According to the definition in ISO 31000, risk is the impact of uncertainty on [achieving] your objectives. Of course, this impact can be both negative or positive. ISO 31000 states the following:

“Clause 6.4.2 Risk identification: The organisation should identify risks, whether or not their sources are under its control.

Clause 6.4.3 Risk analysis: The effectiveness of existing Continue reading →