Hacker News new | past | comments | ask | show | jobs | submit login

Almost correct, but you mean 'chance' where you write 'risk':

    Risk = Chance × Impact
The chance of failing an audit initially are high (or medium, present at least). The impact is usually low-ish. It means a bunch of people need to fix policy and set out improvement plans in a rush. It won't cost you your certification if the rectification is handled properly.

It's actually possible that both of your examples are awarded the same level of risk, but in practice the latter example will have its chance minimized to make the risk look acceptable.




Chance has more positive connotations than it has negative connotations IMO.

Probability is a more neutral word, and fits better.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: