Risk management challenges #2: Implementing risk-based thinking in qua