Many people treat risks as inevitable events that will result in loss, but this is far from the truth. Risks are the potential for loss, resulting from something that has a negative impact on project objectives or the company's ability to perform normal business functions. Risks can be natural occurrences (such as floods or fires), business related (such as mergers or changes in the economy), computer related (such as hacking attempts or other incidents), or any number of other events. Each risk merely has the potential of occurring and doing some sort of damage to a project or company.

To prevent a risk from becoming an incident that actually occurs, risk management is performed. Risk management is a process made up of multiple steps, which can be broken down into the following:

• Identification Each risk is recognized as being potentially harmful.

• Assessment The consequences of a potential threat are determined, and the likelihood and frequency of a risk occurring are analyzed.

• Planning Data that is collected is put into a meaningful format, which is used to create strategies to diminish or remove the impact of a risk.

• Monitoring Risks are tracked and strategies are evaluated.

• Control Steps are taken to correct plans that are not working, and improvements are made to the management of a risk.

To illustrate the risk management process in a simplified way, say a team has identified computer viruses as a risk that threatens corporate data. Based on information from other companies, this...