Risk assessment is a systematic compilation and analysis of the current data and knowledge about a risk issue presented in a coherent characterization. It is a tool that combines data and information from numerous sources in a structured format. The information may be found in published research and surveillance reports and from outbreak investigations, or it may be necessary to rely on expert judgement. The outcome of the process should ideally provide a clear and balanced representation of all available information relevant to a specific situation, described in terms of the probability and impact of an adverse event. The output of a risk assessment should assist in evaluating whether or not a hazard requires increased management or regulation, and can provide insights into areas that can be targeted to reduce the risk.
A risk assessment can be formulated as a descriptive process without a decision in mind, but this is not the intended use of risk assessment in the current framework. Here, the goal of risk assessment is to provide decision assistance information. The wide variety of potential decisions for any situation means that the focus of risk assessments can vary widely. As a result, a premium needs to be placed on problem formulation so that risk assessment resources are efficiently applied to serve the needs of the decision-maker.
Risk assessment measures risk and identifies factors that influence it. Risk management is the development, selection, and implementation of strategies to control that risk if warranted, and risk communication is the exchange of information pertinent to the risk issue. It should be recognized that the risk analysis process is not static, and risk assessments and/or management and/or communication decisions may need to be reviewed and revised as new information becomes available.