Risk analysis

From Wikipedia, the free encyclopedia
Jump to: navigation, search

Risk analysis is a process that occurs in business and project management that involves "gathering data and synthesizing information to develop an understanding of the risk of a particular enterprise".[1] The data analyzed will include "identifying assets and threats, prioritizing the related vulnerabilities, and identifying appropriate measures and protections".[2] Risk analysis is part of the large process of risk management, and is one of the various risk management tools. In some jurisdictions, a person may become a Certified Risk Analyst.

There are two general groupings of risk analysis techniques. These are qualitative risk analysis, which is "the process of prioritizing risks for further analysis by assessing and combining their probability of occurrence and impact", and quantitative risk analysis, which is "the process of numerically analyzing the effect of identified risks on overall project objectives".[3] Either or both approaches may be taken with respect to a particular project or problem.

Specific types of risk analysis include:

Analysis may also be done to measure political risk.


  1. ^ J. S. Arendt, D K. Lorenzo, Evaluating Process Safety in the Chemical Industry (2010), p. 2.
  2. ^ Hossein Bidgoli, Handbook of Information Security, Threats, Vulnerabilities, Prevention, Detection, and Management (2006), p. 951.
  3. ^ Michael S. Dobson, Deborah Singer Dobson, Project Risk and Cost Analysis (2011), p. 49.