Where to Start with Risk Analysis? Inputs

Inputs to aid risk analysis can include the elements listed below. Note: The grouping (input, process, output, feedback) is purely thematic, designed to link with standard management systems. It should not betaken to imply that these are the only or best way to consider risk analysis.

Inputs

• Nature and characteristics of risks

• Level and priority of risks

• Uncertainties, assumptions, & unknowns

• Sources, threats, hazards

• Immediate and root causes

• Time and frequency related factors

• Availability/reliability of information and costs/resources involved in attaining additional information

Processes

• Likelihood/probability

• Events, scenarios, and vulnerabilities

• Controls and effectiveness of controls

Outputs

• Consequences (nature & magnitude)

• Outputs from a range of techniques

Feedback

• Complexity/connectivity of events

• Volatility (events, threats, etc)

• Limitations of the analysis techniques