Again you keep jumping to absolutes which risk analysis is not about.
No... I was actually trying to balance the rosy picture of risk assessments that may have been painted in the minds of some readers by other users in earlier posts, by pointing out some of their pitfalls.
I was the one who said risk assessment was not an exact science and not about absolute truth, nor as simple as plugging arbitrary numbers into flawed pseudoscientific equations.
It's a process, widely used in the absence of any other. It can be done well or poorly. Nothing to do with religion or faith or divine providence.
P.S. cynicism is all well and good but given that you take risks every day you are either applying a risk management process or blindly fumbling through life.
Agreed... if the right people, free of "interference" are doing the job it can be done well. Alas, that doesn't always happen, which can be a big issue if it puts lives at risk. Risk assessments can be risky themselves.
If that sounds like nonsense, talk to the people who have to fill in the (fully risk assessed, reviewed and signed off) gaps in the rule book every day in order to work safely.
What would you would have us use - intuition?
Intuition is not much different to using arbitrarily determined risk priority numbers. Having said that, I have more respect for some other defined processes that include some form of prioritisation, but they are still subject to arbitrary, business and political forces.
What I think should be used includes the SFAIRP standard (no simple formula), an understanding of the implications of using arbitrary figures in formulae and matrices to make calculations, subject matter experts (including people with historical knowledge because much is being forgotten and lost), and a conservative bias that errs on the side of safety.
It is also never set in concrete but is meant to be revisited.
The formal review process can be effective or useless depending who is doing it, the pressures they are under and what management does with the result. It allows experience in using new practices and processes to be added to the theoretical calculations for a more accurate picture of the risks, which is great, in theory. However, if it becomes apparent that certain practices cannot be done without making severe cost compromises that shave safety margins and cause a string of serious incidents, maybe they should not be done at all regardless of what the assessments say. There is usually more than one way to achieve a given outcome. One practice that falls into this category recently suffered yet another serious breach of safety, thankfully without injuries - this time. And yes, that process was fully risk assessed and signed off by experts, then reviewed and signed off again, while other experts have quietly determined that it is quite a risky practice (the risks were secretly
revisited after a previous serious incident, the results were not good yet the practice continues because commercial pressure and bureaucratic process rules the day; as for the guys who are directly at risk, I don't know what they are thinking - they are probably focused on their pay packets).
Anyway, an acknowledgement that risk assessment is not beyond reproach or immune to corruption is what I wanted on record, and that has been done.
That is pure naïvety.