controls are the activities Schwan into place manage or mitigate the risks. are often built into the core business processes and support processes (see Exhibit 7 for graphical representation of the risk assessment framework) assess gross risk controls and of internal personnel of relevant accomplishment of corporate or process objectives), t strength of risk in light management's response to identified and residual re-evalu compared to controls and management's response). At the end of this process, residual risks are gross risks for reasonableness. See graphical representation of this risk The risks are rated based on the magnitude of the impact to the organization of the risk occurring, as well as on the probability of occurrence. Residual risk assessments are conducted through focused interviews with multiple levels of management, a review ofbusiness plans, analysis of financial and operational reports, and a review of miscellaneous information (e.g., industry information, process documentation, etc.). For validation, the assessment results are discussed with the appropriate levels of management.