be the only current practice standards referenced. IveGoneAway (talk) 16:13, 5 December 2017 (UTC)