Matters to consider when determining R & O

Answer:
When working with an organization to implement a quality management system according to ISO 9001:2015 I consider three main sources for risk determination.

(4.4 f)) - Risks related to processes.
For example: What can go wrong in the process above that make’s bad parts and bad packages? What opportunities are there for improving productivity or reducing cycle time?

(5.1.2 b)) – Risks related to products and services. What can go wrong with products and services when used by customers?

(6.1.1) – Risks related to clauses 4.1 and 4.2. For example, the government can publish legislation that works as a barrier to competitors and makes our organization win market share. For example, technological evolution can make our production process obsolete.

The following material will provide you more information about risks and opportunities:
ISO 90 01 – How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
How to identify risk controls in ISO 9001:2015 - https://advisera.com/9001academy/blog/2019/01/21/how-to-identify-risk-controls-in-iso-90012015/
How to identify risk significance in ISO 9001:2015 - https://advisera.com/9001academy/blog/2019/01/14/how-to-identify-risk-significance-in-iso-90012015/
Free webinar on demand - How to implement risk management in ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-implement-risk-management-in-iso-90012015-free-webinar-on-demand//
Free online training ISO 9001:2015 Internal Auditor Course – https://advisera.com/training/iso-9001-internal-auditor-course/
Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/