**Risk assessment**is the process of identifying risks and evaluating their probability and impact. Probability is the potential for the risk to occur. Impact is the damage that results from the risk when it does occur. Probability/impact can be modeled as single estimates such as a 4% probability of a $1 million dollar loss. A more sophisticated method is to model probability/impact as a probability distribution that produces a graph of the probability of different levels of losses for a given risk. The following are illustrative risk assessment examples.

## Project Management

A project team brainstorms risks with the input of the entire team and required subject matter experts such as an information security professional. They estimate probability and impact for each risk in a probability/impact matrix.## Program Management

An IT program composed of dozens of projects models the risk of projects being late or overbudget using reference class forecasting, a method of comparing projects to historical projects with similar scope and risk profiles.## Equity Analyst

An equity analyst develops indepth knowledge about a company and its industry in order to evaluate risks and rewards associated with a stock. If they downgrade a stock they may provide a list of high level risks associated with the firm in a note to investors.## Risk Analyst

A risk analyst may use statistical analysis to evaluate the risks associated with a particular investment or class of investments. They may use a large number of variables to estimate the probability of losses as a probability distribution. For example, the probability of a 10% loss on a particular investment might be 3% and the probability of a 100% loss might be 0.3%.## Small Business

A small business lists out risks associated with a strategy to open a new retail location. They evaluate probabilities on a scale of 1-4 labeled as "very likely", "likely", "possible", "remotely possible". They evaluate impact on a scale of 1-4 labeled as "disaster", "high", "medium", "low." The business then uses the evaluations to prioritize efforts to avoid, transfer, reduce or accept each risk.### Summary

Risk assessment is mostly about identifying risks and assessing their probability and impact in order to calculate or categorize risk exposure. This can get complex if you consider that each risk can have different levels of impact each with different probabilities of occurring.Overview: Risk Assessment | ||

Type | ||

Definition | The process of gathering risk intelligence, identifying risks and evaluating their probability and impact. | |

Value | Risk assessment is a significant component of risk management - the process of identifying, evaluating and treating risk. | |

Related Concepts |