I’m looking for feedback from anyone who has had to prepare a formal risk assessment document for their company. I am charged with preparing document to identify potential risks from an IT perspective. I have a number of ideas, but there’s always room for more input, so I wouldn’t mind hearing from anyone who has some experience here.