User guideRisk managementConducting risk assessments
Risk management

Conducting risk assessments

Learn how to identify and evaluate risks in your AI projects.

Overview

Risk assessment is the systematic process of identifying what could go wrong with your AI systems, how likely it is to happen, and how severe the consequences would be. This foundational practice helps organizations make informed decisions about which risks require immediate attention and which can be monitored over time.

In AI governance, risk assessment is particularly important because AI systems can introduce unique risks that traditional software does not — from biased decision-making to unexpected model behaviors. By proactively identifying these risks, you can implement controls before problems occur rather than reacting after harm has been done.

Why assess AI risks?

AI systems present distinct challenges that make formal risk assessment essential:

  • Regulatory compliance: Regulations like the EU AI Act require documented risk assessments for AI systems
  • Stakeholder protection: Identifying risks helps protect users, customers, and affected communities
  • Business continuity: Understanding risks prevents costly failures and reputational damage
  • Informed decision-making: Risk data helps prioritize resources and mitigation efforts
  • Accountability: Documented assessments demonstrate due diligence to auditors and regulators
Risks in VerifyWise can be linked to both use cases and compliance frameworks, allowing you to track risks across different contexts and regulatory requirements.
Risk Management page showing risk level summary cards and a table of risks with severity, likelihood, mitigation status, and risk level columns
The Risk Management page provides an overview of all identified risks across your AI use cases.

Creating a risk

To create a new risk in VerifyWise, navigate to the Risk Management section and provide the following information:

  1. Risk name: A clear, descriptive name for the risk
  2. Risk owner: The person responsible for managing this risk
  3. Risk description: Detailed explanation of the risk and its potential consequences
  4. AI lifecycle phase: When in the AI lifecycle this risk applies
  5. Risk category: Classification of the risk type
Add a new risk modal showing fields for applicable use cases, frameworks, risk name, action owner, AI lifecycle phase, risk description, risk categories, potential impact, likelihood, severity, and calculated risk level
The risk creation form captures all the information needed to document and assess a new risk.

AI lifecycle phases

VerifyWise tracks risks across the complete AI system lifecycle:

Problem definition and planning

Initial project scoping, requirements gathering, and feasibility assessment.

Data collection and processing

Data sourcing, cleaning, labeling, and preparation activities.

Model development and training

Algorithm selection, model architecture, and training processes.

Model validation and testing

Performance evaluation, bias testing, and quality assurance.

Deployment and integration

Production rollout and system integration activities.

Monitoring and maintenance

Ongoing performance monitoring and model updates.

Risk analysis

Each risk is analyzed using likelihood and severity assessments. VerifyWise automatically calculates the overall risk level based on these inputs.

Likelihood assessment

Rate how probable the risk is to occur:

LikelihoodDescription
RareHighly unlikely to occur
UnlikelyNot expected but possible
PossibleMay occur at some point
LikelyExpected to occur
Almost certainWill almost definitely occur

Severity assessment

Rate the potential impact if the risk materializes:

SeverityDescription
NegligibleMinimal impact, easily addressed
MinorLimited impact, manageable consequences
ModerateNoticeable impact requiring attention
MajorSignificant impact on operations or stakeholders
CatastrophicSevere impact with long-term consequences

Calculated risk levels

Based on likelihood and severity, VerifyWise automatically calculates the risk level:

Risk levelRecommended action
No riskNo action required
Very lowMonitor periodically
LowStandard monitoring and review
MediumActive management required
HighPriority attention needed
Very highImmediate action required

Linking risks to use cases and frameworks

Risks can be associated with:

  • Use cases: Link risks to specific AI use cases in your portfolio
  • Frameworks: Associate risks with compliance frameworks like EU AI Act or ISO 42001
  • Assessments: Map risks to specific assessment questions and controls
Best practice
Link each risk to both the relevant use case and any applicable compliance frameworks. This ensures risks are visible in use case reviews and compliance assessments.

Risk tracking

VerifyWise provides several views for monitoring your risks:

  • View all risks across your organization
  • Filter risks by use case
  • Filter risks by compliance framework
  • Track risk status changes over time

Additional risk fields

Each risk record can include:

  • Impact description for detailed consequence analysis
  • Assessment mapping to link to specific assessment items
  • Controls mapping to associate with governance controls
  • Review notes for ongoing observations
  • Date of assessment for tracking when the risk was evaluated

Related articles

Risk mitigation strategies

Learn how to implement controls for identified risks

Vendor risk assessment

Assess risks from third-party AI vendors

EU AI Act compliance

Understand regulatory risk requirements

NextRisk mitigation strategies
Conducting risk assessments - Risk management - VerifyWise User Guide