Inputs to aid risk analysis can include the elements listed below. Note: The grouping (input, process, output, feedback) is purely thematic, designed to link with standard management systems. It should not betaken to imply that these are the only or best way to consider risk analysis.
Inputs
Nature and characteristics of risks
Level and priority of risks
Uncertainties, assumptions, & unknowns
Sources, threats, hazards
Immediate and root causes
Time and frequency related factors
Availability/reliability of information and costs/resources involved in attaining additional information
Processes
Likelihood/probability
Events, scenarios, and vulnerabilities
Controls and effectiveness of controls
Outputs
Consequences (nature & magnitude)
Outputs from a range of techniques
Feedback
Complexity/connectivity of events
Volatility (events, threats, etc)
Limitations of the analysis techniques