According to the CRISC Review Manual (Digital Version), the primary goal of a risk awareness program is to reduce the risk to an acceptable level by increasing the knowledge and understanding of the risk among the stakeholders. A risk awareness program should:
Educate the stakeholders about the sources, types and impacts of IT-related risks
Explain the roles and responsibilities of the stakeholders in the risk management process
Promote a risk-aware culture that supports the risk appetite and risk tolerance of the organization
Provide guidance and tools for identifying, assessing, responding and monitoring IT-related risks
Encourage the reporting and escalation of risk issues and incidents
Reinforce the benefits and value of effective risk management
References = CRISC Review Manual (Digital Version), Chapter 4: IT Risk Monitoring and Reporting, Section 4.2: IT Risk Reporting, pp. 224-2251