Program risks are not static.  Risks should be reviewed by the whole program team on a regular basis to ensure you have portrayed them correctly, and to see if there are any changes.  Along with that, the assumptions you used to develop the risks should also be regularly re-evaluated.  Assumptions change over time, and some that were made early in the program may now be different or even completely erroneous.   New risks appear over time that were not identified initially.  It is true that as you have more information on your program or as it matures, the probability of occurrence may change for sure - increasing or diminishing.  Consequence is then evaluated on the impact to cost, schedule and performance of the program.  The consequence may also change, for example, the  cost impact of a redesign may go up and therefore the consequence of a cost risk will increase.  If your development test articles are unable to pass a number of tests, the consequence of the design not meeting the specifications increases.  Consequence probably changes less often then likelihood, but it can change. 

One way to categorize the changes would be to use the consequence thresholds in the DOD Risk Issue and Opportunity Management Guide, (2017 edition) page 25, Table 3.1.   You would categorize them during your initial risk assessment then as your program proceeds, you evaluate if the consequence has crossed any of those thresholds up or down. 

The key is really to do a regular review of the risks to verify that they are still captured as accurately as possible with the information you have at the time. Don't be too anchored to your initial risk assessment.  The risk review should be integrated in that it should address not only contractor risks, but Government risks as well - those that the contractor may not be aware of, or that do not impact them directly.