ISO 17025 does not prescribe any particular methodology or formal program. It requires a planned activity to integrate risk and opportunities assessment into the management system, for example evaluate risks during the audit program. A laboratory must assess the potential impact on objectives and results, and take appropriate, proportional action. You therefore need to introduce an risk level evaluation that results in a risk ranking, so you can prioritise actions. The methodology for a specific risk assessment would generally start with documenting the critical systems or processes, then document the process steps, followed by identifying the risks by looking at the inputs and outputs of each step. Once these are identified you will rate the likelihood of an event happening as high, medium or low; as well as the impact as high, medium or low. Using at a minimum, a 3 x 3 matrix, you then determine the risk level for that specific risk as high, medium or low.
You also asked
2. And in which areas should the risk assessment be performed?"
A laboratory must consider and address risks for all activities which could possibly have a negative impact on the competency, impartiality and / or consistent operation of the laboratory.
Your attention should be focused on spending more time considering risks to performance of tests which are part of your scope of accreditation, along with risks to the overall policies and objectives of the laboratory. This includes for example, procurement, if a delay in receiving an order could cause a delay in reporting time for a test to a customer.