Risk assessment is divided into 3 steps: the identification, analysis, and evaluation of risks. This requires a systematic approach. Care should also be taken not to quantify risks if there is insufficient experience to do so. This leads to a feigned precision in which the actual risk is under- or overestimated.
[GMP Compliance Adviser, Chapter 19.C]