Any risk in business introduces uncertainty. A company's approach to risk will be determined by its risk appetite. Regardless of this, a standardized approach can be a valuable process-based method that removes some or all of the uncertainty.

Risk Identification

Risk can be identified in a number of ways. One way identifies previous situations that threatened a project. A risk can also be an opportunity. Either way, an important factor is proximity, which identifies the date when a risk can come into effect. All risks are defined as "uncertainties of outcome" whether they are threats or opportunities.

Evaluation

Evaluate risk by proximity (how soon will it impact), probability (how likely is it to have an effect) and impact (how greatly will it introduce change). Also, establish who the owners are. These factors measure the way a threat or opportunity will affect the business.

Mitigation

When risks are mitigated, they are transferred, reduced or even eliminated altogether. Reducing scope, budget or quality are three ways of mitigating the risk without substantially impacting the business objectives.