In a conventional sense, we can define "the risk".. as "the likelihood" that a particular undesirable event would occur. This is normally stated in terms of a "probability".

E.g. there is a 40% probability that 50% of the workforce would contract the malaria, in Panama, while working on the canal project. [Note that this does not address the associated consequences].

Risk assessment is the characterization of the nature and magnitude of the outcome, and associated consequences.

E.g. there is a 40% probability that 50% of the workforce would contract malaria, while working on the Panama Canal project. This will result in the project being delayed by at least 12 months, and additionally, at least 5% of those who contract malaria would die.

If we know the risks and the associated consequences, we can use XpertUS to evaluate such scenarios. Risk Management and Mitigation are outside the scope of this work.

Risk management is the identification, assessment, and prioritization of risks, followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of undesirable outcomes. Risks can come from uncertainty in financial markets, project failures, legal liabilities, new legislation, credit risk, accidents, natural causes and disasters as well as deliberate attacks from an adversary.
Several risk management standards have been developed including the Project Management Institute, the National Institute of Science and Technology, actuarial societies, and ISO standards. Methods, definitions and goals vary widely according to whether the risk management method is in the context of project management, security, engineering, industrial processes, financial portfolios, actuarial assessments, or public health and safety.

The strategies to mitigate risk include transferring therisk to another party, avoiding the risk, reducing the negative effect of the risk, and accepting some or all of the consequences of a particular risk.