Where can we cover the risk associates with threats encountered externally in documents or at department level for ISO 9001 systems effectiveness ?

Risk is defined as the probability of an event and its consequences. Risk management is the practice of using processes, methods and tools for managing these risks. Risk management focuses on identifying what could go wrong, evaluating which risks should be dealt with and implementing strategies to deal with those risks. Organization that have identified the risks, will be better prepared.