"An organized, analytic process to identify what might cause harm or loss (identify risks); to assess and quantify the identified risks; and to develop and, if needed, implement an appropriate approach to prevent or handle causes of risk that could result in significant harm or loss." (Sandy Shrum et al, "CMMI: Guidelines for Process Integration and Product Improvement", 2003)
"The organized, analytic process to identify future events (risks) that might cause harm or loss, assess and quantify the identified risks, and decide if, how, and when to prevent or reduce the risk. Also includes the implementation of mitigation actions at the appropriate times." (Richard D Stutzke, "Estimating Software-Intensive Systems: Projects, Products, and Processes", 2005)
"Identifying a situation or problem that may put specific plans or outcomes in jeopardy, and then organizing actions to mitigate it." (Teri Lund & Susan Barksdale, "10 Steps to Successful Strategic Planning", 2006)
"The process of identifying hazards of property insured; the casualty contemplated in a specific contract of insurance; the degree of hazard; a specific contingency or peril. Generally not the same as security management, but may be related in concerns and activities. Work is done by a risk manager." (Robert McCrie, "Security Operations Management" 2nd Ed., 2006)
"Systematic application of procedures and practices to the tasks of identifying, analyzing, prioritizing, and controlling risk." (Tilo Linz et al, "Software Testing Practice: Test Management", 2007)
"Risk management is a continuous process to be performed throughout the entire life of a project, and an important part of project management activities. The objective of risk management is to identify and prevent risks, to reduce their probability of occurrence, or to mitigate the effects in case of risk occurrence." (Lars Dittmann et al, "Automotive SPICE in Practice", 2008)
"A structured process for managing risk." (David G Hill, "Data Protection: Governance, Risk Management, and Compliance", 2009)
"The process organizations employ to reduce different types of risks. A company manages risk to avoid losing money, protect against breaking government or regulatory body rules, or even assure that adverse weather does not interrupt the supply chain." (Tony Fisher, "The Data Asset", 2009)
"Systematic application of procedures and practices to the tasks of identifying, analyzing, prioritizing, and controlling risk." (IQBBA, "Standard glossary of terms used in Software Engineering", 2011)
"The process of identifying what can go wrong, determining how to respond to risks should they occur, monitoring a project for risks that do occur, and taking steps to respond to the events that do occur." (Bonnie Biafore, "Successful Project Management: Applying Best Practices and Real-World Techniques with Microsoft® Project", 2011)
"Risk management is using managerial resources to integrate risk identification, risk assessment, risk prioritization, development of risk-handling strategies, and mitigation of risk to acceptable levels (ASQ)." (Laura Sebastian-Coleman, "Measuring Data Quality for Ongoing Improvement ", 2012)
"The process of identifying negative and positive risks to a project, analyzing the likelihood and impact of those risks, planning responses to higher priority risks, and tracking risks." (Bonnie Biafore & Teresa Stover, "Your Project Management Coach: Best Practices for Managing Projects in the Real World", 2012)
"A policy of determining the greatest potential failure associated with a project." (James Robertson et al, "Complete Systems Analysis: The Workbook, the Textbook, the Answers", 2013)
"Controlling vulnerabilities, threats, likelihood, loss, or impact with the use of security measures. See also risk, threat, and vulnerability." (Mark Rhodes-Ousley, "Information Security: The Complete Reference, Second Edition" 2nd Ed., 2013)
"A process to identify, assess, manage, and control potential events or situations to provide reasonable assurance regarding the achievement of the organization's objectives." (Sally-Anne Pitt, "Internal Audit Quality", 2014)
"Managing the financial impacts of unusual events." (Manish Agrawal, "Information Security and IT Risk Management", 2014)
"Systematic application of policies, procedures, methods and practices to the tasks of identifying, analysing, evaluating, treating and monitoring risk." (Chartered Institute of Building, "Code of Practice for Project Management for Construction and Development, 5th Ed.", 2014)
"The coordinated activities to direct and control an organisation with regard to risk." (David Sutton, "Information Risk Management: A practitioner’s guide", 2014)
"The process of reducing risk to an acceptable level by implementing security controls. Organizations implement risk management programs to identify risks and methods to reduce it. The risk that remains after risk has been mitigated to an acceptable level is residual risk." (Darril Gibson, "Effective Help Desk Specialist Skills", 2014)
"Risk management is a structured approach to monitoring, measuring, and managing exposures to reduce the potential impact of an uncertain happening." (Christopher Donohue et al, "Foundations of Financial Risk: An Overview of Financial Risk and Risk-based Financial Regulation, 2nd Ed", 2015)
"Systematic application of procedures and practices to the tasks of identifying, analyzing, prioritizing, and controlling risk. " (ISTQB, "Standard Glossary", 2015)
"The practice of identifying, assessing, controlling, and mitigating risks. Techniques to manage risk include avoiding, transferring, mitigating, and accepting the risk." (Weiss, "Auditing IT Infrastructures for Compliance, 2nd Ed", 2015)
"The discipline and methods used to quantify, track, and reduce where possible various types of defined risk." (Gregory Lampshire, "The Data and Analytics Playbook", 2016)
"The process of identifying individual risks, understanding and analyzing them, and then managing them." (Paul H Barshop, "Capital Projects", 2016)
"Coordinated activities to direct and control an organization with regard to risk." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)
"Process of identifying and monitoring business risks in a manner that offers a risk/return relationship that is acceptable to an entity's operating philosophy." (Tom Klammer, "Statement of Cash Flows: Preparation, Presentation, and Use", 2018)
"Coordinated activities to direct and control an organisation with regard to risk." (ISO Guide 73:2009)
"Risk management is the identification, assessment and prioritisation of risks [...] followed by coordinated and economical application of resources to minimise, monitor and control the probability and/or impact of unfortunate events or to maximise the realisation of opportunities." (David Sutton, "Information Risk Management: A practitioner’s guide", 2014)