“…Boehm [3] described a process with two main phases: risk assessment, which includes identification, analysis, and prioritization, and risk control, which includes risk management planning, risk resolution, and risk monitoring planning, tracking, and corrective action. Similar to Deming's quality improvement cycle (plan, do, check, act), Kliem and Ludin [4] suggested a four-phase process (identification, analysis, control, and reporting). According to International Organization for Standardization 31000, risk management creates and protects value [5].…”