Assess Risks


The purpose of Assess Risks is to understand the undesirable consequences of internal and external forces on the enterprise during a transition to, or once in, the future state. An understanding of the potential impact of those forces can be used to make a recommendation about a course of action.


Assessing risks includes analyzing and managing them. Risks might be related to the current state, a desired future state, a change itself, a change strategy, or any tasks being performed by the enterprise.

The risks are analyzed for the:

  • possible consequences if the risk occurs,
  • impact of those consequences,
  • likelihood of the risk, and
  • potential time frame when the risk might occur.

The collection of risks is used as an input for selecting or coordinating a change strategy. A risk assessment can include choosing to accept a risk if either the effort required to modify the risk or the level of risk outweighs the probable loss. If the risks are understood and the change proceeds, then the risks can be managed to minimize their overall impact to value.

Important: A number of methods include ‘positive risk’ as a way of managing opportunities. Although the formal definition of risk in the BABOKĀ® Guide doesn’t preclude this usage, ‘opportunities’ are captured as needs (and managed accordingly), and risk is used for uncertain events that can produce negative outcomes.

  • Elicitation Results (confirmed)
  • Influences
  • Elements:
    • Unknowns
    • Constraints, Assumptions, and Dependencies
    • Negative Impact to Value
    • Risk Tolerance
      • Risk-aversion
      • Neutrality
      • Risk-seeking
    • Recommendation
    Guidelines and Tools:
    • Business Analysis Approach
    • Business Policies
    • Change Strategy
    • Current State Description
    • Future State Description
    • Identified Risks
    • Stakeholder Engagement Approach
  • Brainstorming
  • Business Cases
  • Decision Analysis
  • Document Analysis
  • Financial Analysis
  • Interviews
  • Lessons Learned
  • Mind Mapping
  • Risk Analysis and Management
  • Root Cause Analysis
  • Survey or Questionnaire
  • Workshops
  • Stakeholders:
    • Domain Subject Matter Expert
    • Implementation Subject Matter Expert
    • Operational Support
    • Project Manager
    • Regulator
    • Sponsor
    • Supplier
    • Tester
  • Risk Analysis Results
  • Knowledge Area:
  • Strategy Analysis