On the Subject of A Fuzzy Risk Assessment Model (FRAM) for Risk Management (RM), featured paper in the February PMWJ by Ashwani Kharola


3 February 2014 

Dear Sir,

I applaud any attempt to quantify risk in a risk management process; however there are some observations on this article that I’d like to make.

It should be remembered that risk and chance have different inherent meanings and are not interchangeable.  In the third paragraph the author writes, “Risk can be defined as, “the chance that an undesirable event will occur and the consequences of all its possible outcomes””.  For any uncertainty we could equate risk and chance to threat and opportunity respectively, for example, if I walk to the store to buy a ticket there is a chance I might win the lottery, but there is a risk I might slip on the icy sidewalk to get there.

When discussing ‘fuzzy control rules’ (Section 3.3, page 5), the author states that “The fuzzy rules are defined and based on personal experience of expert and varies from one expert to other.”  Fundamentally fuzzy logic still relies on subjective assessments of risk and, rather than assigning a weighting to the risk itself, simply introduces another tool that assists in prioritizing the uncertainties that have been identified.

The article focuses on probability and severity and therefore only considers risk mitigation, ignoring risk acceptance, transfer and avoidance.  In any comprehensive risk assessment one should be aware that uncertainties lie in each of the latter three strategies; how they could be explored using the fuzzy logic methodology would be an interesting sequel.


Andy Cuthbert.

Houston, Texas, USA