Risk assessments are the core of the risk management process. A risk assessment goes through three phases: identification, analysis, and evaluation1.

  • Risk identification includes finding and describing risks.
  • Risk analysis involves careful research and conclusions about the risk rating for an individual risk.
  • Risk evaluation determines whether a risk is tolerable or not in conjunction with the risk criteria and sets the path for a risk treatment plan.
Risk Assessment Steps: Identification, Analysis, and Evaluation
Risk Assessment Steps: Identification, Analysis, and Evaluation

ISO 31000 (2018), 6.4 Risk assessment. ↩︎