Next read: Risk Identification Techniques
Identify the risk tolerances of your organization, department or business unit.
Listing out possible negative outcomes.
Business Impact Statements
Document the potential business impact of risks.
Estimate the impact of risks as a cost.
Estimate the probability that risks will occur.
Calculate the likely cost of risk as impact × probability.
Compare opportunity to risk using measures such as risk-reward ratio.
Decide how you will control each risk. This includes the possibility of simply accepting the risk.
Identifying possible risk treatments.
Design internal controls for risk mitigation.
Identify the conditions that cause the risk to occur.
Moment of Risk
Analysis of the likely timing of risks.
Plan what you will do if each risk actually occurs as an issue.
Calculate the risk that remains after risk treatments.
Identify the risks created by risk treatments.
Calculating the cost of risks that actually occur.
Maintain a list of outstanding risks.
Risk Management Plan
Develop a plan for controlling and monitoring risk.