Risks should be identified and reviewed throughout the lifetime of a project, with respect to their impact and measures to manage or mitigate.
Two factors are assessed for each risk identified, it's likelyhood and it's impact. These two are combined together into a risk priority using a table such as the one displayed here. This may then optionally be converted into a risk score based on the priority and a value, which gives the risk a monetary aspect.
Once assessed, a mitigation plan should be created for the risk. This may be to manage the impact, reduce or even avoid the likelyhood of it occuring, and to plan for any consequences. It may be that the risk is just accepted, but this should be a clear and reviewed decision.
Following the creation of a mitigation plan the risk should be re-assessed with respect to it's revised likelyhood and impact. This residual risk can be seen in the global risk register, as well as individual manager dashboards.