According to the CRISC Review Manual (Digital Version), the risk register is the most useful component of the review of the overall risk profile from the targeted organization, as it providesa comprehensive and up-to-date record of the identified risks, their likelihood and impact, their risk response actions, and their residual risk levels. The risk register helps to:
Understand the current and potential threats and vulnerabilities that may affect the targeted organization’s objectives and performance
Evaluate the effectiveness and efficiency of the risk management processes and controls implemented by the targeted organization
Identify the gaps or weaknesses in the risk management practices and capabilities of the targeted organization
Assess the compatibility and alignment of the risk appetite and risk tolerance of the targeted organization with the acquiring organization
Estimate the value and benefits of the acquisition and the potential risks and costs involved
References = CRISC Review Manual (Digital Version), Chapter 1: IT Risk Identification, Section 1.5: IT Risk Identification Methods and Techniques, pp. 38-391
