<P> In Information Technology, Risk management includes "Incident Handling", an action plan for dealing with intrusions, cyber-theft, denial of service, fire, floods, and other security - related events . According to the SANS Institute, it is a six step process: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned . </P> <P> In enterprise risk management, a risk is defined as a possible event or circumstance that can have negative influences on the enterprise in question . Its impact can be on the very existence, the resources (human and capital), the products and services, or the customers of the enterprise, as well as external impacts on society, markets, or the environment . In a financial institution, enterprise risk management is normally thought of as the combination of credit risk, interest rate risk or asset liability management, liquidity risk, market risk, and operational risk . </P> <P> In the more general case, every probable risk can have a pre-formulated plan to deal with its possible consequences (to ensure contingency if the risk becomes a liability). </P> <P> From the information above and the average cost per employee over time, or cost accrual ratio, a project manager can estimate: </P>

Explain the concept of risk management including risk identification assessment and control