Watch this video on YouTube
What should a risk practitioner do FIRST when a shadow IT application is identified in a business owner's business impact analysis (BIA)?