• Person or group directly associated with the entity, its operation and function, processes, systems, or other concerned matter, and oversight functions such as legal, compliance, and finance;
  • The persons making the risk assessment;
  • The ultimate user of the risk assessment such as management and Board.