This paper, which reinterprets previous work by Bradbury and Rouse (2002), addresses the risk quantification issue at an intuitive level. The insights provided by such quantification are discussed. Risk factors are associated with the risk-return concept. This allows measuring whether risks taken on are appropriately rewarded. The paper gives a non-technical exposition of DEA and outlines possible applications to accounting and finance. Using data for a large multinational, it shows how DEA analysis can be combined with internal audit procedures. It explains how the results obtained can be used to improve risk management.