Risk identification is a process that can start with the source of problems or with the problem itself. Risk identification is the process of determining the risks that may affect the project or the solution, and documenting their characteristics. Risk identification can be performed by analyzing the sources of risks, such as the project environment, the stakeholders, the requirements, the assumptions, the constraints, or the dependencies. Risk identification can also be performed by analyzing the problems or issues that may arise during the project or the solution, such as the gaps, conflicts, ambiguities, uncertainties, or changes. Risk identification helps to create a list of potential risks and their causes, impacts, and probabilities for further analysis and response planning12. Risk estimation is a process that follows risk identification. Risk estimation is the process of assessing the likelihood and impact of the identified risks, and prioritizing them according to their severity. Risk estimation helps to quantify the level of risk exposure and the expected value of the risk for decision making12. Risk analysis is a process that follows risk estimation. Risk analysis is the process of evaluating the identified and prioritized risks, and determining the appropriate responses to them. Risk analysis helps to develop strategies and actions to avoid, reduce, transfer, or accept the risks, and to allocate resources and contingency reserves for risk management12. Risk management is a process that encompasses risk identification, risk estimation, risk analysis, and risk monitoring and control. Risk management is the process of planning, identifying, analyzing, responding to, and monitoring and controlling the risks throughout the project or the solution lifecycle. Risk management helps to minimize the negative effects and maximize the positive opportunities of the risks, and to ensure the project or the solution objectives are met12. References: CBAP® Handbook, CBAP® Exam Prep Study Guide
