WEB1. Identify which risk “category” best fits each risk: compliance and legal, financial, health and safety, operational, or strategic. (See, Table 1, Risk Categories, below.) 2. Consider the potential impact of each risk by using the risk impact scales shown in Table 2 and 3.