In this chapter, we describe the stages of the risk assessment process, which apply whether qualitative or quantitative approaches are used. In particular, we describe some ways to bring structure into the risk identification process, criteria to consider at the prioritisation stage and the iterative nature of the process.

In Chapter 3, we discuss the implications of specific qualitative or quantitative approaches on this general process, and in Chapter 7 we discuss issues associated with the alignment of the process with risk modelling activities.

2.1 Overview of the Process Stages

The general stages of a risk assessment process are:

• Identification. This involves the identification and analysis of the key risks and uncertainties. A core aspect is that all main risks are identified, and are defined with the precision necessary to perform any further activities.
• Mapping. The mapping of risks involves describing risks and their impacts in a way that allows them to be reflected in quantitative models. It is a process step that is essentially not required when using qualitative approaches to risk assessment. It may be considered to be part of risk identification, in that – in order to generate a list of risks that are defined with sufficient accuracy to be included in a quantitative model – one may first have to map the nature of the risks in detail.
• Prioritisation. Some risks may need to be prioritised in order to ...