|1. Risk Identification is to identify and categorize risks that could affect the organization and document the list of risks.
2. Process of finding, recognizing and describing risks (2.1)
Notes (1) : Risk identification involves the identification of risk sources (2.16), events (2.17), their causes and their potential consequences (2.18).
Notes (2): Risk identification can involve historical data, theoretical analysis, informed and expert opinions, and stakeholder's (2.13) needs.
[ISO Guide 73:2009, definition 3.5.1]
(Source: ISO 31000:2009 – Risk Management — Principles and Guidelines) - clause 2.15