risk assessment

Contributor(s): Bianca Rawson

Risk assessment is the process of identifying variables that have the potential to negatively impact an organization’s ability to conduct business.

In a large enterprise, a risk assessment is usually conducted by the Chief Risk Officer (CRO). A risk assessments can be quantitative or a qualitative. In a quantitative risk assessment, the CRO assigns numerical values to the probability an event will occur and the impact it will have. These numerical values can then be used to calculate an event's risk factor, which in turn can be mapped to dollar amounts.  Qualitative risk assessments, which are used more often, do not involve numerical probabilities or predictions of loss. The goal of a qualitative approach is simply to rank which risks pose the most danger.  

This table illustrates an example of a quantitative assessment. 

A risk matrix is a qualitative tool for sharing a risk assessment. 

See also: business impact analysis (BIA), enterprise risk management

This was last updated in October 2013

Continue Reading About risk assessment

Dig Deeper on Risk management and compliance



Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.


File Extensions and File Formats

Powered by: