The combination of the probability of an event and its consequence. (ISO/IEC 73).

ISACA Glossary [Information Systems Audit and Control Association]