Elements and Performance Criteria
- Identify risks and develop risk evaluation criteria
- Assess current risk exposure
- Apply applicable risk assessment tools, establish probability and assess potential consequence of risk in an organisation
- Conduct spot checks and determine quality of data
- Identify mitigating effect of existing controls and use evaluation criteria to assess exposure to risk
- Compare risk exposure levels against risk appetites of organisation, and identify and report unacceptable residual risks
- Review and critically analyse risk appetite monitoring process and document findings
- Prepare probability assessment
- Review and report breached issues and incidents