Identify enterprise level risks

Trigger: A strategic planning cycle, a significant shift in the external business environment, or a periodic regulatory review initiates the enterprise risk assessment.

1. Gather macroeconomic, industry, and internal performance data
2. Conduct risk discovery workshops with department leaders
3. Categorize potential threats across strategic, operational, and financial domains
4. Draft preliminary risk descriptions and business impacts
5. Document findings in the enterprise risk register
6. Communicate the consolidated risk profile to the board and executives

Outcome: Enterprise-level risks are fully documented, categorized in a central register, and communicated to executive leadership.