ABSTRACT
Given a basic understanding of qualitative risk analysis, one can use the concepts to improve the work process at an enterprise. As part of a misunderstood group, security and audit professionals are often viewed by the rest of the organization as non-value-added elements of the enterprise. One way to overcome this misconception is to implement processes that streamline the control review requirements.
