Every organization faces various risks from external and internal sources that must be assessed. ‘‘Risk assessment’’ is defined as the identification and analysis of relevant risks to achieve objectives, forming a basis for determining how the risk should be managed (accept, reject, share, reduce). To mitigate risks, organizations must set objectives; integrate them with sales; and perform production, marketing, financial and other activities to ensure that everything is operating correctly.

This tool contains four guides that can be used by auditors to understand and improve their risk assessment process.