A small business lacks formal IT governance. What is the FIRST step to establish governance?
Risk assessment reveals the starting point for governance.
Why this answer
Conducting a risk assessment identifies the most critical issues and guides the development of governance policies and structure. Defining policies or assigning roles without understanding risks may be premature.