What is the difference between a risk assessment and a risk analysis?

A risk assessment is the overall process of identifying threats, vulnerabilities, and potential impacts to an organization's assets, resulting in a prioritized list of risks. It answers what can go wrong, how likely it is, and how bad it would be. Risk analysis is a component within the assessment that evaluates the likelihood and impact of identified risks, either qualitatively using ratings like high, medium, and low, or quantitatively using monetary values.