can be defined in many different ways, and much of the definition depends on how risk analysis relates to other concepts. Risk analysis can be "broadly defined to include risk assessment, risk characterization, risk communication
, risk management, and policy relating to risk, in the context of risks of concern to individuals, to public- and private-sector
organizations, and to society at a local, regional, national, or global level." A useful construct
is to divide risk analysis into two components: (1) risk assessment (identifying, evaluating, and measuring the probability and severity
of risks) and (2) risk management (deciding what to do about risks). Some books take a slightly different approach and define risk management as the overarching concept, where risk analysis is the component that seeks to identify and measure the risks and risk mitigation
is determining what to do about the risks.
Risk analysis can be qualitative or quantitative. Qualitative risk analysis
uses words or colors to identify and evaluate risks or presents a written description of the risk, and quantitative risk analysis (QRA) calculates numerical probabilities over the possible consequences.