Risk assessment includes three steps: risk identification, risk analysis and risk assessment.
Risk identification refers to finding out whether there are risks in various business units, important business activities and important business processes of an enterprise, and what risks exist.
Risk analysis is to clearly define and describe the identified risks and their characteristics, and analyze and describe the possibility and conditions of risk occurrence.
Risk evaluation is to evaluate the impact of risk on the realization of enterprise goals and the value of risk.