According to Smallwood (2014) there are five basic steps to conducting a risk assessment: (1) Identify the risk, (2) Determine potential impact, (3) Evaluate risk levels and probabilities and recommended action, (4) Create a report with recommendations and implement, and (5) Review periodically.
Identify a risk within any organization. Assess the risk based on the Smallwood's criteria.
Reference:
Smallwood, R. F. (2014). Information governance: concepts, strategies and best practices. Hoboken, NJ, Wiley
Sample Solution