The high-level risk analysis is a process that involves identifying, assessing, and prioritizing the information and technology risks that an enterprise faces in relation to its governance system design. The high-level risk analysis helps to determine the level of risk appetite and tolerance that an enterprise has for its information and technology activities, as well as the level of control and assurance that is required for its governance framework. The primary benefit of conducting a high-level risk analysis during governance design is to prioritize governance and management objectives. The governance and management objectives are the statements of what an enterprise wants to achieve in terms of its information and technology governance. The governance and management objectives are derived from the enterprise goals, which are the high-level statements of what an enterprise wants to achieve in terms of its mission, vision, values, and strategy. By conducting a high-level risk analysis, an enterprise can identify the areas of risk that have the most impact on its enterprise goals, and therefore prioritize the governance and management objectives that address those risks. This will also help to align the governanceframework with the enterprise’s strategy and objectives12 References: 1: COBIT 2019 Design Guide: page 41-43 2: COBIT 2019 Framework: Introduction and Methodology: page 25-26