Including:
- Identification of relevant risks: (e.g., corruption, data protection, IT security, supply chain, insider)
- Assessment & prioritization: probability of occurrence + impact
- Action & control plan: clear responsibilities, deadlines, implementation recommendations
- Final report including risk map
