What aspect of ITIL 4 addresses understanding and evaluating risks?

The aspect of ITIL 4 that addresses understanding and evaluating risks is Risk Management. This practice is focused on identifying, assessing, and controlling risks to minimize their impact on the organization, ensuring that the services provided can meet business needs while being based on informed decision-making.

Risk Management involves a systematic approach to identifying potential risks that could negatively affect service delivery. It ensures that the organization can prioritize these risks and allocate resources effectively to mitigate them. This practice is crucial for maintaining service availability and reliability, ultimately supporting better decision-making in all areas of ITIL.

In contrast, Incident Management deals primarily with restoring normal service operation as quickly as possible following an incident, without a specific focus on evaluating risks. Service Design is concerned with designing services and ensuring they meet business requirements, but it does not specifically cover risk management in-depth. Change Control focuses on managing changes to services and infrastructure and ensures that risks associated with changes are assessed as part of the process; however, it doesn't encompass the broader scope of risk evaluation like the Risk Management practice itself.