Explanation:
Risk identification is the process of determining which risks may affect the project. It also documents risks’ characteristics.
Following are high-level phases that are involved in risk identification and evaluation:

• Collecting data- Involves collecting data on the business environment, types of events, risk categories, risk scenarios, etc., to identify relevant data to enable effective risk identification, analysis and reporting.
• Analyzing risk- Involves analyzing risk to develop useful information which is used while taking risk-decisions. Risk-decisions take into account the business relevance of risk factors.
• Maintain a risk profile- Requires maintaining an up-to-date and complete inventory of known threats and their attributes (e.g., expected likelihood, potential impact, and disposition), IT resources, capabilities, and controls as understood in the context of business products, services and processes to effectively monitor risk over time.

Incorrect Answers:
D: It comes under risk management process, and not in risk identification and evaluation process.