Risk analysis has become increasingly important with the emergence of new, unknown and potentially dangerous technologies. Risk analysis builds on the use of models. If the models are valid representations of reality, they can be used to predict and thus also to minimize the risks. Any model is, however, a simplification and a generalization which implies that it has only a limited region of validity. If a model in the risk analysis process is used outside its region of validity it can introduce serious flaws in the actions on different risks. The use of deficient models actually poses the most serious threat to the validity of risk assessments. To understand the origins of deficient models, it is necessary to consider the modelling process and the people involved in using the models. Models in risk analysis are based on many assumptions which have to be understood if erroneous interpretations are to be avoided. The paper considers theoretical foundations of risk analysis, models used in risk analysis and the modelling process leading to these models.