Risk management tools
Risk management is a non-intuitive field of study, where the most simple of models consist of a probability multiplied by an impact. Understanding individual risks may be difficult as multiple probabilities can contribute to Risk total probability. Likewise, impacts may be measured in "units" of cost, time, events (for example, a catastrophe), market states, reputation, and other dimensions. This is further complicated by there being no straightforward approach to consider how multiple risks, and their responses, will influence one another or increase the overall risk of the subject of analysis.
Risk management tools allow planners to explicitly address uncertainty by identifying and generating metrics, parameterizing, prioritizing, and developing responses, and tracking risk. These activities may be difficult to track without tools and techniques, documentation and information systems.
Simple risk management tools allow documentation. More sophisticated tools provide a visual display of risks, while the most cutting edge, such as those developed by Air Force Research Laboratory Headquarters, are able to aggregate risks into a coherent picture.
Representative tools and techniques
- Altova MetaTeam – A tool providing the framework required for managing risk management activities, as discussed in ISO 31000 and the PMBOK. A broadly applicable overview of this approach is available.
- Capital asset pricing model – Used to determine the appropriate required rate of return of an asset, if that asset is added to an already well diversified portfolio, based on non-diversifiable risk.
- EPRI Risk and Reliability Workstation (CAFTA) – Widely used tool to create and quantify core damage frequency numbers at American commercial nuclear power plants.
- IBM OpenPages GRC Platform – Integrated enterprise governance, risk and compliance solution that includes modules for operational risk management, policy and compliance management, financial controls management, IT governance, and internal audit management
- Probabilistic risk assessment (PRA, also called Probability Consequence or Probability Impact Model) – Model based upon single-point estimates of probability of occurrence, initiating event frequency, and recovery success (e.g., human intervention) of a specific consequence (e.g., cost or schedule delay).
- RiskAoA – A predictive tool used to discriminate between proposals, choices, or alternatives, by expressing risk for each as a single number, so a proposal's trade-space between cost, scheduled time and risk from its desired characteristics can be compared instantly. RiskAoA and variations of PRA are the only approved tools for United States Department of Defense Military Acquisition.
- Risk Radar Enterprise (RRE) - Web based application for enterprise-wide program and/or project level Risk Management. RRE enables effective management and communication of project Cost, Schedule, Technical and Performance risk in one or many projects within a common flexible and scalable enterprise framework. 
- Risk register – A project planning and organizational risk assessment tool. It is often referred to as a Risk Log.
- Systems Analysis Programs for Hands-on Integrated Reliability Evaluations (SAPHIRE) – A probabilistic risk and reliability assessment software tool.