RISK ASSESSMENT
• Risk assessment is a process that is, in turn, made up of three processes: risk identification, risk analysis, and risk evaluation. • Risk identification is a process that is used to find, recognize, and describe the risks that could affect the achievement of objectives. • Risk analysis is a process that is used to understand the nature, sources, and causes of the risks that the organization have identified and to estimate the level of risk. It is also used to study impacts and consequences and to examine the controls that currently exist. • Risk evaluation is a process that is used to compare risk analysis results with risk criteria in order to determine whether or not a specified level of risk is acceptable or tolerable.
RISK ASSESSMENT
RISK IDENTIFICATION
RISK ANALYSIS
RISK EVALUATION
Made with FlippingBook - Share PDF online