Most projects & companies manage risks on a risk register (either on a spreadsheet or in a system like ours – HURDLE) and will use a risk matrix to complete the risk assessments.
A risk matrix looks like below and has one axis for probability/likelihood & one axis for impact.
A risk that is identified as very likely to happen with a very large impact would be in the red section of the matrix to highlight it as needing managed.
The ultimate purpose of risk identification is to allow plans for the mitigation of the risk to be undertaken.
Mitigation steps will reduce the likelihood that a risk event will occur, and potentially reduce the impact of a risk event, should it occur.
The most successful companies are proactive risk managers meaning they plan for unexpected events, meaning they can be effectively positioned to respond should they arise.
Proactive risk management for a business or project should involve regular reviews with updates on status & actions to determine if progress is being made on managing the risks.