Risks are identified and analyzed to determine their relative importance.


The degree of risk affects the resources assigned to handle the risk and the timing of when appropriate management attention is required.

Risk analysis entails identifying risks from identified internal and external sources and evaluating each identified risk to determine its likelihood and consequences. Risk categorization, based on an evaluation against established risk categories and criteria developed for the risk management strategy, provides information needed for risk handling. Related risks can be grouped to enable efficient handling and effective use of risk management resources.


RSKM.SP 2.1 Identify Risks
Identify and document risks.
RSKM.SP 2.2 Evaluate, Categorize, and Prioritize Risks
Evaluate and categorize each identified risk using the defined risk categories and parameters, and determine its relativ…