The term risk usually refers to undesirable events with an as yet uncertain occurrence that are associated with a product or process; in formal definitions, they are usually characterised as a combination of the amount of damage and the probability of occurrence for a loss. The overall quantitative assessment usually results from the expected value for the damage (to be specified in more detail in each case), i.e. as the product of the amount of damage and the probability of occurrence. Sometimes other parameters are integrated (e.g. probability of detection or avoidability through human intervention).
See also:ISO/IEC DIS 22989 effect of uncertainty on objectives
Note 1 to entry: An effect is a deviation from the expected. It can be positive, negative or both, and can address, create or result in opportunities and threats.
Note 2 to entry: Objectives can have different aspects and categories, and can be applied at different levels.
Note 3 to entry: Risk is usually expressed in terms of risk sources, potential events, their consequences and their likelihood.
[SOURCE: ISO 31000:2018, 3.1]