The risk-management process described first involves the collecting of information pertinent to the likelihood and consequences of each type of bomb incident. Information should be collected on trends in bombing incidents and threats, motives, resources, and constraints. Based on this information, a relative risk rating is assigned for each type of incident. This paper cites four types of bomb incidents; namely, threats, unattended items, bombs and hoax devices, and post-blast consequences. Once risks are identified and rated, specific measures for reducing their likelihood or consequences can be designed within the parameters of available resources. Commanders and managers can then plan and implement measures for dealing with the recognized priority risks. The use of a common risk-management methodology within an organization or across agency, political, or geographic boundaries provides a number of advantages. The primary benefit is an ability to compare risks by using an agreed method of valuation and shared recognition of consequences. To be effective, the risk assessment must be conducted sufficiently early to provide for procedures to be developed and practiced. The assessment may require revision as related security plans and site surveys are developed. The bomb risk plan should be part of an integrated process and not be conducted in isolation. Appended risk management matrix