Recognizing potential risks that could negatively impact an organizations ability to operate or achieve its objectives
It is a proactive process and can involve Brainstorming, Checklists, Interviews, Scenario Analysis
Organization should consider a wide range of risks, including operational, financial, strategic and reputational risks
Risk Identification Process
A team is created that contains members from across the organization that use the asset that we are trying to protect on a daily basis (Stakeholders) as well as members who can make decisions (Management)
The team identifies what is in scope and what is out of scope
The risk appetite of the organization for the assets to be protected needs to be defined
Once the scope and appetite is defined the team works on risk assessment