"Describes risks under the initial project plan and may indicate areas of needed risk management." (Timothy J Kloppenborg et al, "Project Leadership", 2003)
"A process to identify potential situations that could cause change to an effort from both internal and external forces, assign severity and priority ranks in order to determine overall risk, managing a situation or project to mitigate or minimize the occurrence of risk, and if the risk materializes, to minimize loss or damage." (DAMA International, "The DAMA Dictionary of Data Management", 2011)
[Qualitative risk assessment:] "Mostly entirely subjective and therefore less accurate than quantitative risk assessments. However, their benefit is that they are much quicker to produce than the quantitative kind" (David Sutton, "Information Risk Management: A practitioner’s guide", 2014)
[Qualitative risk assessments:] "these are subjective in nature, and are generally expressed in verbal terms such as ‘high’, ‘medium’ and ‘low’. This is not an ideal state of affairs, as it renders risk assessments unreliable, and should be grounded in more rigorously." (David Sutton, "Information Risk Management: A practitioner’s guide", 2014)
"An analysis of threats and vulnerabilities against assets. A risk assessment allows the risks to be prioritized." (Weiss, "Auditing IT Infrastructures for Compliance" 2nd Ed., 2015)
"A process used to quantitatively or qualitatively determine the risk associated with an actual or hypothesized system." (O Sami Saydjari, "Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time", 2018)
"The overall process of risk identification, risk analysis, and risk evaluation." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)
"'analyze assets’ value, identify threats and evaluate their vulnerability to those threats" (ITIL)
"the overall process of risk identification, risk analysis and risk evaluation" (ISO Guide 73:2009)
"The process of identifying and subsequently analyzing the identified project or product risk to determine its level of risk, typically by assigning likelihood and impact ratings." (ISTQB)