Probabilistic risk assessment is one analysis strategy usually employed in science and engineering.
Risk analysis should be performed as part of the risk management process for each project. The data of which would be based on risk discussion workshops to identify potential issues and risks ahead of time before these were to pose cost and/ or schedule negative impacts (see the article on Cost contingency for a discussion of the estimation of cost impacts).
The risk workshops should be attended by a large group ideally between 6 and 10 individuals from the various departmental functions (e.g. project manager, construction manager, site superintendent, and representatives from operations, procurement, [project] controls, etc.) so as to cover every risk element from different perspectives.
The outcome of the risk analysis would be the creation or review of the risk register to identify and quantify risk elements to the project and their potential impact.
Given that risk management is a continuous and iterative process, the risk workshop members would regroup on at regular intervals and project milestones to review the risk register mitigation plans, make changes to it as appropriate and following those changes re-run the risk model. By constantly monitoring risks these can be successfully mitigated resulting in a cost and schedule savings with a positive impact on the project.
The risk evaluation of the Information technology environment has been the subject of some methodologies; Information security is a science that based itself on the evaluation and management of security risk, regarding the information used by organization to pursue their business objectives. Standardization bodies like ISO, NIST, The Open Group, Information Security Forum had published different standards in this field.