risk assessment

A risk assessment is the process of identifying potential hazards an organization may face and analyzing methods of response if exposure occurs.

Risk assessment is the process of identifying variables that have the potential to negatively impact an organization’s ability to conduct business.

In a large enterprise, a risk assessment is usually conducted by the Chief Risk Officer (CRO). A risk assessments can be quantitative or a qualitative. In a quantitative risk assessment, the CRO assigns numerical values to the probability an event will occur and the impact it will have. These numerical values can then be used to calculate an event's risk factor, which in turn can be mapped to dollar amounts.  Qualitative risk assessments, which are used more often, do not involve numerical probabilities or predictions of loss. The goal of a qualitative approach is simply to rank which risks pose the most danger.  

This table illustrates an example of a quantitative assessment. 

A risk matrix is a qualitative tool for sharing a risk assessment. 

See also: business impact analysis (BIA), enterprise risk management

This was first published in October 2013

Continue Reading About risk assessment


'risk assessment' is part of the:

View All Definitions

Dig deeper on Risk management and compliance



Enjoy the benefits of Pro+ membership, learn more and join.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

File Extensions and File Formats

Powered by: