When performing a risk assessment, identifying all reasonable risks should be the goal. An infinite amount of time could be spent documenting every threat or risk. It would be better to establish some boundaries and address those, while trying to avoid spending too much time and money on matters that aren't very probable and of little impact. They can be documented to show that diligence was taken, but that further action was unneccessary. Performing a thorough assessment is worth it in the end, and going a little deeper than the obvious should prove to be beneficial to the business.

Yes it is worth going through the exercise to identify every threat in an organization.  There are 6 steps to follow when creating a risk assessment with step 2 being to identify threats.  The key is to compose a sensible list of threats that is thorough enough to show that due diligence was performed.  Also the step of identifying threats is should be to simply list them.  The likelihood of these threats occurring should not come into play here and should be saved for step 3 of the Risk assessment process when determining the probability of occurrence of the threats listed.  When creating a list of possible threats a company can use checklists and split threats into categories such as natural, human, and environmental.  They can also take a look back in history at what type of incidents have occurred in the past to help complete their list. 

It’s important to have the team that is responsible of identifying threats to list everything they think of and save the discussion for the probability of occurrence for a later time.