Risk assessment is a process for identifying hazards, potential (future) events which may negatively impact on individuals, assets, and/or the environment because of those hazards, their likelihood and consequences, and actions which can mitigate these effects. The output from such a process may also be called a risk assessment. Hazard analysis forms the first stage of a risk assessment process. Judgments "on the tolerability of the risk on the basis of a risk analysis" (i.e. risk evaluation) also form part of the process. The results of a risk assessment process may be expressed in a quantitative or qualitative fashion.

Risk assessment forms a key part of a broader risk management strategy to help reduce any potential risk-related consequences.

Risk assessments can be undertaken in individual cases, including in patient and physician interactions. In the narrow sense chemical risk assessment is the assessment of a health risk in response to environmental exposures. The ways statistics are expressed and communicated to an individual, both through words and numbers impact his or her interpretation of benefit and harm. For example, a fatality rate may be interpreted as less benign than the corresponding survival rate. A systematic review of patients and doctors from 2017 found that overstatement of benefits and understatement of risks occurred more often than the alternative. A systematic review from the Cochrane collaboration suggested "well-documented decision aids" are helpful in reducing effects of such tendencies or biases. Aids may help people come to a decision about their care based on evidence informed information that align with their values. Decision aids may also help people understand the risks more clearly, and they empower people to take an active role when making medical decisions. The systematic review did not find a difference in people who regretted their decisions between those who used decision aids and those who had the usual standard treatment.

An individual's own risk perception may be affected by psychological, ideological, religious or otherwise subjective factors, which impact rationality of the process. Individuals tend to be less rational when risks and exposures concern themselves as opposed to others. There is also a tendency to underestimate risks that are voluntary or where the individual sees themselves as being in control, such as smoking.

Risk assessment can also be made on a much larger systems theory scale, for example assessing the risks of an ecosystem or an interactively complex mechanical, electronic, nuclear, and biological system or a hurricane (a complex meteorological and geographical system). Systems may be defined as linear and nonlinear (or complex), where linear systems are predictable and relatively easy to understand given a change in input, and non-linear systems unpredictable when inputs are changed. As such, risk assessments of non-linear/complex systems tend to be more challenging.

In the engineering of complex systems, sophisticated risk assessments are often made within safety engineering and reliability engineering when it concerns threats to life, natural environment, or machine functioning. The agriculture, nuclear, aerospace, oil, chemical, railroad, and military industries have a long history of dealing with risk assessment. Also, medical, hospital, social service, and food industries control risks and perform risk assessments on a continual basis. Methods for assessment of risk may differ between industries and whether it pertains to general financial decisions or environmental, ecological, or public health risk assessment.

Rapid technological change, increasing scale of industrial complexes, increased system integration, market competition, and other factors have been shown to increase societal risk in the past few decades. As such, risk assessments become increasingly critical in mitigating accidents, improving safety, and improving outcomes. Risk assessment consists of an objective evaluation of risk in which assumptions and uncertainties are clearly considered and presented. This involves identification of risk (what can happen and why), the potential consequences, the probability of occurrence, the tolerability or acceptability of the risk, and ways to mitigate or reduce the probability of the risk. Optimally, it also involves documentation of the risk assessment and its findings, implementation of mitigation methods, and review of the assessment (or risk management plan), coupled with updates when necessary. Sometimes risks can be deemed acceptable, meaning the risk "is understood and tolerated ... usually because the cost or difficulty of implementing an effective countermeasure for the associated vulnerability exceeds the expectation of loss."

Benoit Mandelbrot distinguished between "mild" and "wild" risk and argued that risk assessment and risk management must be fundamentally different for the two types of risk. Mild risk follows normal or near-normal probability distributions, is subject to regression to the mean and the law of large numbers, and is therefore relatively predictable. Wild risk follows fat-tailed distributions, e.g., Pareto or power-law distributions, is subject to regression to the tail (infinite mean or variance, rendering the law of large numbers invalid or ineffective), and is therefore difficult or impossible to predict. A common error in risk assessment and management is to underestimate the wildness of risk, assuming risk to be mild when in fact it is wild, which must be avoided if risk assessment and management are to be valid and reliable, according to Mandelbrot.