Transcription  
A lot of times our clients don’t think that they are doing risk assessment and they think they have to do something different than they’re already doing, but actually they are doing risk assessments. It’s just informal. One of the things that we enjoy doing is teaching organizations how they are currently doing risk so that you can see how to formalize that and turn it into something that is written and documented for compliance purposes. For example, most organizations look at things that are threatening their environment. They look at changes that are happening. These conversations are happening in the hallway, they’re happening in the boardroom, they’re happening during our regular video conference meetings where we’re discussing problems. This problem came up with this employee the other day. This client brought this concern to us about our application. A competitor just entered the market. Did you hear about the phishing email that someone received? These things are being talked about all the time and are being dealt with. They’re just not being formalized; they’re not being documented. So, you are currently involved in risk assessment. You are performing risk assessments. You just have to identify the informal way that you are having these conversations and start looking for ways to document that. If you do have a regular meeting of your management team, if you have regular departmental meetings, start keeping minutes of those meetings and put a section in there titled “Risk,” so that whenever things come up about upgrading something, or improving an approach that you have to a threat or a problem that’s facing your business, you can start documenting the risks that you’re discussing and turn that into a formal, written risk assessment.