Sometimes when we facilitate a risk assessment, really the main thing that we’re doing is just getting an organization over the hump by starting their risk assessment. People overthink it and they just don’t know where to start, and sometimes you can break that log jam by bringing an outsider in to help facilitate this for you. A lot of times organizations don’t see that their already doing risk assessment. Just getting the conversation started and saying, “Look! You have locks on the doors, right? You lock the door when you’re not in the office. You have video cameras, you utilize encryption, you require passwords. All these things have been put into place because you have an understanding of risk.” It’s just a matter of talking through those issues and documenting why you’ve put those controls in place. Once you get over that hump, it becomes a very fluid conversation. You’re able to start talking about whether or not this control is necessary, or if we should enhance a control by putting new things into place once you start getting the brainstorming going, you’re able to identify new areas of risk, and start recognizing changes that are happening in your environment and start looking holistically at how you might improve the strength of your environment through mitigation of those risks.