Risk Identification

- The 2nd Line of Defense possesses an updated risk register to reflect IT’s overall risk portfolio.
- Risk identification exercises are conducted bi-annually by the 1st Line of Defense.
- The IT risk register is developed and updated collaboratively with key business stakeholders.
- Risk events are brainstormed using high-level, IT risk categories and refined using COBIT 5 IT processes