Watch this video on YouTube
You are an information system auditor of HDA Inc., and you are auditing the processes related to risk identification. In this context, which of the following options is the best approach to enable the timely identification of risk exposure?