A RISK ASSESSMENT IS PERFORMED to identify the most serious risks. Earlier chapters in this book presented risk management techniques. These included avoid, transfer, mitigate, or accept. The risk assessment allows you to prioritize the risks. You manage the high-priority risks and accept the low-priority risks. The risk assessment also helps you identify the best methods to control the risks. This helps ensure the controls you purchase provide the best benefits.

There are two primary methods used to create a risk assessment, quantitative and qualitative. You can use a quantitative method with predefined formulas. For example, you can calculate annual loss expectancy (ALE) by multiplying annual rate ...