Risk is broadly defined as any event or condition that can have an impact on the outcome of an activity. Within the context of IT operations, risk is the probability, not the certainty, of suffering a loss and the likelihood that the threat will occur. The loss could be anything from diminished quality of a service to increased cost, missed deadlines, or complete service failure.

Risks arise from uncertainty surrounding operational decisions and outcomes. Most individuals associate the concept of risk with the potential for loss in value, control, functionality, quality, or timeliness of completion of an activity. However, outcomes may also result in failure to maximize gain in an opportunity; the uncertainties in decision making that lead up to this outcome can also be said to involve elements of risk.