Work Step: "PHASE I: RISK ASSESSMENT1. Identify the In-Scope Processes" Purpose: To categorize and group the activities the organization carries out, and to clarify and articulate which processes will be assessed. Output / Deliverable(s): A listing of in-scope processes and sub-processes. Principal Tasks: 1a. Identify the major process(es) to be assessed. 1b. Identify the sub-processes to be assessed. 1c. Document the processes identified. Tips! ">Your list of processes should reflect how your organization actually carries out its work, vs. generic processes.>Processes are scalable, meaning a set of processes and sub-processes can be developed for almost any level within the organization, from enterprisewide to a small department.>Do some research, as appropriate, to see if your organization has already defined its major processes. >Insofar as possible, define organizationally lower-level processes within the organization's already-defined enterprisewide processes.>Organization charts can be a good source of the principal processes a unit carries out."