Identify vulnerabilities
Risk can be managed if the gaps are identified and you have a plan to address the risk. Putting a plan into action will identify the areas that need further development, such as missing links in the chain of command or gaps in the recovery process.