Risk Monitoring is the process of

• Tracking identified risks
• Monitoring residual risks
• Identifying new risks
• Evaluating risk response plans

It involves ongoing tracking of risks and their response actions

Helps determine Residual Risk and Control Risk

• Residual Risk
  • The likelihood and impact of the risk after mitigation, transference, or acceptance measures have been taken on the initial risk
• Control Risk
  • Assessment of how a security measure has lost effectiveness over time

Risk Reporting

• Communicating information about risk management activities to stakeholders
• Includes results of risk identification, assessment, response and monitoring
• Often presented in the form of a risk report

Risk Monitoring and Reporting are essential for

• Informed decision making
• Risk mitigation
• Stakeholder communication
• Regulatory compliance