A formal risk assessment will contain, as a minimum, the following components:

• Step by step description of all the activities undertaken in the task
• A list of the identified hazards or risks associated with each of the steps.
• A description of the consequence of an adverse outcome.
• An estimate of the liklihood or frequency, from never to always.
• An estimated rating of the risk consequence, from insignificant to catastrophic.
• An overall risk rating, Low, Moderate, High, Extreme, generally guided by a risk cube.
• Existing and Addiitonal controls to manage the identified risks.
• Signoff by the risk team

 

Example of completed Formal Risk Assessment.

Example of Risk Cube to rate risk.