Risk management tools
Risk management is a non-intuitive field of study, where the most simple of models consist of a probability multiplied by an impact. Understanding individual risks may be difficult as multiple probabilities can contribute to Risk total probability. Likewise, impacts may be measured in "units" of cost, time, events (for example, a catastrophe), market states, reputation, and other dimensions. This is further complicated by there being no straightforward approach to consider how multiple risks, and their responses, will influence one another or increase the overall risk of the subject of analysis.
Risk management tools allow planners to explicitly address uncertainty by identifying and generating metrics, parameterizing, prioritizing, and developing responses, and tracking risk. These activities may be difficult to track without tools and techniques, documentation and information systems.
Simple risk management tools allow documentation. More sophisticated tools provide a visual display of risks, while the most cutting edge, such as those developed by Air Force Research Laboratory Headquarters, are able to aggregate risks into a coherent picture.
Representative tools and techniques
ISO/IEC_31010 (Risk assessment techniques) has a detailed but non-exhaustive list of tools and techniques available for assessing risk.
The following is a short example of both tools and techniques:
- Altova MetaTeam – A tool providing the framework required for managing risk management activities, as discussed in ISO 31000 and the PMBOK. A broadly applicable overview of this approach is available.
- Capital asset pricing model – Used to determine the appropriate required rate of return of an asset, if that asset is added to an already well diversified portfolio, based on non-diversifiable risk.
- EPRI Risk and Reliability Workstation (CAFTA) – Widely used tool to create and quantify core damage frequency numbers at American commercial nuclear power plants.
- Event chain methodology - A method of managing risk and uncertainties affecting project schedules
- Probabilistic risk assessment (PRA, also called Probability Consequence or Probability Impact Model) – Model based upon single-point estimates of probability of occurrence, initiating event frequency, and recovery success (e.g., human intervention) of a specific consequence (e.g., cost or schedule delay).
- RIMS Risk Maturity Model - The Risk Maturity Model for enterprise risk management, was published in 2006. The RMM is an umbrella framework of content and methodology that detail the requirements for sustainable and effective enterprise risk management. The RMM model consists of twenty-five competency drivers for seven attributes that create ERM’s value and utility in an organization. The 7 attributes are: an ERM-based approach, ERM process management, risk appetite management, root cause discipline, uncovering risks, performance management, and business resiliency and sustainability. The model was published by the Risk and Insurance Management Society and developed by Steven Minsky, CEO of LogicManager in collaboration with the RIMS ERM Committee. The Risk Maturity Model is based on the Capability Maturity Model, a methodology founded by the Carnegie Mellon University Software Engineering Institute (SEI) in the 1980s.
- RiskAoA – A predictive tool used to discriminate between proposals, choices, or alternatives, by expressing risk for each as a single number, so a proposal's trade-space between cost, scheduled time and risk from its desired characteristics can be compared instantly. RiskAoA and variations of PRA are the only approved tools for United States Department of Defense Military Acquisition.
- Risk Radar Enterprise (RRE) - Web based application for enterprise-wide program and/or project level Risk Management. RRE enables effective management and communication of project Cost, Schedule, Technical and Performance risk in one or many projects within a common flexible and scalable enterprise framework. 
- Risk register – A project planning and organizational risk assessment tool. It is often referred to as a Risk Log.
- Systems Analysis Programs for Hands-on Integrated Reliability Evaluations (SAPHIRE) – A probabilistic risk and reliability assessment software tool.