Which term describes a process used to identify and evaluate risk and its potential effects?

Risk analysis focuses on identifying risks and examining how likely they are to occur and what impact they would have. By detailing potential events and measuring both probability and consequences, it yields a gauge of overall risk that helps prioritize where to apply controls or mitigations. This makes it the best fit for describing a process used to identify risk and evaluate its potential effects. In contrast, risk assessment is a broader activity that includes establishing criteria and deciding on responses, while risk evaluation centers on judging the significance of risks against those criteria. Risk transfer is about shifting risk to another party, not analyzing it.