The risk assessment process is one of the most important tasks that must be performed on critical infrastructure systems to detect security vulnerabilities and risks. The risk assessment task is used to evaluate the likelihood and the impact of the potential threats on the critical assets of any system by determining the threats, the unwanted incidents, and the mitigation techniques to reduce these risks. The advanced metering infrastructure (AMI) system is considered one of the critical infrastructure systems and part of the smart grid system. AMI collects electricity consumption data from the customer’s residence to the electricity data center through bidirectional communication channels to be analyzed. This paper conducts a risk assessment process on the AMI system using the CORAS risk assessment model and CORAS risk assessment tool v1.4 to identify possible risks. The study applies the eight steps of the CORAS model to the AMI system from determining the critical assets in the AMI system to determining the mitigation techniques that can be applied to overcome the existing security vulnerabilities. In the end, this study provides a better understanding of the AMI security risks toward identifying adequate security perimeters for AMI systems.