A risk is a potential issue waiting to happen leading to some unintended effects. If there is zero probability for the risk to happen, then it is not at all a risk. Similarly, if there is no adverse effect with the happening of the issue, it is not a risk. If the issue had already happened, it is no more a risk, but a problem.
Risk Identification and Analysis
There could be various risks inside the projects. Those needs to be first identified and then analysed based on their probability of occurrence and effect (impact). Based on these analysis risk needs to be prioritised for action. Here we are actually prioritising the risks based on three factors i.e. Probability of occurrence, impact and detectability of the risk
Highly probable, huge impact and low detectable risks needs to be treated first. For prioritization of risks we need to have some metrics associated with it. We call it as risk value. It is the product of probability, impact and detectability.