Risk is the threat that an event, action or non-action will adversely affect an organization’s ability to achieve its business objectives and execute its strategies successfully. For all businesses, there are risks that exist and need to be identified and addressed in order to prevent or minimize losses. Risk is measured in terms of consequences and likelihood. The following process is used for assessing risks: identifying risks, sourcing risks and measuring risks. 

This document can be used as a general guide to help process owners assess risks and manage internal controls.