In the risk management process, which step follows the assessment of impact?

In the risk management process, after assessing the impact of identified risks, the next logical step is to build in management actions. This step is crucial because it involves developing strategies to mitigate or manage the risks identified during the assessment phase. By implementing management actions, organizations can effectively reduce the likelihood of risks occurring or lessen their impact should they arise. This proactive approach ensures risks are addressed systematically, ultimately supporting better project planning and execution.

The other options do not appropriately follow the assessment of impact in the risk management process. Evaluating the probability of risks typically occurs before assessing the impact, as it helps determine which risks warrant further attention. Reflecting in the business case may occur later, as it involves reviewing the overall implications of the assessed risks on the project's viability. Brainstorming potential causes is part of the risk identification phase, which takes place before the impact and probability assessments. Therefore, building in management actions directly follows the assessment of impact in a structured risk management approach.