Risk Assessment

Quick Definition

The systematic process of identifying, analysing, and evaluating risks to determine their likelihood, impact, and priority for treatment.

Detailed Explanation

Risk assessment involves three main activities: risk identification (finding and describing risks), risk analysis (understanding the nature, likelihood, and impact of each risk), and risk evaluation (comparing risks against criteria to determine priority). Common tools include risk matrices (probability × impact grids), SWOT analysis, PESTLE analysis, and scenario analysis. Risks are typically categorised as strategic, operational, financial, compliance, or reputational. Risk assessment feeds into risk treatment — where decisions are made to avoid, mitigate, transfer, or accept each risk. It's a fundamental practice across all frameworks: ITIL, PMBOK, COBIT, and ISO 27001.

Relevant Frameworks

PMBOKCOBITISO 31000

Recommended Courses

PMP® Certification COBIT® 5 Foundation