Identifies risks
When the control internal environment has been defined and enterprise objectives in terms of risk have been specified, the step of identification of events at risk starts.
Risk identification is generally carried out within the framework of a specified control system.
A control system is a set of controls that ensure risk prevention and management, application of internal operating rules, respect a law or regulation, or work towards achievement of an objective as defined by company strategy. Examples: the quality control system, the control system relating to IT and Privacy, the management control system, the internal audit system.
This control system can be defined as the implementation of a regulation within the framework of one of the enterprise business functions, such as application of an enterprise financial policy in the purchasing field.