Risk assessment identifies a broad array of risks that could adversely impact the organization. A thorough evaluation needs to be performed to identify potential threats to the organization, which can include internal players, competitors, market conditions, national and international political spectrum, natural disasters etc. Probability and impact of identified risks are determined and then these risks are prioritized to address through appropriate control measures in a planned sequence.

Few such risk events are:

• Loss of personnel
• Changes in consumer or customer preferences
• Compromised security incidents
• Financial volatility
• Non-compliance to legislations/standards/guidance notes
• Financial penalties, increased scrutiny, loss of credibility