An effective process for the regular review and update of the risk profile would typically:
- Take into account all risks identified by the organisation, with more rigorous review of significant risks.
- Identify, respond to and escalate, to appropriate parties, significant changes in the risk profile.
- Be continuous and iterative to ensure the risk profile is up to date.
- Be triggered by changes in the organisation's risk environment, both internal and external.
