Scope
The scope of the assessment such as a project, process, business unit or system.
Stakeholders
Identify the stakeholders who own the risks and who need to be informed about the analysis.
Risk Identification
Stakeholders and subject matter experts help to identify risks. Past risks, known risks and lessons learned can be used.
Probability
Assess the probability of each risk.
Impact
Estimate the impact of each risk.
Levels
Calculate risk level as probability × impact.
Prioritization
Filter out risks are that are low impact or that are low priority and medium impact.
Risk Triggers
Identify conditions that will trigger the risk.
Moment of Risk
Document the likely timing of each risk.
Treatments
Identify risk treatments such as acceptance, mitigation or avoidance.
Risk Controls
Plan to implement risk treatments.
Contingency
Document what you will do if the risk actually occurs.
Risk Cost
Calculate cost of risk.
Risk Register
Deliver a list of risks that will be monitored and controlled.
Risk Reporting
Deliver reporting and dashboards for the identified risks.